Jump to content

M2G

Moderators
  • Posts

    1838
  • Joined

  • Last visited

  • Days Won

    31

Everything posted by M2G

  1. M2G

    Heya! RST

    Bine ai venit. Daca zici ca iti place programarea da un ochi pe aici: Index of / Ai de unde invata. Iti sugerez sa nu te gandesti la unul care e "n00b" dupa cum zici tu ca si la o persoana care e "prostul scolii" in comunitatea aceasta. Nu suntem nascuti invatati asa ca fiecare a fost incepator la un momentdat. E ok sa fii incepator si sa stii(zici) asta, astfel vei primii sprijinul de care ai nevoie. Bafta.
  2. Many times I find myself having to write my own tool in order to exploit a Blind SQL Injection which public tools normally would not be able to exploit. It may be because it is behind a WAF/IDS, or for a SQL challenge, or because it is Base64 encoded or some other peculiar situation where normal SQLi attack tools just will not work. What I will demonstrate in this post is a way of taking a shortcut and avoiding having to create your own program by using Burp Suite which will hopefully save you valuable time. I highly recommend Burp for anyone that is serious about pen-testing. The Pro version is very affordable and has a great ton a features which makes auditing a breeze (the easter egg is hilarious too). Once a target has been set in the scope and a SQL Injection has been located, we send the URL to Burp's Intruder. Next step is to define the SQL Injection and the position where the character to be brute-forced will be. For this example, I will be extracting the database(). After setting the position, we need to define the payload. We select numbers as our payload and define a range from 32 to 126. If you look at the Ascii table, this range accounts for all the characters that we need. [img[http://www.websec.ca/img/burp-sqli/define_payload.png The last step before launching the attack is to set a string to be matched when the query returns true, just like you would with any other SQLi tool. In this case, the string to be matched will be 'lightos'. Now we can go to the menu under Intruder and select Start Attack. This will open a window that will display the results from each request. When the string is matched, it will clearly be displayed and that will indicate which is the correct character. he string was successfully matched on number 84, which is the decimal representation of the letter T. This is the first letter of database(), which value is Test. I have included the following video to better demonstrate the process: Burp Suite Sursa
  3. Amaratul ala de jar e o librarie pe care o poti folosii in proiectul tau pentru a apela diverse metode din clase deja scrise. Trebuie sa setezi acel jar in proiectul tau ca sa poata sa iti vada acele clase inpachetate acolo. Nu am prea lucrat cu android. Foloseste Eclipse ca si IDE si iti zice el ce posibilitati ai de importuri (use ctrl+space). Nu prea inteleg ce vrei sa faci si de ce nu iti merge, ce exceptii iti arunca? Un printscreen cu stack-ul ar ajuta foarte mult. Da mai mult detalii, pune println-uri. Pune breackpointuri si intra in debug mode sa vezi unde ajung mesajele si ce ajunge. Cauta pe google si incearca sa intelegi logica programului in cazul in care ai gasit acolo exemple pe care doar le rulezi. Da-mi in pm un exemplu de cod daca nu reusesti si incerc sa te ajut.
  4. Posteaza articole care tin de domeniul forumului daca vrei sa mai ramai pe aici. https://rstcenter.com/forum/55163-warnuri-si-banuri-pentru-offtopic.rst
  5. Nu am nimic cu tine dar hai sa nu mai fim hateri si sa ne uitam putin si in oala noastra.
  6. M2G

    PLC Programming

    Ti-am zis prostii, lasa. Scuze, credeam ca e vorba despre microcontrollere.
  7. M2G

