aelius

Numai rahaturi de posturi ai. Ti-ai mai facut si blog, labare. Ban permanent si thread closed.

Ba ia dute-n pula noastra cu serviciile tale. Iauzi la el, servicii securitate IT si vinzi blana ursului din padure. Pai cine cacat e atat de cretin incat sa-ti dea tie acces la echipamentele lui cand 101 % din posturile tale sunt de rahat ? Si cum saracia accepti plati prin LR ? http://www.libertyreserve.com/index.html Ban permanent. Si dezlipeste in pula mea tasta Caps Lock.

In a blog post, Eloi said that During Christmas Holidays he forgot the admin interface password of his Linksys WAG200G router and in an effort to gain access back of its administration panel, he first scanned the Router and found a suspicious open TCP port i.e. 32764. To do further research on this port service, he downloaded a copy Linksys firmware and reverse-engineered it. He found was a secret backdoor interface that allowed him to send commands to the router from a command-line shell without being authenticated as the administrator. Then he tried to Brute-force the login available at that port, but doing so flips the router's configuration back to factory settings with default router administration username and password. 'The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources.' He described the complete details of this Serious vulnerability in above slides. After his post, other hackers around the world did further research, that shows that these devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin and various others may be affected as well. Source: Hacking Wireless DSL routers via Administrative password Reset Vulnerability The Python based exploit script can be downloaded from here: https://github.com/elvanderb/TCP-32764 The Complete List of vulnerable devices can be found here: https://github.com/elvanderb/TCP-32764/blob/master/README.md

(21:18:00) goodfear: nici aircrack nu-mi spuneti cum il folosesc? (21:18:19) fallen_angel: goodfear, dac? mai întrebi ceva î?i dau ban. Pune mâna ?i caut? pe google. (21:18:37) goodfear: nu gasesc... nu mai intreb ok... (21:18:50) fallen_angel: stai a?a (21:18:52) fallen_angel: ?tii englez?? (21:19:03) goodfear: un pic... (21:19:08) fallen_angel: dac? nu ?tii, dezinstaleaz? backtrackul ?i uit?-te la desene (21:19:10) fallen_angel: în englez?. (21:20:12) tex: ./aircrack --wi-fi --enable-sparge-wirelessu-lu-vec??inu-si-eu-o-sparg-pe-nevasta-sa-?l?a-buci --with-friends --enable-modules=slobodel,laba-t??rista,corahoz,sperma-de-cal,Cifr?e?-PoPoNeTe (21:20:18) tex: ))))))))))))) (21:20:19) tex: ))))))))))))) (21:20:24) fallen_angel: ))))))))) (21:20:34) ls-a: )))))))))))))))))))))))))))))?)))))))))))))))))))))))))))))))))?))) (21:21:00) goodfear: nu merge comanda tex... (21:21:14) tex: HAHHAHAHHAHHAHAHHAHHAHAHHAHHAHAH?HAHHAHAHHAHHAHAHHAHHAHAHHAHHAHAHH?AHHAHAHHAHHAHAHHAHHAHAHHAHHAHAHHA?HHAHAHHAHHAHAHHAHHAHAHHAHHAHAHHAH?HAHAHHAHHAHAHHAHHAHAHHAHHAHAHHAHH?AHAHHAHHAHAHHAHHAHAHHAHHAHAHHAHHA?HAHHAHHAHAHHAHHAHAHHAHHAHAHHAHHAH?AHHAHHAHAHHAHHAHAHHAHHAHAHHAHHAHA?HHAHHAHAHHAHHAHAHHAHHAHAHHAHHAHAH?HAHHAHAHHAHHAHAHHAHHAHAHHAHHAHAHH?AHHAHAHHAHHAHAHHAHHAHAHHAHHAHAH

Pai este publica sursa. Nu este facuta de tine. Daca o vinzi sau o dai contra unui schimb, posteaza te rog la RST Market, nu aici. Categoria asta este facuta pentru altceva: https://rstforums.com/forum/exploituri-si-pocs.rst source: http://pastebin.com/raw.php?i=1SvVhNfU Mi-am adus aminte de o chestie apropo de asta cu "scanner privat". Pe vremuri era un hunedorean ratat ce ne cerea exploit-uri sau scannere si scria el in scripturi "Powered by Zerg", apoi le publica pe net.

Asta NU este: - Exploit - POC - Bot-ul tau nu ruleaza pe mirc, si pe IRC Tot ce vedem aici e o simpla balarie. Pune sursa, asa se lucreaza aici. E un simplu shellbot scris in perl.

Un Maybach mare la stop. Un Tico vine cu viteza din spatele lui si il busheste. Pe ecranul computerului de bord apare: New hardware found. Install?

