Nabukadnezar

"There is no way to fix this vulnerability," Duc says. "Asus, Lenovo, and Toshiba have to remove this function from all the models of their laptops ... [they] must give an advisory to users all over the world: Stop using this [biometric] function." lol ?i ce vor s? facem... s? r?mânem cu protec?ia prin parol?? asta era aia eficient?? anyway soft-urile astea sunt înc? la început, e greu s? te loghezi ?i cu propria fa?? dac? de exemplu e prea întuneric în camer? sau ?i-ai l?sat breton sau etc. oricum cine vrea s?-?i protejeze datele se bazeaz? pe encrip?ie, nu pe un windows infailibil

demo root@bt:~# ./hack nasa.gov nasa.gov hacked do u want 2 hack again? (yes/nope) yes what? norad.mil norad.mil hacked do u want 2 hack again? (yes/nope) nope codul surs?: (nu încerca?i a-l în?elege; E MULT PREA COMPLICAT) #!/bin/sh # priv8 0day l33t auto-h4x0r # created by Elite Nabukadnezar # shouts go to: my mom # h8z go to: all the fake geez out there # do not distribute or I will personally hunt you down and kill your cat (WITH FIRE!) q1() { echo -n "do u want 2 hack again? (yes/nope) " read lameanswer case "$lameanswer" in "yes" ) q2 ;; "nope" ) exit ;; * ) echo "use English mother fucker!"; q1 ;; esac } q2() { echo -n "what? " read victim echo $victim hacked q1 } if [ $* ]; then echo "$*" hacked q1 else q2 fi

aha k ms pt raspuns v?zui vid cu mobile hackerul lui doomclip ?i am r?mas impresionat de cuno?tiin?ele lui vaste în batch scripting (echo bot 1 connected ?i tot a?a)

aham citii numele threadului si am inteles despre ce vorbeati oricum, daca doar captcha-ul e protectia atunci se poate folosi bruter

de ce vorbi?i de ”aranjamente de 26 ( sau 52,62,72 ) luate cate 5,6,7” c? nu m? prinsei pân? la urm? de ce n-ar merge?

L O L cam ?sta e nivelul forumului când vine vorba de linux în schimb to?i au auzit de backtrack ?i ?tiu s? intre în el (pentru c? scrie la început ce trebuie f?cut) anyway, on topic: exclusiv linux doar aproximativ un an (nu aveam windows-ul in boot menu) ?i în paralel restul timpului

click aci s? vede?i versiunea normal? 2.0

u?u nu ?tiam de asta acolo pe site v?zui Release: Ultimate Edition 2.0 Gamers are 4.3 giga faved ?i-l iau imediat ce conectez dvd writerul la calc eu îmi schimb recomandarea... cred c? cel mai bine bagi Ultimate Edition 2.0 Gamers si dai un copy la directorul /pentest dupa bt4 beta

dac? ai de gând s? r?mâi cu el eu zic s? stai o zi întreag? ?i s? testezi cel pu?in 5 distribu?ii. Î?i recomand s? începi cu astea: Mint, DVL

10 feb seara

rezumat: pune?i-v? o parol? gen "w@erwl2$" da sper ca nici m?car rezumatul s? nu fie citit de cineva

http://209.85.129.132/search?q=cache:4eY0ub7aCt4J:www.zone-h.org/+zone+h&hl=pl&ct=clnk&cd=1&gl=pl

============================================== Security Advisory: Banks in Taiwan militan (Lin, Chia-Jun) militan.c7 [at] gmail.com Advanced Defense Lab, NCU CSIE TAIWAN 12th February, 2009 ============================================== I. VULNERABILITY ------------------------- Blind Command(SQL, LDAP) Injection Information Leakage Banks below are vulnerable: Union bank of Taiwan. www.ubot.com.tw SinoPac Securities. www.sinotrade.com.tw prudential uk in Taiwan. www.pcafunds.com.tw II. DESCRIPTION ------------------------- Some banks or fund companies contain vulnerabilities while handling account information, it may cause information leakage. Usually the input is sanitized indeed, but some specific pages do not perform the validation properly. Otherwise, sometimes error messages also show the architecture of web sites. III. POC ------------------------- 1. Union bank: may be susceptible to blind injection. http://adl.csie.ncu.edu.tw/~militan/Ubot1.jpg http://adl.csie.ncu.edu.tw/~militan/Ubot2.jpg 2. prudential uk in Taiwan: Get information first(JNDI LDAP), then do the LDAP injection. http://adl.csie.ncu.edu.tw/~militan/PCAFunds1.jpg http://adl.csie.ncu.edu.tw/~militan/PCAFunds2.jpg http://adl.csie.ncu.edu.tw/~militan/PCAFunds3.jpg 3. SinoPac Securities: The page re-generates the password in Javascript. It`s not a vulnerability, but a insecure behavior in programming. http://adl.csie.ncu.edu.tw/~militan/SinoTrade.JPG IV. SOLUTION& CONCLUSION ------------------------- Strip all symbols in ANY input variable. This advisory prove that sites of banks are not secure enough. Vulnerabilities may be fixed up in a very short time because details were sent to them already Citi?i ?i: http://www.koreatimes.co.kr/www/news/tech/2009/02/129_39347.html

