Jump to content


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


OKQL last won the day on December 7

OKQL had the most liked content!

Community Reputation

1226 Excellent


About OKQL

  • Rank

Recent Profile Visitors

3585 profile views
  1. Security researchers have publicly disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after trying to get the device manufacturer to patch this easy-to-exploit flaw over the past few months. The problem is with a core component of the Genie DVR system that's shipped free of cost with DirecTV and can be easily exploited by hackers to gain root access and take full control of the device, placing millions of people who've signed up to DirecTV service at risk. The vulnerability actually resides in WVBR0-25—a Linux-powered wireless video bridge manufactured by Linksys that AT&T provides to its new customers. DirecTV Wireless Video Bridge WVBR0-25 allows the main Genie DVR to communicate over the air with customers' Genie client boxes (up to 8) that are plugged into their TVs around the home. Trend Micro researcher Ricky Lawshae, who is also a DirecTV customer, decided to take a closer look at the device and found that Linksys WVBR0-25 hands out internal diagnostic information from the device's web server, without requiring any authentication. When trying to browse to the wireless bridge's web server on the device, Lawshae was expecting a login page or similar, but instead, he found "a wall of text streaming before [his] eyes." Once there, Lawshae was able to see the output of several diagnostic scripts containing everything about the DirecTV Wireless Video Bridge, including the WPS pin, connected clients, running processes, and much more. What's more worrisome was that the device was accepting his commands remotely and that too at the "root" level, meaning Lawshae could have run software, exfiltrate data, encrypt files, and do almost anything he wanted on the Linksys device. Lawshae also provided a video, demonstrating how a quick and straightforward hack let anyone get a root shell on the DirecTV wireless box in less than 30 seconds, granting them full remote unauthenticated admin control over the device. The vulnerability was reported by the ZDI Initiative to Linksys more than six months ago, but the vendor ceased communication with the researcher and had yet not fixed the problem, leaving this easy-to-exploit vulnerability unpatched and open for hackers. So, after over half a year, ZDI decided to publicize the zero-day vulnerability, and recommended users to limit their devices that can interact with Linksys WVBR0-25 "to those that actually need to reach" in order to protect themselves. Via thehackernews.com
  2. se vede ca naiba pe tema alba
  3. macOS and iOS suffer from a kernel double free vulnerability due to IOSurfaceRootUserClient not respecting MIG ownership rules. advisory-info.txt iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules CVE-2017-13861 I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 [<a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=926" title="" class="" rel="nofollow">https://bugs.chromium.org/p/project-zero/issues/detail?id=926</a>] and CVE-2016-7633 [<a href="https://bugs.chromium.org/p/project-zero/issues/detail?id=954" title="" class="" rel="nofollow">https://bugs.chromium.org/p/project-zero/issues/detail?id=954</a>] If a MIG method returns KERN_SUCCESS it means that the method took ownership of *all* the arguments passed to it. If a MIG method returns an error code, then it took ownership of *none* of the arguments passed to it. If an IOKit userclient external method takes an async wake mach port argument then the lifetime of the reference on that mach port passed to the external method will be managed by MIG semantics. If the external method returns an error then MIG will assume that the reference was not consumed by the external method and as such the MIG generated coode will drop a reference on the port. IOSurfaceRootUserClient external method 17 (s_set_surface_notify) will drop a reference on the wake_port (via IOUserClient::releaseAsyncReference64) then return an error code if the client has previously registered a port with the same callback function. The external method's error return value propagates via the return value of is_io_connect_async_method back to the MIG generated code which will drop a futher reference on the wake_port when only one was taken. This bug is reachable from the iOS app sandbox as demonstrated by this PoC. Tested on iOS 11.0.3 (11A432) on iPhone 6s (MKQL2CN/A) Tested on MacOS 10.13 (17A365) on MacBookAir5,2 This bug is subject to a 90 day disclosure deadline. After 90 days elapse or a patch has been made broadly available, the bug report will become visible to the public. Found by: ianbeer Download GS20171212052309.tgz (2.1 KB) https://packetstormsecurity.com/files/145365/macOS-iOS-Kernel-IOSurfaceRootUserClient-Double-Free.html
  4. ShellcodeToAssembly Replace in shellcodetoasm.py with your shellcode. { Endian type is little endian. } shellcode = '' Installation git clone https://github.com/blacknbunny/ShellcodeToAssembly.git && cd ShellcodeToAssembly/ && pip2 install -r requirements.txt && python2 shellcodetoasm.py Modules manual installation pip install -r requirements.txt it can be pip2 install -r requirements.txt Usage python2 shellcodetoasm.py [returnbit] [architecture] [assembly-flavor] For example python2 shellcodetoasm.py 32 x86 att python2 shellcodetoasm.py 64 x86 Second one is auto intel Arhictectures ARM ARM64 MIPS ppc X86 Return Bit 32 64 Assembly Flavor ATT INTEL Demo: https://asciinema.org/a/xjWrXfftZS7BvSzVRd44LuzkP Download: ShellcodeToAssembly-master.zip or git clone https://github.com/blacknbunny/ShellcodeToAssembly.git Source: https://github.com/blacknbunny/ShellcodeToAssembly
  5. Sponsor pentru sport

