Nytro

De ce as vrea sa apar pe site-ul lor? Initial am vrut sa pun ceva la caterinca, dar nu ar fi acceptat.

Vin si eu.

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [x] Official Website: http://www.1337day.com 0 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1 0 0 1 ========================================== 1 0 I'm Taurus Omar Member From Inj3ct0r TEAM 1 1 ========================================== 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1 | | | C _:_ A | | C _:_ A | | Google Maps - Remote File Disclosure /SQL Injection Vulnerability | -------------------------------------------------------------------------- ==> ABOUT ME: --- TAURUS OMAR --- INDEPENDENT SECURITY RESEARCHER --- ACCESOILEGAL.BLOGSPOT.COM --- @omartaurus --- omar-taurus[at]dragonsecurity[dot]org --- omar-taurus[at]live[dot]com ===> INFO: Author : TAURUS OMAR Category : Webapps / 0day Title Exploit : Google Maps - Remote File Disclosure /SQL Injection Vulnerability Vendor : Google Maps URL Vendor : http://maps.google.com/ 0day exploits : 1337day.com Inj3ct0r Exploit DataBase ++++++++++++++++++++++++++++++++++++ Proof of CONCEPT IMAGES : http://img256.imageshack.us/img256/5621/googlemapsr.jpg http://img341.imageshack.us/img341/995/googlemaps2i.jpg ++++++++++++++++++++++++++++++++++++ ==> SAMPLE'S SQLi: http://maps.google.com/maps?q=1001%20+longwod+%20road+%2019348 [SQL Injection] http://maps.google.com/maps?q=1001%20+Webb%20+Rd+%20Chadds%20+Ford+%20Delaware+%20Pennsylvania+%2019317 [SQL Injection] http://maps.google.com/maps?q=1001%20+Webb%20+Rd+%20Wolverine+%20Cheboygan+%20Michigan+%2049799 [SQL Injection] http://maps.google.com/maps?q=1001%20+Webb%20+Rd+%20Crum+%20Wayne+%20West+%20Virginia+%2025669 [SQL Injection] http://maps.google.com/maps?q=1001%20+Webb%20+Rd+%20Simpsonville+%20Shelby+%20Kentucky+%2040067 [SQL Injection] http://maps.google.com/maps?q=1001%20+Webb%20+Rd+%20Cottage+%20Grove+%20Weakley+%20Tennessee+%2038224 [SQL Injection] http://maps.google.com/maps?q=1001%20+Webb%20+Rd+%20Dothan+%20Houston+%20Alabama+%2036303 [SQL Injection] http://maps.google.com/maps?q=1001%20+Webb%20+Rd+%20Clarksville+%20Montgomery+%20Tennessee+%2037040 [SQL Injection] http://maps.google.com/maps?q=1001%20+Webb%20+Rd+%20Chattanooga+%20Hamilton+%20Tennessee+%2037416 [SQL Injection] http://maps.google.com/maps?q=1001%20+Webb%20+Rd+%20Ellenboro+%20Rutherford+%20North+%20Carolina+%2028040 [SQL Injection] ==>REMOTE FILE DISCLOSURE http://maps.google.com/ads/displaynetwork/adtypes/xxxxx/../../../../maps/ms ---------------------------------------------------------------------------- http://maps.google.com/ads/displaynetwork/adtypes/hilton-300x250.html/../../../../maps/ms http://maps.google.com/ads/displaynetwork/adtypes/lenovo-728x90.html/../../../../maps/ms # 1337day.com [2012-06-22] Sursa: Inj3ct0r Member found Google Maps Remote File Disclosure / SQL Injection | Inj3ct0r - exploit database : vulnerability : 0day : shellcode Nu pare sa mearga, nu acum Oricum injectorii astia sunt de cacat, se lauda cu exploit-uri gasite de altii si sunt cam paraleli cu orice, deci probabil fake, dar na, nu pot fi sigur.

Care din Bucuresti aveti masina? A, cacat, il iau pe Ahead si mergem

Da ma, companii mari din domeniul financiar platesc bani buni pentru asa ceva, pe cand altele...

Asta sa fie? Profesor Petre Paulina - profesor Engleza

@nedo: O adresa IPv4 are 4 bytes. Adresa IP RST este: 188.240.88.237 In hexazecimal, fiecare byte: 0xBC = 188, 0xF0 = 240, 0x58 = 88, 0xED = 237 => http://0xBCF058ED Daca compunem un singur "int" de 4 bytes, din aceste numere, adica 0xBCF058ED, in zecimal este 3169868013. @dany: Deci, ce limbaj ai ales?

