Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18715

  • Joined

  • Last visited

  • Days Won

    701

 Content Type 

Everything posted by Nytro

  1. Nytro
    Spargerea parolelor de messenger
  2. Nytro
    Daca il testeaza cineva si merge, sa faca aici un mic review va rog. O sa incerc si eu diseara.
  3. Nytro
    Views: 1,772 There are currently 377... Offtopic (270 viewing)
  4. Nytro
    [h=3]Debuggers Anti-Attaching Techniques - Part 1[/h][h=2]Saturday, December 10, 2011[/h] It's been a while since i played with packing/unpacking tricks. So, i am going to choose some fancy tricks and try to explain them in detail. The story begins when i was trying to analyze a security issue in an infamous application. I tried to attach ollydbg to the running process but the process immediately crashed. I quickly googled "anti-attach tricks" and found many useful links. In the next few posts, i am going to explain those anti-attach tricks. It would surely be better to understand how debuggers attach themselves to running processes in order to understand those tricks and perhaps innovate new ones. The main idea behind attaching is that a debugger calls the "DebugActiveProcess" function which ends up with calling the "RtlCreateUserThread" function to create a new remote thread into the target process, with the "DbgUiRemoteBreakin" function as the new thread entry point. Thread creation occurs in the "DbgUiIssueRemoteBreakin" function, which looks something like the highlighted line in the image below. As far as i see, one way to prevent debuggers from attaching to a process is conducted by hooking the "DbgBreakUiRemoteBreakin" or "DbgBreakPoint" function. I will write a simple executable to demonstrate that. It overwrites the first byte of the "DbgUiRemoteBreakin" function with 0xC3, opcode for retn, thus killing this kind of threads. Similarly, we can patch the "DbgBreakPoint" function. Here you can download the source code for the example above. Trying to attach to such a process, as you can see in the image below, results in an access violation. Bypassing this trick is pretty easy. Just use ollydbg to debug itself, set a breakpoint on the "RtlCreateUserThread" function call, and finally modify its seventh paramter to point to any int3 in the target process address space. Once execution stops at int3 (in the debugged ollydbg), kill the current thread. This way we can by pass any API patching regardless of which function is patched in the target process address space. This bypass trick seems to be impractical. So, i decided to write a simple ollydbg plugin for this situation. The plugin simply patches the "DebugActiveProcess" function in ollydbg.exe to jump to the plugin code. The code gets the target process identifier (pid) from the stack and then writes a few instructions to the the "DbgUiRemoteBreakin" function prologue in this process address space. Here you can download the plugin dll. Here is the virustotal report. N.B. This write-up is based on analysis conducted on Windows XP SP3. Soon, I will extend it to include later operating systems. N.B. The plugin is only tested on windows XP SP3. Sursa: waliedassar: Debuggers Anti-Attaching Techniques - Part 1
  5. Nytro
    Metagoofil Backtrack 5 Tutorial-Metadata Analyzer Information Gathering Tool By Irfan Shakeel Information gathering or foot printing is the vary first step of hacking process and we have discussed so many tutorials for information gathering on backtrack 5 and on other OS like ubuntu and windows. In this article you will learn how to gather information from Metadata of public document from victim websites and the tool is Metagoofil. Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) available in the target/victim websites. It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn, etc. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, Shared resources, etc. How to Install Metagoofil on Backtrack 5 r1, Ubuntu and Windows The installation process of Metagoofil on Debian based operating system like Ubuntu and backtrack 5 r1 is very easy, all you need to have is metagoofil download it from here. If you are on Ubuntu and on other Linux than you need install the dependencies like [INDENT]root@bt:~# apt-get install extract [/INDENT] If you are on backtrack 5 just like my case than extract is available on backtrack 5 r1, just download and extract metagoofil. For windows user you must have python to use metagoofil. The simple command to get extract data from any website by using Metagoofil is. [INDENT]# python metagoofil.py -d victim.net -l 20 -f all -o output.html -t temp [/INDENT] Here victim.net is the domain name from you want to extract data -f all means you want to find all type of data from (doc,ppt,pdf,xls,odf,sdw and more) -l result search -o output file -t temporary file that will delete after the process The output file will give you some amazing information's like: User name (later we can use for brute force attack) Path directory path (that will help you to understand the structure) Creation date more Other Information Gathering Tutorial FootPrinting-Information Gathering Tutorial FootPrinting-First Step Of Ethical Hacking Dnsmap- DNS Network Mapper Backtrack 5- DNSenum Information Gathering Tool Sursa: Metagoofil Backtrack 5 Tutorial-Metadata Analyzer Information Gathering Tool | Ethical Hacking-Your Way To The World Of IT Security
  6. Nytro
