Jump to content

sharkyz

Active Members
  • Posts

    593
  • Joined

  • Last visited

Reputation

58 Excellent

About sharkyz

  • Rank
    Registered user
    Newbie

Converted

  • Biography
    You can't write your own biography, no one would believe you!
  • Location
    Thinking...
  • Interests
    Learning, Making memories, Having fun, Helping People, Making Money, Alcolol, Making Money, Booze
  • Occupation
    Consuming large amount of alcohol while making Friends and learning things

Recent Profile Visitors

2435 profile views
  1. Am sperat ca vad un link cu download...mi se pare genial ca source code a fost leaked. Oportunitatea de a citi cod de productie fara sa te angajezi la twitch Link-ul pt leak: https://ghostbin.com/2vU1I
  2. Washington (CNN): Two Romanian hackers infiltrated nearly two-thirds of the outdoor surveillance cameras in Washington, DC, as part of an extortion scheme, according to federal court documents. In a criminal complaint filed last week in the US District Court for the District of Columbia, the US government alleges that the two Romanian hackers operating outside the United States infiltrated 65% of the outdoor surveillance cameras operated by DC city police — that's 123 cameras out of 187 in the city. The alleged hacking occurred during a four-day period in early January. The hacking suspects, Mihai Alexandru Isvanca and Eveline Cismaru, are also accused of using the computers behind the surveillance cameras to distribute ransomware through spam emails, according to an affidavit by Secret Service agent James Graham in support of the government's criminal complaint. The affidavit alleges the hackers meant to use the malware to lock victims' computers and then extort payments from them to regain access. In the affidavit, the Romanians are accused of "intent to extort from persons money and other things of value, to transmit in interstate and foreign commerce communications containing threats to cause damage to protected computers." They were traced through their registered email addresses, one of which roughly translates into "selling souls" in Romanian, according to the affidavit. http://edition.cnn.com/2017/12/20/politics/romanian-hackers-dc-cameras/index.html
  3. Update: Am reusit sa mai scad putin din loading time la prima vizita folosind cloudflare ca dns in loc de route53 de la amazon, in plus edge caching suna destul de atractiv si pentru vizite din afara europei. Dar tot sunt dejamagit ca nu vrea sa serveasca direct fisierele precompresate cea ce ridica ttfb cu vreo 50-60 de ms la fiecare request pentru ca sta sa recompreseze cea ce ii da serverul. Compresia lor la gzip este de 3 sau 4 si nu au brottli.
  4. ==================================================== - Discovered by: Dawid Golunski (@dawid_golunski) - dawid[at]legalhackers.com - https://legalhackers.com - ExploitBox.io (@Exploit_Box) - CVE-2017-8295 - Release date: 03.05.2017 - Revision 1.0 - Severity: Medium/High ============================================= I. VULNERABILITY ------------------------- WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) II. BACKGROUND ------------------------- "WordPress is a free and open-source content management system (CMS) based on PHP and MySQL. WordPress was used by more than 27.5% of the top 10 million websites as of February 2017. WordPress is reportedly the most popular website management or blogging system in use on the Web, supporting more than 60 million websites." https://en.wikipedia.org/wiki/WordPress III. INTRODUCTION ------------------------- Wordpress has a password reset feature that contains a vulnerability which might in some cases allow attackers to get hold of the password reset link without previous authentication. Such attack could lead to an attacker gaining unauthorised access to a victim's WordPress account. IV. DESCRIPTION ------------------------- The vulnerability stems from WordPress using untrusted data by default when creating a password reset e-mail that is supposed to be delivered only to the e-mail associated with the owner's account. This can be observed in the following code snippet that creates a From email header before calling a PHP mail() function: ------[ wp-includes/pluggable.php ]------ ... if ( !isset( $from_email ) ) { // Get the site domain and get rid of www. $sitename = strtolower( $_SERVER['SERVER_NAME'] ); if ( substr( $sitename, 0, 4 ) == 'www.' ) { $sitename = substr( $sitename, 4 ); } $from_email = 'wordpress@' . $sitename; } ... ----------------------------------------- As we can see, Wordpress is using SERVER_NAME variable to get the hostname of the server in order to create a From/Return-Path header of the outgoing password reset email. However, major web servers such as Apache by default set the SERVER_NAME variable using the hostname supplied by the client (within the HTTP_HOST header): https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname Because SERVER_NAME can be modified, an attacker could set it to an arbitrary domain of his choice e.g: attackers-mxserver.com which would result in Wordpress setting the $from_email to wordpress@attackers-mxserver.com and thus result in an outgoing email with From/Return-Path set to this malicious