Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18715

  • Joined

  • Last visited

  • Days Won

    701

 Content Type 

Everything posted by Nytro

  1. Nytro
    Nu iti inteleg opinia. Nu furi de la sistem, furi de la oameni. Gandeste-te ca lu nevasta-ta (zic ca idee) ii fura un tigan portofelul pe strada. Ce faci? Te duci la el si il feliciti ca e impotriva sitemului, ca nu respecta legile? Daca ai muncit si tu la un proiect, ai facut 300 de dolari pe el, ii ai pe PayPal si ti-i fura cineva, ii mai trimiti tu 20 de dolari, sa isi ia o sticla de whiskey, ca e impotriva sistemului? La fel e si aici, nu furi niciun sistem, furi de la alti oameni, oameni care nu sunt ca tine, ci oameni care au muncit pentru banii aia. Cum ati stat pana la 30 de ani cu mama si cu tata si ati mancat seminte in fata blocului, deci cum habar nu aveti cum se fac banii, normal, nu stiti ce inseamna sa muncesti. Nu ma refer la tine, am folosit persoana a II-a la modul general. Dar am cateva intrebari: cati ani ai? cati ani ai muncit? Eu sunt de acord cu anumite lucruri, pe intelesul tuturor: 1. spargerea site-urilor - Club Show Off 2. schimbul de "bunuri si servicii" - RST Market 3. crearea de malware - Analiza malware Nici lucrurile astea nu sunt legale, dar: 1. cea mai buna metoda de a invata securitate web asta e 2. faci rost de bani pentru care, practic, nu ai furat pe nimeni 3. la fel ca la primul punct, daca vrei sa fii un bun malware researcher, trebuie sa stii sa scrii cateva linii de cod In toate aceste cazuri, nu FURI de la nimeni. Sigur, lucrurile de mai sus nu sunt legale si raspundeti pentru actiunile voastre, dar nu sunt la fel de grave ca a fura banii oamenilor care merg la Subway. Si eu mai merg la Subway, cum ar fi sa ma trezesc ca raman fara bani pe card dupa ce imi cumpar un sandvish? Pai daca il prind pe ala il calc pe cap.
  2. Nytro
    Booting a Self-signed Linux Kernel Now that The Linux Foundation is a member of the UEFI.org group, I’ve been working on the procedures for how to boot a self-signed Linux kernel on a platform so that you do not have to rely on any external signing authority. After digging through the documentation out there, it turns out to be relatively simple in the end, so here’s a recipe for how I did this, and how you can duplicate it yourself on your own machine. We don’t need no stinkin bootloaders! When building your kernel image, make sure the following options are set: CONFIG_EFI=y CONFIG_EFI_STUB=y ... CONFIG_FB_EFI=y ... CONFIG_CMDLINE_BOOL=y CONFIG_CMDLINE="root=..." ... CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="my_initrd.cpio" The first two options here enable EFI mode, and tell the kernel to build itself as a EFI binary that can be run directly from the UEFI bios. This means that no bootloader is involved at all in the system, the UEFI bios just boots the kernel, no “intermediate” step needed at all. As much as I love gummiboot, if you trust the kernel image you are running is “correct”, this is the simplest way to boot a signed kernel. As no bootloader is going to be involved in the boot process, you need to ensure that the kernel knows where the root partition is, what init is going to be run, and anything else that the bootloader normally passes to the kernel image. The option listed above, CONFIG_CMDLINE should be set to whatever you want the kernel to use as the command line. Also, as we don’t have an initrd passed by the bootloader to the kernel, if you want to use one, you need to build it into the kernel itself. The option CONFIG_INITRAMFS_SOURCE should be set to your pre-built cpio initramfs image you wish to use. Note, if you don’t want to use an initrd/initramfs, don’t set this last option. Also, currently it’s a bit of a pain to build the kernel, build the initrd using dracut with the needed dracut modules and kernel modules, and then rebuild the kernel adding the cpio image to the kernel image. I’ll be working next on taking a pre-built kernel image, tearing it apart and adding a cpio image directly to it, no need to rebuild the kernel. Hopefully that can be done with only a minimal use of libbfd After setting these options, build the kernel and install it on your boot partition (it is in FAT mode, so that UEFI can find it, right?) To have UEFI boot it directly, you can place it in /boot/EFI/boot/bootx64.efi, so that UEFI will treat it as the “default” bootloader for the machine. Lather, rinse, repeat After you have a kernel image installed on your boot partition, it’s time to test it. Reboot the machine, and go into the BIOS. Usually this means pounding on the F2 key as the boot starts up, but all machines are different, so it might take some experimentation to determine which key your BIOS needs. See this post from Matthew Garrett for the problems you might run into trying to get into BIOS mode on UEFI-based laptops. Traverse the BIOS settings and find the place where UEFI boot mode is specified, and turn it the “Secure Boot” option OFF. Save the option and reboot, the BIOS should find the kernel located at boot/EFI/boot/bootx64.efi and boot it directly. If your kernel command line and initramfs (if you used one) are set up properly, you should now be up and running and able to use your machine as normal. If you can’t boot properly, ensure that your kernel command line was set correctly, or that your initramfs has the needed kernel modules in it. This usually takes a few times back and forth to get all of the correct settings properly configured. Only after you can successfully boot the kernel directly from the BIOS, in “insecure” mode should you move to the next step. Keys to the system Now that you have a working kernel image and system, it is time to start messing with keys. There are three different types of UEFI keys that you need to learn about, the “Platform Key” (known as a “PK”), the “Key-Exchange Keys” (known as a “KEK”), and the “Signature Database Key” (known as a “db”). For a simple description of what these keys mean, see the Linux Foundation Whitepaper about UEFI Secure boot, published back in 2011. For a more detailed description of the keys, see the UEFI Specification directly. For a very simple description, the “Platform Key” shows who “owns and controls” the hardware platform. The “Key-Exchange keys” shows who is allowed to update the hardware platform, and the “Signature Database keys” show who is allowed to boot the platform in secure mode. If you are interested in how to manipulate these keys, replace them, and do neat things with them, see James Bottomley’s blog for descriptions of the tools you can use and much more detail than I provide here. To manipulate the keys on the system, you need the the UEFI keytool USB image from James’s website called sb-usb.img (md5sum 7971231d133e41dd667a184c255b599f). dd the image to a USB drive, and boot the machine into the image. Depending on the mode of the system (insecure or secure), you will be dropped to the UEFI console, or be presented with a menu. If a command line, type KeyTool to run the keytool binary. If a menu, select the option to run KeyTool directly. Save the keys First thing to do, you should save the keys that are currently on the system, in case something “bad” ever happens and you really want to be able to boot another operating system in secure mode on the hardware. Go through the menu options in the KeyTool program and save off the PK, KEK, and db keys to the USB drive, or to the hard drive, or another USB drive you plug into the system. Take those keys and store them somewhere “safe”. Clear the machine Next you should remove all keys from the system. You can do this from the KeyTool program directly, or just reboot into the BIOS and select an option to “remove all keys”, if your BIOS provides this (some do, and some don’t.) Create and install your own keys Now that you have an “empty” machine, with the previous keys saved off somewhere else, you should download the sbsigntool and efiutil packages and install them on your development system. James has built all of the latest versions of these packages in the openSUSE build system for all RPM and DEB-based Linux distros. If you have a Gentoo-based system, I have checked the needed versions into portage, so just grab them directly from there. If you want to build these from source, the sbsigntool git tree can be found here, and the efitools git tree is here. The efitools README is a great summary of how to create new keys, and here is the commands it says to follow in order to create your own set of keys: # create a PK key openssl req -new -x509 -newkey rsa:2048 -subj "/CN=my PK name/" -keyout PK.key -out PK.crt -days 3650 -nodes -sha256 # create a KEK key openssl req -new -x509 -newkey rsa:2048 -subj "/CN=my KEK name/" -keyout KK.key -out KK.crt -days 3650 -nodes -sha256 # create a db key openssl req -new -x509 -newkey rsa:2048 -subj "/CN=my db name/" -keyout db.key -out db.crt -days 3650 -nodes -sha256 The option -subj can contain a string with whatever name you wish to have for your key, be it your company name, or the like. Other fields can be specified as well to make the key more “descriptive”. Then, take the PK key you have created, turn it into a EFI Signature List file, and add a GUID to the key: cert-to-efi-sig-list -g <my random guid> PK.crt PK.esl Where my random guid is any valid guid you wish to use (I’ve seen some companies use all ‘5’ as their guid, so I’d recommend picking something else a bit more “random” to make look like you know what you are doing with your key…). Now take the EFI Signature List file and create a signed update file: sign-efi-sig-list -k PK.key -c PK.crt PK PK.esl PK.auth For more details about the key creation (and to see where