    [h=1]PDFMiner[/h] Python PDF parser and analyzer Homepage Recent Changes PDFMiner API What's It? Download Where to Ask How to Install CJK languages support [*] Command Line Tools pdf2txt.py dumppdf.py PDFMiner API [*] Changes [*] TODO [*] Related Projects [*] Terms and Conditions [h=2]What's It?[/h] PDFMiner is a tool for extracting information from PDF documents. Unlike other PDF-related tools, it focuses entirely on getting and analyzing text data. PDFMiner allows one to obtain the exact location of text in a page, as well as other information such as fonts or lines. It includes a PDF converter that can transform PDF files into other text formats (such as HTML). It has an extensible PDF parser that can be used for other purposes than text analysis. [h=3]Features[/h] Written entirely in Python. (for version 2.4 or newer) Parse, analyze, and convert PDF documents. PDF-1.7 specification support. (well, almost) CJK languages and vertical writing scripts support. Various font types (Type1, TrueType, Type3, and CID) support. Basic encryption (RC4) support. PDF to HTML conversion (with a sample converter web app). Outline (TOC) extraction. Tagged contents extraction. Reconstruct the original layout by grouping text chunks. PDFMiner is about 20 times slower than other C/C++-based counterparts such as XPdf. Online Demo: (pdf -> html conversion webapp) http://pdf2html.tabesugi.net:8080/ [h=3]Download[/h] Source distribution: http://pypi.python.org/pypi/pdfminer/ github: https://github.com/euske/pdfminer/ [h=3]Where to Ask[/h] Questions and comments: http://groups.google.com/group/pdfminer-users/ Detalii: http://www.unixuser.org/~euske/python/pdfminer/index.html
  7. Nytro
    [h=1]Escaping Escapes[/h] April 20, 2011 By Justin Barron 2 Comments Sometimes a server will escape special characters that are injected: For instance, injecting a " character and having it reflect as \": Injection: xss" Reflection: [INDENT]x="[U][B]xss[/B][/U]\[U][B]"[/B][/U]";y=42; [/INDENT] Fail. Sometimes, ironically enough, you can outsmart filters by using their own tricks against them. Try escaping their escape character like this: Injection: xss\" Reflection: [INDENT]x="[U][B]xss\[/B][/U]\[U][B]"[/B][/U]";y=42; [/INDENT] Success! However, if the server escapes your injected \ as \\, this technique will not work: Injection: xss\" Reflection: [INDENT]x="[U][B]xss[/B][/U]\[U][B]\[/B][/U]\[U][B]"[/B][/U]";y=42; [/INDENT] Not fun. If you’re able to break out by escaping their escape, you’ll need to blend back in with something other than a ", because the escaping process breaks the syntax: Injection: xss\"*alert(1)*\" Reflection: [INDENT]x="[U][B]xss\[/B][/U]\[U][B]"*alert(1)*\[/B][/U]\[U][B]"[/B][/U]";y=42; [/INDENT] The *\\ following alert(1) is not valid syntax and will cause an error. So… Injection: xss\"*alert(1)// Reflection: [INDENT]x="[U][B]xss\[/B][/U]\[U][B]"*alert(1)//[/B][/U]";y=42; [/INDENT] Commenting out the rest is your best bet, unless they escape your // like \/\/. When this happens, I don’t think there’s much you can do. Escaping escapes reminds me of the classic movie moment, when a bad guy gets the drop on a good guy, but then another good guy gets the drop on the bad guy. It always cracks me up when this evasion technique works. Sursa: https://blog.whitehatsec.com/escaping-escapes/
  8. Nytro
    Device Driver Development for Beginners - Reloaded by Evilcry » Mon Oct 04, 2010 6:14 am Hi, This is just a little starter for people interested in starting Kernel-Mode Development By following an good thread on UIC forum, opened by a beginner that wanted to know how to start with Device Driver Development, I remembered that long time ago published a similar blog post on that subject. Now I'm going to Reload and Expand it. Development Tools 1. WDK/DDK - this is the proper Driver Development SDK given by Microsoft, latest edition can be dowloaded http://www.microsoft.com/whdc/DevTools/WDK/WDKpkg.mspx 2. Visual Studio 2008/2010 - you can also develop without VS, but I always prefer all the Comforts given by a such advanced IDE, especially in presence of complex device drivers. 3. DDKWizard - DDKWizard is a so-called project creation wizard (for VisualStudio) that allows you to create projects that use the DDKBUILD scripts from OSR (also available in the download section from this site). The wizard will give you several options to configure your project prior to the creation. You can download it http://ddkwizard.assarbad.net/ 4. VisualAssist - (Optional Tool) Visual Assist X provides productivity enhancements that help you read, write, navigate and refactor code with blazing speed in all Microsoft IDEs. You can Try/Buy it http://wholetomato.com/ 5. VisualDDK - Develop and Debug drivers directly from VS, enjoy debugging your driver directly from Visual Studio, speeding up debugging ~18x for VMWare and ~48x for VirtualBox. Download and Step by Step Quick Start Guide http://visualddk.sysprogs.org/quickstart/ 6. Virtual Machine - You need a Virtual Machine to perform efficient Driver Debugging, best options are VMWare or VirtualBox. Building a Driver Development Environment As you can see, a good comfortable Driver Development station is composed by a good amount of components, so we need an installation order. 1. Install your IDE - VisualStudio2008 or VisualStudio2010 2. Install WDK package 3. Install DDKWizard 4. Download and place ( usually into C:\WinDDK ) ddkbuild.cmd 5. By following DDKWizard pdf you will be driven to add an new Envirnment Variable directly releated to the OS version in which you are developing and successively add a reference of ddkbuild.cmd into VS IDE. DDWizard Manual is very well written. 