Nytro

PHP e un embedded in HTML. Mai exact ai asa: <html> <?php echo 'aaa'; ?> </html> Acest cod trece prin interpretorul PHP. Ce NU e cod PHP, adica ce nu e intre <?php si ?> e direct returnat catre browser, ce e intre, e interpretat. Cu formularele e aceeasi idee, se trimit date prin POST si se face ceva cu ele. Citeste si tu putin despre HTML, HTTP si PHP.

ERR_NAME_RESOLUTION_FAILED DNS aka Domain Name System.

E clar, se umple tara de lulji dinastia...

Pai in numele cacatului, posteaza acolo o exploatare manuala, nu un cacat de link. Si nu vad ce relevanta are Linux-ul, dar nu mai conteaza.

Ai ban daca mai postezi porcaria asta. Ori postezi SQL Injection, ari te abtii, oricine poate posta un link catre un site, indiferent ca e vulnerabil sau nu, problema e exploatarea acelei vulnerabilitati. Tu ce faci cu el, il bagi in Havij?

Ai postat corect, dar ai postat o porcarie. Nu vad niciun SQL Injection, vad doar un link. Ce faci cu el, il bagi in Havij?

Ai pus un link, si un link cu ghilimea. Nu ai facut nimic. Se muta la gunoi.

Ban.

Kernel-mode hook pe CreateRemoteThread(Ex), adica rootkit. Poti face un driver care suprascrie SSDT-ul, gasesti acolo NtCreateRemoteThread. PS: Abtineti-va de la replici inutile.

THOR : Another P2P Botnet in development with extra stealth features POSTED BY THN REPORTER ON 3/06/2012 07:59:00 PM The research community is now focusing on the integration of peer-to-peer (P2P) concepts as incremental improvements to distributed malicious software networks (now generically referred to as botnets). Because “botnets” can be used for illicit ?nancial gain,they have become quite popular in recent Internet attacks. A “botnet” is a network of computers that are compromised and controlled by an attacker. Each computer is infected witha malicious program called a “bot”, which actively communicates with other bots in the botnet or with several “botcontrollers” to receive commands from the botnet owner. Attackers maintain complete control of their botnets, andcan conduct Distributed Denial-of-Service (DDoS) attacks,email spamming, keylogging, abusing online advertisements, spreading new malware, etc. However, the first botnets that use peer-to-peer (P2P) networks for remote control of the compromised machines appeared in the wild recently. This new bot has a different code base, it uses the same spreading strategy and also seems to maintain a multi-relay (or peer-to-peer) infrastructure just like its predecessor. Thor is a decentralised P2P botnet , Coded in C / C++ & Developed by "TheGrimReap3r" that has been in development for some time now and is almost ready to go out on sale.The botnet itself has no central command point, so it will be very difficult to shut down, also, very difficult to track where commands are coming from, because all the nodes pass them on. Thor uses DLL injection, IAT hooking, ring3 rootkit amongst other things to hide. One more interesting Feature that It have it's own module system so you can write your own modules with our easy API system. It include peer to peer communication uses 256-AES encryption with random key generation at each startup. Thor works on Win 2000+, Win XP SP0/SP1/SP2/SP3, Win Vista SP0/SP1/SP2, Win 7 SP0/SP1 and Support x86 and x64 systems. The Developers of Thor going to sale this Botnet openly in underground market and various hacking forums at $8000, the package without modules and the expected modules that anyone can buy will be: advanced botkiller, DDoS, formgrabber, keylogger/password stealer and mass mailer. Sursa: THOR : Another P2P Botnet in development with extra stealth features | The Hacker News (THN)

Cred ca se poate folosi cu sysenter (daca se obtine acces la stiva) din user mode pentru privilegii kernel-mode.

GitHub hacked with Ruby on Rails public key vulnerability Posted by THN Reporter On 3/06/2012 07:07:00 AM Github, the service that many professional programmers use to store their work and collaborate on coding, was hacked over the weekend. A young Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. When Github saw what happened, they suspended Homakov’s account, which created a firestorm of protest. A blog post entitled, Github, You Have Let Us All Down . Github has succumbed to a public key vulnerability in Ruby on Rails allowing a user administrator access to the popular Rails Git. Homakov's actions were relatively simple - he merely uploaded his public key to the repository so Git thought he was an approved administrator of that project. This would not only entitle Homakov to commit files but he could effectively wipe the entire project and its history clean. "The root cause of the vulnerability was a failure to properly check incoming form parameters, a problem known as the mass-assignment vulnerability," GitHub co-founder Tom Preston-Werner wrote in a blog post. "Two days ago he responsibly disclosed a security vulnerability to us and we worked with him to fix it in a timely fashion. Today, he found and exploited the public key form update vulnerability without responsible disclosure," Preston-Werner said, explaining that this had meant Homakov had broken GitHub's terms and conditions. Github is used by a number of high-profile projects including the Linux kernel. Homakev's actions were to exploit a well known weakness of Ruby on Rails and questions might be asked as to why Github's administrators did not block such an attack sooner. Moving forward, GitHub has apologized for obfuscating the how white hat hackers should disclose security vulnerabilities and set up a new help page that clearly lists how to report issues. Sursa: GitHub hacked with Ruby on Rails public key vulnerability | The Hacker News (THN)