    PLC Programming

    Ce mictrocontroller folosesti si ce limbaj vrei pentru el? ASM sau C? De obicei e suficient datasheet-ul mictrocontrollerului, acolo iti scrie toti registrii si cum sa ii setezi.
  8. Le urc si acolo acum. Doar ca acolo apar mai greu ca dureaza pana le muta tex dintr-o parte in alta. Revin aici cu edit la link-ul de pe docs.rtfm cand or sa fie disponibile acolo.
  9. Am vazut pe aici ca multa lume ar vrea sa invete andoid. Content: Download: [RST] Carti Android - Ge.tt Adresa de pe Docs.rtfm.us: http://docs.rtfm.us/Users/M2G/Android/Android%20eBooks/
  10. Inca merge. Toata chestia e ca sa oprit developementul. Nu o sa il mai imbunatateasca si nu or sa mai apara versiuni noi. Cele vechi or sa mearga, nu au legatura cu faptul ca a renuntat la proiect.
  11. Nu cred ca e chiar asa. Toate acele optiuni erau clar optiunile unui troian. Aveai filemager, suport pentru decriptarea parolelor salvate in browsere(stealer), functii prin care puteai ascunde taskbar-ul sau chestii degenul acesta. Optiuni care sunt clare dezvoltate avand in minte un troian. Daca nu ma insel avea un buton prin meniu care trimitea pe site-ul lui BUNNN pentru a cumpara father crypter. Ca folosea ca si "cover" povestea cu protejarea calculatorului, supravegherea copiilor e altceva. Cred ca a dat de probleme cu autoritatile si acum a zis povestea asta ca sa se scoata cu fata curata. Probabil oricine ar fi facut la fel daca ar fi fost in locul lui. Depinde cum privesti lucrurile...
  12. It is with deep regret that i am here to announce the end of project DarkComet RAT after over 4 years of developement, hardwork day and night to offer you for free a tool with the will to meet community's expectations for a program of type Remote Administration Tool. I have devoted years with a nonprofit philosophy for you to enjoy without asking anything in return other than respect of the rules, unfortunately some of you couldn't respect the terms so because of you (generally speaking) made the DarkComet RAT geo cruiser end. i still wish to point out that i will remain on the scene of Computer Security and will keep developing freeware softwares but this time without having me taking risks because none of the futur ones will be close to be a Malware. This obviously means the deletion of the following softwares: (Celesty binder, Comet Beam, VertexNET Loader and the project FrozenTime RAT who was under developement for you .. unwisely.) But all the knowledge i acquired developing my computer security projects isn't lost considering i will only be doing softwares that require confirmations etc to install themselves and remain visible (impossible to cheat this time) Unlike what a handfull of people think i never cautioned small/huge hacker groups who used my software wrongly, my goals always where to provide acces to tools more powerfull than any paying/private existing tool in terms of security and all for free ! (for familys who wished to keep there eye on their kids or regular folks looking into acquiring some experience with such tools, users who wished to keep track on their machine any place in the world etc.) Why did i take such a decision ? Like it was said above because of the missuse of the tool, and unlike so many of you seem to believe i can be held responsible of your actions, and if there is something i will not tolerate is to have to pay the consequences for your mistakes and i will not cover for you. The law is how it is and i must abide by the rules, yes its unfortunate for devs in security but thats how it is. Without mentioning what happenened in Syria... Finally i wish to thank all those who supported me over the years aswell as all those who followed the rules: Damien Bancal (http://zataz.com), Mohit Kumar (http://TheHackerNews.com), $Instincts$, Nacra, DALLOZ, Kevin Mitnick (http://mitnicksecurity.com), Read101 (Former leader of the crew Are you Fearless) and all those i couldn't list publicly because the list would be way too long.. DarkComet RAT ends like this after several years of res/dev and with thousands of users through the world, hundreds of codes lines and over ten versions if you include (synRAT), the source codes will remain private and not for sale. This was a very hard decision to take, probably the hardest i ever had because after so many years its more than just a project, its a piece of you. ~DarkcoderSc (Jean-Pierre LESUEUR) Link: DarkComet RAT - Official
  13. Daca vine garda, fugi.
  14. Security Researchers from S21sec, has spotted two major changes in the latest version of Citadel Trojan. The two major changes 'Anti-emulator' and 'Encryption change' try to make malware analysts' life harder. The anti-emulator: When it starts, a built-in detective checks if it is running in a virtual machine or in sandboxed environment (CWSandbox, VMware, Virtualbox). If it detects their presence, it starts to behave differently. Details were not disclosed, and the technology is very tricky. According to researchers, It simply scans through the resources of the currently running processes and looks for specific patterns for instance inside the "CompanyName" field, such as 'vmware','sandbox','virtualbox','geswall'. While running in the VM, The Trojan creates a fake domain name and attempts to connect to it. This strategy should fool the researchers into believing that the (C&C) command and control server cannot be reached and that the bot is dead. This is not the only change brought to Citadel. Experts have found that the RC4 is slightly different compared to previous versions, an internal hash being added to the algorithm. Sursa
  15. A password is the only thing that protects secure information on a network system. If we want to access secure information, we must be an authorize members of the system or network. According numerous security studies, passwords are the biggest security hole in any network. If any unauthorized individual manages to get the right password, he will be able to access secure data on the system. Although many systems try to improve security using various methods there are some tools which are far more effective at hacking into a network system than others. THC Hydra is one of the primary tools that can show how easy it is to gain unauthorized access to a network system from remote location. THC Hydra is not the only tool that can crack FTP or Telnet passwords from a remote computer. Indeed, there are various tools available that can both do the job and also support various protocols while using a parallel connection to crack a network. But THC Hydra is considered the best weapon for hacking a network, as it is known for its speed and efficiency. The THC Hydra performs a brute-force attack based on a password dictionary. Brute-force Attack: Brute-force attack is the most widely used attack for password cracking. This attack uses all possible permutations of a password until the correct password is found. For example: If the password is 3 characters long and consists of both letters and numbers. Then a brute-force attack will use 2,38,328 different password as your password. For First character: total lower case letters (26) + total upper case letters (26) + total numbers (10) = 62 For Second character: same = 62 For Third character: same = 62 Total permutations = 62*62*62 = 2,38,328 About THC Hydra: Before learning about password cracking with this tool, you must know few things about the method itself. THC Hydra is the fast network logon cracker. It connects with multiple parallel connections from the remote system