address. As to which e-mail header the attacker would be able to modify - From or Return-Path, it depends on the server environment. As can be read on http://php.net/manual/en/function.mail.php The From header sets also Return-Path under Windows. Depending on the configuration of the mail server, it may result in an email that gets sent to the victim WordPress user with such malicious From/Return-Path address set in the email headers. This could possibly allow the attacker to intercept the email containing the password reset link in some cases requiring user interaction as well as without user interaction. Some example scenarios include: * If attacker knows the email address of the victim user. They can perform a prior DoS attack on the victim's email account (e.g by sending multiple large files to exceed user's disk quota, or attacking the DNS server) in order to cause the password reset email to be rejected by the receiving server, or not reach the destination and thus get returned to the account on attacker's server * Some autoresponders might attach a copy of the email sent in the body of the auto-replied message * Sending multiple password reset emails to force the user to reply to the message to enquiry explanation for endless password reset emails. The reply containing the password link would then be sent to attacker. etc. V. PROOF OF CONCEPT ------------------------- If an attacker sends a request similar to the one below to a default Wordpress installation that is accessible by the IP address (IP-based vhost): -----[ HTTP Request ]---- POST /wp/wordpress/wp-login.php?action=lostpassword HTTP/1.1 Host: injected-attackers-mxserver.com Content-Type: application/x-www-form-urlencoded Content-Length: 56 user_login=admin&redirect_to=&wp-submit=Get+New+Password ------------------------ Wordpress will trigger the password reset function for the admin user account. Because of the modified HOST header, the SERVER_NAME will be set to the hostname of attacker's choice. As a result, Wordpress will pass the following headers and email body to the /usr/bin/sendmail wrapper: ------[ resulting e-mail ]----- Subject: [CompanyX WP] Password Reset Return-Path: <wordpress@attackers-mxserver.com> From: WordPress <wordpress@attackers-mxserver.com> Message-ID: <e6fd614c5dd8a1c604df2a732eb7b016@attackers-mxserver.com> X-Priority: 3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Someone requested that the password be reset for the following account: http://companyX-wp/wp/wordpress/ Username: admin If this was a mistake, just ignore this email and nothing will happen. To reset your password, visit the following address: <http://companyX-wp/wp/wordpress/wp-login.php?action=rp&key=AceiMFmkMR4fsmwxIZtZ&login=admin> ------------------------------- As we can see, fields Return-Path, From, and Message-ID, all have the attacker's domain set. The verification of the headers can be performed by replacing /usr/sbin/sendmail with a bash script of: #!/bin/bash cat > /tmp/outgoing-email VI. BUSINESS IMPACT ------------------------- Upon a successfull exploitation, attacker may be able to reset user's password and gain unauthorized access to their WordPress account. VII. SYSTEMS AFFECTED ------------------------- All WordPress versions up to the latest 4.7.4 VIII. SOLUTION ------------------------- No official solution available. As a temporary solution users can enable UseCanonicalName to enforce static SERVER_NAME value https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname This issue was first reported to WordPress security team multiple times, with the first report sent in July 2016. As there has been no progress in this case , this advisory is finally released to the public without an official patch. IX. REFERENCES ------------------------- https://legalhackers.com https://ExploitBox.io Vendor site: https://wordpress.org http://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname http://php.net/manual/en/function.mail.php https://tools.ietf.org/html/rfc5321 X. CREDITS ------------------------- Discovered by Dawid Golunski dawid (at) legalhackers (dot) com https://legalhackers.com https://ExploitBox.io Thanks to BeyondSecurity for help with contacting the vendor. XI. REVISION HISTORY ------------------------- 03.05.2017 - Advisory released, rev. 1 XII. EXPLOITBOX - A PLAYGROUND FOR HACKERS ------------------------- ExploitBox.io is coming soon. Subscribe at https://ExploitBox.io to stay updated and be there for the launch. XIII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. I accept no responsibility for any damage caused by the use or misuse of this information.
  5. @QuoVadis Deja folosesc h2o care după câteva teste mia dat că este ~43% mai rapid decât nginx pentru static files. Am deja php-7.1, opcache, apcu și Wordpress object caching pe apcu. Setarea ondemand pentru php-fpm limitează resursele folosite (RAM) sacrificând performanță. O să mă documentez mai mult despre wp_options și my.cnf pentru mysql. Mulțumesc @n3curatu Nu folosesc nginx, momentan încerc să scriu câteva scripturi care sa se ocupe de html, css, js minifying. In orice caz o să mă uit prin opțiunile de la pagespeed să văd ce pot rescrie (fura). Mersi că mi-ai adus aminte. @Sim Master Da, folosesc php7.1, nu exclud pe viitor să mă transfer pe hhvm, o să fac niste benchmark-uri pe viitor că să găsesc cele mai bune metode de optimizare Wordpress. M-am apucat de el acum câteva luni, încă nu imi place php (deși mă gândesc să iau un job pe php) sau Wordpress-ul dar face freelancingul atât de rapid încât nici nu mă gândesc la a folosi altceva.
