Nytro

Multumim pentru feedback. Da, principalele probleme sunt: - o tema noua, "unica", ca cea veche, in rest nu avem ce face, sunteti diferiti, aveti gusturi diferite, nu avem cum sa va facem pe plac la toti, dar cred ca vom lasa acele teme, poate le vom modifica putin si ar trebui sa fie ok pentru toata lumea - rescrierea link-urilor si aducerea la vechea forma Cam asta am avea de facut pentru moment, sa speram ca azi vom rezolva problema link-urilor.

RST Upgrade Am facut niste modificari in aceasta seara, am actualizat forumul si am mai facut cateva schimbari minore. Principala problema care trebuia reparata era problema caracterelor speciale, a diacriticelor, care ar trebui sa fie rezolvata. E posibil sa apara destule probleme, de unele sunt constient, de unele inca nu. Daca gasiti o problema sunteti rugati sa postati aici sau sa imi dati un PM. Temele doar au fost instalate, nu am avut timp sa le modificam, insa sunt problematice, atat din punctul de vedere al culorilor, cat si din faptul ca lipsesc niste imagini. Sfatul meu e sa folositi cateva zile tema Default, apoi vom rezolva si aceasta problema. Vom lucra zilele acestea si vor mai interveni schimbari, deci asteptam de asemenea sugestii.

? ? c?ciul? (breve); când semnul este pus deasupra unei litere ce reprezint? o vocal? pentru a indica o pronun?ie scurt? (de exemplu o semivocal?) atunci se nume?te semnul scurt. Â â Î î circumflex; în alte limbi valoarea fonetic? a acestui semn diacritic este diferit?. ? ? ? ? virguli??[2] sau virgul?, plasat? sub literele corespunz?toare s, S, t, T. Variantele cu sedil? sunt foarte r?spândite mai ales în redactarea computerizat?, dar incorecte (vezi articolele ?, ?). Ç ç ? ? sedil?; folosit? de exemplu în limbile francez?, albanez? ?i turc?. Aspectul ei este diferit de cel al virguli?ei folosite în literele române?ti ? ?i ?. Ñ ñ Ã ã tild?; folosit? de exemplu în limbile spaniol? ?i portughez? sau în Alfabetul Fonetic Interna?ional. ? ? Š š há?ek; folosit de exemplu în limbile ceh?, slovac?, sârb?, croat? etc. Ä ä Ö ö trem? sau umlaut; se folose?te de exemplu în limbile finlandez?, suedez?, german?, francez? ?i turc?. È è Ò ò accent grav; folosit de exemplu în limbile francez? ?i italian?. É é Á á accent ascu?it; folosit de exemplu în limbile francez? ?i maghiar?. În limba român? se folose?te uneori la cuvintele-titlu din dic?ionare sau pentru a marca accentul în cuvintele care altfel s-ar confunda, de exemplu: (doi) copíi este diferit de (dou?) cópii.

From 0×90 to 0x4c454554, a journey into exploitation

From 0

Aveti rabdare o zi, doua... Rezolvam.

Stiu, dar nu am avut timp, zilele astea scapam de toate problemele. Dai Copy la Post, dai Edit si Save. Merge asa, dar nu in toate cazurile.

Ori scri prea mult, ori prea putin.

Uhuu, nici nu vreau sa revad codul, e bagat la gramada, am secvente la care inchid intr-un loc cate 7-8 acolade... Da, eram la inceput. Nu sunt adeptul framework-urilor, nu m-am mai ocupat de el, am trecut la C/C++ si altele si nu am mai avut timp.

Sa fim seriosi, ia ganditi-va, cati dintre voi ati schimbat statusurile cuiva? Destui...

Nu e nevoie, sunt cateva comenzi, cea mai importanta "del" sau "rm". Pentru auto-updater e alt principiu. Vezi undeva pe web ultima versiune, o descarci, si fac un "installer" pentru acel update. Adica faci un alt programel/script care copiaza fisierele dintr-un folder temporar, in folderul cu aplicatia ta, inlocuind aplicatia (care e oprita) si celelalte fisiere necesare, apoi repornind aplicatia. Aplicatia doar ruleaza acel installer si se inchide.

Topicuri create: http://rstcenter.com/forum/search.php?do=finduser&u=35218&starteronly=1 Ban permanent.