[h=2]Script to Find All IP Addresses on a Internal Network[/h]Posted by purehate in Code Snippets at 12:56 PM I was working on a presentation this morning and as I was writing I realized I did not have a quick fast way to make a list of all the internal Ips on a LAN (Local Area network). Many of the tools I use including nmap, nessus and nexpose will accept a list of ips so I decided to whip up a quick dirty shell script to get the job done. I may clean it up in the future but for now it does its job. This is meant to work on Backtrack 4 but in its current state it will work on any Debian based distro. As always with any code found on the internet you use this at your own risk. Also I am sure this can be done better but like I said it was a 10 minute fix. Here is the script: Save it as ip_list.sh and give it execute permissions with chmod 755 01 #!/bin/bash 02 # Quick a dirty script to make a list of internal ips on a LAN 03 # Questions, Comments or Death Threats can be sent to crackers@question-defense.com 04 # This is made for Backtrack 4 so every one else is on their own 05 06 #set some variables 07 subnet=$(echo $2 | cut -f 1 -d .) 08 outfile=$subnet"_ip.list" 09 temp=ip.tmp 10 11 #Check for the proper arguments 12 if [ -z "$1" ]; then 13 echo usage: $0 interface subnet 14 echo "example: arp-scan eth0 192.168.1.0/24" 15 exit 16 fi 17 18 if [ -z "$2" ]; then 19 echo usage: $0 interface subnet 20 echo "example: arp-scan eth0 192.168.1.0/24" 21 exit 22 fi 23 24 #check for arp-scan 25 echo "Checking for arp-scan" 26 dpkg --status arp-scan | grep -q not-installed 27 28 if [ $? -eq 0 ]; then 29 echo "Downloading arp-scan...." 30 sudo apt-get install arp-scan -y 31 else 32 echo "arp-scan found!" 33 fi 34 35 #running the scan 36 /usr/bin/arp-scan $1 $2 > $temp 2>/dev/null 37 cat ip.tmp | grep $subnet | awk {'print $1'} > $outfile 38 rm -rf $temp 39 40 count=$(wc -l $outfile | awk {'print $1'}) 41 echo $count "active ip's found" 42 dir=$(pwd) 43 echo "Your file is named" $outfile "and is located in the" $dir "directory" Sursa: Script to Find All IP Addresses on a Internal Network

Aranea é un DNS Spoofer molto veloce e versatile, basato interamente su libpcap. Volevamo un tool più flessibile rispetto a quelli già pubblicati, cosi abbiamo sviluppato aranea come applicazione multithreaded capace di interagire con le richieste utilizzando regular expressions. Download: https://github.com/TigerSecurity/aranea Sursa: Tools – Tiger Security S.r.l.

[h=5]Web Backdoor Finder Light[/h] Web Backdoor Finder Light (WBFL) è uno strumento che permette di rilevare all’interno del proprio filesystem backdoor di tipo web. WBFL è uno script essenziale e veloce che si occupa di rilevare e segnalare funzioni php generalmente malevole utilizzate all’interno di pagine presenti nel filesystem al fine di evidenziare possibili backdoor web presenti. Download: https://github.com/TigerSecurity/Web-BackDoor-Finder-Light Sursa: Tools – Tiger Security S.r.l.

Gerix-Wifi-Cracker Gerix-Wifi-Cracker é un’intuitiva interfaccia grafica per la suite di strumenti aircrack-ng, nonché per altri strumenti complementari (e.g. pyrit). È possibile utilizzare il programma per vari tipi di attacco contro reti wifi: Cracking WEP (chop-chop, fragmentation) Cracking WPA (basato su wordlist o rainbow tables) Attacchi client-side Creazione di fake access-point L’interfaccia é semplice da usare, include numerose utilities per facilitare le operazioni agli utenti, e il salvataggio dei dati ottenuti. Download: https://github.com/TigerSecurity/gerix-wifi-cracker Sursa: Tools – Tiger Security S.r.l.

E de la tara, probabil profesoara in cine stie ce sat de tigani.

In sfarsit cineva care observa.

Lasati prostiile, o sa aveti destul timp si sa lucrati, toata viata. Mai aveti si voi cativa ani de "libertate", folositi-i cu cap. PS: Puteti face ceva proiecte pentru un viitor CV.