I copied these command lines from), see James’s post about owning your own Windows 8 platform. Take these files you have created, put them on a USB disk, run the KeyTool program and use it to add the db, KEK, and PK keys into the BIOS. Note, apply the PK key last, as once it is installed, the platform will be “locked” and you should not be able to add any other keys to the system. Fail to boot Now that your own set of keys is installed in the system, flip the BIOS back into “Secure boot” mode, and try to boot your previous-successful Linux image again. Hopefully it should fail with some type of warning, the laptop I did this testing on provides this “informative” graphic: Sign your kernel Now that your kernel can’t boot, you need to sign it with the db key you placed in your bios: sbsign --key db.key --cert db.crt --output bzImage bzImage.signed Take the bzImage.signed file and put it back in the boot partition, copying over the unsigned /boot/EFI/boot/bootx64.efi file. Profit! Now, rebooting the machine should cause the UEFI bios to check the signatures of the signed kernel image, and boot it properly. Demo I’ve recorded a video of a Gateway laptop booting a signed kernel, with my own key, here. The demo tries to boot an unsigned kernel image that is on the hard disk, but it fails. I plug in a signed kernel that is on the USB disk, and it properly boots. I did the test with a CoreOS image as it provides a very small self-contained Linux system that allows for easy testing/building from a development machine. Future plans Now that you have full control over your system, running only a Linux kernel image that you sign yourself, a whole raft of possibilities open up. Here’s a few that I can think off of the top of my head: Linux signed system self-contained in the kernel image (with initramfs) booting into ram, nothing on the disk other than the original kernel image. Signed kernel image initramfs validates the other partitions with a public key to ensure they aren’t tampered before mounting and using them (ChromeOS does this exact thing quite well). This passes the “chain of trust” on to the filesystem image, giving you assurances that you are running code you trust, on a platform you trust. Combine signed kernel images with TPM key storage to unlock encrypted partitions. If you are interested in these types of things, I’ll be at the Linux Plumbers Conference in a few weeks, where a bunch of people will be discussing secure boot issues with Linux. I’ll also be at LinuxCon North America, Europe, and Korea if you want to talk about UEFI and Linux issues there. Posted by Greg Kroah-Hartman Sursa: booting a self-signed Linux kernel - Linux Kernel Monkey Log
  3. Nytro
    Blackshades 2.6.3 Source Posted by: FastFlux September 2, 2013 Blackshades full source, coded in Visual Basics 6. Blackshades Remote Controller is a RAT (Remote Administration Application) which allows a user to control several clients from around the world. Long recognized as the king/master of all RATs, Blackshades NET has been through many iterations through the years. A comprehensive software! Wise enough to teach an absolute beginner and powerful enough to manage and master any computer at distance. The Blackshades Team has long been known as “brains behind the best-selling brand in the remote tech section”. Need to help out a customer who is having trouble setting up a piece of software? Have you ever questioned what your spouse, kids or employees have been doing on the computer? Is your child misusing the Internet facility and taking secret chat with the stranger? Are your employees mailing your business data to your competitors? Blackshades Remote Controller will enable you to control the client’s PC as if you were sitting right in front of it, with support for mouse and keyboard input! You can also chat with the client while you do so. Got a Network to manage? With Blackshades Remote Controller you can connect to unlimited systems, and administer them collectively or individually. You can transfer files and folders between systems, view all the screens of the systems simultaneously and perform maintenance actions. Send a message to all of them with one click, chat with the systems, run commands via the remote command prompt…there’s a huge range of functions suited for network management. Blackshades Remote Controller also provides as an efficient way of turning your machine into a surveillance/spy-device or to spy on a specific system. If you want to monitor all keystrokes on your computer while you are away, or want to make sure your child is being safe while using the computer, the built in tools such as the keystroke capturer, screen viewer and process manager will aid you to do so. This tool has no dependencies (.NET Framework, java, etc) and works extremely well and stable. Blackshades Remote Controller will let you remotely control your machines, while giving you complete peace of mind. Using this tool will allow you to do anything between controlling software and hardware. Customers also get free support, and ability to instantly communicate with other members. Download: https://app.box.com/s/a9xcr3izpu632v4az98s Sursa: Blackshades 2.6.3 Source Blackshades 2.6.3 Source
  4. Nytro
    NSA Laughs at PCs, Prefers Hacking Routers and Switches By Kim Zetter 09.04.13 6:30 AM The NSA runs a massive, full-time hacking operation targeting foreign systems, the latest leaks from Edward Snowden show. But unlike conventional cybercriminals, the agency is less interested in hacking PCs and Macs. Instead, America’s spooks have their eyes on the internet routers and switches that form the basic infrastructure of the net, and are largely overlooked as security vulnerabilities. Under a $652-million program codenamed “Genie,” U.S. intel agencies have hacked into foreign computers and networks to monitor communications crossing them and to establish control over them, according to a secret black budget document leaked to the Washington Post. U.S. intelligence agencies conducted 231 offensive cyber operations in 2011 to penetrate the computer networks of targets abroad. This included not only installing covert “implants” in foreign desktop computers but also on routers and firewalls — tens of thousands of machines every year in all. According to the Post, the government planned to expand the program to cover millions of additional foreign machines in the future and preferred hacking routers to individual PCs because it gave agencies access to data from entire networks of computers instead of just individual machines. Most of the hacks targeted the systems and communications of top adversaries like China, Russia, Iran and North Korea and included activities around nuclear proliferation. The NSA’s focus on routers highlights an often-overlooked attack vector with huge advantages for the intruder, says Marc Maiffret, chief technology officer at security firm Beyond Trust. Hacking routers is an ideal way for an intelligence or military agency to maintain a persistent hold on network traffic because the systems aren’t updated with new software very often or patched in the way that Windows and Linux systems are. “No one updates their routers,” he says. “If you think people are bad about patching Windows and Linux (which they are) then they are … horrible about updating their networking gear because it is too critical, and usually they don’t have redundancy to be able to do it properly.” He also notes that routers don’t have security software that can help detect a breach. “The challenge [with desktop systems] is that while antivirus don’t work well on your desktop, they at least do something [to detect attacks],” he says. “But you don’t even have an integrity check for the most part on routers and other such devices like IP cameras.” Hijacking routers and switches could allow the NSA to do more than just eavesdrop on all the communications crossing that equipment. It would also let them bring down networks or prevent certain communication, such as military orders, from getting through, though the Post story doesn’t report any such activities. With control of routers, the NSA could re-route traffic to a different location, or intelligence agencies could alter it for disinformation campaigns, such as planting information that would have a detrimental political effect or altering orders to re-route troops or supplies in a military operation. According to the budget document, the CIA’s Tailored Access Programs and NSA’s software engineers possess “templates” for breaking into common brands and models of routers, switches and firewalls. The article doesn’t say it, but this would likely involve pre-written scripts or backdoor tools and root kits for attacking known but unpatched vulnerabilities in these systems, as well as for attacking zero-day vulnerabilities that are yet unknown to the vendor and customers. “[Router software is] just an operating system and can be hacked just as Windows or Linux would be hacked,” Maiffret says. “They’ve tried to harden them a little bit more [than these other systems], but for folks at a place like the NSA or any other major government intelligence agency, it’s pretty standard fare of having a ready-to-go backdoor for your [off-the-shelf] Cisco or Juniper models.” Not all of the activity mentioned in the budget document involved remote hacking. In some cases, according to the document, the operations involved clandestine activity by the CIA or military intelligence units to “physically place hardware implants or software modifications” to aid the spying. “Much more often, an implant is coded entirely in software by an NSA group called Tailored Access Operations (TAO),” the Post