6. After finishing DDKWizard integration you can test if your environment is correctly installed, by compilig your first driver. Steps are easy open VS and select DDKWizard templare (not EmptyDriver), you will see the skeleton of a Driver, all what you have to do is to Build Solution and Verify if No Compiling Errors occur, your station is correctly installed. 7. Install VirtualMachine 8. Integrate Debugging help of VisualDDK by following step by step quick start guide 9. Install Visual Assist (this can be done in every moment after VS Installation) Additional Tools * DeviceTree - This utility has two views: (a) one view that will show you the entire PnP enumeration tree of device objects, including relationships among objects and all the device's reported PnP characteristics, and ( a second view that shows you the device objects created, sorted by driver name. There is nothing like this utility available anywhere else. Download it http://www.osronline.com/article.cfm?article=97 * IrpTracker - IrpTracker allows you to monitor all I/O request packets (IRPs) on a system without the use of any filter drivers and with no references to any device objects, leaving the PnP system entirely undisturbed. In addition to being able to see the path the IRP takes down the driver stack and its ultimate completion status, a detailed view is available that allows you to see the entire contents of static portion of the IRP and an interpreted view of the current and previous stack locations. Download it http://www.osronline.com/article.cfm?article=199 * DebugMon - Displays DbgPrint messages generated by any driver in the system (or the OS itself) in the application window. Can be used either in local mode or can send the DbgPrint messages to another system via TCP/IP. Download it http://www.osronline.com/article.cfm?article=99 * DriverLoader - This GUI-based tool will make all the appropriate registry entries for your driver, and even allow you to start your driver without rebooting. It's even got a help file, for goodness sakes! If you write drivers, this is another one of those utilities that's a must have for your tool chest. x86 architecture. Dowload it http://www.osronline.com/article.cfm?article=157 Now you have a full working Develop and Debug Station. As you should imagine, dealing with driver development implies working with at Kernel Mode, a task pretty challenging, delicate and complex. A badly written driver lead to OS Crash and/or dangerous bugs, just think about a driver used in mission-critical applications like Surgery, a bug or a crash could lead to extremely big dangers. The driver need to be: * Bug Free * Fault Tolerant * Ready to Endure all Stress Situations This could be done, only by the driver coder, with a large knowledge of following fields: * Hardware Architecture * Operating System Architecture * Kernel and User Mode Architecture * Rock Solid C language knowledge * Debugging Ability Here i'm going to enumerate necessary Documentation/Book/Etc. necessary to acheive a *good and solid* background and advanced knowledge about driver coding. Microsoft WDK Page: http://www.microsoft.com/whdc/devtools/WDK/default.mspx Will give you informations about: 1. WDM ( Windows Driver Model) 2. WDF (Windows Driver Foundation) 3. IFS Kit (Installable FileSystem Kit) 4. Driver Debugging 5. Driver Stress Testing ( DriverVerifier tool ) PC Fundamentals: http://www.microsoft.com/whdc/system/default.mspx Device Fundamentals: http://www.microsoft.com/whdc/device/default.mspx This will give you an large view of 'what mean developing a driver' which components are touched and which aspects you need to know. It's also obviously necessary to have a Reference about kernel mode involved Functions and Mechanisms, the first best resource is always MSDN, here the starter link to follow MSDN->DDK http://msdn.microsoft.com/en-us/library ... 85).aspx How to start Learning As pointed out in the previous blog post, one of the best starting point, that will give you an on-fly-view of development topics is the Toby Opferman set of articles: Driver Development Part 1: Introduction to Drivers http://www.codeproject.com/KB/system/driverdev.aspx Driver Development Part 2: Introduction to Implementing IOCTLs http://www.codeproject.com/KB/system/driverdev2.aspx Driver Development Part 3: Introduction to driver contexts http://www.codeproject.com/KB/system/driverdev3.aspx Driver Development Part 4: Introduction to device stacks http://www.codeproject.com/KB/system/driverdev4asp.aspx Driver Development Part 5: Introduction to the Transport Device Interface http://www.codeproject.com/KB/system/driverdev5asp.aspx Driver Development Part 6: Introduction to Display Drivers http://www.codeproject.com/KB/system/driverdev6asp.aspx It's really important to put in evicence MemoryManagement at KernelMode, the best starting point for these aspects are tutorials written by four-f; http://www.freewebs.com/four-f/ Handling IRPs: What Every Driver Writer Needs to Know http://download.microsoft.com/download/ ... a/IRPs.doc Book Resources Tutorial are a great starting point, but a solid understanding is given by a set of 'abstracts', emerges the necessity of a good Book Collection: Windows NT Device Driver Development (OSR Classic Reprints) http://www.amazon.com/Windows-Device-De ... 242&sr=8-2 Windows-Internals-Including-Windows-PRO-Developer http://www.amazon.com/Windows®-Int ... 160&sr=8-1 The Windows 2000 device driver book: a guide for programmers http://www.amazon.com/Windows-2000-Devi ... 0130204315 Windows NT/2000 Native API Reference http://www.amazon.com/Windows-2000-Nati ... 