  6. @tjt Plugin, Teme, Server, Versiune PHP, Extensii PHP. Chiar si compilare pe server (dureaza ceva) @u0m3 Shiet. Multumesc. voi inlocui din nou diseara polyfill cu modernizr, pariez ca cel mai mult a durat stalled sau ceva legat de DNS/SSL (sau nu esti in europa).
  7. Lucrez de ceva timp in a optimiza wordpress-ul pentru a putea fii tinut pe cel mai mic server posibil si in acelasi timp sa ofere performante bune 24/7. Am reusit sa ajung la 240 de mb ram cu alpinelinux, ultima versiune live pe https://www.privilegiul.ro/. M-ar interesa in special durata de la DOMContentLoaded* si Total Load time* asa ca daca ati lasa un comment cu astea as fi recunoscator. *In chrome apasati CTRL-SHIFT-N -> F12 -> tastati adresa si enter (jos vedeti durata incarcarii). *In firefox CTRL-SHIFT-P -> F12 -> tastati adresa si enter -> network tab -> liniuta albastra (dom content loaded) si cea rosie load time. Daca aveti recomandari pentru site in afara de performanta, tehnic in legatura cu (design, categorii...etc) nu ezitati. Vom incepe cu continut fresh in curand (facultate, servici).
  8. Este asa de stresat ca imi imaginez ca nici nu se uita la pret.
  9. Salut, Am un client care in cateva zile va avea un test (ceva de genu bac) si mi-a cerut sa il ajut sa treaca pentru o mica suma de bani. Singura idee cu care am venit ar fi mini earpiece. Am gasit cateva earpieceuri pe amazon si ebay dar unele au reviewuri foarte proaste asa ca ma intreb daca a avut cineva de aici experienta cu asa ceva si daca imi poate recomanda un dispozitiv. Singurele cerinte sunt sa se auda decent, sa fie complet ascuns si sa fie conectat prin telefon (il voi apela din alta tara). Ce am gasit: http://www.amazon.com/COOMAX-Earphone-Wireless-Microphone-Detection/dp/B00ZX29CUE http://www.ebay.com/itm/Spy-Earpiece-Bluetooth-Loop-Invisible-Micro-Earphone-Mini-Wireless-Covert-Hidden-/141660230099 http://www.ebay.com/itm/Spy-Earpiece-Invisible-GSM-Hidden-Wireless-Covert-Earphone-Bluetooth-Nano-Bug-/121627337478 ? http://www.ebay.com/itm/Spy-Earpiece-Invisible-GSM-Bluetooth-Box-Hidden-Micro-Wireless-Earphone-Covert-/281265461445 Echipamentul va vi procurat de el asa ca nu ma intereseaza pretul, poate vinde cineva dintre voi? EDIT: Clientul a dat deja comanda pentru urmatorul produs care mi se pare ca este prea scump http://www.spycheatstuff.com/index.php?page=shop.product_details&product_id=33&option=com_virtuemart&Itemid=55&lang=en Voi comanda si eu inca unul sa ma asigur ca va merge macar unul dintre ele.
  10. La asta http://null-byte.wonderhowto.com/? Orce informatie este folositoare daca este filtrata corespunzator... ...mai pierdut la "merita sa-ti petreci timpul p-acolo" Ce vrei sa inveti? La ce nivel esti? Nu se pune problema daca merita din moment ce nu sacrifici nimic.
  11. http://en.business.skyscanner.net/en-gb/products/travel-apis/ http://support.wan.travel/hc/en-us/articles/200191669-Wego-Flights-API https://developer.flightstats.com/api-docs/airlines/v1 Daca nu merge asa mai este o solutie: web scraping
  12. @Webz Il aveam in gists. Este unul dintre cele mai performante. Incearca cu un 1.000.000 la metoda simpla si metoda tricky. Pe laptopul meu differenta este: fib 0.0944411754608 sec moloz 13.828804969800 sec
  13. Am avut nevoie sa gasesc repede link-uri directe la aproape 50 de carti dupa amazon asa ca am scris 10 linii de cod si gata. Requirements: Python 2.7 pip install google googlesearch.py from google import search from time import sleep import sys def direct_search(title, ext, multi='off'): print title sleep(2) for url in search(title + ' ' + ext, stop=10): if (url.endswith('.pdf')): print url if (multi == 'off'): break if __name__ == "__main__": if (len(sys.argv) < 4): print 'usage: ./%s file.txt format multi=\'on/off\'' % sys.argv[0] print 'ex. : ./%s book-titles.txt pdf off' % sys.argv[0] else: with open(sys.argv[1], 'r') as file: for line in file: line = line.rstrip() links = direct_search(line, sys.argv[2], sys.argv[3]) if not line: continue file.close() Se foloseste in urmatorul fel: Creati un fisier si puneti in el numele de la carti listate unu sub celalt in urmatorul fel: fisier.txt Test-Driven Development with Python Fluent Python 1st Edition Foundations of Python Network Programming 3rd edition Python Network Programming Cookbook Si apoi rulati applicatia cu: ./googlesearch.py fisier.txt mp4 off daca vreti sa salvati linkurile intrun fisier: ./googlesearch.py fisier.txt mp4 off > urls.txt In caz ca nu va da rezultate incercati sa schimbati stop cu o valuare mai mare de 40.
  14. def fib(n): v1, v2, v3 = 1, 1, 0 for rec in bin(n)[3:]: calc = v2*v2 v1, v2, v3 = v1*v1+calc, (v1+v3)*v2, calc+v3*v3 if rec=='1': v1, v2, v3 = v1+v2, v1, v2 return v2
  15. Pentru performanta probabil iterativ , in unele cazuri un algoritm recursiv este convertit in format iterativ de compiler.
×
×
  • Create New...