writes in its story about the document. “As its name suggests, TAO builds attack tools that are custom-fitted to their targets.” A handful of security researchers have uncovered vulnerabilities in routers in recent years that could be used to do the kind of hacking described in the budget document. In 2005, security researcher Mike Lynn found a serious vulnerability in Cisco IOS, the operating system running on millions of Cisco routers around the world. Lynn discovered the vulnerability after his employer, Internet Security Systems, asked him to reverse-engineer the Cisco operating system to see if he could find security problems with it. Cisco makes the majority of the routers that operate the backbone of the internet as well as many company networks and critical infrastructure systems. The Cisco IOS is as ubiquitous in the backbone as the Windows operating system is on desktops. The vulnerability Lynn found, in a new version of the operation system that Cisco planned to release at the time, would have allowed someone to create a router worm that would shut down every Cisco router through which it passed, bringing down a nation’s critical infrastructure. It also would have allowed an attacker to gain complete control of the router to sniff all traffic passing through a network in order to read, record or alter it, or simply prevent traffic from reaching its recipient. Once Lynn found the vulnerability, it took him six months to develop a working exploit to attack it. Lynn had planned to discuss the vulnerability at the Black Hat security conference in Las Vegas, until Cisco intervened and forced him to pull the talk under threat of a lawsuit. But if Lynn knew about the vulnerability, there were likely others who did as well — including intelligence agencies and criminal hackers. Source code for Cisco’s IOS has been stolen at least twice, either by entities who were interested in studying the software to gain a competitive advantage or to uncover vulnerabilities that would allow someone to hack or control them. Other researchers have uncovered different vulnerabilities in other Cisco routers that are commonly used in small businesses and home offices. Every year at computer security conferences — including the Black Hat conference where NSA Director Keith Alexander presented a keynote this year — U.S. intelligence agencies and contractors from around the world attend to discover information about new vulnerabilities that might be exploited and to hire talented researchers and hackers capable of finding more vulnerabilities in systems. In 2008, a researcher at Core Security Technologies developed a root kit for the Cisco IOS that was designed to give an attacker a persistent foothold on a Cisco router while remaining undetected. According to the Post story, the NSA designs most of the offensive tools it uses in its Genie operation, but it spent $25.1 million in one year for “additional covert purchases of software vulnerabilities” from private malware vendors who operate on the grey market — closed markets that peddle vulnerabilities and exploits to law enforcement and intelligence agencies, as opposed to the black market that sells them to cyber criminals. The price of vulnerabilities and exploits varies, depending on a number of factors. Vulnerabilities and exploits can sell for anywhere from $50,000 to more than a million, depending on the exclusivity of the purchase — some vulnerabilities are sold to multiple parties with the understanding that others are using it as well — and their ubiquity. A vulnerability that exists in multiple versions of an operating system is more valuable than a vulnerability that exists in just one version. A class of vulnerability that crosses multiple browser brands is also more valuable than a single vulnerability that just affects the Safari browser or Chrome. The Stuxnet cyber weapon that was reportedly created by the U.S. and Israel to sabotage centrifuges used in Iran’s uranium enrichment program, used five zero-day exploits to spread itself among systems in Iran, including a rare exploit that attacked the .LNK function in multiple versions of the Windows operating system in order to spread the worm silently via infected USB sticks. Ubiquitous router vulnerabilities are difficult to find since there are so many different configurations for routers, and an attack that works against one router configuration might not work for another. But a vulnerability that affects the core operating system is much more valuable since it is less likely to be dependent on the configuration. Maiffret says there hasn’t been a lot of public research on router vulnerabilities, but whenever someone has taken a look at them, they have found security holes in them. “They’re always successful in finding something,” he says. Once a vulnerability becomes known to the software maker and is patched, it loses a lot of its value. But because many users and administrators do not patch their systems, some vulnerabilities can be used effectively for years, even after a patch is available. The Conficker worm, for example, continued to infect millions of computers long after Microsoft released a patch that should have stopped the worm from spreading. Routers in particular often remain unpatched because system administrators don’t think they will be targeted and because administrators are concerned about network outages that could occur while the patch is applied or if the patch is faulty. Sursa: NSA Laughs at PCs, Prefers Hacking Routers and Switches | Threat Level | Wired.com
  5. Nytro
    Keccak and the SHA-3 Standardization Guido Bertoni1 Joan Daemen1 Michaël Peeters2 Gilles Van Assche1 1STMicroelectronics 2NXP Semiconductors NIST, Gaithersburg, MD February 6, 2013 The beginning The sponge construction Inside Keccak Analysis underlying Keccak Applications of Keccak, or sponge Some ideas for the SHA-3 standard Slides: http://csrc.nist.gov/groups/ST/hash/sha-3/documents/Keccak-slides-at-NIST.pdf
  6. Nytro
    [h=1]A New Focus on Security in the Web Console[/h]Garrett Robinson Web developers need better tools to help them debug security issues. The Web Console, part of the Firefox Developer Tools, shows errors and warnings filtered into different categories. Firefox 23 adds a new category of messages to the Web Console: Security messages. Toggle buttons for categories of messages in the Web Console The Security toggle button and messages are red to warn developers, since some of these messages indicate that your site has a security vulnerability. Once we had a dedicated place for security messages, we had to decide what kinds of issues should be reported to developers. Ivan Alagenchev, a security engineering intern, spent the summer improving security reporting to fulfill the following goals: Warn developers about altered site behavior that is due to a security feature (for example, resource loads blocked by the Mixed Content Blocker or the Same Origin Policy). Warn developers about mistakes made in implementing security features (for example, using deprecated CSP headers, or mistyping an HSTS header). Warn developers about common security risks (for example, putting password fields on insecure pages). Here are example screenshots of some of the new Security messages: Warnings for loading mixed content Warning for detected password field on an insecure page. These specific messages are available to current Nightly users and will be part of upcoming stable releases. While security should be of paramount importance to any developer, it is a complex subject that is not always part of a web developer’s education and often appears at inconvenient times. This new messaging helps developers find security-related problems early on in the development life cycle so they can be resolved quickly and effectively. Additionally, these messages help educate developers about common issues in web security. Many of the new messages end with a “Learn More” link that takes you to a wiki with background information and advice for mitigating the security issue. Bug 863874 is the meta-bug for logging relevant security messages to the Web Console. If you have more ideas for useful features like the ones discussed here, or are interested in contributing, check out the metabug and its dependencies! Sursa: https://blog.mozilla.org/security/2013/09/04/a-new-focus-on-security-in-the-web-console/
  7. Nytro
    [h=1]Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption[/h] During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component. Exploitation of this vulnerability will allow full access to the router device. This analysis describes the bug and includes a way to get developer access to recent versions of Mikrotik RouterOS using the /etc/devel-login file. This is done by forging a modified NPK file using a correct signature and logging into the device with username ‘devel’ and the password of the administrator. This will drop into a busybox shell for further researching the sshd vulnerability using gdb and strace tools that have been compiled for the Mikrotik busybox platform. Shodanhq.com shows >290.000 entries for the ROSSSH search term. The 50 megs Mikrotik package including the all research items can be downloaded here: http://www.farlight.org/mikropackage.zip http://www.exploit-db.com/sploits/28056.zip Sursa: Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption Ok, acum am inteles. Zilele trecute am primit DDOS (cica) de pe 550+ IP-uri. ( Info ) Asa cum Shocker a sugerat, acele IP-uri erau routere Microtik. Am o vaga impresie ca aceasta este metoda prin care cine nu ne place a obtinut acces la acele routere.
  8. Nytro
    Uuu, astia platesc bine nu?
  9. Nytro