http://www.securestate.com/Pages/Fast-Track.aspx

The Register raporteaz?: http://www.theregister.co.uk/2009/02/10/new_dns_amplification_attacks/ Pe scurt, din ce în ce mai mul?i hackeri floodeaza target-uri cu ajutorul NS-elor. Scenariu: kw3rln vrea s? timeouteze () asdf.com; el are o list? de mii de nameservere ?i trimite la fiecare request-uri "get root servers" (nush denumirea tehnic?), spoofând îns? IP-ul pachetelor UDP, astfel încât nameserverele s? r?spund? c?tre asdf.com Pachetul primit de target de la nameserver con?ine: C:\Users\Dark Zagatu>nslookup DNS request timed out. timeout was 2 seconds. Default Server: UnKnown Address: 192.168.0.1:53 > server ns.infogate.ro Default Server: ns.infogate.ro Address: 80.96.198.2 > set type =ns Unrecognized command: set type =ns > set type=ns > . Server: ns.infogate.ro Address: 80.96.198.2 Non-authoritative answer: (root) nameserver = I.ROOT-SERVERS.NET (root) nameserver = J.ROOT-SERVERS.NET (root) nameserver = K.ROOT-SERVERS.NET (root) nameserver = L.ROOT-SERVERS.NET (root) nameserver = M.ROOT-SERVERS.NET (root) nameserver = A.ROOT-SERVERS.NET (root) nameserver = B.ROOT-SERVERS.NET (root) nameserver = C.ROOT-SERVERS.NET (root) nameserver = D.ROOT-SERVERS.NET (root) nameserver = E.ROOT-SERVERS.NET (root) nameserver = F.ROOT-SERVERS.NET (root) nameserver = G.ROOT-SERVERS.NET (root) nameserver = H.ROOT-SERVERS.NET B.ROOT-SERVERS.NET internet address = 192.228.79.201 C.ROOT-SERVERS.NET internet address = 192.33.4.12 D.ROOT-SERVERS.NET internet address = 128.8.10.90 E.ROOT-SERVERS.NET internet address = 192.203.230.10 G.ROOT-SERVERS.NET internet address = 192.112.36.4 H.ROOT-SERVERS.NET internet address = 128.63.2.53 H.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:1::803f:235 I.ROOT-SERVERS.NET internet address = 192.36.148.17 J.ROOT-SERVERS.NET internet address = 192.58.128.30 J.ROOT-SERVERS.NET AAAA IPv6 address = 2001:503:c27::2:30 K.ROOT-SERVERS.NET internet address = 193.0.14.129 K.ROOT-SERVERS.NET AAAA IPv6 address = 2001:7fd::1 L.ROOT-SERVERS.NET internet address = 199.7.83.42 L.ROOT-SERVERS.NET AAAA IPv6 address = 2001:500:3::42 > Eventual kw3rln poate alterna cu requesturi "get tld servers" ("com" in loc de ".") sau "get zone information" ("soa" in loc de "ns" si apoi un domeniu). Acest tip de flood este foarte u?or de implementat a?a c? v? urez succes.

Ast?zi, 11 Februarie, a fost lansat BackTrack 4 Beta http://remote-exploit.org/cgi-bin/fileget?version=bt4-beta-vm Sistemul de operare con?ine programul care a f?cut valuri la ShmooCon 2009, Fast-Track Puteti vedea cateva video-uri cu el aici: http://www.thepentest.com/

Mi-ar place RSS feed pt forumul Stiri Securitate, cum e pe sla.ckers de exemplu

e bine c? ?i-a?a nu mai aveam spa?iu pt porn

E aproape imposibil, nu cred c? o s? încerce nimeni. Poate dac? instalezi câteva daemon-uri pe el...

la linia 4, inlocuieste >> cu ; si ai putea incerca sa adaugi .h la sfarsitul librariei, poate asa o sa compileze programul eu iti recomand sa folosesti visual studio 2008, il iei de aci: thepiratebay.org/torrent/4088718/Visual_Studio_2008 si cauta un ebook care sa te invete cum sa-l folosesti, nu mai da banii pe carti de IT

o fi avand Windows 7 o gr?mad? de func?ii noi inutile, dar tot de-abia a?tept s? apar? ca s? scap de porc?ria de Vista. sper s? nu fie un proces ciclic

pff ar fi fost tare site-ul dacã nu l-ar fi terminat deja 2... nu mai e nici un challanege aºa când tot ce poþi face e sã împarþi locul 1 cu alþii

da tard

Windows e super-tare Din pãcate prea mulþi au impresia cã dacã zic cã windows-ul e praf sunt cool

Ce porcarie de POLL :shock: