Jump to content

QuoVadis

Active Members
  • Posts

    2713
  • Joined

  • Days Won

    192

Everything posted by QuoVadis

  1. aHR0cDovL3guY28vNmxnZkE= (valabil 7 zile)
  2. @Pacaleech nu baga in seama toti frustratii (din motive personale, profesionale sau nefondate). Cainii latra, ursul trece. Spor & welcome!
  3. Shodan.io is a search engine with the job of crawing the internet for publically acessible servers, software, and equipment. Intended as a site for cyber security experts and researchers, Shodan is a popular destination for those with other intentions as well. While not an inherently bad site, a hacker might want to cause some trouble by remotely accessing a web server with default credentials found on Shodan. News stories over the last few years talk about how Shodan has been used to log into traffic light controls, web cameras, and find databases to exploit. How do you prevent your network from being scanned and added to Shodan? First you’ll need a router or firewall with more than basic functions. Your device should accept custom firewall rules where you can block by remote IP address. Second you’ll need a list of the servers that Shodan uses to crawl the internet. Below is a list of known Shodan IP addresses and host names. A firewall rule should be created to block each entry. 93.120.27.62 - m247.ro.shodan.io 85.25.43.94 - rim.census.shodan.io 85.25.103.50 - pacific.census.shodan.io 82.221.105.7 - census11.shodan.io 82.221.105.6 - census10.shodan.io 71.6.167.142 - census9.shodan.io 71.6.165.200 - census12.shodan.io 71.6.135.131 - census7.shodan.io 66.240.236.119 - census6.shodan.io 66.240.192.138 - census8.shodan.io 198.20.99.130 - census4.shodan.io 198.20.70.114 - census3.shodan.io 198.20.69.98 - census2.shodan.io 198.20.69.74 - census1.shodan.io 188.138.9.50 - atlantic.census.shodan.io If you have a router capable of displaying active sessions or reporting blocked firewall events, you’ll see something like this. There are of course a number of things you can do to protect yourself from uninvited internet guests. First and foremost, don’t use default credentials for your router, server, database, IP camera, etc. These devices are incredibly easy to find through Shodan and there is never an excuse for defaults! You can also set your router to only allow inbound traffic from known IP addresses. Disabling WAN pings is another way you can try and prevent inbound traffic to your network. The easiest test is to run a Shodan search against yourself. If you know your external IP address, plug it into Shodan and look at the results. Do you see open ports? Do you have devices that are unsecured or running default credentials? The best solution is not to have public facing devices at all and instead to use a VPN to remotely access equipment, but in some situations that just isn't an option and the firewall rules are a fix. There are a number of routers that can provide the necessary firewall capabilities to block sites like Shodan from scanning your network. (Blocking a Shodan IP on a Peplink) The Pepwave Surf SOHO or Cradlepoint MBR1200B will provide adequate blocking for most homeowners or small businesses. Medium to enterprise size companies will want to look at more capable options like the Peplink Balance 380 or the AER3100. SOURCE
  4. Nu stiu.. nu folosesc Jabber si nici utox. Poate iti vor spune altii care o fac. Eu doar Telegram si Skype.
  5. https://en.wikipedia.org/wiki/XMPP http://www.jabber.org/faq.html http://xmpp.org/software/clients.html Eu nu folosesc insa: https://xmpp.net/directory.php https://www.jabberes.org/servers/ https://list.jabber.at/ Good luck!
  6. If you read on YouTube it says "This playlist/video has been uploaded for Marketing purposes and contains only selective videos. For the entire video course and code visit...". What I posted is full.
  7. QuoVadis

    Al

    @robert2alin atunci cand cumperi ceva furat incurajezi furtul mai departe. Daca ti-ar fi furat cineva Macbook-ul probabil ai fi tipat ca din gura de sarpe aici sa te ajutam sa-l recuperezi. Daca vrei unul munceste si cumpara-ti. Daca il cumperi pana la urma sper sa folosesti diferenta de bani pentru lumanari. @albastrel omul se refera la laptop, nu tableta sau telefon.
  8. Daca dau refresh la pagina dupa ce am dat click imi da "load" la "more".
  9. QuoVadis