Ia un alimentator de 12 volti si injecteaza-i tensiune aiurea pe pinii gpu. Poate o sa ai surpriza sa arzi si placa si sa nu vrea cei de la garantie sa o inlocuiasca

Mai omule, pe site este HTTP sau HTTPS, nu e FTP. Ce legatura vezi tu intre ele ? Tu ai acolo cel mai probabil un utilizator si o parola de la backend (sectiune administrare site), caz in care va trebui sa cauti PATH-ul de administrare (URI)

20-22k vizite / zilnic. - Tara: 99% romania - Website: games / flash games Intrebare: Ce dimensiune iti trebuie la iframe si cat oferi pentru traficul specificat ? Nota: nu este site-ul meu, te pun in legatura cu omul, daca este de acord cu pretul.

Din respect pentru unii, nu o sa ma intind sa fac un post cat doua A4 (desi, cred ca ar fi multe de spus). Titlul la acest thread este putin cam deplasat: Daca un moderator sau un admin a facut o gresala, nu inseamna ca tot RST-ul este asa. A spune "Pupaturi in cur marca RST" e ca si cum ai zice ca aici e o comunitate de pupincuristi. Mie imi suna a generalizare si chiar nu este ok. Sfat: Mergeti la sala si varsati-va nervii pe gantere / haltere! Eu cum de nu ma cert cu nimeni ? Faceti glume cu cine accepta glumele si invatati cand este momentul lor si cand trebuie sa va opriti.

Pai daca va pun eu intrebari, va deturnez chat-ul cu totul. Am mai incercat si s-a facut liniste. Sa spuna Usr6

@ANYK: Daca mai postezi rahat la "Anunturi importante si regulile forumului" iti dau ban. Thread closed si mutat la cos.

@askwrite: se referea la altceva, din cate vad in acel context. Si chiar daca ai fi idiot, nu te-a facut el. El doar ti-a spus Hai, pe bune, nu va mai vaitati precum muierile.

Ne bagam pula-n biserica. Da, sunt crestin dar in Romania, bisericile sunt institutii de muls banii cetatenilor. Basca, nu platesc impozite catre stat si au gramada de business-uri ce functioneaza sub tutela mitropoliilor. O gramada de cacanari ce se roaga la lemne si picturi. Scrie si in sfanta scriptura, sa nu iti faci chip cioplit si sa te rogi la el. Deci muie la popa. Credinta trebuie sa fie gratuita, nu sa dai bani la un escroc sa-ti cante.

Closed.

Trebuie sa oferi ceva sa fie de interes pentru utilizatori, altfel nu vad de ce ar da subscribe undeva sa primeasca SPAM cu link-uri afiliate. Nu prea suna a afacere. // edit: Orice consideri ca este util pentru un grup de oameni. Nu poti sa multumesti pe toata lumea si deasta ma refer strict la un grup de oameni. Poate sa-ti faci un blog si pe el sa pui produsele cu aff, iar pe blog sa ai articole de calitate. (e doar o idee)

Terrestrial television - Wikipedia, the free encyclopedia Satellite television - Wikipedia, the free encyclopedia - Yaghi, Dublu-Romb, Cerc, Synaps ?! - Pasiva / Activa ?! Cred ca nu ai idee ce vrei defapt.

Satelit sau terestru ?

You forgot the fucking #include for standard input/output library La multi ani!

Pai si ala ce e frate, nu e REQUEST HTTP ? Nu vreau sa te jignesc, dar aplicatia da nu are nicio legatura cu un atac ddos. In primul rand, designul lasa de dorit. (design-> nu ma refer la aspectul lui, ci la alt nivel) Argumente: - Intr-un atac, trimiti pachete sau request-uri fara sa te intereseze de raspuns. Caz in care nu vad de ce ai folosi un browser web. - Ai afirmat ca se trimit "LA RAND" cate 8 request-uri per proxy. Lucrul asta nu face nimic, aplicatia va genera un singur thread, lucru ce nu poate pica nici un web server instalat pe telefon. Nu te intereseaza sa faci 8-10-20 request-uri per proxy la rand, te intereseaza sa deschida cat mai multe conexiuni persistente catre web server. Cele mai comune servere web de la httpd sunt (dupa model): - Apache MPM Prefork - Apache MPM Worker Primul, adica Prefork va deschide cate un proces pentru fiecare utilizator online. Daca deschizi 1000 de conexiuni in el, sistemul va crapa pentru ca nu exista memorie suficienta sau limita maxima (default 256) a fost atinsa. Prefork consuma in jur de 16-40 MB memorie per process (in cazul in care php este incarcat ca dinamic shared object (adica rezident in process) - DSO/mod_php). Al II-lea model, Worker este un model threaded-safe (multi thread). Un singur process apache poate sustine si 5000 de conexiuni. Deci, inca odata, aplicatia ta la ce este utila si ce anume face ? (epuizeaza numarul maxim de conexiuni acceptat de web server, are ca tinta epuizarea resurselor, sau ?!) Nota: am adus in discutie apache web server pentru ca este cel mai utilizat. Daca punem problema nginx-ului sau altor web servere lightweight sau event based, pur si simplu nu ai ce le face prin http flood. (cel putin nu la nivelul asta) De preferat cand faci un tool de genul este sa cunosti cum functioneaza un webserver (in afara de faptul ca are port 80 open) PS: replica vine in urma: Daca vreti discutii de genul, putem deschide un thread dedicat despre asta.