201&sr=8-1 Undocumented Windows 2000 Secrets http://undocumented.rawol.com/ Developing Drivers with WDF http://www.microsoft.com/whdc/driver/wdf/wdfbook.mspx Windows NT File System Internals, A Developer's Guide http://oreilly.com/catalog/9781565922495 Web Resources The first and most important resource about Windows Driver Development is OSROnline: http://www.osronline.com/ I strongly suggest you to subscribe: 1. The NT Insider 2. NTDEV MailingList 3. NTFSD MailingList NDIS Developer's Reference http://www.ndis.com/ Information, Articles, and Free Downloads http://www.hollistech.com/resources.htm The Undocumented Functions http://undocumented.ntinternals.net Blog MSDN http://blogs.msdn.com/iliast Windows Vista Kernel Structures http://www.nirsoft.net/kernel_struct/vista/ Peter Wieland's thoughts on Windows driver development http://blogs.msdn.com/b/peterwie/ USB Driver Development http://blogs.msdn.com/b/usbcoreblog/ Hardware and Driver Developer Blogs http://www.microsoft.com/whdc/resources/blogs.mspx Developer Newsgroups • microsoft.public.development.device.drivers • microsoft.public.win32.programmer.kernel • microsoft.public.windbg KernelmodeInfo Blog CURRENT_IRQL j00ru//vx tech blog Coding, reverse engineering, OS internals Blog http://j00ru.vexillium.org/ Nynaeve http://www.nynaeve.net/ DumpAnalysis Blog http://www.dumpanalysis.org/ Analyze -v Blog http://analyze-v.com/ Instant Online Crash Dump Analysis http://www.osronline.com/page.cfm?name=analyze Winsock Kernel (WSK) http://msdn.microsoft.com/en-us/library/ff571084.aspx Transport Driver Interface (TDI) http://msdn.microsoft.com/en-us/library/ms819740.aspx Network Driver Interface Specification (NDIS) http://blogs.msdn.com/b/ndis/ System Internals http://www.microsoft.com/whdc/system/Sysinternals/default.mspx Driver development needs too many time patience and experience to be fully understood, in my opinion the best approach remains LbD ( Learning by Doing ) so, read, study and develop as many experience you build less BSODs and "trange behavior" you will obtain See you to the next post, Giuseppe 'Evilcry' Bonfa
  9. Nytro
    Din pacate in spaniola, dar poate va sunt utile: BackTrack 5 sacar claves wep WIFI (HD) http://www.youtube.com/watch?v=aUqeynUsRHQ BackTrack 5 claves wep con Filtrado MAC (HD) http://www.youtube.com/watch?v=MEwLAWoE7VY BackTrack 5 claves WPA (HD) Part 1 http://www.youtube.com/watch?v=NCU65dolhI0 BackTrack 5 claves WPA (HD) Part 2 http://www.youtube.com/watch?v=yFOehkT-CNE Sursa: Videos de Cracking WEP Y WPA Backtrack 5 Español
  10. Nytro
    Web Services Hacking and Hardening Adam Vincent, Sr. Federal Solutions Architect The following presentation will NOTbe a vendor Pitch but will hopefully educate the audience in Web Services Hacking, Testing,and Hardening Techniques. Real life examples may be offered that relate to deployment of Layer 7 Technologies product line. Hardening of Web Services will have some focus on technologies like those Layer 7 Technologies provides. Layer 7’s product will be used as an example in this portion of the presentation. •Components and Terminology •Web Services Threats •Web Services Hacking •Web Services Hardening •Conclusion and Questions Download: https://www.owasp.org/images/d/d0/Web_Services_Hacking_and_Hardening.pdf
  11. Nytro
    [h=4]Dns Spoofing With Ettercap Cli[/h] Description: Download Video Good Resolution from Mediafire : http://adf/.ly/4A0QY (10.25 MB) Sursa: [Xhabie-Crew] Dns Spoofing With Ettercap Cli
  12. Nytro
    [h=4]Social Engineering Toolkit Megaprimer Part 1[/h] Description: In this oportunity I want to start a new series of video tutorials about the Social Engineering Toolkit, trying to cover the most important or used modules. This video will give an introduction to some concepts related to social engineering and the basic of this toolkit. Sursa: Social Engineering Toolkit Megaprimer Part 1
  13. Nytro
    [h=2]Kindle Touch (5.0) Jailbreak/Root and SSH[/h][h=3]December 10, 2011[/h][h=3]Yifan Lu @ 1:32 am[/h] So long story short, we can run custom code on the Kindle Touch now but because the operating system has changed so much from Kindle 3, most Kindle modifications will not run without changes. I hope developers will jump to this device now that it’s unlocked. See the bottom of the post for download links. The directions for using are in the readme. Keep reading for technical details on how this came about. Obtaining the root image Before we can look for vulnerabilities in the system that would allow us to break in, we need to break into the system and obtain the files that might contain vulnerabilities. Yes, this is a chicken-and-egg problem, but fortunately Amazon is nice enough to help us with this. On every Kindle device is a TTL serial port. I found this port on the bottom of the device when the cover is opened. Fortunately, I did not even have to mess with it, as hondamarlboro and ramirami both managed to get the dump before me. Once we have the root image, it was only a matter of painstakingly looking through all the files to see possible injection vectors. Looking for the needle At first, I was digging deep into the system, disassembling and maping out various native libraries, looking for stack overflows (I found a couple but none could be accessed efficiently). I found the bootloader was unlocked but it would be a pain and danger for users (and even developers) to flash custom kernels and such. I also found that the Java code (the Kindle’s entire GUI is written in Java) is NOT obfuscated (which means it would be easier to reverse and later modify) and Amazon has left in many