Nabukadnezar
Active Members-
Posts
84 -
Joined
-
Last visited
Converted
-
Occupation
inapzor
-
Location
Romania
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
Nabukadnezar's Achievements
Newbie (1/14)
10
Reputation
-
"There is no way to fix this vulnerability," Duc says. "Asus, Lenovo, and Toshiba have to remove this function from all the models of their laptops ... [they] must give an advisory to users all over the world: Stop using this [biometric] function." lol ?i ce vor s? facem... s? r?mânem cu protec?ia prin parol?? asta era aia eficient?? anyway soft-urile astea sunt înc? la început, e greu s? te loghezi ?i cu propria fa?? dac? de exemplu e prea întuneric în camer? sau ?i-ai l?sat breton sau etc. oricum cine vrea s?-?i protejeze datele se bazeaz? pe encrip?ie, nu pe un windows infailibil
-
demo root@bt:~# ./hack nasa.gov nasa.gov hacked do u want 2 hack again? (yes/nope) yes what? norad.mil norad.mil hacked do u want 2 hack again? (yes/nope) nope codul surs?: (nu încerca?i a-l în?elege; E MULT PREA COMPLICAT) #!/bin/sh # priv8 0day l33t auto-h4x0r # created by Elite Nabukadnezar # shouts go to: my mom # h8z go to: all the fake geez out there # do not distribute or I will personally hunt you down and kill your cat (WITH FIRE!) q1() { echo -n "do u want 2 hack again? (yes/nope) " read lameanswer case "$lameanswer" in "yes" ) q2 ;; "nope" ) exit ;; * ) echo "use English mother fucker!"; q1 ;; esac } q2() { echo -n "what? " read victim echo $victim hacked q1 } if [ $* ]; then echo "$*" hacked q1 else q2 fi
-
aha k ms pt raspuns v?zui vid cu mobile hackerul lui doomclip ?i am r?mas impresionat de cuno?tiin?ele lui vaste în batch scripting (echo bot 1 connected ?i tot a?a)
-
aham citii numele threadului si am inteles despre ce vorbeati oricum, daca doar captcha-ul e protectia atunci se poate folosi bruter
-
de ce vorbi?i de ”aranjamente de 26 ( sau 52,62,72 ) luate cate 5,6,7” c? nu m? prinsei pân? la urm? de ce n-ar merge?
-
click aci s? vede?i versiunea normal? 2.0
-
u?u nu ?tiam de asta acolo pe site v?zui Release: Ultimate Edition 2.0 Gamers are 4.3 giga faved ?i-l iau imediat ce conectez dvd writerul la calc eu îmi schimb recomandarea... cred c? cel mai bine bagi Ultimate Edition 2.0 Gamers si dai un copy la directorul /pentest dupa bt4 beta
-
dac? ai de gând s? r?mâi cu el eu zic s? stai o zi întreag? ?i s? testezi cel pu?in 5 distribu?ii. Î?i recomand s? începi cu astea: Mint, DVL
-
10 feb seara
-
rezumat: pune?i-v? o parol? gen "w@erwl2$" da sper ca nici m?car rezumatul s? nu fie citit de cineva
-
http://209.85.129.132/search?q=cache:4eY0ub7aCt4J:www.zone-h.org/+zone+h&hl=pl&ct=clnk&cd=1&gl=pl
-
============================================== Security Advisory: Banks in Taiwan militan (Lin, Chia-Jun) militan.c7 [at] gmail.com Advanced Defense Lab, NCU CSIE TAIWAN 12th February, 2009 ============================================== I. VULNERABILITY ------------------------- Blind Command(SQL, LDAP) Injection Information Leakage Banks below are vulnerable: Union bank of Taiwan. www.ubot.com.tw SinoPac Securities. www.sinotrade.com.tw prudential uk in Taiwan. www.pcafunds.com.tw II. DESCRIPTION ------------------------- Some banks or fund companies contain vulnerabilities while handling account information, it may cause information leakage. Usually the input is sanitized indeed, but some specific pages do not perform the validation properly. Otherwise, sometimes error messages