Jump to content

Nabukadnezar

Active Members
  • Posts

    84
  • Joined

  • Last visited

Converted

  • Occupation
    inapzor
  • Location
    Romania

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Nabukadnezar's Achievements

Newbie

Newbie (1/14)

10

Reputation

  1. "There is no way to fix this vulnerability," Duc says. "Asus, Lenovo, and Toshiba have to remove this function from all the models of their laptops ... [they] must give an advisory to users all over the world: Stop using this [biometric] function." lol ?i ce vor s? facem... s? r?mânem cu protec?ia prin parol?? asta era aia eficient?? anyway soft-urile astea sunt înc? la început, e greu s? te loghezi ?i cu propria fa?? dac? de exemplu e prea întuneric în camer? sau ?i-ai l?sat breton sau etc. oricum cine vrea s?-?i protejeze datele se bazeaz? pe encrip?ie, nu pe un windows infailibil
  2. demo root@bt:~# ./hack nasa.gov nasa.gov hacked do u want 2 hack again? (yes/nope) yes what? norad.mil norad.mil hacked do u want 2 hack again? (yes/nope) nope codul surs?: (nu încerca?i a-l în?elege; E MULT PREA COMPLICAT) #!/bin/sh # priv8 0day l33t auto-h4x0r # created by Elite Nabukadnezar # shouts go to: my mom # h8z go to: all the fake geez out there # do not distribute or I will personally hunt you down and kill your cat (WITH FIRE!) q1() { echo -n "do u want 2 hack again? (yes/nope) " read lameanswer case "$lameanswer" in "yes" ) q2 ;; "nope" ) exit ;; * ) echo "use English mother fucker!"; q1 ;; esac } q2() { echo -n "what? " read victim echo $victim hacked q1 } if [ $* ]; then echo "$*" hacked q1 else q2 fi
  3. aha k ms pt raspuns v?zui vid cu mobile hackerul lui doomclip ?i am r?mas impresionat de cuno?tiin?ele lui vaste în batch scripting (echo bot 1 connected ?i tot a?a)
  4. aham citii numele threadului si am inteles despre ce vorbeati oricum, daca doar captcha-ul e protectia atunci se poate folosi bruter
  5. de ce vorbi?i de ”aranjamente de 26 ( sau 52,62,72 ) luate cate 5,6,7” c? nu m? prinsei pân? la urm? de ce n-ar merge?
  6. L O L cam ?sta e nivelul forumului când vine vorba de linux în schimb to?i au auzit de backtrack ?i ?tiu s? intre în el (pentru c? scrie la început ce trebuie f?cut) anyway, on topic: exclusiv linux doar aproximativ un an (nu aveam windows-ul in boot menu) ?i în paralel restul timpului
  7. click aci s? vede?i versiunea normal? 2.0
  8. u?u nu ?tiam de asta acolo pe site v?zui Release: Ultimate Edition 2.0 Gamers are 4.3 giga faved ?i-l iau imediat ce conectez dvd writerul la calc eu îmi schimb recomandarea... cred c? cel mai bine bagi Ultimate Edition 2.0 Gamers si dai un copy la directorul /pentest dupa bt4 beta
  9. dac? ai de gând s? r?mâi cu el eu zic s? stai o zi întreag? ?i s? testezi cel pu?in 5 distribu?ii. Î?i recomand s? începi cu astea: Mint, DVL
  10. 10 feb seara
  11. rezumat: pune?i-v? o parol? gen "w@erwl2$" da sper ca nici m?car rezumatul s? nu fie citit de cineva
  12. http://209.85.129.132/search?q=cache:4eY0ub7aCt4J:www.zone-h.org/+zone+h&hl=pl&ct=clnk&cd=1&gl=pl
  13. ============================================== Security Advisory: Banks in Taiwan militan (Lin, Chia-Jun) militan.c7 [at] gmail.com Advanced Defense Lab, NCU CSIE TAIWAN 12th February, 2009 ============================================== I. VULNERABILITY ------------------------- Blind Command(SQL, LDAP) Injection Information Leakage Banks below are vulnerable: Union bank of Taiwan. www.ubot.com.tw SinoPac Securities. www.sinotrade.com.tw prudential uk in Taiwan. www.pcafunds.com.tw II. DESCRIPTION ------------------------- Some banks or fund companies contain vulnerabilities while handling account information, it may cause information leakage. Usually the input is sanitized indeed, but some specific pages do not perform the validation properly. Otherwise, sometimes error messages also show the architecture of web sites. III. POC ------------------------- 1. Union bank: may be susceptible to blind injection. http://adl.csie.ncu.edu.tw/~militan/Ubot1.jpg http://adl.csie.ncu.edu.tw/~militan/Ubot2.jpg 2. prudential uk in Taiwan: Get information first(JNDI LDAP), then do the LDAP injection. http://adl.csie.ncu.edu.tw/~militan/PCAFunds1.jpg http://adl.csie.ncu.edu.tw/~militan/PCAFunds2.jpg http://adl.csie.ncu.edu.tw/~militan/PCAFunds3.jpg 3. SinoPac Securities: The page re-generates the password in Javascript. It`s not a vulnerability, but a insecure behavior in programming. http://adl.csie.ncu.edu.tw/~militan/SinoTrade.JPG IV. SOLUTION& CONCLUSION ------------------------- Strip all symbols in ANY input variable. This advisory prove that sites of banks are not secure enough. Vulnerabilities may be fixed up in a very short time because details were sent to them already Citi?i ?i: http://www.koreatimes.co.kr/www/news/tech/2009/02/129_39347.html
  14. http://www.securestate.com/Pages/Fast-Track.aspx
  15. The Register raporteaz?: http://www.theregister.co.uk/2009/02/10/new_dns_amplification_attacks/ Pe scurt, din ce în ce mai mul?i hackeri floodeaza target-uri cu ajutorul NS-elor. Scenariu: kw3rln vrea s? timeouteze () asdf.com; el are o list? de mii de nameservere ?i trimite la fiecare request-uri "get root servers" (nush denumirea tehnic?), spoofând îns? IP-ul pachetelor UDP, astfel încât nameserverele s? r?spund? c?tre asdf.com Pachetul primit de target de la nameserver con?ine: C:\Users\Dark Zagatu>nslookup DNS request timed out. timeout was 2 seconds. Default Server: UnKnown Address: 192.168.0.1:53 > server ns.infogate.ro Default Server: ns.infogate.ro Address: 80.96.198.2 > set type =ns Unrecognized command: set type =ns > set type=ns > . Server: ns.infogate.ro Address: 80.96.198.2 Non-authoritative answer: (root) nameserver = I.ROOT-SERVERS.NET (root) nameserver = J.ROOT-SERVERS.NET (root) nameserver = K.ROOT-SERVERS.NET (root) nameserver = L.ROOT-SERVERS.NET (root) nameserver = M.ROOT-SERVERS.NET (root) nameserver = A.ROOT-SERVERS.NET (root) nameserver = B.ROOT-SERVERS.NET (root) nameserver = C.ROOT-SERVERS.NET (root) nameserver = D.ROOT-SERVERS.NET (root) nameserver = E.ROOT-SERVERS.NET (root) nameserver = F.ROOT-SERVERS.NET (root) nameserver = G.ROOT-SERVERS.NET (root) nameserver = H.ROOT-SERVERS.NET B.ROOT-SERVERS.NET internet address = 192.228.79.201 C.ROOT-SERVERS.NET internet address = 192.33.4.12 D.ROOT-SERVERS.NET internet address = 128.8.10.90 E.ROOT-SERVERS.NET internet address = 192.203.230.10 G.ROOT-SERVERS.NET internet address = 192.112.36.4 H.ROOT-SERVERS.NET internet address = 128.63.2.53 H.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:1::803f:235 I.ROOT-SERVERS.NET internet address = 192.36.148.17 J.ROOT-SERVERS.NET internet address = 192.58.128.30 J.ROOT-SERVERS.NET AAAA IPv6 address = 2001:503:c27::2:30 K.ROOT-SERVERS.NET internet address = 193.0.14.129 K.ROOT-SERVERS.NET AAAA IPv6 address = 2001:7fd::1 L.ROOT-SERVERS.NET internet address = 199.7.83.42 L.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:3::42 > Eventual kw3rln poate alterna cu requesturi "get tld servers" ("com" in loc de ".") sau "get zone information" ("soa" in loc de "ns" si apoi un domeniu). Acest tip de flood este foarte u?or de implementat a?a c? v? urez succes.
×
×
  • Create New...