Nytro

Stuxnet Source Code Released Posted by The Hacker News On 1:05 AM Stuxnet is a Microsoft Windows computer worm discovered in July 2010 that targets industrial software and equipment. While it is not the first time that crackers have targeted industrial systems,it is the first discovered malware that spies on and subverts industrial systems,and the first to include a programmable logic controller (PLC) rootkit. Stuxnet is designed to programmatically alter Programmable Logic Controllers (PLCs) used in those facilities. In an ICS environment, the PLCs automate industrial type tasks such as regulating flow rate to maintain pressure and temperature controls. Download: http://www.multiupload.com/BDNYSCY5PC Sursa: Stuxnet Source Code Released Online - Download Now ~ THN : The Hacker News

Multe chestii interesante: http://skypher.com/wiki/index.php/Main_Page

Tot respectul pentru cei care l-au facut, baieti destepti.

Pe aici nu exista foarte mult bun simt, dar cred ca te vei acomoda repede. Bine ai venit.

Probleme "tehnice". Nu. E tot VIP.

Protecting Linux Against DoS/DDoS Attacks Tuesday, June 28, 2011 Contributed By: Jamie Adams When I first heard ridiculous-sounding terms like smurf attack, fraggle attack, Tribal Flood Network (TFN), Trinoo, TFN2K, and stacheldraht, I didn't take them too seriously for a couple of reasons — I worked mainly on non-Internet facing systems, and I was never a victim. I thought it was primarily a network or application administrator's problem. I am not too proud to admit that I was completely wrong. The truth is that I only had a grasp of the impact of such attacks but I didn't know anything about the methods and the things that can and should be done at the operating system level. I have been neck-deep in completing documentation for our product's Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408) submission so I hadn't had much time to think about topics for a blog post. Besides, how can I compete with all of these eye-catching,dramatic headlines about LulzSec, Anonymous, and Ryan Cleary? A co-worker asked me how our Security Blanket operating system lock down tool could help against denial-of-service (DoS) attacks. So began my research and I quickly had the epiphany that I barely knew anything about DoS attacks. Of course this topic is far too broad and complex to cover in one blog post but I am going to highlight some of my findings. First of all, I strongly recommend visiting the SANS Institute InfoSec Reading Room and reading “A Summary of DoS/DDoS Prevention, Monitoring and Mitigation Techniques in a Service Provider Environment.” Secondly, read the W3C's “The World Wide Web Security FAQ - Securing against Denial of Service attacks.” In “HACKING the art of exploitation”1, Erikson describes two general forms of DoS attacks: those that crash services and those that flood services. Wikipedia goes on to describe five basic types of attacks: Consumption of computational resources, such as bandwidth, disk space, or processor time. Disruption of configuration information, such as routing information. Disruption of state information, such as unsolicited resetting of TCP sessions. Disruption of physical network components. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. The W3C defines DoS as “an attack designed to render a computer or network incapable of providing normal services. The most common DoS attacks will target the computer's network bandwidth or connectivity. Bandwidth attacks flood the network with such a high volume of traffic, that all available network resources are consumed and legitimate user requests can not get through. Connectivity attacks flood a computer with such a high volume of connection requests, that all available operating system resources are consumed, and the computer can no longer process legitimate user requests.” The W3C differentiates a DoS attack from a Distributed Denial of Service (DDoS) attack. The DDoS “attack uses many computers to launch a coordinated DoS attack against one or more targets. Using client/server technology, the perpetrator is able to multiply the effectiveness of the Denial of Service significantly by harnessing the resources of multiple unwitting accomplice computers which serve as attack platforms.” In the case of smurf and fraggle attacks, one method of prevention is to configure the router to block broadcast packets that did not originate from that network. On Linux systems, you can configure the kernel to disregard ICMP ECHO and TIMESTAMP requests that were sent to broadcast or multicast addresses by setting the kernel parameter net.ipv4.icmp_echo_ignore_broadcasts to one. When it comes to “SYN flood” DoS form of attacks, you can configure Linux to send out requests (syncookies) to remote hosts if they are flooding your system’s backlog queue with SYN packets; to enable this set the kernel parameter net.ipv4.tcp_syncookies to one. These requests check whether or not the inbound SYN packets are legitimate. In cases where these inbound SYN packets are not legitimate, your system might be experiencing a “SYN flood” DoS attack. Enabling this option on a system under normal load is useful. If your system is under high load it will make new connections but without advanced features such as explicit congestion notification (ECN) or selective acknowledgment (SACK). All of the normal hardening procedures for the operating system will of course help. Namely, it will help reduce the likelihood your system will become compromised and become the platform for which attacks will be launched. Additionally, it is critical to know what software is present on your system. One technique to monitor this is to baseline (or fingerprint) your system to include the use of cryptographic hashes where possible. Then periodically, perform another baseline and compare it to the previous one. The use of host-based firewalls (e.g., iptables) is strongly encouraged as well as disabling of unnecessary server services. System minimization has been a topic in many of my posts before and I believe it is one of the easiest but most effective techniques because it reduces your “attack surface.” The W3C FAQ also says, “assume a service should be turned off, unless it is absolutely required.” And I would take it one step further by removing the software packages associated with those unused services. Safeguarding and monitoring operating systems against DoS and DDoS are areas which I continue to learn about and develop techniques. Please, share your knowledge and techniques so we all might learn. Sursa: https://www.infosecisland.com/blogview/14788-Protecting-Linux-Against-DoSDDoS-Attacks.html