Da, tu ai spus-o. De asta am mutat topicul la VIP. Pentru ca nu am vrut sa ajunga pe mana tuturor. Cei de la Yahoo! se misca greu si o sa fim o tara plina de copii fara viitor, care dupa ce ca sunt prosti, o mai si arata.

La cryptere se foloseste o prostie numita "Melt". Nu e tocmai optima, dar isi face treaba: 1. Executabilul creeaza un fisier .bat/.sh care contine cu ciclu care verifica daca exista un fisier (locatia executabilului) 2. Daca exista incearca sa il stearga, daca nu reintra in ciclu 3. Executabilul creeaza acest fisier, il executa si se opreste (procesul) 4. Scriptul sterge executabilul dupa ce se opreste apoi se sterge singur (nu e obligatoriu, poate fi creat in Temp sau /tmp, dar e practic) Asta vrei sa faci?

Ca resurse, trebuie sa cunosti bine formatele PE si ELF si e nasol. Cel mai simplu ar fi asa: - declari variabila x = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - acea variabila contine, nu stiu, 300KB de 'A' - e salvata intr-o anumita sectiune (de date) din executabil la compilare - cu un alt program, cauti in executabilul compilat acest "AAAAAAAAAAA" - pui acolo un alt fisier, ce vrei sa pui - din programul tau faci ce vrei cu acea variabila, din moment ce acolo pui un alt fisier, trebuie doar sa scrii datele din acea variabila unde vrei - trebuie sa ai grija cu dimensiunea fisierului sau ce pui acolo, sa stii unde sa te opresti - poti folosi un anumit sir, gen "HO_BA" ca sa stii ca acolo se termina datele suprascrise de tine in acel sir "AAA" cu un alt program/hex editor O alta idee e sa scrii acele date "in plus" imediat dupa ultimul octet al programului. - ai grija sa afli corect de unde citesti, ori determini dimensiunea "imaginii" executabilului, ori ca mai sus cu delimitator - poti sa realiniezi structura executabilului sa fie valid - principiu valid si la PE si la ELF Cred ca intelegi ce vreau sa zic.

Noi nu mai avem 12 ani sa folosim prostii de genul ala. Nu aveam masina virtuala si nu l-am rulat, il analizez diseara si verific CE face mai exact.

Pff, acum imi dau si eu seama, cred ca merge doar in reteaua locala, credeam ca e HTTP. Nu trebuie sa blochezi niciun port, trebuie sa ai grija pe ce calculator intri la Share.

Cache manifest in HTML5 The cache manifest in HTML5 is a software storage feature which provides the ability to access a web application even without a network connection. Contents 1 Background 2 Basics 3 Syntax 4 File headers 4.1 Online whitelist section with the header NETWORK 4.2 Fallback section with the header FALLBACK 5 Event flow 6 See also 7 References 8 External Links Wiki: http://en.wikipedia.org/wiki/Cache_manifest_in_HTML5

Defineste "hacking".