    Salut

    I"d recommend you read and follow the forum rules. They can be found here in both English and Romanian: https://rstforums.com/forum/topic/100304-regulamentul-forumului/.
  10. On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player (CVE-2016-4117) and reported the issue to the Adobe Product Security Incident Response Team (PSIRT). Adobe released a patch for the vulnerability in APSB16-15 just four days later. Attackers had embedded the Flash exploit inside a Microsoft Office document, which they then hosted on their web server, and used a Dynamic DNS (DDNS) domain to reference the document and payload. With this configuration, the attackers could disseminate their exploit via URL or email attachment. Although this vulnerability resides within Adobe Flash Player, threat actors designed this particular attack for a target running Windows and Microsoft Office. Upon opening the document, the exploit downloads and executes a payload from the attacker’s server. To avoid suspicion, the attacker then shows the victim a decoy document. The full exploit chain proceeds as follows: The victim opens the malicious Office document. The Office document renders an embedded Flash file. If the Flash Player version is older than 21.0.0.196, the attack aborts. Otherwise, the attack runs the encoded Flash exploit. The exploit runs embedded native shellcode. The shellcode downloads and executes a second shellcode from the attacker’s server. The second shellcode: Downloads and executes malware. Downloads and displays a decoy document. The malware connects to a second server for command and control (C2) and waits for further instructions. This process is shown in Figure 1. CVE-2016-4117 Exploitation Details An out-of-bound read vulnerability exists in the com.adobe.tvsdk.mediacore.timeline.operations. DeleteRangeTimelineOperation module. By extending the DeleteRangeTimelineOperation class, one can define a property that conflicts with the inner interface name. In this exploit, the author chose “placement” as the property name, as shown in Figure 2. Referencing the interface causes the ActionScript Virtual Machine to call the internal function getBinding to get a bind id. Because the “placement” property conflicts with the “placement” interface name, the attacker can manipulate the bind id, and ultimately induce type confusion. Figure 2 Placement interface vs. class definition Memory layout Before triggering the vulnerability, the exploit defines an object that extends ByteArray. The definition is modified to contain easily distinguishable values that aid in locating objects in memory. Then, the exploit allocates a set of these objects to control the memory layout (Figure 3). Figure 3 Prepare heap memory layout These objects look as follows when in memory: The exploit then uses the type-confused DeleteRangeTimelineOperation object to read out of bounds and find one of the extended ByteArray objects based upon looking for the pre-defined property values (shown in Figure 4), and manipulates the data buffer pointer to an attacker-controlled area. Figure 4 Finding target ByteArray With the ability to read and write individual values in the extended ByteArray object, the attacker can corrupt one of the objects to extend its length to 0xffffffff, and its data buffer to address 0. Future reads and writes to the corrupted ByteArray may then access all of the user space memory (Figure 5). Figure 5 RW primitive and execute shellcode Code execution Once the exploit can read and write arbitrarily in memory, it executes embedded shellcode. The shellcode downloads a second stage of shellcode from the attacker’s server, which then downloads and executes the malware payload and displays the decoy document. Conclusion CVE-2016-4117 was recently exploited in targeted attacks. Just four days after notification, Adobe released a security update for Flash Player that patched the underlying vulnerability. Users who require Flash Player in their environment should download this timely patch to protect their systems from exploitation. Additionally, Flash Player users could consider employing additional mitigations, such as EMET from Microsoft, to make their systems more difficult and costly to exploit. SOURCE
  11. Esti la al 3-lea warn. Ia o pauza de 5 zile. @d3c0d3r vezi pe link-ul de la Gecko. Daca nu vezi si pe alte site-uri de torrenti. Este si pe filelist dar momentan e down. Closed.
  12. Nu mai vazusem si am uitat de acel thread cand spuneau aia ca ar fi virusat. Eu din cate stiu a fost testat destul de mult sa nu fie. Si recent l-am folosit intr-un environment de asta l-am postat. Iarasi te tai.. "capcane", etc. Nu e nici o conspiratie, doar o greseala so l-am sters. Happy?

    1. fusername

      fusername

      Dar parfumul... îl mai folosești?