Cyber-war...

Poveste: http://www.ovidiuav.com/2012/06/19/acum-5-ani-am-scris-un-e-mail/ Link: http://www.futureme.org/

Exe?

Esti o victima a pirateriei.

[h=1]Confirmat: Virusul Flame, creat de americani si israelieni[/h]de Liviu Petrescu | 21 iunie 2012 Speculatiile cu privire la originea virusului Flame, considerat de Kaspersky Lab prea puternic pentru a fi creat de hackeri, au fost confirmate. Flame a fost creat de americani si israelieni pentru a stopa programul nuclear din Iran, scrie Washington Post. La mai putin de doua saptamani dupa ce virusul a fost eliminat chiar de creatorii sai, oficialii americani au confirmat originea virusului catre Washington Post, citat de ArsTechnica. Virusul Flame este considerat cel mai puternic virus informatic din istoria tehnologiei informatice, deoarece a obtinut acces la toate perifericele PC-urilor infectate, inclusiv webcam-uri si microfoane si a ramas nedetectat timp de aproape 2 ani. Potrivit informatiile de la Washington, virusul informatic Flame folosit in Orientul Mijlociu a fost dezvoltat in cooperare de catre NSA, CIA si Israel. Descoperirea virusului a fost provocata de catre o incursiune unilaterala a israelienilor, sustin oficialii americani. Sursa: Confirmat: Virusul Flame, creat de americani si israelieni | Hit.ro

Smecherii: http://ntcore.com/articles.php

Windows SDK User Interface: How can I emulate keyboard events in an application? - CodeGuru Forums How to use SendInput? » bits and bytes SendInput Example In C# Virtual On-Screen Keyboard Example - CodeProject [C++] Keyboard/Mouse emulation - Classes and Code Snippets - CODECALL Programming Forum

[h=1]5 motive pentru care Microsoft Surface ar putea bate iPad-ul[/h]de Liviu Petrescu | 20 iunie 2012 Odata cu lansarea tabletelor Microsoft Surface, multi analisti IT au ajuns la concluzia ca iPad are in sfarsit un concurent pe masura. Chiar daca Microsoft nu a anuntat inca pretul tabletei, entuziasmul pentru Surface este mare si pare intemeiat. Vezi 5 motive pentru care Microsoft Surface ar putea bate iPad-ul, potrivit CNN. 1. Marimea si grosimea Designul excelent al iPad a facut tabletele concurentei sa para butucanoase. Microsoft a optat pentru o marime de 10,6 inci, putin mai mare decat tableta Apple, dar unul dintre elemente cheie pentru succesul Microsoft Surface este grosimea. Surface RT are o grosime cu o zecime de milimetru mai mica decat noul iPad, deci utilizatorii vor fi multumiti. Totul despre noile tablete Microsoft Surface, cu Windows RT si Windows 8 Pro Surface Pro are insa o grosime semnificativ mai mare, acceptabila insa pentru cei considera noua tableta Windows un ultrabook cu ecran tactil. 2. Tastaturile de tableta Microsoft a decis sa ofere consumatorilor ceea ce a Apple a refuzat de la inceput: tastaturi compacte care usureaza folosirea acesteia. Cu o grosime de numai 3mm, Touch Cover ofera o tastatura tactila integrata in carcasa ce poate fi folosita si ca stand, totul disponibil in variante de culoare: negru, rosu, albastru si roz. Type Cover are o grosime de 5mm, insa ofera si un trackpad integrat, ce permite practic folosirea tabletei Microsoft Surface cu Windows 8 Pro ca desktop. 3. Porturile USB Incapatanarea Apple de a nu oferi cumparatorilor ceea ce si-au dorit de la inceput, un port USB pentru conectarea simpla la orice alt gadget, devine o problema mare pentru iPad. Chiar daca utilizatorii au la dispozitie solutii cloud si Wi-Fi pentru iPad, multi cumparatori ar putea prefera cele doua porturi USB ale Microsoft Surface, prin care se pot conecta cu usurinta drive-urile externe, imprimantele si chiar camerele foto. Surface RT ofera USB 2.0, iar Surface Pro USB 3.0. 4. Performanta Tabletele au fost pana acum un hibrid intre laptopuri si smartphone, dar Microsoft incearca sa ajunga cat mai aproape de specificatiile unui ultrabook cu Surface Pro. Cu procesor Intel Core i5, tableta Microsoft cu Windows 8 Pro va oferi pana la 128GB spatiu de stocare, un alt avantaj in lupta contra iPad, ramas cu limita maxima de 64GB. 5. Xbox SmartGlass Sistemul SmartGlass, prezentat de Microsoft la E3, va lega orice tableta, chiar si Android sau iPad de consola de jocuri Xbox pentru o experienta interactiva. Daca Microsoft optimizeaza Xbox SmartGlass pentru Surface si ofera functii noi, ar putea duce utilizatorii cu un pas inainte in integrarea consumului de media, in care televizorul, consola de jocuri, tableta si smartphone-ul interactioneaza perfect si joaca roluri diferite. Citeste in continuare despre reactia Apple la Microsoft Surface. S-a speriat cu adevarat Apple de Microsoft Surface? Chiar daca Apple a observat de-a lungul anilor cum Microsoft incearca sa-i copieze produsele, dar esueaza - nu s-au gasit prea multi care sa prefere Zune inaintea unui iPod - compania a fost pregatita pentru tabletele Surface. In aceeasi zi cu prezentarea Microsoft Surface, Apple a lansat o noua reclama TV pentru noul iPad, cu sloganul "Do It All!". http://www.youtube.com/watch?v=RksyMaJiD8Y&feature=player_embedded Crezi ca decizia Apple de a lansa noua reclama la iPad este o decizie de afaceri obisnuita sau un semn ca Apple se teme cu adevarat de succesul Microsoft Surface? Sursa: 5 motive pentru care Microsoft Surface ar putea bate iPad-ul | Hit.ro

