-
Posts
233 -
Joined
-
Days Won
11
Everything posted by ARUBA
-
Defcon 1->26 (Presentations, workshops, others): https://media.defcon.org/ Some old files + Defcon 21, 24: http://dc.org/files/
-
Am citit la sql si am invatat cat de cat dupa ce iar nu am stiut ceva...Am invatat sa folosesc sqlmap si Burpsuite, sa decriptez Rot13 cipher, si sa fac cat de cat cerintele de la CTF alea mai usoare gen..Alea cu zip, cu imagini, sa folosesc binwalk, dosbox cat de cat, cat sa aflu flagurile cand dau DEBUG si strings... Am o problema acum, sunt blocat la nivelul 3 http://ctf.infosecinstitute.com/ctf2/exercises/ex3.php nu inteleg cee ar trebui sa fac.. ================================================================================================================================ Pai ori inveti, ori ba. Scrie acolo Vulnerability: Data Validation; Parameter Delimiter. Ai si hint: When you login you would see exactly how user's access level is determined in the text file, "The delimiter used to separate fields like username and password is just a newline. Folosesti Burp, creezi cont in aplicatia ctf, vezi request-ul HTTP. Fiecare user are un rol/drept. Tu ai normal, trebuie sa devii admin. Te joci cu Burp Repeater. Gasesti request-ul de inregistrare la tab-ul Proxy, apoi HTTP History si ii dai Send to Repeater la POST request. Adaugi newline in request, cum scrie in hint - o sa fie encoded. %0d%0a - spre exemplu intri aici, apesi enter de 2 ori (newline) si dai encode. https://www.w3schools.com/tags/ref_urlencode.asp https://www.degraeve.com/reference/urlencoding.php Request-ul trebuie sa fie de forma: user=FurnicaObosita&password=FurnicaObosita&lname=FurnicaObosita%0d%0arole:admin... -> %0d%0a - encoded newlines Tu zilele trecute nu stiai basic SQL si acum ai trecut la Burp Suite. Da' ai relatii in oras si parteneriate, esti combinator...si noi fraierii tai, nu? Nu-mi mai scrie prin PM ca nu te mai ajut.
-
Aflarea Ip-ului fara grabify a unui profil de facebook.
ARUBA replied to JeeP's topic in Discutii incepatori
Gura pacatosului, adevar graieste! -
Stai linistit ca numai suturi in cur mi-am luat aici. Pe oamenii care m-au ajutat cu informatii si sfaturi cred ca ii pot numara pe degetele de la o mana. E vorba de atitudinea ta, tipic romaneasca. In primul rand nimeni nu-ti este dator cu nimic, si in al doilea rand tu vrei sa faci chestii "advanced" fara notiuni de baza, tratezi lucrurile cu superficialitate, dar pe noi cu superioritate. Trebuie sa inveti SQL, ca sa poti intelege cum se creeaza o baza de date, cum este structurata, cum se introduc datele (insert), cum se pot apela (query), modificari (update, modify). Poti invata SQL la nivel basic, in cateva saptamani, o luna, desi tu furi curent grav si mai mult ca sigur n-o sa faci asta prea curand. https://www.codecademy.com/learn/learn-sql https://www.w3schools.com/sql/ https://www.pdfdrive.com/sql-for-dummies-8th-edition-e18718583.html https://www.dummies.com/programming/sql/sql-for-dummies-cheat-sheet/ Treci si pe la https://pwnthecode.com/, un proiect dezvoltat de utilizatori ai acestui forum. Dupa ce ai invatat la nivel basic, poti citi despre vulnerabilitatile unei baze de date si cum se pot exploata (SQL injection - SQLi), ce tip de SQLi sunt, etc. Tool-uri automate sunt SQLmap si SQLNinja - probabil vei sari direct la astea. Iti recomand sa te joci cu Damn Vulnerable Web Application http://www.dvwa.co.uk/ si apoi cu Mutillidae https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project. Dupa ce ai facut astea, mai vorbim. Si nu ma mai trage tu de urechi, ca n-am futut impreuna. Ok? Mersi!
-
Leapada-te de Satana, omule! Ca-l vad pe dracu' in ochii tai!
-
Ai scris aici ca esti web developer. Tu bati campii rau de tot! Ce-ar fi sa inveti ceva util si sa lasi prostiile?! Ce castigi daca pui acolo Hacked by Giuberica Hacker 9999?