Banuiesc ca face http requests. Este bine de precizat ce anume foloseste un tool facut de tine. Si acum vin cu o intrebare pertinenta: - Daca utilizeaza requesturi http. Ce fel de user agent are ? O idee: - Daca nu are random user agents, poti aduce imbunatatirea asta. De preferat doar versiuni diverse de browsere. O alta idee: - De ce nu l-ai gandit multithreading ? (sa deschida un numar definiti de socketi, pentru ca asa saturezi un web server) ps: nu sunt interesat de atacuri ddos, ma intereseaza mai mult solutiile de mitigare.

Just a little note to announce that we released NAXSI, an Open Source, Positive Model Web Applicative Firewall for NGINX. Naxsi is now also an official OWASP project (yeepee !) Why ? Because, out there, first of all, there is not much open source WAFs, secondly, even if mod_security is awesome, we wanted something different, that is more reverse proxy oriented. And last but not least, as a security enthusiast, I’m not found of negative model when it comes to applicative firewalling, as js/html/*sql languages are so rich that it’s very hard to have a 100% coverage of possible injection vectors. You may find some examples here : ModSecurity SQL Injection Challenge: Lessons Learned - SpiderLabs Anterior (results of the mod_security bypass context). To make it short, a negative model requires a LOT of efforts to maintain a core rule set (and we’re far from being able to do what the mod security project has done). So, we are left with proprietary appliances, and as a hoster (more than 1.000 websites currently hosted), proprietary appliances are not even an option. This is why we decided to create NAXSI. How ? Well, positive model can be fairly complicated/long to configure when you have a huge web-site, or a web-site that allows a lot of rich/complex user inputs. So, we designed NAXSI to be as flexible and easy to configure as possible. So, here is a global overview of how it works : 1. NAXSI does not have ‘rules’, strictly talking. It will just “score” strange characters in user contents. When the request reaches a critical score, the request will be denied. 2. The learning mode heavily relies on NGINX’s power. When in a learning mode, all to-be-denied requests will be allowed, AND, posted back to a specific location (in NGINX’s term) pointing to a script that will analyze the request and generate the appropriate white-lists, write them to naxsi’s configuration file and reload NGINX. (Thanks to NGINX design, current connection’s won’t be closed, so it’s 100% invisible for the end-user) 3. Once you are in a “production” state (no more learning mode, NAXSI is indeed blocking the requests), all denied requests will be redirected to a specific location, where you can : 4. Depending on the user’s IP, turn it into learning mode (for some Ips, naxsi will always be in learning mode, and generate white-lists on the fly) 5. If the user’s thinks it’s a false positive, he can fill a captcha. If he decided to do so, a mail will be sent, with the associated generated white-lists and detailed request (full HTTP request, so that it can be reproduced) 6. Very simple rules syntax, allowing (for extreme cases) easy hand tuned white-list or negative rules writing. As you can see, we tried to make this as easy as possible to configure and use. During configuration, the user should never have to edit NAXSI’s white-list configuration by hand, as it’s 100% automatically generated via learning mode. You can even partially perform this part with a crawler (if yours is good enough). You can find more details on the googlecode’s page of the project : naxsi.googlecode.com. What ? Naxsi, thanks to NGINX power, can do pretty much whatever you want : turn on learning mode for some users only, redirect forbidden requests to another domain, a vhost, a single page. For those of you who have some knowledge about NGINX, you know how right I am, for the other’s, have a look at NGINX, it’s pure awesomeness ! When ? Naxsi is currently released on an “alpha” status, but we are already deploying in on various production sites. For those whishing to try naxsi, I ‘really’ recommand that you use the SVN to fetch last sources, as packaging is not done on a regular basis right now. Test ? We have setup a test box (referenced on naxsi’s wiki, here : OnlyTrustWhatYouCanTest - naxsi - Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx - Google Project Hosting where you can try naxsi by yourself, as we setup the box as a reverse proxy to on-purpose vulnerable websites ! Wanna help ? You’re welcome ! We are currently looking for some web developers to setup a nicer forbidden page and even a reporting interface. We are as well looking for some people to test the software and give us some feedback. What’s next ? We are currently thinking very seriously about supporting mod security CRS level 1 in NAXSI, so that we can have the perfect firewall, fitting every kind of web sites ! So, stay tuned ! Source: Naxsi, open source WAF (Web Application Firewall) for NGINX Download: https://github.com/nbs-system/naxsi

dariusmare: foloseste explode, definesti ce separator vrei

De ce nu folosesti mai simplu $_SERVER['REMOTE_ADDR'] ? Iti pui adresa ta ip acolo si aia e. De asemenea, ai putea folosi htaccess pe director (sau reguli cu allow from ... deny from all in htaccess) Sau combina-le: Password + verificare adresa ip remote (sa se indeplineasca ambele conditii)