New Java Attack Rolled Into Exploit Kits A new exploit that takes advantage of a recently-patched critical security flaw in Java is making the rounds in the criminal underground. The exploit, which appears to work against all but the latest versions of Java, is being slowly folded into automated attack tools. The exploit attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier. If you are using Java 6 Update 29, or Java 7 Update 1, then you have the latest version that is patched against this and 19 other security threats. If you are using a vulnerable version of Java, it’s time to update. Not sure whether you have Java or what version you may be running? Check out this link, and then click the “Do I have Java?” link below the big red “Free Java Download” button. A few weeks back, researcher Michael ‘mihi’ Schierl outlined how one might exploit this particular Java flaw. Over the weekend, I stumbled on a discussion in an exclusive cybercrime forum about an exploit that appears to have been weaponized along the same lines as described by Schierl. Below is a recording of a video posted by one of the members that shows the attack in action. Video: http://www.youtube.com/watch?v=rvFKdK_3ysI Java exploits are notoriously successful when bundled into commercial exploit packs, software kits that can turn a hacked Web site into a virtual minefield for Web users who aren’t keeping up to date with the latest security patches. Users would need only to browse to a booby-trapped site with a version of Mozilla Firefox or Internet Explorer that is running anything older than the latest Java package, and the site could silently install malware (according to a miscreant selling access to the exploit, it does not run reliably against Google Chrome for some reason). Because Java is cross-platform, this attack could theoretically be used to infiltrate non-Windows systems, such as computers running Mac OS X (Apple issued its own update to fix this flaw and other Java bugs earlier this month). For now, though, I’ve only heard about it being used to target Windows PCs: It is slowly being incorporated into the BlackHole exploit kit, one of the most widely-deployed exploit packs on the market today. Reached via instant message, the hacker principally responsible for maintaining and selling BlackHole said the new Java exploit was being rolled out for free to existing license holders. For all others, the exploit can be had for a $4,000 price tag, in addition to the cost of a BlackHole license, which goes for $700 for three months, $1,000 for six months, or $1,500 per year. The author of BlackHole also sells his own hosted solution, in which customers can rent bulletproof servers with pre-installed copies of his kit for $200 a week, or $500 per month. I stand by my advice urging those who don’t need Java to junk it; most people who have it won’t miss it. For those who need Java for the occasional site or service, disconnecting it from the browser plugins and temporarily reconnecting when needed is one way to minimize issues with this powerful program. Leaving the Java plugin installed in a secondary browser that is only used for sites or services that require Java is another alternative. Sursa: http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits/ Deci faceti update la Java sau dezactivati.

Dos Attack On Window 7-[Metasploit] Description: ================================ Tutorial: Dos Attack on Window 7 Creator: Rahul Roshan Official Websites:Welcome To Team Nuts, hacknuts.com - hacknuts Resources and Information. Personal Website: href="http://www.rahulroshan.in" rel="nofollow">www.rahulroshan.in Email: rahulroshan96@gmail.com Blog: Rahul Roshan ================================ Video: http://www.securitytube.net/video/2520 http://www.youtube.com/watch?v=aZCL6yLr8yk Inca un videoclip care demonstreaza puterea Metasploit...

Deepsec 2011: Sms Fuzzing - Sim Toolkit Attack Description: Speaker: Bogdan Alecu Blog: http://blog.m-sec.net In this talk I show how to make a phone send an SMS message without the user’s consent and how to make the phone not to receive any message. The method used works on any phone, no matter if it’s a smartphone or not and also on any GSM/UMTS network. http://www.securitytube.net/video/2518 Felicitari Bogdan...