-
It is a tool for analysis of Windows executable files, in order to quickly identify if this is or is not a malware. Most analyzes are based on the extraction of strings "ANSI" and "UNICODE" in disk, but also works with "Memory Dumps". Obviously, the latter option might compromise the security of your computer when you run the samples, so it's recommended make this in laboratory systems. Site: http://www.enelpc.com/p/4n4ldetector.html Download: https://docs.google.com/uc?id=1aTWtsduPcelzB8oGgQ5646NElJAPp68T Pass: 4n0nym0us
- 1 reply
-
- 1
-
https://docs.microsoft.com/en-us/windows/desktop/api/libloaderapi/nf-libloaderapi-freelibraryandexitthread
-
Code practice and mentorship for everyone. https://exercism.io/ Improve your skills by training with others on real code challenges. https://www.codewars.com LeetCode is the best platform to help you enhance your skills, expand your knowledge and prepare for technical interviews. https://leetcode.com/ Solutions to LeetCode problems (Python 3) https://github.com/delirious-lettuce/LeetCode Project Euler is a series of challenging mathematical/computer programming problems that will require more than just mathematical insights to solve. https://projecteuler.net/ Learn Ruby: https://rubymonk.com/ 57 challenges to develop your coding skills by Brian P. Hogan: https://mega.nz/#!IPR3GRSD!zX538mN_vrN1xAlTfWvjJjEbEYOE-FzU-i8g-aIpQ1M
- 1 reply
-
- 1
-
Official site: https://learnpythonthehardway.org/ e-book: https://www.pdfdrive.com/learn-python-the-hard-way-e42325516.html Video tutorials: https://archive.org/details/01Exercise0TheSetupLinux Video tutorials torrent file: https://archive.org/download/01Exercise0TheSetupLinux/01Exercise0TheSetupLinux_archive.torrent Exercises: https://learnpythonthehardway.org/python3/ https://github.com/zedshaw/learn-python3-thw-code Solutions: https://github.com/zedshaw/learn-more-python-the-hard-way-solutions
-
- 1
-
Exports Discord chat logs to a file. https://tyrrrz.me/Projects/DiscordChatExporter Git: https://github.com/Tyrrrz/DiscordChatExporter
-
MoleBox lets you convert your application into an all-sufficient stand-alone executable, containing everything needed: components, media assets, registry entries. More info: https://sudachen.github.io/Molebox/ Git: https://github.com/sudachen/Molebox
-
- 1
-
var s = 'x'.repeat(0x7fffffff); http://s.link (s); https://github.com/WebKit/webkit/blob/bce57f1454bb396d3e8133da38a906d31bdf8ad1/Source/JavaScriptCore/runtime/StringPrototype.cpp#L1808
-
Pentru cei ce doresc sa invete Linux: https://www.edx.org/course/introduction-to-linux https://linuxjourney.com/ Linux under the hood - videos ~35GB: magnet:?xt=urn:btih:3AA135DAAE789A7DE2FF957E08263C556B90616A
-
- 2
-
http://83.133.184.251/virensimulation.org/ https://github.com/opsxcq/mirror-vxheaven.org
-
Adica DiCtiOnAr387229? E posibil sa ai calculatorul infectat. Descarca Kaspersky Antivirus si scaneaza, apoi dezinstaleaza-l si instaleaza MalwareBytes si da un scan si cu asta.
-
Schimba-ti parola si scrie-le celor de la Netflix. Nu-ti mai pune parole ce contin cuvinte din dictionar sau d-astea banale (ex: gogu123, parolamea99, Netflix7!). Sunt doua tool-uri Sentry MBA si snipr folosite la account cracking. Si dau copiii cu ele sa crape internetu' de ciuda.
-
Contractele standard sunt cu 1-3 luni perioada de proba. Demisia, dupa expirarea perioadei de proba, se poate face cu preaviz (ce nu poate fi mai mic de 20 de zile lucratoare sau 45 de zile in cazul celor cu functii de conducere) sau cu acordul partilor - poate surveni din ziua demisiei (cea mai avantajoasa pentru angajat, de multe ori si pentru angajator - multi angajati freaca duda in preaviz). Absente nemotivate => demisie disciplinara, dar angajatorii se feresc de asta, e o intreaga nebunie consumatoare de timp si resurse (se intocmeste un referat de sesizare, se constituie o comisie care cerceteaza, este convocat angajatul, apoi se intocmeste un raport de cercetare - astea au in spate procese verbale, numere de intrare in registru de evidenta, decizie de numire membrii ai comisiei).
-
De obicei se discuta si se negociaza salariul net, dar sunt angajatorii jegosi si oportunisti si profita de naivitatea sau de lipsa de experienta a multora. Daca nu ati semnat nimic, puteti oricand sa refuzati ofertele unora cu abordari de tepari. Ah si inca o chestie, nu semnati ca primarii sau ca la banca .
-
Daca nu discuti despre salariu, interviurile si tot procesul premergator angajarii pot deveni o pierdere de timp. HR-istele nu pierd timp cu tine, ca asta e jobul lor, tu cu ele, da. Nu te duci la interviuri sa iei pozitia ghiocel si sa inghiti toate cacaturile pe care ti le vand ei acolo. Nu stiu cum e in tari straine, dar in Romania, mesajul e cam acelasi peste tot: lucreaza cat mai mult pe un salariu cat mai mic, ca o sa ai posibilitati nenumarate de avansare/dezvoltare profesionala, personala, astrala. Toate sunt expuse in romgleza bineinteles, ca sa fim true.
-
Rescriere sau schimbare? Ultima e cam ilegala .