    TCPUDP in C

    Nytro posted a topic in Programare

    [h=1]TCPUDP in C[/h] /* ============================================================================ Name : TCPServer.c Author : www.facebook.com/unix4u Version : Copyright : LGPL Description : TCP-SERVER IN C, Ansi-style ============================================================================ */ #include <stdio.h> #include <stdlib.h> #include <netinet/in.h> #include <sys/types.h> #include <sys/socket.h> #include <errno.h> #include <unistd.h> #include <string.h> #include <signal.h> void signalhandler(int signum) { if(SIGTERM==signum) { printf("See you later bye\n"); exit(SIGTERM); } } int main(int argc,char *argv[]) { signal(SIGTERM,signalhandler); int server_sock_fd,client_sock_fd; struct sockaddr_in server_addr; char readbuffer[256]="",writebuffer[256]=""; if(argc<2) { printf("please run as ./TCPServer <port-no> \n"); exit(1); } server_sock_fd=socket(AF_INET,SOCK_STREAM,0); perror("Create socket"); if(errno!=0) exit(errno); server_addr.sin_family=AF_INET; server_addr.sin_addr.s_addr=htonl(INADDR_ANY); server_addr.sin_port=htons(atoi(argv[1])); bind(server_sock_fd,(struct sockaddr *)&server_addr,sizeof(server_addr)); perror("Bind"); if(errno!=0) exit(errno); listen(server_sock_fd,1); perror("Listen"); if(errno!=0) exit(errno); while(1) { int i,j,k,array[20]; char temp[256]; i=0;j=0;k=0; strcpy(temp," "); client_sock_fd=accept(server_sock_fd,(struct sockaddr *)NULL,(socklen_t *)NULL); perror("Accept"); read(client_sock_fd,readbuffer,sizeof(readbuffer)); perror("Get Data"); if(strcmp(readbuffer," stop")) break; strcpy(writebuffer," "); for(i=0;i<=strlen(readbuffer);i++) { if(readbuffer!=':'&&i!=strlen(readbuffer)) { if((readbuffer-'0'<=9)) temp[j++]=readbuffer; } else { array[k++]=atoi(temp); j=0; strcpy(temp," "); } } int ntemp; for(i=0;i<k;i++) { for(j=0;j<k-i-1;j++) { if(array[j]>array[j+1]) { ntemp=array[j]; array[j]=array[j+1]; array[j+1]=ntemp; } } } for(i=0;i<k;i++) { strcpy(temp," "); sprintf(temp,"%d ",array); strcat(writebuffer,temp); } write(client_sock_fd,writebuffer,sizeof(writebuffer)); perror("Send Data"); close(client_sock_fd); perror("Close connection"); strcpy(readbuffer," "); } close(server_sock_fd); perror("Server Termination"); return errno; } /* ============================================================================ Name : TCPClient.c Author : www.facebook.com/unix4u Version : Copyright : LGPL Description : TCP CLIENT in C, Ansi-style ============================================================================ */ #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <arpa/inet.h> #include <sys/socket.h> #include <unistd.h> #include <netinet/in.h> #include <string.h> #include <signal.h> void signalhandler(int signum) { if(SIGALRM==signum) { printf("Host timed Out\n"); exit(ETIMEDOUT); } if(SIGTERM==signum) { printf("See you later bye\n"); exit(SIGTERM); } } int main(int argc,char *argv[]) { signal(SIGALRM,signalhandler); signal(SIGTERM,signalhandler); int socket_fd; char writebuffer[256]="",readbuffer[256]=""; struct sockaddr_in server_addr; int i; if(argc<4) { printf("please run as ./TCPClient <ip-address> <port-no> <numbers>/stop \n"); exit(1); } if(argc>3) { strcat(writebuffer,argv[3]); for(i=4;i<argc;i++) { strcat(writebuffer,":"); strcat(writebuffer,argv); } } socket_fd=socket(AF_INET,SOCK_STREAM,0); perror("Create socket"); if(errno) exit(errno); server_addr.sin_family=AF_INET; server_addr.sin_port=htons(atoi(argv[2])); inet_pton(AF_INET,argv[1],&server_addr.sin_addr.s_addr); perror("Ip address convertion"); if(errno) exit(errno); alarm(5); connect(socket_fd,(struct sockaddr *)&server_addr,sizeof(server_addr)); perror("Connection"); if(errno) exit(errno); write(socket_fd,writebuffer,sizeof(writebuffer)); perror("Send Data"); if(errno) exit(errno); read(socket_fd,&readbuffer,sizeof(readbuffer)); perror("Get Data"); if(errno) exit(errno); puts(readbuffer); close(socket_fd); perror("Connection close"); return errno; } /* ============================================================================ Name : UDPServer.c Author : www.facebook.com/unix4u Version : Copyright : LGPL Description : UDP SERVER in C, Ansi-style ============================================================================ */ #include <stdio.h> #include <stdlib.h> #include <netinet/in.h> #include <errno.h> #include <sys/socket.h> #include <sys/types.h> #include <unistd.h> #include <arpa/inet.h> #include <string.h> #include <signal.h> void signalhandler(int signum) { if(SIGTERM==signum) { printf("See you later bye\n"); exit(SIGTERM); } } int main(int argc,char *argv[]) { signal(SIGTERM,signalhandler); struct sockaddr_in server_addr,client_addr; char readbuffer[256]="",writebuffer[256]=""; int server_sock_fd; socklen_t len=sizeof(client_addr); if(argc!=2) { printf("please run as ./UDPServer <port-no>\n"); exit(1); } server_sock_fd=socket(AF_INET,SOCK_DGRAM,0); perror("Create socket"); if(errno) exit(errno); server_addr.sin_family=AF_INET; server_addr.sin_port=htons(atoi(argv[1])); server_addr.sin_addr.s_addr=htonl(INADDR_ANY); bind(server_sock_fd,(struct sockaddr *)&server_addr,sizeof(server_addr)); perror("Bind"); if(errno) exit(errno); while(1) { int i,j,k,array[20]; char temp[256]; i=0;j=0;k=0; recvfrom(server_sock_fd,readbuffer,sizeof(readbuffer),0,(struct sockaddr*)&client_addr,&len); perror("Get Data"); if(strcmp(readbuffer," stop")) break; strcpy(writebuffer," "); for(i=0;i<=strlen(readbuffer);i++) { if(readbuffer!=':'&&i!=strlen(readbuffer)) { if((readbuffer-'0'<=9)) temp[j++]=readbuffer; } else { array[k++]=atoi(temp); j=0; strcpy(temp," "); } } int ntemp; for(i=0;i<k;i++) { for(j=0;j<k-i-1;j++) { if(array[j]>array[j+1]) { ntemp=array[j]; array[j]=array[j+1]; array[j+1]=ntemp; } } } for(i=0;i<k;i++) { strcpy(temp," "); sprintf(temp,"%d ",array); strcat(writebuffer,temp); } sendto(server_sock_fd,writebuffer,sizeof(writebuffer),0,(struct sockaddr*)&client_addr,len); perror("Send Data"); } close(server_sock_fd); perror("Server Termination"); return errno; } /* ============================================================================ Name : UDPClient.c Author : www.facebook.com/unix4u Version : Copyright : LGPL Description : UDP Client in C, Ansi-style ============================================================================ */ #include <stdio.h> #include <stdlib.h> #include <netinet/in.h> #include <sys/types.h> #include <sys/socket.h> #include <errno.h> #include <unistd.h> #include <string.h> #include <arpa/inet.h> #include <signal.h> void signalhandler(int signum) { printf("Host Timed out\n"); exit(ETIMEDOUT); } int main(int argc,char *argv[]) { signal(SIGALRM,signalhandler); struct sockaddr_in server_addr; socklen_t len=sizeof(server_addr); char readbuffer[256]="",writebuffer[256]=""; int server_sock_fd,i; if(argc<4) { printf("please run as ./TCPClient <ip-address> <port-no> <numbers>/stop\n"); exit(1); } if(argc>3) { strcat(writebuffer,argv[3]); for(i=4;i<argc;i++) { strcat(writebuffer,":"); strcat(writebuffer,argv); } } server_sock_fd=socket(AF_INET,SOCK_DGRAM,0); perror("Create socket"); if(errno) exit(errno); server_addr.sin_family=AF_INET; server_addr.sin_port=htons(atoi(argv[2])); inet_pton(AF_INET,argv[1],&server_addr.sin_addr.s_addr); perror("Ip address convertion"); if(errno) exit(errno); sendto(server_sock_fd,writebuffer,sizeof(writebuffer),0,(struct sockaddr *)&server_addr,len); perror("Send Data"); alarm(5); recvfrom(server_sock_fd,readbuffer,sizeof(readbuffer),0,(struct sockaddr *)&server_addr,&len); perror("Get Data"); puts(readbuffer); close(server_sock_fd); perror("Close connection"); return errno; } Sursa: [C] TCPUDP in C - Pastebin.com
  10. Nytro
    In ziua de azi totul e pe bani...
  11. Nytro
    Si prezentarile se vor tine in limba... romana? Desigur, cele ale speakerilor romani ma refer.
  12. Nytro

    Este posibil?