and then starts its attack. It is able to crack passwords used by all kinds of services. Compared with other available logon password crackers, this tool supports more services and protocols and is faster than others. List of Protocols THC Hydra supports: These are the protocols that this tool supports, and we can crack the password of all these services using this logon method: AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. Supported Platforms: This network logon cracker is available for most of the available platforms including those listed below: All UNIX platforms (Linux, Solaris, etc.) Mac OS/X Windows with Cygwin (both ipv4 and ipv6) Mobile systems based on Linux or Mac OS/X (e.g. Android, iPhone, Zaurus, iPaq) Hydra Explained and its Usage: For command line usage, we will use following command: Here a different argument has a different meaning. Read the meaning of these commands in the line arguments below: How to crack Telnet password with THC Hydra: First of all, download Hydra from the official website. If you are using the Windows version, you will have to work on a console as there are no GUI for Windows users. I am demonstrating this tool on a Windows system below. Download the zip file and extract it on the system. Now follow these steps: Click on Start, type CMD in the search bar (in Windows 7), and open command prompt. Now change the command prompt location to the hydra folder by using CD command. Now we will execute the Hydra by typing hydra.exe in the command prompt Now we need to select the target computer. At this moment we can use Nmap for scanning IP and open ports. So download the Nmap in your system. Windows users should download the Windows version. After downloading Nmap, scan for IPs in range. Also check for open ports in these IP addresses. How to Use Nmap? The use of Nmap is really simple. If you do not know, I will be posting a more detailed article shortly, which will help you. Suppose I am in a network which has IP series of 192.168.0.x and I want to break into the Telnet of a system in this network. I will use Nmap to find my target system. First of all, we will scan to check which systems are alive on the network. Use Nmap to perform a simple ping and get the list of all systems alive on the network. Use this command: Now see the results of this ping scan. You will get the list of all IP addresses in the system which are alive. I will pick one from the list to target. I have chosen the system with IP address 192.168.0.7 Now we will check whether the Telnet port is open in the target computer or not. So use this command for simple port scan: This command will show you all the services currently running on the target computer. If the Telnet service is running on the target system, we are ready for the attack. If not, we will have to select another computer for the attack. After locating a suitable target, we will begin the attack using Hyrdra. There are two pieces of data we need to have on hand before we can begin the attack: the username list and a password list. The username list is being used in case we do not know the username. The password list will contain the list of passwords that will be used by Hydra for brute-forcing. Case 1: Suppose we know the username. Let us assume that the username for the target Telnet is admin. Now we will use the command to run the attack: Here in passlist.txt is the list of possible passwords. Hydra will use each password for the selected username and will try to login. If a password from the list is matched, it will stop the scanning and show the username and password combination for the target Telnet. If no password from the passlist.txt matches with the username, it will simply stop the scan. If you want to save the scan results into a file, you will have to change the command and add the name of the output file into command line argument. This command will save the result to the output file test.txt. Case 2: In case you do not know the username, you can use the guess list of usernames along with the password list. Now we will use the command to run the attack: In username.txt the system stores the guess list for possible usernames for the target admin. In addition, passlist.txt is the guess list for possible passwords. To save the result in an output file, we will use a similar command to the one I have already written. The only difference is that we will utilize the username list here: One thing to note is that using a username and password list changes one thing in the command that is not noticeable for all users. When I have executed the command for a single username, I used –l admin, but I use -L username.txt when I used a list. Here we can see the difference between –L and-l: When I use a single username, I use small caps for l, but when using the username list, I use a capital L. If you are on Ubuntu or any other Linux-based operating system, this tool will be easier to use. This tool comes with a nice GUI for Linux-based operating systems, so you will not need to learn Hydra commands. Working with this system requires using similar tools and commands are executed in the background of GUI. This was a short demonstration of cracking Telnet passwords using a Hydra network logon cracker. How to Crack FTP Password with THC Hydra: In the previous section I wrote about cracking Telnet passwords with Hydra. As I already mentioned, this method is a network logon cracker and it supports many network protocols. As a result, Hydra is used to crack most of network logins. Cracking FTP passwords essentially involves the same process as cracking Telnet passwords. You just need to find the target system with an open FTP port, and then use Hydra to crack the passwords with a password dictionary. If you are not sure about the username, you can use username dictionary along with the password dictionary. Now we will use the command to run the attack: You can see that the command is similar to the command used with Telnet cracking. Only here I have replaced the Telnet with “ftp” to tell Hydra that it has to attack the FTP port this time. You can change the target system’s IP accordingly. You can also use admin list as given below: All other things are almost exactly the same: You can use “ftp” to replace any other supported protocols. How to Protect Against a Hydra Attack: Protection against this kind of brute-force attack is divided into three parts: Always check your logs against suspicious activity. Log files will help you learn more about the attacker. Always use strong password that are adequate in length. Use both upper and lower cases, numbers, and special characters. Always restrict the number of invalid logins that can be attempted, and then block the login from that IP Conclusion: THC Hydra is really a nice and effective network logon cracker. Of all the available network login cracking tools, it is the most effective. It also uses dictionary-based attacks with multiple connections, which makes it faster than other tools. So always use the strongest passwords possible. If you use a strong password, which incorporates the use of capital and small letters, numbers, and special characters, then you increase security by increasing the number of permutations Hydra must extrapolate. You can also setup server restrictions in which you can disallow login after 3 invalid login attempts. This will block a brute-force attack Reference: https://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29 Thc-hydra - Aldeid http://www.thc.org/thc-hydra/README Sursa
  16. M2G