places to place plugins. For example, once someone has the time to figure things out, it would be very possible to write a EPUB extension to read EPUBs from the native reader. There are some other hidden secrets in the device too. The Kindle Touch has an accelerometer and proximity sensor (and a mic, but we know that) but they aren’t used in the software (yet). The more I looked into the system, I was aware that because it was such a huge rewrite, I had misjudged when I assumed that it would be harder to break as Amazon had years to fix the holes now. In fact, I would say that the Kindle 4 is more secure until I found out that Amazon left in SSH in diagnostics mode. Anyways, as I searched up the complexity chain from the bootloader to the kernel to the libraries to the Java interface, I found something very curious. Much of the operating system is no longer written in Java, but are now in HTML5 and Javascript. In fact, many of the interfaces on the Touch are actually web pages in disguise. For example: the password entry screen, the search bar, the browser (is just an HTML page with a frame), the Wifi selection screen, and even the music player. Obviously, these can’t all run natively in HTML and JS, or the device will be even slower (and it is pretty damn slow). What Amazon did is write a couple of Javascript hooks that are implemented by native libraries and events are read by these libraries and they perform actions accordantly. In short, Javascript will run native code. This is a goldmine, there could be many possible ways of using this to our advantage. There could be buffer overflows, heap overflows, string formatting bugs, etc. However, I didn’t have to look though much before I found a curious function: nativeBridge.dbgCmd();. It seems too good to be true. This function takes any shell command, and runs it (as root). Yup. The web browser will run as root, any command given to it. Don’t go looking for remote code execution yet (although it is highly possible), as the native bridge seems to be disabled when in web browser mode (it may be able to be bypassed, but I haven’t looked into it). Calling the debug function So the normal browser (as the one you can enter URLs into) can’t make use of this native bridge. However, as I’ve mentioned, a large part of the GUI in the Kindle Touch is HTML and JavaScript. All we need to do is inject some HTML into one of these and we would be all set. We need something that takes input and displays it to the user. The first thing I thought of was the media player. The Kindle displays the song title, artist, and album name in the music player, so what if we put some HTML into the ID3 tag? Yup, it works. How about some javascript? Running. Let’s try to call the debug function. It works. Well, that was a freebie. Having some fun That was a bit too easy and I was disappointed that I didn’t get to talk about how I whipped out IDA Pro and did some master debugging. So, let’s make things harder. We can use a MP3 with custom ID3 tags to execute any command, but how can we make this into a cool one-click solution? First of all, we should limit ourselves to one file to copy. Why make the user keep track of MP3s and shell scripts and where to put them? I took the shell script payload (which installs a developer key into the device so custom packages can be installed) and placed it into the comments section of the ID3 tag in the MP3. Then I used “dd” to extract the script, chmod it, and execute it. Now, another problem in terms of user friendliness is how to let the user know that the process was successful? I quickly whipped up an awesome looking “splash screen” and planned on displaying it while the magic is taking place. At first I tried to encode it into a variable in the shell script payload and extract it, but it was too slow and memory intensive. Instead, I took the image, raw, and appended it into the end of the MP3 (after all, the file was a bit too small). You can see the result in the video attached. What’s next? Just because the device is jailbroken does not mean it can now magically do anything you want. What needs to happen first is that developers need to take the device and write some code for it. This first jailbreak is really for these developers. For regular users, the only use is to preemptively unlock your device now in case the method is patched in an update or something. No mods for older Kindles will work as-is on the Touch. I’ve included a VERY basic usbnetwork package that will allow you to have SSH access to the device. I think that’s as good of a starting point as anything. From there, developers should be able to rip the root filesystem, test modifications, and write useful tweaks. (And in case of a brick, read my previous post on the bootloader access). Some things I would have to see or do is GUI plugins in the device’s operating system. The Java code is easy to decompile and read as the variable names have not been stripped out (like previous models). Hopefully people can write some reader plugins (like X-Ray) or even format plugins for other ebook formats. Being a touch screen device, one could also write games or useful apps (although the speed and eink are limiting). I need to finish writing the update creation tool so developers can package their modifications. Download Download the jailbreak here Simple custom screensaver mod Demonstration Sursa: Yifan Lu | Kindle Touch (5.0) Jailbreak/Root and SSH
  14. Nytro