[h=1]Un hacker sustine ca a exploatat brese de securitate la 79 de banci[/h]de Liviu Petrescu | 20 iunie 2012 Un hacker a publicat date despre 1700 de conturi bancare, sustinand ca a exploatat brese de securitate la 79 de banci din SUA si alte tari. Datele colectate ilegal de Reckz0r timp de 3 luni au o marime totala de 50GB. Hackerul Reckz0r s-a laudat pe Twitter cu realizarile sale si a publicat un document in format text care dezvaluie datele a peste 1700 de persoane: nume, tipul cardului, adresa, numar de telefon si adresa de email, scrie ZDNet. Cele mai multe conturi compromise sunt din SUA, Marea Britanie si Canada, iar hackerul Reckz0r a explicat ca datele provin direct de la banci, nu din bazele de date Visa si Mastercard. Hackerul sustine ca a publicat datele cu un scop nobil, pentru a atrage atentia asupra vulnerabilitatii bancilor in mediul online. Incidentul a fost comentat si de un reprezentat al grupului de hacktivisti Anonymous, care sustine ca datele sunt vechi si nu pot fi folosite pentru frauda. Sursa: Un hacker sustine ca a exploatat brese de securitate la 79 de banci | Hit.ro

[h=1]Researcher: CIA, NSA may have infiltrated Microsoft to write malware[/h] [h=2]Did spies posing as Microsofties write malware in Redmond? How do you spell 'phooey' in C#?[/h] By Kevin Fogarty June 18, 2012, 2:46 PM — A leading security researcher has suggested Microsoft's core Windows and application development programming teams have been infiltrated by covert programmer/operatives from U.S. intelligence agencies. If it were true it would be another exciting twist to the stories of international espionage, sabotage and murder that surround Stuxnet, Duqu and Flame, the most successful cyberwar weapons deployed so far, with the possible exception of Windows itself. Nevertheless, according to Mikko Hypponen, chief research officer of antivirus and security software vendor F-Secure, the scenario that would make it simplest for programmers employed by U.S. intelligence agencies to create the Stuxnet, Duqu and Flame viruses and compromise Microsoft protocols to the extent they could disguise downloads to Flame as patches through Windows Update is that Microsoft has been infiltrated by members of the U.S. intelligence community. [ FREE DOWNLOAD: 68 great ideas for running a security department ] Having programmers, spies and spy-supervisors from the NSA, CIA or other secret government agencies infiltrate Microsoft in order to turn its technology to their own evil uses (rather than Microsoft's) is the kind of premise that would get any writer thrown out of a movie producer's office for pitching an idea that would put the audience to sleep halfway through the first act. Not only is it unlikely, the "action" most likely to take place on the Microsoft campus would be the kind with lots of tense, acronymically dense debates in beige conference rooms and bland corporate offices. The three remarkable bits of malware that attacked Iranian nuclear-fuel development facilities and stole data from its top-secret computer systems – Flame Duqu and Stuxnet – show clear signs of having been built by the same teams of developers, over a long period of time, Hypponen told PC Pro in the U.K. Flame used a counterfeit Microsoft security certificates to verify its trustworthiness to Iranian users, primarily because Microsoft is among the most widely recognized and trusted computer companies in the world, Hypponen said. Faking credentials from Microsoft would give the malware far more credibility than using certificates from other vendors, as would hiding updates in Windows Update, Hypponen said. The damage to Microsoft's reputation and suspicion from international customers that it is a puppet of the CIA would be enough to keep Microsoft itself from participating in the operation, even if it were asked. That doesn't mean it didn't happen. "It's plausible that if there is an operation under way and being run by a US intelligence agency it would make perfect sense for them to plant moles inside Microsoft to assist in pulling it off, just as they would in any other undercover operation,” Hypponen told PC Pro. "It's not certain, but it would be common sense to expect they would do that." The suggestion piqued the imaginations of conspiracy theorists, but doesn't have a shred of evidence to support it. It does have