    Class hour

    Hai ca ma bag si eu. Ca elev la alte sectiuni si ca prof pe java daca sunt persoane interesate.
  17. M2G

    Class hour

    Dupa fiecare lectie sa se dea cateva teme, probleme de rezolvat si o saptamana la dispozitie. Cursantii care nu rezolva, ban 5 zile. La 3 banuri, exclusi din clasa respectiva. Daca nu isi asuma responsabilitatea aceasta inseamna ca nu vor sa invete si nu au ce cauta pe clasa respectiva.
  18. Nu sectiunile sunt problema. Ai ceva de zis despre domeniile de care vorbesti? Atunci posteaza.
  19. Consider ca programul nu se ridica asteptarilor mele, ca este deprecated, ca nu are un design destul de bun si ca se poate mai bine. Pana cand o sa am timp sa fac o alta versiune, proiectul acesta e abandonat complet. Intr-o versiune viitoare, daca o sa fie una, o sa fie totul rescris de la 0 intr-un stil mai profesionist. Closed!
  20. Sau mai simplu si fara alte third party. Control Panel\Network and Internet\Network Connections
  21. Inca nu e in stadiul final. Daca era, probabil era lansat deja. E normal sa apara erori pe asa aplicatii mari la care sa facut un redesign total atat in frontend cat si in backend. Nu am incercat noul sistem de operare, o sa il iau cand apare versinea finala dar toate persoanele cu care am discutat au avut cuvinte de lauda despre el.
  22. Pai eu daca fac un program prog1.1.exe si ti-l dau tie. Tu "nu prea poti sa il editezi". Eu am codul sursa si il modific cum vreau. Dupa modificari zic ca e prog1.2.exe si iti trimit iar programul gata compilat. Dupa ce ai scris un program nu trimiti sursa, trimiti doar fisierele binare care sunt gata compilate. Astfel tu ca si dezvoltator ai codul sursa si poti modifica ce vrei tu si cum vrei tu. Cei care au doar executabilul nu pot face asta decat prin reverse engineering.
  23. Suna fancy dar nu prea dau multe detalii despre cum e implementat, care e cheia criptarii(cheie care are doar numere sau are si alte caractere). Din cate am inteles din ce am citit acea cheie era formata doar din numere. Nu specifica nimic despre modul in care sa generat entropia. E interesant pentru cei care fac cercetare in domeniul acesta dar fiind vorba de un sistem criptografic care inca nu e standardizat era oarecum de asteptat sa se intample asta. Aceste cercetari au loc pentru a demonstra securitatea sau insecuritatea unui anumit standard(algoritm criptografic). Deocamdata sistemele criptografice bazate pe chei publice sunt inca sigure. Ramane de vazut ce o sa se intample odata cu dezvoltarea puterii de calcul. http://courses.csail.mit.edu/6.897/spring04/L25.pdf
  24. PDF: http://crypto.stanford.edu/cs155old/cs155-spring10/papers/web-session-management.pdf
  25. PDF: http://seclab.stanford.edu/websec/chromium/chromium-security-architecture.pdf Despre sandbox: Sandbox - The Chromium Projects
×
×
  • Create New...