    [h=1]DIY: Create multi-boot USBs with ease[/h] By Jack Wallen December 10, 2011, 10:30 PM PST Takeaway: Get instructions on how to use XBoot or UNetbootin to have a USB stick with more than one operating system. When you want to have a single USB stick with multiple operating systems, the end result must be a reliable USB drive that contains the operating systems you need. Here’s how to do this with two tools: XBoot (using Windows 7) and UNetbootin (from within Linux). Both are simple, but the Linux version requires more manual work. [h=2]XBoot in Windows 7[/h] Requirements XBoot ISOs of the operating systems you want Instructions Download and run XBoot on your Windows 7 machine. To run XBoot, just unzip the downloaded file, change into the newly created directory, and double-click the .exe to run the software. When you run the software, you will see the main window (Figure A). Figure A [h=6]The operating systems listed will not show up on your XBoot window unless you installed them.[/h] To add ISO images, open Explorer and drag and drop the ISOs into XBoot. Some ISO images (e.g., Fedora 16) are automatically recognized. When you drag an unrecognized ISO into XBoot, a new window will appear (Figure B) where you must select the ISO (or the closest distribution) from a drop-down. For example, I selected Ubuntu for Bodhi Linux and Puppy Linux for MacPup. After you select the correct version from the drop-down, click Add This File. Figure B [h=6]XBoot window when you drag an unrecognized ISO into it.[/h] After all ISOs are added (make sure their combined size does not exceed that of the USB drive), click the Create USB button near the bottom right corner of the main window. Once this completes the process, you can reboot the machine (making sure it will boot from a USB device) and enjoy your multiboot on a stick. [h=2]UNetbootin from within Linux[/h] Requirements UNetbootin ISOs to be installed Instructions Download the UNetbootin tool for Linux. From a terminal window, give the downloaded file executable permissions with the command chmod u+x unetbootin-linux-XXX (where XXX is the architecture). Run UnNetbootin with the command ./unetbootin-linux-XXX (where XXX is the architecture). From the main window, select the distribution you want to install or use a downloaded ISO. After UNetbootin completes the install of the first OS, reboot the machine to test the OS on the USB drive. Now it gets a little tricky. You must copy everything from the USB drive to a new directory on your hard drive. Then, repeat the steps above, selecting the next OS you want on the USB drive. Now open two file manager windows: one to the USB drive and one to the newly created directory containing all the files from the first install you did on UNetbootin. You want to copy everything from the hard drive to the USB drive except the following: vesamenu.c32 ubnpathl.txt ubnkern ubninit ubnfilel.txt syslinux.cfg ldlinux.sys In the folder on your desktop, you must open the syslinux.cfg file. From that file, copy the last four lines and paste them in the syslinux.cfg file on the USB drive. Those lines will look like this: label ubnentry0 menu label DISTRIBUTION kernel /vmlinuz append initrd=/initrd.gz pmedia=cd where DISTRIBUTION is the name of the distribution you originally installed. You must copy the above four lines between the “label ubnentry1? and “label ubnentry2? entries. Make sure to relabel the “ubnenetryX” entries so they are in consecutive numerical order. After you make the necessary edits, close and save the file and reboot the system. You should now have a multi-boot USB drive that is in working order. Wth a large enough USB drive, you can carry around any number of operating systems that serve numerous purposes. Sursa: DIY: Create multi-boot USBs with ease | TechRepublic
  15. Nytro
    Foarte probabil fake.
  16. Nytro
    E de preferat, se poate si brute-force simplu, vezi: cracking_wpawpa2 [hashcat wiki]
  17. Nytro
    [h=4]Hijack From Android Phone[/h] Description: I installed DroidSheep for V14, it is an open source software. Please visit this website and download the APK package. (http://droidsheep.de/) enjoy~ Sursa: Hijack From Android Phone Exemplu de capturare a unei sesiuni HTTP folosind DroidSheep pe un telefon cu Android.
  18. Nytro
    Merge ca uns daca prinzi handshake-ul. Daca nu, nu ai facut nimic...
  19. Nytro
    [h=4]Capturing A Wpa2 4-Way Handshake, Cracking It, And Then Using Armitage To Exploit A Local Machine[/h] Description: Please watch in 1080p!!! Using Oclhashcat-plus (oclHashcat-plus - advanced password recovery/) to speed up the WPA2 cracking process. For more information on how to use oclhc+ to crack WPA/WPA2 handshakes visit this link (cracking_wpawpa2 [hashcat wiki]) Sursa: Capturing A Wpa2 4-Way Handshake, Cracking It, And Then Using Armitage To Exploit A Local Machine Pe scurt: - se captureaza handshake-ul de la conexiunea WPA2 cu aircrack-ng - se sparge cu oclHash - se scaneaza reteaua locala - se foloseste un exploit pentru obtinerea accesului - smb-netapi - fun
  20. Nytro
    [h=4]Cross-Platform Java Exploit (Cve-2011-3544) Demonstration[/h] Description: This video uses Armitage and Metasploit to demonstrate a new cross-platform Java exploit. This exploit uses a loophole in the Java API to execute a payload outside of Java's security sandbox without requiring a user to approve some action. This works in Firefox, Internet Explorer, and Safari on Windows, MacOS X, and presumably Linux. Java 1.6.0u27, Java 1.7.0, and older versions are vulnerable. Sursa: Cross-Platform Java Exploit (Cve-2011-3544) Demonstration Exemplu de folosire al exploitului Java Rhino cu Armitage. Simplu si extrem de eficient.
  21. Nytro
    [h=2]Shell Scripting: Expert Recipes for Linux, Bash and more[/h] [h=3]Book Description[/h] A compendium of shell scripting recipes that can immediately be used, adjusted, and applied The shell is the primary way of communicating with the Unix and Linux systems, providing a direct way to program by automating simple-to-intermediate tasks. With this book, Linux expert Steve Parker shares a collection of shell scripting recipes that can be used as is or easily modified for a variety of environments or situations. The book covers shell programming, with a focus on Linux and the Bash shell; it provides credible, real-world relevance, as well as providing the flexible tools to get started immediately. Shares a collection of helpful shell scripting recipes that can immediately be used for various of real-world challenges Features recipes for system tools, shell features, and systems administration Provides a host of plug and play recipes for to immediately apply and easily modify so the wheel doesn’t have to be reinvented with each challenge faced Come out of your shell and dive into this collection of tried and tested shell scripting recipes that you can start using right away! From the Back Cover Tried-and-true recipes that can be immediately applied or easily adjusted to meet your needs The shell is the primary way of communicating with Unix and Linux systems, providing a direct way to program by automating simple to intermediate tasks. In this invaluable resource, Unix, Linux, and shell scripting expert Steve Parker shares a collection of shell scripting recipes that can be used as provided or easily modified for a variety of environments and situations. The book begins with coverage of theory and principles, replete with insightful examples of each element discussed. You then move on to an in-depth discussion of shell programming, covering all Unix flavors but with a focus on Linux and the Bash shell. All the while, you explore credible, real-world recipes and the tools necessary to get started immediately. Shell Scripting: Shares a compendium of helpful shell scripting recipes that can be used to address a variety of real-world challenges Includes recipes using file and text control as well as general systems administration tasks Provides a host of plug-and-play recipes ready for you to immediately apply and easily modify Examines variables, if/then conditionals, loops, functions, pipes, redirects, and more [h=3]Book Details[/h] Paperback: 600 pages Publisher: Wrox (August 2011) Language: English ISBN-10: 1118024486 ISBN-13: 978-1118024485 File Size: 33.2 MiB [h=3]E-Book[/h] [FilePost] Wrox.Shell.Scripting.Aug.2011.rar [FileJungle] Wrox.Shell.Scripting.Aug.2011.rar [h=3]Paper Book[/h] [Amazon] Shell Scripting: Expert Recipes for Linux, Bash and more Sursa: Shell Scripting: Expert Recipes for Linux, Bash and more | Wow! eBook - Blog
  22. Nytro
    [h=2]Objective-C Fundamentals[/h] [h=3]Book Description[/h] Objective-C Fundamentals guides you gradually from your first line of Objective-C code through the process of building native apps for the iPhone. Starting with chapter one, you’ll dive into iPhone development by building a simple game that you can run immediately. You’ll use tools like Xcode 4 and the debugger that will help you become a more efficient programmer. By working through numerous easy-to-follow examples, you’ll learn practical techniques and patterns you can use to create solid and stable apps. And you’ll find out how to avoid the most common pitfalls. No iOS or mobile experience is required to benefit from this book but familiarity with programming in general is helpful. What’s Inside Objective-C from the ground up Developing with Xcode 4 Examples that work unmodified on iPhone Table of Contents PART 1 GETTING STARTED WITH OBJECTIVE-C Building your first iOS application Data types, variables, and constants An introduction to objects Storing data in collections PART 2 BUILDING YOUR OWN OBJECTS Creating classes Extending classes Protocols Dynamic typing and runtime type information Memory management PART 3 MAKING MAXIMUM USE OF FRAMEWORK FUNCTIONALITY Error and exception handling Key-Value Coding and NSPredicate Reading and writing application data Blocks and Grand Central Dispatch Debugging techniques [h=3]Book Details[/h] Paperback: 368 pages Publisher: Manning Publications (September 2011) Language: English ISBN-10: 1935182536 ISBN-13: 978-1935182535 File Size: 14.5 MiB [h=3]E-Book[/h] [FilePost] Manning.Objective-C.Fundamentals.Sep.2011.rar [FileJungle] Manning.Objective-C.Fundamentals.Sep.2011.rar [h=3]Paper Book[/h] [Amazon] Objective-C Fundamentals Sursa: Objective-C Fundamentals | Wow! eBook - Blog
  23. Nytro