Dnsmasq For Easy LAN Name Services Monday, 28 November 2011 04:00 Carla Schroder When you want a good reliable and easy-to-configure LAN name server, try Dnsmasq. Dnsmasq does DHCP, DNS, DNS caching, and TFTP, so it's four servers in one. If you have no public servers it should meet all of your needs, and it's a great complement to an authoritative name server. In this tutorial we'll learn how to deliver all network configurations to our LAN hosts through DHCP. Prequisites All of your network hosts must have their own hostnames, and be configured to get their network configurations via DHCP (dynamic host configuration protocol.) If you have some machines with static IP addresses Dnsmasq can incorporate them as well, so there is no need to change them. You should have a correctly-configured network, and all hosts able to ping each other. A Bit of Terminology Let's review some basic terms so we know what the heck we're talking about. An authoritative name server is for publishing the addresses of public servers. If you have an Internet-facing server such as a Web site, mail server, or FTP server, then somewhere there is an authoritative server that advertises their IP addresses and names. This may be an authoritative DNS (domain name services) server on your premises, or managed by a third party like your Internet service provider or a hosting service. You can query any public server with the dig command to see how its name and IP address are matched up: $ dig +nocmd www.linux.com +noall +answer www.linux.com. 5276 IN A 140.211.169.7 www.linux.com. 5276 IN A 140.211.169.6 Think of an authoritative DNS server as the master address book for an Internet domain. This address book is copied to the world's root DNS servers, and then copied by countless other servers all over the Internet. It is a beautiful distributed system that provides speed and fault-tolerance. Keeping authoritative servers completely separate from the other types of name servers — recursive and caching — is a fundamental security practice. So you might use BIND, PowerDNS, or MaraDNS for your authoritative server, and Dnsmasq for private LAN name services and caching. A dns cache is a local copy of the addresses of sites you have visited. This speeds up your network performance because network applications don't have to wait for DNS queries to be answered by remote servers. A recursive name server is the one that looks up the address of sites you want to visit. Recursive and cache functions are often combined in the same server. For example, when you configure the DNS for your Internet account, your ISP's DNS servers are most likely recursive and caching servers. Public DNS servers like Google Public DNS and OpenDNS are recursive and caching servers. Sometimes you get can speed up your Internetworking by using different third-party servers; try Namebench to help you find the fastest ones. Dnsmasq is not a recursive name server, but it can be configured to query any recursive server you want. Trivial File Transfer Protocol (TFTP) is a very simple, insecure FTP server used inside private networks for network booting of PCs and embedded devices like routers and VoIP (voice over IP) endpoints. Global Settings Dnsmasq is configured in /etc/dnsmasq.conf. I recommend copying the original to keep as a reference, and start over with a blank file. Every time you make a change to dnsmasq.conf you have to restart Dnsmasq. In these here modern times there are multiple ways to do this, hurrah, though running /etc/init.d/dnsmasq restart still works on most distros. For this article let's assume a small network with two subnets: one wired and one wireless, at 192.168.1.0 and 192.168.2.0. Dnsmasq is installed on a LAN router with both wired and wireless interfaces at 192.168.1.10 and 192.168.2.10. First let's take care of some important global settings: #/etc/dnsmasq.conf domain-needed bogus-priv domain=mydomain.net expand-hosts local=/mydomain.net/ listen-address=127.0.0.1 listen-address=192.168.1.10 listen-address=192.168.2.10 bind-interfaces Adding domain-needed blocks incomplete requests from leaving your network, such as google instead of google.com. bogus-priv prevents non-routable private addresses from being forwarded out of your network. Using these is simply good netizenship. Set your private domain name with domain=mydomain.net, replacing mydomain with any domain name your heart desires. You don't need to register it with a domain name registrar because it's private and never leaves your LAN. The expand-hosts directive adds the domain name to your hostnames, so you get fully-qualified domain names like hostname.mydomain.net. Again, these are completely arbitrary and can be whatever you want. local=/mydomain.net/ ensures that queries for your private domain are only answered by Dnsmasq, from /etc/hosts or DHCP. The listen-address directive tells Dnsmasq which interface or interfaces to listen on. Always use listen-address because you don't want Dnsmasq exposed to the wrong networks, and especially not the Internet. Always include the loopback address. You could use the interface= directive instead, for example interface=eth0, but the Linux kernel doesn't always bring up network interfaces with the same names after reboot. If you have more than one NIC the names could get changed, and then your name services will be messed up. The bind-interfaces directive ensures that Dnsmasq will listen only to the addresses specificied with listen-address. Configuring DHCP Now let's set up DHCP for our two subnets. This is so easy you will dance for joy: dhcp-range=lan,192.168.1.100,192.168.1.200 dhcp-range=wifi,192.168.2.100,192.168.2.200 I like to reserve addresses below .100 for servers. This example supplies a hundred DHCP addresses per subnet. Note that they are labeled with the tags lan and wifi. This is a brilliantly simple system that simplifies delivering different services to different subnets, as in the following examples: #set default gateway dhcp-option=lan,3,192.168.1.50 dhcp-option=wifi,3,192.168.2.50 #set DNS server dhcp-option=lan,6,192.168.1.10 dhcp-option=wifi,6,192.168.2.10 The first stanza sets the default route for each subnet. The number 3 tag means router. You can see all the tag numbers with the dnsmasq --help dhcp command. The second stanza tells our LAN clients to get their DNS from the Dnsmasq server. Upstream Name Servers You need to tell Dnsmasq where to forward Internet DNS requests. This could be your ISP's nameservers, or any DNS service you want to use. It is good to use at least two completely different services. This example uses Google Public DNS and OpenDNS: server=8.8.8.8 server=8.8.4.4 server=208.67.220.220 Static IP Addresses Dnsmasq painlessly incorporates hosts with static IP addresses into your local DNS. Suppose you have three servers with static addresses; all you do is add them to the /etc/hosts file on the Dnsmasq server: 127.0.0.1 localhost 192.168.1.15 server1 192.168.1.16 server2 192.168.1.17 server3 Always include the localhost line. TFTP Server You can enable Dnsmasq's built-in TFTP server by adding this line to dnsmasq.conf: dhcp-boot=pxelinux.0 And then you'll need to set up your boot directory and pxelinux configuration, which is a subject for another day. If you already have a working TFTP/pxelinux server, then point Dnsmasq to it like this, using your own server name and address: dhcp-boot=pxelinux,servername,192.168.1.25 Once again we have run out of paper and it is time to end. Please visit Dnsmasq to learn more about this excellent server. Sursa: https://www.linux.com/learn/tutorials/516220:dnsmasq-for-easy-lan-name-services

