Nytro

Cum se fixeaza asta?

You inject in only one process, as I said you in PMs: DWORD ID = GetProcessId("chrome.exe"); This will find only last "chrome.exe" process. You will inject ONLY in that one. while(bRet) { if(!_stricmp(pe.szExeFile,szExeName)) { dwCount ; dwRet = pe.th32ProcessID; [COLOR=#ff0000][B] InjectDLL(dwRet,"C:\\Users\\Emi\\Documents\\Visual Studio 2012\\Projects\\iehookmdet\\Debug\\iehookmdet.dll")[/B][/COLOR] } bRet = Process32Next(hSnapshot, &pe); }

As I explained you in PMs: sandbox have nothing to do with DLL injection. Wikipedia: https://en.wikipedia.org/wiki/Sandbox_(computer_security) You can inject a DLL using any method and do anything you want with your code. Your code will NOT run in the sandbox. Javascript for example runs in a sandbox.

Pivoting to internal network via non-interactive shell August 6, 2015 Adrian Furtuna During a recent penetration test we have experienced the situation where we’ve gained remote code execution with limited privileges to a web server and had to pivot to other hosts from the internal network.For this, we had to find a reliable method to forward our traffic from our local machine to the internal host via the compromised server. This blog post describes how we solved this situation – for future reference. Problem details Our scenario is best described in the diagram below: Achieving our goal was not that straight forward since the compromised server was behind a firewall and only ports 80 and 443 were permitted inbound. Furthermore, we were executing commands as www-data user and our non-interactive shell (PHP passthru) was pretty limited. Articol complet: http://securitycafe.ro/2015/08/06/pivoting-to-internal-network-via-non-interactive-shell/

This guy is what we can really call a "hacker". Not a shitty kid that exploits a website or bruteforce a SSH password.

Reveniti la 7...

Description NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipper was released at Defcon 23, Las Vegas, Nevada. Abstract The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be sniffed. The implementation of this technique is a tool called NetRipper which uses API hooking to do the actions mentioned above and which has been especially designed to be used in penetration tests, but the concept can also be used to monitor network traffic of employees or to analyze a malicious application. https://github.com/NytroRST

Exploit de Word, nu deschide. Uploadeaza-l undeva si da-ne link. E plina campanie Dridex.

Replace char chrome[260]; with char chrome[1024]; and check again.

What does "GetEnvironmentVariable" return and what is the content of the "chrome" variable after "GetEnvironmentVariable" function call?

A cumparat cineva? Pareri?

Maybe overflow. Declare the string as 1024 bytes and test. Check the return value of GetEnvironmentVariable and the contents of the variable after the call.

1. Deschideti fisierul cu Notepad++ 2. Cautati un base64 3. Decodati-l si vedeti daca incepe cu "ActiveMime" 4. Daca da, eliminati primii 50 de bytes 5. Salvati si ar trebui sa aveti un fisier OLE 6. Folositi OLEdump (al lui Didier Stevens) cu plugin-urile sale si obtineti URL-ul de unde descarca sau payload-ul (exe)

Pe 9 octombrie 2015 vom avea un eveniment parte a OWASP EEE (Eastern European Event). OWASP EEE este de fapt o saptamana de evenimente sincronizate organizata de capitole din Europa de Est (5-10 octombrie). Evenimentele vor avea live streaming pe youtube, astfel incat in fiecare zi oamenii din Europa si nu numai vor putea urmari un eveniment live dintr-o tara participanta. Capitolele implicate pana acum sunt: Romania (Bucuresti si Cluj), Polonia, Ungaria, Rusia si Austria. Acesta este "Call for Speakers" pentru evenimentul nostru. Asteptam inscrieri pentru prezentari sau workshop-uri din urmatoarele arii si nu numai: • Security aspects of new / emerging web technologies / paradigms / languages / frameworks • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC, etc. • Security of web frameworks (Struts, Spring, ASP.Net MVC, RoR, etc) • Vulnerability analysis (code review, pentest, static analysis etc) • Threat modelling of applications • Mobile security and security for the mobile web • Cloud security • Browser security and local storage • Countermeasures for application vulnerabilities • New technologies, paradigms, tools • Application security awareness and education • Security in web services, REST, and service oriented architectures • Privacy in web apps, Web services and data storage Vor fi selectate prezentarile si temele cele mai interesante. Important: termenul limita pentru inscrierea prezentarilor este 17 septembrie conferinta va avea loc pe 9 octombrie prezentarile vor avea durata de 45 de minute fiecare va exista un speaker agreement O seara frumoasa! -- Oana Cornea, OWASP Romania OWASP Bucharest: https://www.owasp.org/index.php/OWASP_EEE_Bucharest_Event_2015 Call for speakers: https://docs.google.com/a/owasp.org/forms/d/1HnHihbW2FK8J9s1EaF4RKMphPcZnaS8Dim39h1bfttM/viewform OWASP EEE: http://owaspeee.appsec.xyz/