also show the architecture of web sites. III. POC ------------------------- 1. Union bank: may be susceptible to blind injection. http://adl.csie.ncu.edu.tw/~militan/Ubot1.jpg http://adl.csie.ncu.edu.tw/~militan/Ubot2.jpg 2. prudential uk in Taiwan: Get information first(JNDI LDAP), then do the LDAP injection. http://adl.csie.ncu.edu.tw/~militan/PCAFunds1.jpg http://adl.csie.ncu.edu.tw/~militan/PCAFunds2.jpg http://adl.csie.ncu.edu.tw/~militan/PCAFunds3.jpg 3. SinoPac Securities: The page re-generates the password in Javascript. It`s not a vulnerability, but a insecure behavior in programming. http://adl.csie.ncu.edu.tw/~militan/SinoTrade.JPG IV. SOLUTION& CONCLUSION ------------------------- Strip all symbols in ANY input variable. This advisory prove that sites of banks are not secure enough. Vulnerabilities may be fixed up in a very short time because details were sent to them already Citi?i ?i: http://www.koreatimes.co.kr/www/news/tech/2009/02/129_39347.html
-
[Lansare] BackTrack 4 Beta + FastTrack
Nabukadnezar replied to Nabukadnezar's topic in Stiri securitate
http://www.securestate.com/Pages/Fast-Track.aspx -
The Register raporteaz?: http://www.theregister.co.uk/2009/02/10/new_dns_amplification_attacks/ Pe scurt, din ce în ce mai mul?i hackeri floodeaza target-uri cu ajutorul NS-elor. Scenariu: kw3rln vrea s? timeouteze () asdf.com; el are o list? de mii de nameservere ?i trimite la fiecare request-uri "get root servers" (nush denumirea tehnic?), spoofând îns? IP-ul pachetelor UDP, astfel încât nameserverele s? r?spund? c?tre asdf.com Pachetul primit de target de la nameserver con?ine: C:\Users\Dark Zagatu>nslookup DNS request timed out. timeout was 2 seconds. Default Server: UnKnown Address: 192.168.0.1:53 > server ns.infogate.ro Default Server: ns.infogate.ro Address: 80.96.198.2 > set type =ns Unrecognized command: set type =ns > set type=ns > . Server: ns.infogate.ro Address: 80.96.198.2 Non-authoritative answer: (root) nameserver = I.ROOT-SERVERS.NET (root) nameserver = J.ROOT-SERVERS.NET (root) nameserver = K.ROOT-SERVERS.NET (root) nameserver = L.ROOT-SERVERS.NET (root) nameserver = M.ROOT-SERVERS.NET (root) nameserver = A.ROOT-SERVERS.NET (root) nameserver = B.ROOT-SERVERS.NET (root) nameserver = C.ROOT-SERVERS.NET (root) nameserver = D.ROOT-SERVERS.NET (root) nameserver = E.ROOT-SERVERS.NET (root) nameserver = F.ROOT-SERVERS.NET (root) nameserver = G.ROOT-SERVERS.NET (root) nameserver = H.ROOT-SERVERS.NET B.ROOT-SERVERS.NET internet address = 192.228.79.201 C.ROOT-SERVERS.NET internet address = 192.33.4.12 D.ROOT-SERVERS.NET internet address = 128.8.10.90 E.ROOT-SERVERS.NET internet address = 192.203.230.10 G.ROOT-SERVERS.NET internet address = 192.112.36.4 H.ROOT-SERVERS.NET internet address = 128.63.2.53 H.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:1::803f:235 I.ROOT-SERVERS.NET internet address = 192.36.148.17 J.ROOT-SERVERS.NET internet address = 192.58.128.30 J.ROOT-SERVERS.NET AAAA IPv6 address = 2001:503:c27::2:30 K.ROOT-SERVERS.NET internet address = 193.0.14.129 K.ROOT-SERVERS.NET AAAA IPv6 address = 2001:7fd::1 L.ROOT-SERVERS.NET internet address = 199.7.83.42 L.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:3::42 > Eventual kw3rln poate alterna cu requesturi "get tld servers" ("com" in loc de ".") sau "get zone information" ("soa" in loc de "ns" si apoi un domeniu). Acest tip de flood este foarte u?or de implementat a?a c? v? urez succes.