    incearca la http://www.darkdog-energydrink.com/ energizante, suplimente, etc.. despre ce sume este vorba?
  6. Investitii in Cryptocurrencies

    liniștea dinaintea furtunii!
  7. O noua moneda virtuala UTN

  8. About SeKey is a SSH Agent that allow users to authenticate to UNIX/Linux SSH servers using the Secure Enclave How it Works? The Secure Enclave is a hardware-based key manager that’s isolated from the main processor to provide an extra layer of security. When you store a private key in the Secure Enclave, you never actually handle the key, making it difficult for the key to become compromised. Instead, you instruct the Secure Enclave to create the key, securely store it, and perform operations with it. You receive only the output of these operations, such as encrypted data or a cryptographic signature verification outcome. Limitations Only support MacBook Pro with the Touch Bar and Touch ID Can’t import preexisting key Stores only 256-bit elliptic curve private key Install & Usage Download: sekey-master.zip Source: https://github.com/ntrippar/sekey
  9. Pancake is a CLI/Emacs web/gopher/file browser. It utilizes pandoc and external downloaders such as curl, adding support for Gopher directories and plain text files, and invoking external applications (e.g., image and PDF viewers) depending on its configuration. User interaction capabilities are rather basic, as it is intended to be combined with software that provides better user interfaces – such as emacs, rlwrap, tmux, screen. cgit: https://git.uberspace.net/pancake/ github: https://github.com/defanor/pancake.git source distribution: pancake-0.1.7.tar.gz binaries (Linux, amd64): pancake-0.1.7-bin.tgz Debian binary package (amd64): pancake-0.1.7.deb See README for more information. 1. Other text-based web/gopher browsers Wikipedia lists a few major text-based web browsers, including Emacs-based ones. Pancake provides a combination of the things I liked about those, and the ones I have missed in those: Multi-protocol support (via curl or other pluggable downloaders). Multi-format support (via pandoc). Plain CLI. An Emacs interface without unnecessary blocking, and general support for embedding. Simplicity and small codebase, thanks to reusing the programs mentioned above. Efficient UI. Use of external programs to handle file types which it doesn't support. There are some drawbacks as well: A large executable file (70+ Mio uncompressed). Not as hackable in Elisp as pure (or mostly) Elisp browsers. Not as portable as C or Elisp ones. A relatively small set of features. Somewhat worse HTML parsing and rendering in some cases. Quite possibly more, depending on one's preferences. 2. Installation 2.1 Pancake cabal install would build and install pancake and its documentation. Alternatively, basic Debian packages and binary releases are available. 2.2 Emacs interface M-x package-install-file RET /path/to/pancake.el RET. To set it as your default emacs browser: (require 'pancake) (setq browse-url-browser-function 'pancake-browse-url) To load and show all images automatically (not just after saving them manually): (add-hook 'pancake-display-hook 'pancake-load-images) Though it might be desirable to write a wrapper to only show those on specific websites, e.g. webcomics, and perhaps specific images only. 3. Screenshots https://defanor.uberspace.net/projects/pancake/
  10. debugProxy is a HTTP/S proxy server that can be used by any device that supports using HTTP Proxy servers. Aditionally it is a web application that allows you to view, pause and modify traffic sent through the proxy. This means, for example, you can use debugProxy on your computer or tablet to view the traffic being sent from your phone or IOT device. For information on configuring devices or applications to use debugProxy have a look at our documentation pages. cURL If you have the curl program installed on your computer, you can test if the proxy works with this command: curl https://www.google.com/ --insecure --proxy fagiq:rhrnx@debugproxy.com:8080 If this command works as expected the requests and responses will be on the dashboard. SSL Traffic The proxy just works for HTTP requests, however to make HTTPS and HTTP2 requests a root certificate needs to be downloaded and installed. The debugProxy root certificates can be found on the certificates page. On most smart phones you can install the debugProxy root certificate by simply clicking on the certificate for your device. Try it now! Source: https://debugproxy.com/
  11. HP has an awful history of 'accidentally' leaving keyloggers onto its customers' laptops. At least two times this year, HP laptops were caught with pre-installed keylogger or spyware applications. I was following a tweet made by a security researcher claiming to have found a built-in keylogger in several HP laptops, and now he went public with his findings. A security researcher who goes by the name of ZwClose discovered a keylogger in several Hewlett-Packard (HP) laptops that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details. The Keylogger was found embedded in the SynTP.sys file, a part of Synaptics touchpad driver that ships with HP notebook computers, leaving more than 460 HP Notebook models vulnerable to hackers. Although the keylogger component is disabled by default, hackers can make use of available open source tools for bypassing User Account Control (UAC) to enable built-in keylogger "by setting a registry value." Here’s the location of the registry key: HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default The researcher reported the keylogger component to HP last month, and the company acknowledges the presence of keylogger, saying it was actually "a debug trace" which was left accidentally, but has now been removed. The company has released a Driver update for all the affected HP Notebook Models. If you own an HP laptop, you can look for updates for your model. The list of affected HP notebooks can be found at the HP Support website. This is not the very first time when a keylogger has been detected in HP laptops. In May this year, a built-in keylogger was found in an HP audio driver that was silently recording all of its users' keystrokes and storing them in a human-readable file. Get the list of affected hardware and patch here: https://support.hp.com/us-en/document/c05827409 Via thehackernews.com
  12. vand RDP

    99.9 % Up-time Gaurantee Unlimited Bandwidth 1 GBPS Port Pre-Installed Software Available .vandut
  13. A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal Liberman and Eugene Kogan, who discovered the Process Doppelgänging attack, presented their findings today at Black Hat 2017 Security conference held in London. Process Doppelgänging Works on All Windows Versions Apparently, Process Doppelgänging attack works on all modern versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10. Tal Liberman, the head of the research team at enSilo, told The Hacker New that this malware evasion technique is similar to Process Hollowing—a method first introduced years ago by attackers to defeat the mitigation capabilities of security products. In Process Hollowing attack, hackers replace the memory of a legitimate process with a malicious code so that the second code runs instead of the original, tricking process monitoring tools and antivirus into believing that the original process is running. Since all modern antivirus and security products have been upgraded to detect Process Hollowing attacks, use of this technique is not a great idea anymore. On the other hand, Process Doppelgänging is an entirely different approach to achieve the same, by abusing Windows NTFS Transactions and an outdated implementation of Windows process loader, which was originally designed for Windows XP, but carried throughout all later versions of Windows. Here's How the Process Doppelgänging Attack Works: Before going further on how this new code injection attack works, you need to understand what Windows NTFS Transaction is and how an attacker could leverage it to evade his malicious actions. NTFS Transaction is a feature of Windows that brings the concept of atomic transactions to the NTFS file system, allowing files and directories to be created, modified, renamed, and deleted atomically. NTFS Transaction is an isolated space that allows Windows application developers to write file-output routines that are guaranteed to either succeed completely or fail completely. According to the researcher, Process Doppelgänging is a fileless attack and works in four major steps as mentioned below: Transact—process a legitimate executable into the NTFS transaction and then overwrite it with a malicious file. Load—create a memory section from the modified (malicious) file. Rollback—rollback the transaction (deliberately failing the transaction), resulting in the removal of all the changes in the legitimate executable in a way they never existed. Animate—bring the doppelganger to life. Use the older implementation of Windows process loader to create a process with the previously created memory section (in step 2), which is actually malicious and never saved to disk, "making it invisible to most recording tools such as modern EDRs." Process Doppelgänging Evades Detection from Most Antiviruses Liberman told The Hacker News that during their research they tested their attack on security products from Windows Defender, Kaspersky Labs, ESET NOD32, Symantec, Trend Micro, Avast, McAfee, AVG, Panda, and even advance forensic tools. In order to demonstrate, the researchers used Mimikatz, a post-exploitation tool that helps extract credentials from the affected systems, with Process Doppelgänging to bypass antivirus detection. When the researchers ran Mimikatz generally on a Windows operating system, Symantec antivirus solution caught the tool immediately, as shown below: However, Mimikatz ran stealthy, without antivirus displaying any warning when executed using Process Doppelgänging, as shown in the image at top of this article. Liberman also told us that Process Doppelgänging works on even the latest version of Windows 10, except Windows 10 Redstone and Fall Creators Update, released earlier this year. But due to a different bug in Windows 10 Redstone and Fall Creators Update, using Process Doppelgänging causes BSOD (blue screen of death), which crashes users' computers. Ironically, the crash bug was patched by Microsoft in later updates, allowing Process Doppelgänging to run on the latest versions of Windows 10. I don't expect Microsoft to rush for an emergency patch that could make some software relying on older implementations unstable, but Antivirus companies can upgrade their products to detect malicious programs using Process Doppelgänging or similar attacks. This is not the very first time when enSilo researchers have discovered a malware evasion technique. Previously they discovered and demonstrated AtomBombing technique which also abused a designing weakness in Windows OS. In September, enSilo researchers also disclosed a 17-year-old programming error in Microsoft Windows kernel that prevented security software from detecting malware at runtime when loaded into system memory. Via thehackernews.com
  14. O noua moneda virtuala UTN

    a m ai fost postata spamezi de rupi normele
  15. Dagon - Advanced Hash Manipulation Named after the prince of Hell, Dagon (day-gone) is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and much more. Note: Dagon comes complete with a Hash Guarantee: I personally guarantee that Dagon will be able to crack your hash successfully. At any point Dagon fails to do so, you will be given a choice to automatically create a Github issue with your hash. Once this issue is created, I will try my best to crack your hash for you. The Github issue is completely anonymous, and no questions will be asked. This is my way of thanking you for using Dagon. There are alternatives to using the automatic issue creator. If you do not want your hash publicly displayed, and feel Dagon has failed you, feel free to create your own issue. Or send an email with the hash information to dagonhashguarantee@gmail.com Screenshots Bruteforcing made easy with a built in wordlist creator if you do not specify one. The wordlist will create 100,000 strings to use Verify what algorithm was used to create that hash you're trying to crack. You can specify to view all possible algorithms by providing the -L flag (some algorithms are not implemented yet) Random salting, unicode random salting, or you can make your own choice on the salt. Demo video Download Preferable you can close the repository with git clone https://github.com/ekultek/dagon.git alternatively you can download the zip or tarball here Basic usage For full functionality of Dagon please reference the homepage here or the user manual python dagon.py -h This will run the help menu and provide a list of all possible flags python dagon.py -c <HASH> --bruteforce This will attempt to bruteforce a given hash python dagon.py -l <FILE-PATH> --bruteforce This will attempt to bruteforce a given file full of hashes (one per line) python dagon.py -v <HASH> This will try to verify the algorithm used to create the hash python dagon.py -V <FILE-PATH> This will attempt to verify each hash in a file, one per line Installation Dagon requires python version 2.7.x to run successfully. git clone https://github.com/ekultek/dagon.git cd Dagon pip install -r requirements.txt This should install all the dependencies that you will need to run Dagon Contributions All contributions are greatly appreciated and helpful. When you contribute you will get your name placed on the homepage underneath contributions with a link to your contribution. You will also get massive respect from me, and that's a pretty cool thing. What I'm looking for in contributions is some of the following: Hashing algorithm creations, specifically; A quicker MD2 algorithm, full Tiger algorithms, Keychain algorithms for cloud and agile More wordlists to download from, please make sure that the link is encoded Rainbow table attack implementation More regular expressions to verify different hash types Source: https://github.com/Ekultek/dagon