Translate: Geekbuying.com este unul dintre cele mai bune magazine online din China specializat în electronice, cum ar fi smartphone-uri, tablete, televizoare, Quadcoptere, etc. V? pute?i bucura de cele mai tari gadget-uri din întreaga lume, la pre?ul cel mai bun. Face?i cump?r?turi aici pentru cea mai bun? experien?a în cump?r?turi on-line. Mai mult, ne-am înfiin?at, de asemenea, în Spania, Marea Britanie si SUA depozite pentru transport rapid. Aici v? oferim review-uri, cupoane, reduceri, cadouri, etc. Nu conteaz? dac? sunte?i un geek sau nu, sunte?i sigur de cump?r?turi de la Geekbuying. Lucr?m cu pasiune pentru a dep??i a?tept?rile dumneavoastr? de fiecare dat?. Odat? ce ai cump?rat, vei ?ti. Link: geekbuying.com Nota: Intrebarile sa le puneti in limba engleza.

Vine cineva de aici la Defcon?

DIICOT? Poate fac si ei ceva util, in loc sa prinda pusti de 16 ani care sparg cate un site...

Jocurile de noroc sunt gandite matematic special pentru profitul casino-urilor. Cand o sa intelegi acest concept simplu, rezolvi problema.

Nu te laudai tu ca ai dat multe tepe si ca nimeni nu stie nimic despre tine?

Nu, planuim sa facem cu randul la Unirii: "Da si mie 100 de euro pentru forum..."

Anti-Virus Firm BitDefender Admits Breach, Hacker Claims Stolen Passwords Are Unencrypted BitDefender, a much-respected anti-virus firm, has leaked a portion of its customers’ usernames and passwords after facing an extortion attempt by a hacker, going by the name DetoxRansome. The perpetrator told FORBES all the data he stole was unencrypted. Usernames and passwords seen by your reporter were in plain text and would have been difficult to crack if previously encrypted, given the quality of the passwords. Law enforcement have been called in and an investigation is underway. The Romanian security company said in an emailed statement it found a potential security issue with a server and determined a single application was targeted – a component of its public cloud offering. The attack did not penetrate the server, but “a vulnerability potentially enabled exposure of a few user accounts and passwords”. The attack leaked a “very limited” number of usernames and passwords, representing “less than one per cent of our SMB customers”, the spokesperson said. “The issue was immediately resolved and, additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers,” the spokesperson added. “This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.” As noted by blog Hacker Film, last Friday DetoxRansome had demanded BitDefender pay $15,000 or see its customer database leaked. Over the weekend, the hacker dumped some data online, which appeared to contain more than 250 customers’ usernames and passwords. Some emails had .gov domain extensions, indicating government customers were affected. FORBES understands the ransom was not paid, whilst BitDefender could not offer any more details due to the ongoing police investigation. In an email, DetoxRansome said they had taken control of two BitDefender cloud servers and “got all logins”. “Yes they were unencrypted, I can prove it… they were using Amazon Elastic Web cloud which is notorious for SSL [a form of web encryption] problems.” Whilst it doesn’t seem a huge amount of data was taken, it’s concerning a hacker was able to grab unencrypted usernames and passwords from a security company. Researchers and hackers have proven security firms vulnerable repeatedly in recent months. This year saw Russian anti-virus firm Kaspersky breached, though it believes government-sponsored hackers were responsible as part of a surveillance operation, not criminals after money. There were claims Israel and US intelligence agents may have been involved. Documents leaked by Edward Snowden also showed the NSA had targeted a large number of anti-virus companies, including BitDefender. Days after that revelation, a Google researcher detailed holes in ESET anti-virus. Hacking Team TISI NaN%, a provider of spyware for law enforcement,was also breached. It appeared the individual responsible was an activist hoping to expose the Italian company and its history of selling to regimes with questionable records on human rights issues. If it’s not clear already, even security providers are vulnerable to compromise, whatever the motivation of the attackers. Sursa: http://www.forbes.com/sites/thomasbrewster/2015/07/31/bitdefender-hacked/

Mai bine iti instalezi o masina virtuala cu Linux si faci ce vrei de acolo.

Pare sa fie un device embedded.

Schimba extensia unui exe in .jpg si foloseste "blenderul" ca sa le unesti. Si ai unit o poza cu un exe. Cum imi trimiti banii?