    Nytro replied to robyyxx's topic in Off-topic

    Da. Cand folosesti TrueCrypt, parola e pastrata in memorie pentru a putea decrypta datele cand e necesar. Programul doar o citeste de acolo. Nu e tocmai "rocket science". S-au scris, stupid, stiri despre acest tool: $300 tool can decrypt PGP, TrueCrypt files without a password | Chips | Geek.com E ceva absolut normal. Daca ii dai cuiva un harddisk cryptat cu truecrypt, fara sa fie decryptat de executia programului TrueCrypt cu parola corecta introdusa, e inutil.
  13. Nytro
    S-a mai discutat, insa intr-o maniera tehnica, frumos prezentata. [ https://rstforums.com/forum/74740-dos-exploit-pentru-webkit-nu-deschide-pagina-dac-folose-ti-mac-os-10-8-sau-ios-6-a.rst ] E ok si varianta pentru cocalari.
  14. Nytro

    010 Editor

    Nytro posted a topic in Programe utile

    Text Editor Edit text files, XML, HTML, Unicode and UTF-8 files, C/C++ source code, PHP, etc. Unlimited undo and powerful editing and scripting tools. Hex Editor Unequalled binary editing performance. Edit any file of any size. Use powerful Binary Templates technology to understand binary data. Disk Editor Find and fix programs with hard drives, memory keys, flash drives, CD-ROMs, etc Process Editor Investigate and modify memory from processes. Download: http://www.sweetscape.com/download/download_010editor.html Opinie: Aveam un fisier mare, de 250 MB, text. Aveam de selectat cam 80 MB din el si sa pun acele date in alt fisier. Notepad++ si gVim o sug grav, Notepad++ cel putin se fute si mi-a futut si Clipboard-ul, deci muie Notepad++. Am stat cam 20 de minute sa selectez textul tinand page down apasat si pula. Cu programelul asta am facut: 1. Mark selection start 2. Mark selection end 3. Copy/Paste Muie Notepad++. PS: E trial.
  15. Nytro
    Am mutat cateva (4-5) tutoriale aici. Cred ca ar fi mai usor de gasit pentru toata lumea sa le grupam astfel. La Tutoriale sunt multe altele si daca cineva e interesat in special de acest subiect le poate gasi aici mult mai usor.
  16. Nytro
    Da, ai dreptate. Folosesc portul 8291. Username admin cica ar fi, sa vad ce parola au. Hai coaie, dai DDOS de pe niste routere? Tool pentru conectarea la acele IP-uri: http://download2.mikrotik.com/winbox.exe
  17. Nytro
    Se pare ca au revenit baietii veseli. Nu prea inteleg de ce atacul DDOS vine dupa ora 00:00, oare pe ce fus orar or fi? In SUA e ora 18:20, in China e 06:00 dimineata. Nu am idee. Ce e interesant e ca vin de pe IP-uri de prin toata lumea. Din lipsa de somn am facut reverse DNS pe o parte dintre ele si rezultatul arata cam asa: 68-191-191-90.static.fdul.wi.charter.com host141-86-static.98-5-b.business.telecomitalia.it h-109-228-132-146.na.cust.bahnhof.se hosted-by.securefastserver.com arx68-8.araxinfo.com 177-069-215-197.static.ctbctelecom.com.br host-201-218-17-202.telconet.net ip-200-53-103-250-mty.marcatel.net.mx Wimax-Cali-190-0-16-58.orbitel.net.co 80-84-117-233.pool.symbios.ru adsl-90-151-59-151.nojabrsk.ru 82-160-137-162.tktelekom.pl yak-3062.union-tel.ru h88-150-189-101.host.redstation.co.uk manserv162.static.host.gvt.net.br shinevskiy.hrf.su expogospel.amplitudenet.com.br FAST-INTERNET-103-246-1-49.solnet.net.id pppoe-dynamic-pool-130.u2net.ru 234-50-251-80.pride-net.ru ip-91-232-85-10.xlnet.cz framan.dfc.unifi.it lvps91-250-113-166.dedicated.hosteurope.de static.217.12.113.67.tmg.md autoplan17-8.autoplan.com.br mail.martinbesta.cz ip-176-192-15-229.bb.netbynet.ru kvartal.brov.org hsreina.shadosoft-tm.com km-unallocated.gtu.net.ua www3386uj.sakura.ne.jp 196.216.74.10.swiftkenya.com clients-pools.vt.cooolbox.bg yak-3062.union-tel.ru lisg-sh.ELANinet.com tokiodance.metronv.ru 95-24-122-21.broadband.corbina.ru ec2-54-242-80-90.compute-1.amazonaws.com ec2-54-251-204-189.ap-southeast-1.compute.amazonaws.com ec2-54-232-227-85.sa-east-1.compute.amazonaws.com mailgw.astellas.com j34440.servers.jiffybox.net du-220-98.sv-en.ru newhost.rapidvps.net server.geek-spot.com PSA.MINAS.netsi.com.br 190-82-89-156.static.tie.cl ip-net-196-43-98-2.africaonline.co.zw netgenius.co.uk static.vdc.vn dsp-fax.dsp-c.co.rs IP.net124-238.psi.net.pa 80-48-126-12.smsiarkowiec.pl 190-94-201-245.ifxnw.com.ve 102.200.23.177.fhpinternet.com.br dial-78-141-120-184.orange.sk static.11.85.40.188.clients.your-server.de hosted-by.securefastserver.com m125.magenta.fastwebserver.de hsreina.shadosoft-tm.com edge.tumblespeed.net ckb1.rutil.net Nu pare nimic neobisnuit insa am fost surprins sa vad multe servere cumparate: securefastserver.com, fastwebserver.de, your-server.de, cateva de compute.amazonaws.com, dedicated.hosteurope.de... Oare au fost toate prinse pe "./scanu" nostru romanesc, sau cineva a investit in asa ceva? Hm, oricum, oricine ar fi in spatele atacurilor nu e o persoana tocmai inteligenta. S-au folosit peste 570 de IP-uri unice, cu asa ceva era oarecum usor sa pici un server, insa nici nu era nevoie sa le dau DROP pentru ca atacul nu facea nici macar load pe server. Aceasta e lista cu IP-urile: 101.109.251.210 101.255.71.18 103.11.159.195 103.16.68.4 103.16.79.195 103.246.1.186 103.246.1.49 106.3.102.215 108.61.36.88 108.61.89.152 109.101.9.48 109.122.48.165 109.185.116.199 109.194.65.175 109.207.61.14 109.227.124.27 109.228.132.146 109.236.220.98 109.69.72.109 116.10.143.18 116.226.47.78 116.228.55.184 116.231.193.132 116.236.216.116 116.66.197.228 1.179.128.2 1.179.144.98 1.179.147.2 119.110.67.200 119.110.75.246 119.187.148.81 119.2.3.222 119.235.50.202 119.2.49.227 119.252.160.99 119.254.90.18 119.6.73.138 119.9.33.171 119.93.7.211 119.97.146.148 121.11.167.246 121.12.167.197 12.199.141.164 123.242.172.4 123.30.75.115 123.63.33.217 130.255.88.65 133.242.141.160 133.242.144.168 136.0.16.210 137.116.122.218 137.135.104.254 137.135.81.169 137.175.29.34 139.0.16.202 141.85.252.136 14.192.159.205 142.0.128.24 142.0.138.34 144.76.63.53 150.140.141.195 150.217.103.160 151.232.41.149 157.7.137.101 162.211.224.30 163.125.156.85 163.142.73.113 1.63.18.22 163.5.69.4 166.111.132.167 170.224.168.197 172.162.165.70 173.208.252.196 173.252.252.218 173.45.83.235 174.142.184.205 175.111.90.35 175.136.192.5 175.139.213.206 175.140.114.207 175.25.243.22 175.25.243.26 176.108.108.111 176.192.15.229 176.194.189.56 176.56.12.48 177.107.97.245 177.129.214.44 177.192.184.45 177.207.243.165 177.21.253.18 177.22.121.34 177.23.200.102 177.43.210.162 177.69.195.4 177.69.215.197 177.73.3.44 178.135.61.179 178.149.45.225 178.208.255.123 178.212.124.111 178.217.9.18 178.248.43.155 179.222.17.43 181.112.217.211 181.114.225.50 181.14.202.100 181.225.59.134 184.107.243.2 184.154.85.245 184.82.214.35 185.8.107.4 185.8.2.18 186.0.202.164 186.101.41.40 186.101.78.110 186.103.130.90 186.103.143.211 186.194.47.46 186.209.106.20 186.215.255.210 186.24.34.178 186.249.79.246 186.3.6.113 186.3.71.155 186.47.122.60 186.65.96.118 186.88.107.73 186.88.55.166 186.89.109.233 186.89.64.6 186.91.196.62 186.92.114.13 186.92.134.50 186.92.5.192 186.93.127.50 186.93.155.113 186.93.209.208 186.93.248.237 186.94.184.195 186.95.122.150 186.95.238.103 186.95.42.166 186.95.79.192 187.102.127.97 187.111.15.221 187.11.123.14 187.120.208.211 187.120.27.22 187.120.34.82 187.12.189.221 187.125.147.178 187.157.32.65 187.41.65.244 187.45.103.200 187.51.57.213 187.52.2.162 187.62.217.81 188.128.99.94 188.129.214.244 188.136.134.231 188.190.164.10 188.40.85.11 188.95.32.186 189.106.23.196 189.114.75.21 189.125.133.50 189.1.8.206 189.203.225.194 189.254.236.185 189.2.80.2 189.2.90.228 189.3.25.146 189.41.177.68 189.44.113.186 189.78.155.168 189.85.22.98 190.0.16.58 190.0.17.202 190.0.33.18 190.0.45.98 190.0.60.238 190.111.122.74 190.121.135.178 190.121.20.61 190.14.255.234 190.146.132.205 190.151.122.38 190.152.80.2 190.153.33.253 190.162.205.240 190.167.196.218 190.181.243.84 190.189.93.245 190.199.108.140 190.199.220.156 190.199.43.52 190.200.176.155 190.202.250.233 190.203.151.104 190.203.215.12 