[h=1]Avira Free Mac Security Beta – Antivirus gratuit pentru MAC adresat companiilor si utilizatorilor casnici[/h] By Radu FaraVirusi(com) on March 5, 2012 Avira lanseaza versiunea Beta pentru produsul lor de securitate adresat sistemelor Mac OS. Se numeste Avira Free Mac Security si va fi oferit gratuit atat pentru companii, cat si pentru utilizatorii casnici. Pentru a descarca Avira Free Mac Security BETA accesati link-ul: http://betacenter.avira.com/files/download.aspx/avira_mac_security_1.0.0.50-2.pkg Pentru alte detalii despre produs, accesati blogul Avira: Avira Free Mac Security – Beta now available | Avira – TechBlog Sursa: Avira Free Mac Security Beta – Antivirus gratuit pentru MAC adresat companiilor si utilizatorilor casnici

[h=1]Descarca Kaspersky Internet Security 2013 – Testarea Beta a inceput[/h] By Radu FaraVirusi(com) on March 5, 2012 Cei de la Kaspersky au lansat versiunea 2013 a celebrului produs de securitate Kaspersky Internet Security. Momentan este in stadiul de testare BETA si nu avem o lista a modificarilor in mod oficial. Interfata grafica a ramas si va ramane pana la final aceeasi ca in versiunea 2012, cu mici modificari de “nuanta”. Iata mai jos primele poze si la final, link-urile pentru descarcare: Pentru a descarca Kaspersky Internet Security 2013 Beta accesati link-ul: http://special.kaspersky-labs.com/3A8VCJNYOJN7JYU8HFUW/kis13.0.0.2292en.exe Pentru raportarea problemelor aparute in timpul evaluarii sau pentru alte informatii puteti vizita forumul oficial: Kaspersky Lab Forum -> KIS\KAV 2013 Sursa: Descarca Kaspersky Internet Security 2013 – Testarea Beta a inceput

Javascript != Node.js...

ICMP, TCP, UDP, e irelevant. Problema e simpla: cum faci o conexiune DIN BROWSER folosind un anume protocol, indiferent care? Cat despre ICMP, are alte scopuri, ca sa nu mai spun ca e necesar un raw socket pentru crearea sa (stiu ca stii astea), ceea ce inseamna rularea "programului" ca Administrator/root. Apoi, de multe ori, in ziua de azi, conexiunile la Internet nu dispun de o adresa IP publica UNICA, si nici nu cred ca se pune problema de port forwarding pe routerele ISP-urilor. Pe scurt, browser-ul nu este facut pentru asa ceva. Singura solutie posibila poate fi The WebSocket API dar nu stiu cum vei reusi sa pui un WebSocket in stare de "listening".

Nu se poate.

Salut, nu poti face nimic, nu functioneaza decat daca formularul (pagina din iframe) se afla pe acelasi server. Este o limitare impusa inca de pe vremea Netscape, de multi ani. Sa fim seriosi, daca se putea asta, se puteau face multe "lucruri". Sau, se poate face ceva, desigur, daca ai un XSS in site-ul respectiv.

Pacat ca sunt session cookies (fara 'expire'). Stiti voi ce sunt alea si cat sunt valide.

E scris cu picioarele, o gramada de porcarii, nu e tocmai o sursa din care sa ai ce invata. PS: Linux pe 64 de biti?

Spune si care sunt diferentele intre "union" si "union all", intre "into outfile" si "into dumpfile", cum verifici privilegiile, ce faci daca directorul nu e writeable, sau nu ai calea directa, de ce e acel "+" la final, ce inseamna pentru browser, de ce folosesti hex la Load File cand la codul PHP se vede ca nu se face escape la ghilimea, ce se poate face daca functia system e in lista de "disabled_functions" si... de ce folosesti Internet Explorer?

Ce penal

BackTrack 5 R2 Released

1. Remote Desktop Protocol - Wikipedia, the free encyclopedia 2. Vezi link-ul de la pasul 1, intrebarea e irationala, RDP e un protocol 3. Simple Mail Transfer Protocol - Wikipedia, the free encyclopedia 4. Cred ca vrei sa spui Server SMTP, server care implementeaza PROTOCOLUL SMTP 5. Poti trimite mail-uri PS: Eu ti-am raspuns la intrebari, pentru cei care se ocupa cu asa ceva, acesti termeni au alte conotatii. Nu te astepta la raspunsuri relevante de la aceste persoane, pot sa jur ca nu exista aici 2-3 persoane care sa citeasca despre protocolul SMTP sau RDP, ei doar folosesc niste programe chioare, nu inteleg cum functioneaza protocolul in sine, e ca si cum ai intra intr-un bloc si ai incerca cateva chei la anumite usi, nu conteaza ca nu stii cum functioneaza acea usa, tu doar incerci, si daca ai noroc, te poti lauda (desi nu ai cu ce) ca esti "hacker" si ca ai spart servere (spun asta pentru ca aceleasi principii se aplica si la SSH, care da, si el tot un protocol este). NB: Communications protocol - Wikipedia, the free encyclopedia Fii tu unul dintre acele persoane care cunoaste sistemul de inchidere al unei usi, daca tot vrei sa fii un... "deschizator de usi".

Traducere de cacat, "seized" inseamna "confiscat" in germana.