R2D2 – Forget the jargon, it’s a wiretap November 28th, 2011 Lyle Frink A short time ago in a galaxy very close by, the German Police and their R2D2 Trojan gave us a simple reminder of what modern malware is all about. It’s wiretapping. Technical buzzwords usually leave me more puzzled than enlightened. How many of these terms can you identify: backdoor Trojan with mfc42ul.dll, winsys32.sys key logger, Speex codec, full registry access, CJPEG, or acrd~tmp~.exe for a hidden executed application. Did I lose you? Just think wiretapping in the digital age. Recently, the German Police had their R2D2 outed by the Chaos Computer Club. It seems that after the Police loaded their R2D2 Trojan onto a suspect’s computer, the defenders of law and order could do the following: Listen in on voice and messaging applications (Skype, MSN Messenger, Yahoo Messenger, ICQ, PalTalk..) Take notes by logging keystrokes in browsers (Firefox, Opera, Internet Explorer, SeaMonkey..) Get pictures (JPEG screenshots of users’ screens and video calls) Go through the records with full file system and registry access Fine-tune surveillance by secretly downloading, installing, and executing other applications Turn on the microphone and start recording While the technical features are confusing to the non-geek, R2D2 is just a high-tech wiretap with the cool addition of a Blue Screen of Death (BSOD) trigger. There are only two exceptional aspects to the R2D2 malware: It is supposedly legal (a hot debate topic in Germany) The German government paid two million Euro for it (rather pricy) But, the real lesson is this: bad guys use a similar bag of tricks – and they are trying to do this on your computer. Their goals are to make money, and they do this by stealing private account data. The technical specs change often. Did I say sloppy police work? Yes indeed. While the Germans may have paid Top Euro for R2D2, they could have gotten more for their money according to Milos Schrotter, analyst at the AVAST Virus Lab: Data encrypted in AES (ECB) with a fixed key across all versions – not so good. No authentication built in, so it’s easy to spoof. Data sent to a command-and-control server in the U.S., which is almost certainly against German law. Code permitting the controller to install additional software onto the target machine is not authenticated, so it would be easy to fool the Trojan into installing anything Application code structure is very simple without any type of self-protection against a reverse or hacking attack. So just remember, there is always room for improvement. And, when you are on your computer, you are not as alone as you might think. PS: The Trojan is called R2D2 because of the “C3PO-r2d2-POE” string inside the binary file. Sursa: https://blog.avast.com/2011/11/28/r2d2-–-forget-the-jargon-it’s-a-wiretap/

Profense Web Application Firewall Easy, affordable, web application firewall that installs in minutes on your favorite hardware or virtual platform With installation taking less than an hour, the Profense web application firewall software quickly and easily turns most standard x86-64 compatible hardware (typically a server) or virtual machines (like VMWare) into powerful, standalone web application firewalls allowing you to affordably join the thousands of others who trust Profense to protect their web sites, web applications, web services and data. Profense’s integrated load balancing, caching and compression ensures the best possible experience for your visitors. In addition to all standard Features, Profense offers: Performance scales with the hardware platform Double byte languages such as Japanese, Chinese and Korean supported. PCI DSS 6.6 and OWASP Top Ten protection Out-of-the-box protection with auto learning XML, JSON and SOAP services support Session validation and CSRF protection Data leak prevention and log data masking Load balancing with session persistence SSL Client Authentication, Authorization, and Certificate Forwarding HTTP request throttling and connection limiting network level blocking (optional) Concurrency beyond 100,000 connections 18,750+ HTTPS req/sec on $1K hardware Only $2995 including one year of support and upgrades. Free trial: http://www.armorlogic.com/try-web-application-firewall-for-free.html Only $2995????? Sursa: http://www.armorlogic.com/web-application-firewall.html