-
Hackerul HackerGiraffe, unul dintre cei din spatele hijack-ulului de Chromecast-uri a anuntat ca e timpul sa intre in incognito mode. A lasat si niste resurse folositoare, grab 'em while they're hot: https://ghostbin.com/paste/vb4o6 Yeah, I will have to disappear. Most probably for good this time. Who knows? Maybe I'll appear in 2 weeks on this same account again. No matter how much I write, I can't describe to you the mental stress and panic I'm going through right now. But I won't complain about that, because people will say I brought this on myself, I did those "hacks", I deserve the consequences. But I'm a human too, don't just throw away all my emotions because of my "hacker" personality. I don't deserve to be thrown under a bus for wanting to help people, but I guess that will put a smile on some people's faces. But I will say this. There are still so many devices exposed to the public internet. Routers with default passwords, telnet servers with bruteforcable passwords, open UPnP servers (GOD DAMN UPNP WILL BE THE DEATH OF US ALL), open SMB printers, freaking LGTV/Samsung/Sony TVs, so forth and so forth. I had a huge list of next targets, some even with ready PoCs and code. I guess that's all dead now. Please secure your devices. My intentions behind this were to stop this from becoming a global outbreak, and I know many of you will not believe that such a pure intention exists, but picture your family being hacked. Would you enjoy it? Would you feel rested knowing there was something you could have done to prevent their Chromecast playing NSFW material or their printer printing infinite black pages till the toner ran out? No, I don't think so. So I did what I believed in, what I felt like was my responsibility, and ran harmless "hacks" that would hopefully alert the world to fix their devices. If I'm really about to be hit with trials for what I did, then at least I know I helped the world be a little safer, and what I did will hopefully raise awareness in a lot of people's eyes. I cannot express the joy I felt after seeing the number of open UPnP devices go down on Shodan. Or when people were genuinely DMing me thanking me for helping them secure their office building of over 50 printers. It felt like the power I had was being put to good use, and I was helping the world become a better place with the skills I had. Why not have some fun while I'm at it? The whole TSeries vs PewDiePie has been hilarious so far and pretty cool if I'm honest. Seeing a community come together like that, it's pretty cool. Pewds, I'm sorry for the media attention this has brought your way. I genuinely love and enjoy your content, been watching for a seriously long time now. Back when barrels and Fridays with PewDiePie were still a thing. I love your attitude with media, your fans, and your genuine sense of humor. If people can't understand sarcasm and humor, that's on them, not you. (inb4 I get called a Nazi as well), oh and tell Poppy Harlow I said Hi. Also Pyrocynical you idiot I tagged you a million times to notice me but you didn't you unfunny brit (jk I binge watch your content with friends ily). What am I going to do now? I don't know. I'm scared. I'm genuinely afraid and panicked. I can't even look at a terminal or code editor right now, it's almost like PTSD. Not just because of the law enforcement issue, but those DMs spooked me.[1][2] I don't know why they're getting to me, but they are. I don't know if I will even be able to sleep tonight. I'll try to stay strong friends, I really will. The internet never forgets, but people do. I'll be an old story in about a month from now. Up to you to unfollow or not. Under no circumstances should anyone be exposed to this kind of harassment or abuse. Even if you disagree with me and what I did. I'm still a human, I have feelings and emotions too. I'm not heartless. To all my patrons and those who wanted to learn cybersec, the only thing I can leave you with is this: https://ghostbin.com/paste/vb4o6 Please use it responsibly. I'm begging you, be safe. Also since I won't be logging in anymore, can you guys recommend some nice happy romance animes (again I know) on #AnimeForHackerGiraffe? Don't spam the replies in the tweet, please. I wish you all the best, and to anyone I offended with the PrinterHack/PrinterHack2 and CastHack, I sincerely apologize. I was only trying to help you. It was never my intention to make you feel attacked or vulnerable or even forced to subscribe to PewDiePie. Thank you for the laughs, for the support, for the ideas, for the good times, and for the memes. Love you all. I'll be watching, keep up those #HackerGiraffe memes. Keep fighting the good fight, and subscribe to PewDiePie. Peace. SGFjayBUaGUgUGxhbmV0IQ== Shoutout to all my hacking/infosec heroes: @HackerFantastic @HackingDave @MalwareTechBlog @thegrugq @x0rz @PythonResponder @Snowden Shoutout to the coolest hacker friends: @j3ws3r @friendlyh4xx0r Complete stats for #CastHack: https://imagebin.ca/v/4SGxlZgtwz6O [1] https://pasteboard.co/HUMprCT.jpg [2] https://pasteboard.co/HUMpFHu.jpg Buy me some Cheetos? Or a new RPi Zero W so I can make my own WiFi-enabled RubberDucky? BTC: 1DACCh26cywGWDkH9MEZ4aHkmAzRbLmXGE XMR: 44iwaWxag9oboND52sTbX9ESkJsaAK5fTSanWuJFkbY8cqCENCEz48sWkhM5EbHEUqZuvAYfhZM4ULWzJfc8ApXqNYEo73H LTC: M8KfL6jRXLQuemvFHoqx5eydhZVXubkLss
-
- 2