190.203.76.31 190.204.168.238 190.204.246.62 190.204.2.83 190.204.98.120 190.207.188.251 190.207.215.99 190.24.10.122 190.253.60.30 190.37.101.243 190.38.189.52 190.39.22.51 190.39.91.75 190.72.205.104 190.72.32.134 190.74.187.146 190.74.237.37 190.77.220.213 190.77.3.110 190.77.46.194 190.78.241.4 190.78.251.148 190.79.156.43 190.82.89.156 190.85.53.43 190.94.201.245 190.94.206.213 190.94.210.150 190.94.249.130 190.95.225.163 190.96.64.234 192.187.116.226 192.64.11.124 193.110.216.144 193.165.216.52 194.141.252.102 194.19.245.45 194.48.60.26 195.128.157.240 195.135.251.171 195.140.190.146 195.191.13.2 195.222.36.86 195.225.144.38 195.24.210.130 195.24.220.134 195.245.118.5 196.216.74.10 196.219.24.34 196.43.98.2 197.136.42.5 197.161.39.66 197.210.252.44 197.211.32.170 197.220.193.49 197.255.213.146 198.102.28.100 198.2.196.162 198.2.198.33 198.23.128.49 198.24.181.95 198.27.83.105 198.49.70.103 198.50.241.160 198.50.245.105 198.50.96.107 198.52.247.103 198.56.208.37 198.56.238.54 199.15.233.142 199.201.121.139 199.250.198.238 199.255.28.102 200.123.130.129 200.148.94.78 200.192.255.146 200.195.141.178 200.199.139.50 200.222.4.90 200.252.14.166 200.46.124.238 200.52.172.66 200.53.103.250 200.54.92.187 200.60.11.25 200.69.218.221 200.7.33.250 200.84.106.156 200.84.135.195 200.84.15.123 200.84.61.11 200.88.158.250 200.93.56.28 201.12.116.18 201.140.102.173 201.208.103.26 201.208.97.145 201.209.96.176 201.210.202.206 201.211.0.51 201.211.115.254 201.211.129.193 201.211.3.136 201.218.17.202 201.234.133.57 201.234.74.5 201.242.58.89 201.243.159.113 201.248.113.4 201.249.9.139 201.33.29.86 201.49.209.146 201.62.48.153 201.62.48.202 201.64.254.228 203.112.195.238 203.153.214.22 203.161.24.74 203.172.161.211 203.19.4.250 203.24.76.186 203.86.16.230 204.93.54.15 205.202.253.55 206.251.61.230 206.251.61.236 206.251.61.252 207.238.97.13 208.73.22.156 208.83.61.90 208.97.65.4 211.138.129.251 211.140.207.100 211.142.236.132 211.157.114.133 211.167.64.112 212.126.122.160 212.138.92.10 212.165.128.105 212.200.23.18 212.249.11.115 212.50.224.55 212.7.192.139 212.8.206.170 212.91.169.132 213.141.236.133 213.164.18.147 213.181.73.145 213.197.129.70 213.203.182.116 213.211.36.100 213.233.92.78 216.152.144.7 216.244.65.146 216.244.80.50 216.250.7.197 217.12.113.67 217.169.209.2 217.169.214.144 217.169.215.175 217.219.190.209 217.23.192.43 217.24.251.46 217.66.20.245 2.181.177.7 2.183.155.2 2.184.6.10 219.133.127.49 219.133.133.209 219.135.191.141 219.136.231.6 219.137.229.146 219.149.45.42 219.159.105.180 219.159.198.77 219.159.198.8 219.159.198.81 219.159.199.6 219.239.227.81 219.72.225.251 219.83.100.195 220.113.1.73 220.132.19.136 220.247.174.174 24.172.34.114 31.135.196.229 31.14.231.168 31.170.179.35 31.3.231.231 31.47.37.42 31.6.71.198 31.7.144.66 37.200.98.218 37.229.97.21 41.129.244.75 41.130.195.106 41.164.23.162 41.202.77.195 41.203.95.234 41.206.30.178 41.215.245.77 41.215.33.66 41.215.77.250 41.222.196.37 41.230.30.24 41.41.138.226 41.63.163.17 41.73.234.243 41.75.111.162 41.78.26.154 41.79.218.113 41.89.130.6 42.120.18.118 42.61.213.99 46.102.74.14 46.181.135.215 46.18.35.226 46.21.242.130 46.214.137.8 46.248.38.205 46.28.70.153 46.28.70.87 46.60.48.179 5.102.156.25 5.10.85.34 5.10.85.35 5.10.85.36 5.10.85.37 5.135.182.105 5.152.209.105 5.187.32.18 5.35.245.191 54.216.232.179 54.228.190.153 54.232.227.85 54.242.80.90 54.247.119.128 54.251.204.189 59.151.37.8 59.172.208.186 5.9.21.206 59.46.67.108 5.98.86.141 62.162.6.11 62.201.207.14 62.228.76.254 62.240.30.193 63.141.233.148 64.120.160.179 64.181.43.79 64.251.14.41 64.71.156.216 64.79.89.66 66.102.141.186 66.35.68.145 66.35.68.146 67.55.2.15 68.191.191.90 68.71.76.242 69.50.64.153 72.14.175.226 74.118.91.238 74.208.123.225 74.221.209.228 74.252.102.240 74.62.137.190 74.84.137.244 74.95.209.30 75.147.16.244 77.123.76.157 77.52.183.254 77.65.19.35 78.130.201.110 78.141.120.184 78.182.202.223 78.29.9.104 78.47.149.64 79.106.109.206 79.110.119.126 79.110.127.230 79.111.12.199 79.127.120.66 79.174.69.46 79.175.187.2 80.241.44.98 80.251.50.234 80.48.126.12 80.78.232.26 80.82.51.38 80.84.117.233 80.87.82.194 80.98.13.171 81.17.28.169 82.114.95.238 82.160.137.162 82.207.68.142 83.146.70.246 83.235.177.207 84.124.12.2 84.124.159.15 84.129.234.210 84.22.32.222 84.241.37.199 84.40.111.206 84.42.3.3 85.113.38.227 85.114.135.125 85.135.52.30 85.142.225.178 85.234.22.126 85.9.74.111 86.105.82.89 86.120.212.195 87.120.152.173 87.236.210.45 87.236.211.71 87.255.68.8 87.56.228.180 88.150.181.130 88.150.189.101 88.212.48.64 88.255.147.83 88.85.108.16 89.110.41.165 89.165.161.133 89.179.102.126 89.179.244.102 89.190.195.170 89.222.181.225 89.37.196.65 89.77.33.126 90.151.59.151 91.121.8.47 91.214.84.110 91.221.246.62 91.227.23.138 91.230.54.60 91.232.85.10 91.233.188.154 91.237.249.61 91.239.15.115 91.241.21.10 91.250.113.166 91.75.86.97 91.98.155.120 91.98.156.148 92.39.54.161 92.82.190.40 92.84.232.209 92.84.44.59 93.113.82.254 93.190.18.146 93.43.1.66 94.100.0.179 94.142.27.4 94.154.24.1 94.189.135.89 94.198.38.246 94.228.204.10 95.141.236.253 95.154.199.100 95.154.199.200 95.159.105.2 95.181.33.22 95.24.122.21 95.28.54.201 95.65.58.61 95.82.92.39 98.190.245.179 Daca v-ati logat dupa ora 00:00, e posibil sa nu mai aveti acces. Imi dati un PM cu adresa voastra IP si se rezolva. As avea o rugaminte pentru cei cu bruteforcerele de ssh: incercati cateva IP-uri din lista si vedeti daca au IP-uri clasice: qwerty sau mai stiu ce parola de dictionar. E posibil sa fie gasite astfel. Have fun.
  18. Nytro
    Am postat eu codul intreg si aici. Descriere: TDL este unul dintre cele mai cunoscute si mai puternice rootkit-uri scrise vreodata. -------- Hengelo, January 19, 2010. Occasionally a new virus appears that is clever enough to completely deceive anti virus programs. TDL3, a variant of the TDSS rootkit (also known as Alureon) is such a sophisticated virus that is causing sleepless nights for anti virus researchers. The first variant, TDL1, appeared in the summer of 2008 and is still capable to prevent detection by many anti virus programs. In the summer we saw the 2nd variant TDL2. "The TDL3 is one of the most sophisticated viruses I have seen", according to CEO Mark Loman. "The rootkit is piggybacking on a standard driver to avoid detection by anti virus programs." --------- Mai multe informatii:TDL3 rootkit still large issue for anti virus programs - SurfRight
  19. Nytro
    [h=1]Practical Malware Analysis[/h][h=3]The Hands-On Guide to Dissecting Malicious Software[/h] [h=4]Book Description[/h] Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring. For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way. B R I E F C O N T E N T S About the Authors .........................................................................................................xix Foreword by Richard Bejtlich ..........................................................................................xxi Acknowledgments ........................................................................................................xxv Introduction ............................................................................................................... xxvii Chapter 0: Malware Analysis Primer .................................................................................1 PART 1: BASIC ANALYSIS Chapter 1: Basic Static Techniques....................................................................................9 Chapter 2: Malware Analysis in Virtual Machines.............................................................29 Chapter 3: Basic Dynamic Analysis .................................................................................39 PART 2: ADVANCED STATIC ANALYSIS Chapter 4: A Crash Course in x86 Disassembly ...............................................................65 Chapter 5: IDA Pro .......................................................................................................87 Chapter 6: Recognizing C Code Constructs in Assembly..................................................109 Chapter 7: Analyzing Malicious Windows Programs.......................................................135 PART 3: ADVANCED DYNAMIC ANALYSIS Chapter 8: Debugging.................................................................................................167 www.it-ebooks.info vi Brief Contents Chapter 9: OllyDbg ....................................................................................................179 Chapter 10: Kernel Debugging with WinDbg.................................................................205 PART 4: MALWARE FUNCTIONALITY Chapter 11: Malware Behavior ....................................................................................231 Chapter 12: Covert Malware Launching ........................................................................253 Chapter 13: Data Encoding .........................................................................................269 Chapter 14: Malware-Focused Network Signatures.........................................................297 PART 5: ANTI-REVERSE-ENGINEERING Chapter 15: Anti-Disassembly.......................................................................................327 Chapter 16: Anti-Debugging ........................................................................................351 Chapter 17: Anti-Virtual Machine Techniques .................................................................369 Chapter 18: Packers and Unpacking .............................................................................383 PART 6: SPECIAL TOPICS Chapter 19: Shellcode Analysis ....................................................................................407 Chapter 20: C++ Analysis ...........................................................................................427 Chapter 21: 64-Bit Malware.........................................................................................441 Appendix A: Important Windows Functions ....................................................................453 Appendix B: Tools for Malware Analysis........................................................................465 Appendix C: Solutions to Labs ......................................................................................477 Index .........................................................................................................................733 [TABLE=width: 100%] [TR] [TD=colspan: 2][h=4]Book Details[/h][/TD] [/TR] [TR] [TD=width: 150]Publisher:[/TD] [TD]No Starch Press[/TD] [/TR] [TR] [TD]By:[/TD] [TD]Michael Sikorski, Andrew Honig[/TD] [/TR] [TR] [TD]ISBN:[/TD] [TD]978-1-59327-290-6[/TD] [/TR] [TR] [TD]Year:[/TD] [TD]2012[/TD] [/TR] [TR] [TD]Pages:[/TD] [TD]800[/TD] [/TR] [TR] [TD]Language:[/TD] [TD]English[/TD] [/TR] [TR] [TD]File size:[/TD] [TD]10.6 MB[/TD] [/TR] [TR] [TD]File format: [/TD] [TD]PDF[/TD] [/TR] [TR] [TD=colspan: 2][h=4]eBook[/h][/TD] [/TR] [TR] [TD]Download:[/TD] [TD] Practical Malware Analysis [/TD] [/TR] [/TABLE] [TABLE=width: 100%] [TR] [TD=colspan: 2][h=4]Paper Book[/h][/TD] [/TR] [TR] [TD]Buy: [/TD] [TD]Practical Malware Analysis[/TD] [/TR] [TR] [TD=colspan: 2][h=4]Online Book[/h][/TD] [/TR] [TR] [TD]Read:[/TD] [TD]Practical Malware Analysis[/TD] [/TR] [TR] [TD=colspan: 2][/TD] [/TR] [/TABLE] Mirror: http://www.speedyshare.com/9a5q7/practical-malware-analysis.pdf http://www.girlshare.ro/32812315.8 http://fisierulmeu.ro/520LCPTF5B05/practical-malware-analysis-pdf.html Sursa: Practical Malware Analysis - Free Download eBook - pdf
  20. Nytro
    Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti- VM Technologies Rodrigo Rubira Branco, Gabriel Negreira Barbosa, Pedro Drimel Neto {rbranco,gbarbosa,pdrimel} *NOSPAM* qualys.com Qualys – Vulnerability & Malware Research Labs (VMRL) Version 1.0 1 UPX UPXV200V290MarkusOberhumerLaszloMolnarJohnR eiser Anti-VM (SLDT) Anti-VM (IN) Push Pop Math Instruction Counting PEB NtGlobalFlag PEB's BeingDebugged (Stealth IsDebuggerPresent) UPXv20MarkusLaszloReiser Anti-VM (SLDT) Anti-VM (IN) Push Pop Math Instruction Counting PEB's BeingDebugged (Stealth IsDebuggerPresent) SS register UPX290LZMAMarkusOberhumerLaszloMolnarJohnR eiser Anti-VM (IN) Push Pop Math Instruction Counting PEB's BeingDebugged (Stealth IsDebuggerPresent) SS register UPX20030XMarkusOberhumerLaszloMolnarJohnReis er Anti-VM (IN) Push Pop Math Instruction Counting PEB's BeingDebugged (Stealth IsDebuggerPresent) UPX293300LZMAMarkusOberhumerLaszloMolnarJoh nReiser Anti-VM (IN) Instruction Counting PEB NtGlobalFlag PEB's BeingDebugged (Stealth IsDebuggerPresent) UPXProtectorv10x2 Nothing 2 Armadillo Armadillov171 Instruction Counting Instruction Substitution (push – ret) Armadillov1xxv2xx Nothing 3 PECompact Anti-VM (STR) Anti-VM (SLDT) Anti-VM (IN) Push Pop Math PEB NtGlobalFlag PEB's BeingDebugged (Stealth IsDebuggerPresent) SoftICE – Interrupt 1 Software Breakpoint Detection SS register 4 BobSoftMiniDelphiBoBBobSoft Anti-VM (STR) Anti-VM (SLDT) Anti-VM (IN) Push Pop Math PEB's BeingDebugged (Stealth IsDebuggerPresent) SoftICE – Interrupt 1 SS register 5 ASPack ASPackv212AlexeySolodovnikov ASProtectV2XDLLAlexeySolodo Anti-VM (IN) PEB's BeingDebugged (Stealth IsDebuggerPresent) SS register ASPackv10803AlexeySolodovnikov Anti-VM (IN) PEB's BeingDebugged (Stealth IsDebuggerPresent) ASPackv21AlexeySolodovnikov PEB's BeingDebugged (Stealth IsDebuggerPresent) SS register 6 ProtectSharewareV11eCompservCMS Anti-VM (SLDT) Anti-VM (IN) Instruction Counting PEB's BeingDebugged (Stealth IsDebuggerPresent) Instruction Substitution (push – ret) 7 ASProtect13321RegisteredAlexeySolodovni kov ASProtectv12 Anti-VM (STR) Anti-VM (SLDT) Anti-VM (IN) Push Pop Math PEB's BeingDebugged (Stealth IsDebuggerPresent) SoftICE – Interrupt 1 Software Breakpoint Detection SS register 8 WiseInstallerStub Nothing 9 MaskPEV20yzkzero Anti-VM (SLDT) Anti-VM (IN) Push Pop Math PEB's BeingDebugged (Stealth IsDebuggerPresent) SS register Table 1 – Packers Anti-Reverse Engineering Abstract Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples reported each week. Analysis of these malware samples has to deal with this significant quantity but also with the defensive capabilities built into malware; Malware authors use a range of evasion techniques to harden their creations against accurate analysis. The evasion techniques aim to disrupt attempts of disassembly, debugging or analyse in a virtualized environment. This talk catalogs the common evasion techniques malware authors employ, applying over 50 different static detections, combined with a few dynamic ones for completeness. We validate our catalog by running these detections against a database of 4 million samples (the system is constantly running and the numbers will be updated for the presentation), enabling us to present an analysis on the real state of evasion techniques in use by malware today. The resulting data will help security companies and researchers around the world to focus their attention on making their tools and processes more efficient to rapidly avoid the malware authors' countermeasures. This first of its kind, comprehensive catalog of countermeasures was compiled by the paper's authors by researching each of the known techniques employed by malware, and in the process new detections were proposed and developed. The underlying malware sample database has an open architecture that allows researchers not only to see the results of the analysis, but also to develop and plug-in new analysis capabilities. The system will be made available in beta at Black Hat, with the purpose of serving as a basis for innovative community research. Download: http://media.blackhat.com/bh-us-12/Briefings/Branco/BH_US_12_Branco_Scientific_Academic_Slides.pdf Tutorialul este in scopuri educative