a common-sense appeal, however. Planting operatives inside Microsoft would probably be illegal, would certainly be unethical and could have a long-range disadvantage by making Microsofties look like tools of the CIA rather than simply tools. "No-one has broken into Microsoft, but by repurposing the certificate and modifying it with unknown hash collision technologies, and with the power of a supercomputer, they were able to start signing any program they wanted as if it was from Microsoft," Hypponen said. "If you combine that with the mechanism they were using to spoof MS Update server they had the crown jewels." Hypponen is one of a number of security experts who have said Stuxnet and Duqu have the hallmarks of software written by traditionally minded software engineers accustomed to working in large, well-coordinated teams. After studying the code for Duqu, security researchers at Kaspersky Labs said the malware was most similar to the kind of work done by old-school programmers able to write code for more than one platform at a time, do good quality control to make sure the modules were able to install themselves and update in real time, and that the command-and-control components ahd been re-used from previous editions. "All the conclusions indicate a rather professional team of developers, which appear to be reusing older code written by top “old school” developers," according to Kaspersky's analysis. "Such techniques are normally seen in professional software and almost never in today’s malware. Once again, these indicate that Duqu, just like Stuxnet, is a 'one of a kind' piece of malware which stands out like a gem from the large mass of “dumb” malicious program we normally see." Earlier this month the NYT ran a story detailing two years worth of investigations during which a range of U.S. officials, including, eventually, President Obama, confirmed the U.S. had been involved in writing the Stuxnet and Flame malware and siccing them on Iran. That's far from conclusive proof that the NSA has moved its nonexistent offices to Redmond, Wash. It doesn't rule it out either, however. Very few malware writers are able to write such clean code that can install on a variety of hardware systems, assess their new environments and download the modules they need to successfully compromise a new network, Kaspersky researchers said. Stuxnet and Flame are able to do all these things and to get their own updates through Windows Update using a faked Windows Update security certificate. No other malware writer, hacker or end user has been able to do that before. Knowing it happened this time makes it more apparent that the malware writers know what they are doing and know Microsoft code inside and out. That's still no evidence that Microsoft could be or has been infiltrated by spies from the U.S. or from other countries. It does make sense, but so do a lot of conspiracy theories. Until there's some solid indication Flame came from inside Microsoft, not outside, it's probably safer to write off this string of associative evidence. Even in his own blog, Hypponen makes fun of those who make fun of Flame as ineffective and unremarkable, but doesn't actually suggest moles at Microsoft are to blame. In the end it doesn't really matter. The faked certificates and ride-along on Windows Update demonstrate the malware writers have compromised the core software development operations at Microsoft. They don't have to live there to do it; virtual compromise on the code itself would do the job more effectively than putting warm bodied programmers in the middle of highly competitive, highly intelligent, socially awkward Microsofties with a habit of asking the wrong question and insisting on an answer. The risk of having any such infiltration discovered is far too high to expose the cyberwar version of Seal Team Six to the perils of Redmond. Still, the assumption seems to be true metaphorically, if not physically, so it's safer to assume Microsoft and its software have both been compromised. Given the track record of Stuxnet, Duqu and Flame for compromising everything they're aimed at, that assumption isn't even much of a stretch. Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook. Sursa: http://www.itworld.com/security/281553/researcher-warns-stuxnet-flame-show-microsoft-may-have-been-infiltrated-nsa-cia