  13. QuoVadis

    ajutor

    sa te banez permanent.
  14. You confuse us with people who give a fuck. Ai gresit adresa. Closed & trashed.
  15. # Pentru cei ce vor sa imbine laba cu munca # Adult website Pornhub now has something in common with Google, Microsoft, Facebook and other titans of technology – a bug bounty program to reward ethical hackers. Pornhub officially debuted its bug bounty program, with rewards between $50 and $25,000, on the HackerOne platform this week. The company says the program is currently limited to vulnerabilities on its main website; “other properties and applications” are not eligible for the program at this time. Corey Price, Pornhub vice president, said the program will help “protect and enhance the site for our 60 million daily visitors.” To qualify for a reward, bug hunters need to obey a set of rules and restrictions, including agreeing to disclose vulnerabilities “directly and exclusively” to Pornhub – bug hunters cannot get a payout if they report the bugs “anywhere else.” Bugs must be reported within 24 hours of discovery, and bounty hunters need to be the first to report a vulnerability to win a reward. According to its page on HackerOne, Pornhub began rewarding bug hunters 11 months ago, and has resolved 23 bug reports since then – although the Pornhub bug bounty program was only made public on HackerOne on Tuesday, 10 May. SOURCE: https://nakedsecurity.sophos.com/2016/05/12/pornhub-bug-bounty-program-will-pay-hackers-up-to-25000/
  16. I doubt you'll find it on YouTube due to ongoing copyright claims and their "nature"
  17. aHR0cDovL3guY28vNmxnUlU= (valabil 7 zile)
  18. Cred ca e un concept interesant.. mai ales pentru cei care creeaza video-uri si fac rost de ceva viewership. Ar fi interesant de filmat un short movie. https://videodirect.amazon.com/home/landing Video Direct is fundamentally a creator-facing platform, a set of infrastructure whereby people who make videos can upload them to Amazon's video service. Having done so, they have four options for how to make the videos available to customers: 1. They can be free to anyone and feature ads that will be sold by Amazon in exchange for a 45 percent cut (this is how YouTube works). 2. They can be available for digital purchase or rental, in which case Amazon will keep 50 percent of the money. 3. They can be made available only to people who pay for a special add-on subscription through the Streaming Partners Program. 4. Last but by no means least, they can be made available exclusively to Prime subscribers in exchange for a fee of 15 cents per hour streamed.
      • 2
      • Upvote
  19. I did mention there (although in Romanian) that the link would be available for 7 days, that's why is broken at the moment. I would usually make a re-upload but I have banned lots of accounts coming from the domain that you used to register for spamming and links containing malware so in your case sorry - won't re-upload. Good luck!
  20. http://www.cybersecuritychallenge.ro/etapa_nationala.html Programul competiției interne: - 8 - 15 mai 2016 – prima sesiune de calificare (on-line); - Sfârșitul lunii iunie 2016 – a doua sesiune de calificare (on-site), va dura 8 ore, incluzând exerciții A/D; - Începutul lunii august – prima sesiune de training (bootcamp); - Începutul lunii septembrie – a doua sesiune de training (bootcamp). Reguli testare: - orice tentativă de atac prin metode de tip Denial Of Service a scoreboard-ului sau a celorlalte servicii va conduce la descalificare; - clasificarea câștigătorilor se face după punctajul total la sfârșitul competiției naționale; - în caz de egalitate, departajarea se va face după timpul de execuție a task-urilor. Informații testare: - task-urile testează următoarele capitole de securitate: Reverse Engineering, Exploitation, Forensics, Web Application hacking, Crypto; - anumite taskuri pot avea componente din mai multe capitole; - scopul fiecărui task este de a obține o informație (denumită în mod tradițional "flag") la care nu am avea acces, în mod obișnuit, dată fiind protecția oferită de sistemele de securitate. În fiecare task există o problemă de securitate care ne permite (prin analiza de cod și exploatarea sa) să ajungem la flag; - un flag poate fi recunoscut după forma următoare: flag{.....}; - fiecare task are un număr de puncte în funcție de dificultatea sa; - unele task-uri ar putea fi blocate în prima fază, dar vor fi pornite ulterior (până la încheierea perioadei de competiție); - descrierile task-urilor și fișierele aferente fiecăruia vor putea fi copiate de pe un site anex numit scoreboard; - de pe scoreboard se vor introduce flagurile și se va putea vizualiza progresul fiecărei persoane înscrise; - vor exista task-uri offline (care se pot rezolva pe calculatorul personal, pentru validare, trimițându-se doar flagul pe scoreboard) și task-uri online (va exista un IP și un PORT prin care sa se faca interacțiunea cu server-ul). Materiale educaționale recomandate: - Criptografie - https://class.coursera.org/crypto-preview - http://cryptopals.com/ - Web application hacking - The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws de Dafydd Stuttard - Reverse Engineering - Practical Malware Analysis de Michael Sikorski - http://beginners.re/ - Exploitation - Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition de Daniel Regalado - Hacking: The Art of Exploitation, 2nd Edition de Jon Erickson - Alte cursuri - http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html - https://github.com/isislab/Hack-Night - http://www.opensecuritytraining.info/Exploits1.html - http://ocw.cs.pub.ro/courses/cns Tool-uri recomandate: - Reverse Engineering - Ida Freeware / Radare - Exploitation - Gdb + Peda (https://github.com/longld/peda) -Web application hacking - Burp Suite Free Edition
      • 4
      • Upvote
  21. Te vaieti ca o pizda frigida. L-am mutat la gunoi pentru ca de "gunoi" apartine acest post si ban pe acest cont pentru conturi multiple. Bafta!
  22. Am aplicat si eu aseara, astept sa imi raspunda. Le-am zis ca vreau sa fac research in blockchain si bitcoin
  23. Bine ne-ai gasit. How about, daca vroiai sa faci backlinks, sa o fi facut cu mai multa finete? Nu suntem forum auto... Just saying..
  24. Da, dar in principal trebuie sa demonstrezi un interes... ce experienta sa aiba lumea daca pana acum nu a existat. Insa daca faci o aplicatie si bagi burtologie ca esti student / researcher / etc. si cauti niste fraze "inteligente" sa bagi in aplicatie nu cred ca ar fi o problema. O sa aplic si eu zilele astea sa vad cum merge treaba.
×
×
  • Create New...