    [h=2]Professional NoSQL[/h] [h=3]Book Description[/h] A hands-on guide to leveraging NoSQL databases NoSQL databases are an efficient and powerful tool for storing and manipulating vast quantities of data. Most NoSQL databases scale well as data grows. In addition, they are often malleable and flexible enough to accommodate semi-structured and sparse data sets. This comprehensive hands-on guide presents fundamental concepts and practical solutions for getting you ready to use NoSQL databases. Expert author Shashank Tiwari begins with a helpful introduction on the subject of NoSQL, explains its characteristics and typical uses, and looks at where it fits in the application stack. Unique insights help you choose which NoSQL solutions are best for solving your specific data storage needs. Professional NoSQL: Demystifies the concepts that relate to NoSQL databases, including column-family oriented stores, key/value databases, and document databases. Delves into installing and configuring a number of NoSQL products and the Hadoop family of products. Explains ways of storing, accessing, and querying data in NoSQL databases through examples that use MongoDB, HBase, Cassandra, Redis, CouchDB, Google App Engine Datastore and more. Looks at architecture and internals. Provides guidelines for optimal usage, performance tuning, and scalable configurations. Presents a number of tools and utilities relating to NoSQL, distributed platforms, and scalable processing, including Hive, Pig, RRDtool, Nagios, and more. [h=3]Book Details[/h] Paperback: 384 pages Publisher: Wrox (August 2011) Language: English ISBN-10: 047094224X ISBN-13: 978-0470942246 File Size: 32.3 MiB [h=3]E-Book[/h] [FilePost] Wrox.Professional.NoSQL.Aug.2011.rar [FileJungle] Wrox.Professional.NoSQL.Aug.2011.rar [h=3]Paper Book[/h] [Amazon] Professional NoSQL Sursa: Professional NoSQL | Wow! eBook - Blog
  24. Nytro
    [h=2]Microsoft Visual C# 2010: An Introduction to Object-Oriented Programming, 4th Edition[/h] [h=3]Book Description[/h] Using engaging examples and a clear, straightforward approach, MICROSOFT VISUAL C# 2010: AN INTRODUCTION TO OBJECT-ORIENTED PROGRAMMING, FOURTH EDITION guides beginning programmers through developing programs in the C# language. The book provides readers with a strong background knowledge of structured programming, method calling, and parameter passing, all of which are important concepts easily transferable to other programming languages. The Fourth Edition has been written and tested using the latest version of C#, Visual C# 2010, and now offers supplementary video lessons, expanded coverage of methods, and the option to study GUI applications earlier in the text. Table of Contents Preface CHAPTER 1 A First Program Using C# CHAPTER 2 Using Data CHAPTER 3 Using GUI Objects and the Visual Studio IDE CHAPTER 4 Making Decisions CHAPTER 5 Looping CHAPTER 6 Using Arrays CHAPTER 7 Using Methods CHAPTER 8 Advanced Method Concepts CHAPTER 9 Using Classes and Objects CHAPTER 10 Introduction to Inheritance CHAPTER 11 Exception Handling CHAPTER 12 Using Controls CHAPTER 13 Handling Events CHAPTER 14 Files and Streams CHAPTER 15 Using LINQ to Access Data in C# Programs APPENDIX A Operator Precedence And Associativity APPENDIX B Understanding Numbering Systems and Computer Codes APPENDIX C Using The IDE Editor Glossary Index [h=3]Book Details[/h] Paperback: 848 pages Publisher: Course Technology; 4th Edition (August 2010) Language: English ISBN-10: 0538479515 ISBN-13: 978-0538479516 File Size: 11.3 MiB [h=3]E-Book[/h] [FilePost] Course.Microsoft.Visual.CSharp.2010.Aug.2010.rar [FileJungle] Course.Microsoft.Visual.CSharp.2010.Aug.2010.rar [h=3]Paper Book[/h] [Amazon] Microsoft Visual C# 2010: An Introduction to Object-Oriented Programming, 4th Edition Sursa: Microsoft Visual C# 2010: An Introduction to Object-Oriented Programming, 4th Edition | Wow! eBook - Blog
  25. Nytro
    [h=2]Start Here! Fundamentals of Microsoft .NET Programming[/h] [h=3]Book Description[/h] Grasp the basic concepts that drive all Microsoft® .NET-based languages—and prepare yourself to learn .NET programming. If you have absolutely no previous experience, no problem—simply start here! This ebook provides the foundation for all other .NET programming language books in the Start Here! series. You’ll explore programming concepts and techniques with clear explanations, easy-to-follow examples, and exercises. It’s the perfect reference for understanding how computer programs work. Delve into object-oriented concepts such as properties, methods, and events Discover what multiprocessing is—and how it’s changing computing Examine how programs store data in files, object stores, and databases Explore controls, such as labels, text boxes, menus, and scroll bars Learn how programming environments help you design and run programs Get an extensive glossary of key programming terms Table of Contents Chapter 1 Computer Hardware Chapter 2 Multiprocessing Chapter 3 Programming Environments Chapter 4 Windows Program Components Chapter 5 Controls Chapter 6 Variables Chapter 7 Control Statements Chapter 8 Operators Chapter 9 Routines Chapter 10 Object-Oriented Programming Chapter 11 Development Techniques Chapter 12 Globalization Chapter 13 Data Storage Chapter 14 .NET Libraries [h=3]Book Details[/h] Paperback: 264 pages Publisher: Microsoft Press (October 2011) Language: English ISBN-10: 0735661685 ISBN-13: 978-0735661684 File Size: 9.6 MiB [h=3]E-Book[/h] [FilePost] Microsoft.Press.Start.Here.Fundamentals.of.Microsoft.NET.Programming.Oct.2011.rar [FileJungle] Microsoft.Press.Start.Here.Fundamentals.of.Microsoft.NET.Programming.Oct.2011.rar [h=3]Paper Book[/h] [Amazon] Start Here! Fundamentals of Microsoft .NET Programming Sursa: Start Here! Fundamentals of Microsoft .NET Programming | Wow! eBook - Blog
×
×
  • Create New...