  21. Nytro
    RMAS (Run-Time Malware Analysis System) A Framework for Malware Analysis and Malware Detection Sommario Introduction ....................................................................................................................................................... 3 Architecture ....................................................................................................................................................... 3 Static Analysis .................................................................................................................................................... 4 Static Analysis Conclusion ............................................................................................................................ 5 Dynamic Analysis ............................................................................................................................................... 5 Dynamic Malware Detection Module ........................................................................................................... 9 Dynamic Analysis Conclusion .................................................................................................................... 10 Case Study ....................................................................................................................................................... 11 Scenario 1 .................................................................................................................................................... 11 Scenario 2 .................................................................................................................................................... 11 Scenario 3 .................................................................................................................................................... 11 Future Work..................................................................................................................................................... 12 Conclusion ....................................................................................................................................................... 12 Bibliography ..................................................................................................................................................... 13 Introduction The malware is a threat for our systems because it can hit and retrieve our confidential information by using different attacking vectors. The security of modern computer systems depends on the ability by the users to keep software, OSes and antivirus products up-to-date. Since new viruses or new viral strains are released every day, the antivirus vendors have to update their software and their signatures and then distribute them. Conventional anti-malware programs rely on “static signature” to detect malware, but malware writers improve their codes to make them undetectable and stay one step ahead of static-signature-based detection. The Dynamic Malware Detection Systems are not new concepts, but my project is based on the development and the implementation of a system, called RMAS (Run-Time Malware Analysis System) in order to allow analysts to make dynamic analysis of new malware, to understand the malware behavior and produce a graphical dangerousness level of the analyzed program, by using just one modular tool. RMAS has been developed also because sometimes there are malware samples that the company has to analyze within the organization perimeter for privacy or policy reasons, to prevent leakage of confidential data. For example, malware samples could be gathered from sources such as honeypots of a specific network or from investigations and lots of these software cannot be analyzed from external analysis software, this is the main reason why I developed RMAS. The system has also been developed in order to realize an automated analysis thus limiting human intervention. Download: http://www.kaspersky.com/images/sponchioni,_roberto_-_rmas_a_framework_for_malware_analysis_and_malware_detection-10-98486.pdf
  22. Nytro
    [sample] Facebook Photo_024.JPG-www.facebook.com.exe (Trojan-Dropper.Win32.Dapato.da) L-am gasit prin laptop-ul unui prieten. Nu stiu nimic despre el, e unul dintre clasicii virusi de pe Facebook. Acest fisier este MALWARE. NU IL EXECUTATI! Download: http://www.speedyshare.com/jFv5E/Photo-024.JPG-www.facebook.com.rar http://www.girlshare.ro/32812258.6 http://fisierulmeu.ro/52394QAULDGO/Photo-024-JPG-www-facebook-com-rar.html Parola arhiva: rst Probabil face spam. Ce face pe langa spam? Ramane de vazut.
  23. Nytro
    Nu, nu are rost asa. Daca ai timp, citeste-le si fa un tutorial pornind de la ele, scris si explicat de tine, nu doar tradus.
  24. Nytro
    Da, speakerii nu au voie sa bea in noaptea de dinaintea prezentarii ca iar stam sa ii cautam sa vina la prezentare Nu dam nume!
  25. Nytro
    Malware Analysis Tutorials: a Reverse Engineering Approach Author: Dr. Xiang Fu Roadmap: You need to first follow Tutorials 1 to 4 to set up the lab configuration. Then each tutorial addresses an independent topic and can be completed separately (each one will have its own lab configuration instructions). Malware Analysis Tutorial 1- A Reverse Engineering Approach (Lesson 1: VM Based Analysis Platform) Malware Analysis Tutorial 2- Introduction to Ring3 Debugging Malware Analysis Tutorial 3- Int 2D Anti-Debugging . Malware Analysis Tutorial 4- Int 2D Anti-Debugging (Part II) Malware Analysis Tutorial 5- Int 2D in Max++ (Part III) . Malware Analysis Tutorial 6- Self-Decoding and Self-Extracting Code Segment . Malware Analysis Tutorial 7: Exploring Kernel Data Structure . Malware Analysis Tutorial 8: PE Header and Export Table . Malware Analysis Tutorial 9: Encoded Export Table . Malware Analysis Tutorial 10: Tricks for Confusing Static Analysis Tools . Malware Analysis Tutorial 11: Starling Technique and Hijacking Kernel System Calls using Hardware Breakpoints . Malware Analysis Tutorial 12: Debug the Debugger - Fix Module Information and UDD File . Malware Analysis Tutorial 13: Tracing DLL Entry Point . Malware Analysis Tutorial 14: Retrieve Self-Decoding Key . Malware Analysis Tutorial 15: Injecting Thread into a Running Process . Malware Analysis Tutorial 16: Return Oriented Programming (Return to LIBC) Attack . Malware Analysis Tutorial 17: Infection of System Modules (Part I: Randomly Pick a Driver). Malware Analysis Tutorial 18: Infecting Driver Files (Part II: Simple Infection) . Malware Analysis Tutorial 19: Anatomy of Infected Driver Malware Analysis Tutorial 20: Kernel Debugging - Intercepting Driver Loading . Malware Analysis Tutorial 21: Hijacking Disk Driver Malware Analysis Tutorial 22: IRP Handler and Infected Disk Driver Malware Tutorial Analysis 23: Tracing Kernel Data Using Data Breakpoints Malware Analysis Tutorial 24: Tracing Malicious TDI Network Behaviors of Max++ Malware Analysis Tutorial 25: Deferred Procedure Call (DPC) and TCP Connection Malware Analysis Tutorial 26: Rootkit Configuration Malware Analysis Tutorial 27: Stealthy Loading of Malicious Driver Malware Analysis Tutorial 28: Break Max++ Rootkit Hidden Drive Protection Malware Analysis Tutorial 29: Stealthy Library Loading II (Using Self-Modifying APC) Malware Analysis Tutorial 30: Self-Overwriting COM Loading for Remote Loading DLL Malware Analysis Tutorial 31: Exposing Hidden Control Flow Malware Analysis Tutorial 32: Exploration of Botnet Client Malware Analysis Tutorial 33: Evaluation of Automated Malware Analysis System I (Anubis) Malware Analysis Tutorial 34: Evaluation of Automated Malware Analysis Tools CWSandBox, PeID, and Other Unpacking Tools Sursa: Dr. Fu's Security Blog: Malware Analysis Tutorials: a Reverse Engineering Approach
×
×
  • Create New...