A Window Into Mobile Device Security Examining the security approaches employed in Apple’s iOS and Google’s Android Carey Nachenberg VP, Fellow Contents Executive Summary............................................1 Introduction........................................................1 Mobile Security Goals.........................................2 Web-based and network-based attacks ......2 Malware ........................................................2 Social Engineering Attacks...........................3 Resource Abuse.............................................3 Data Loss ......................................................3 Data Integrity Threats...................................3 Device Security Models......................................3 Apple iOS.......................................................4 Android........................................................10 iOS vs. Android: Security Overview...................17 Device Ecosystems ............................................17 Mobile Security Solutions................................20 Mobile Antivirus..........................................20 Secure Browser...........................................21 Mobile Device Management (MDM)...........21 Enterprise Sandbox.....................................21 Data Loss Prevention (DLP)........................22 Conclusion........................................................22 Download: http://www.symantec.com/content/en/us/about/media/pdfs/symc_mobile_device_security_june2011.pdf

Au primit multi. Exista categoria "Ajutor". Exista categoria "Cereri". Exista n posturi in care specific sa nu se ceara ajutorul sau alte prostii in aceasta categorie. Exista x persoane care au primit avertisment pentru asa ceva, nu trebuie sa te simti special.

Ca azi sunt de obicei, insa doar azi am ceva timp liber si am timp sa dau avertismente si banuri. Ca nu prea am mai activat de o saptamana-doua.

Da, poate fi foarte util. Oricum, e publica de putin timp. O sa fac niste teste sa vad daca reusesc ceva automatizare.

Foarte interesant. Ai numai posturi interesante. Ban.

A fost un experiment. Am anuntat de "x" ori. Si nu eu am dat Add la cele 1000 de persoane din lista, doar la cateva. Si tot nu inteleg de unde tot primeam add-uri legate de Metin. Si exista optiunea "Ignore".

La Academia Tehnica Militara nu e tocmai "frumos"... Din mai multe motive: - nu ai foarte multa libertate: nu prea poti lipsi de la cursuri, se verifica camerele uneori, nu ai voie sa iesi de capul tau, sa vii mai tarziu de 23:00 parca, trebuie sa iesi cu invoire, o gramada de chestii - trebuie sa stii si o sa fii forjat cu o gramada de matematica si fizica. Daca vrei sa mergi acolo pentru informatica, nu e alegerea potrivita - da, o sa iesi cu salariu, venit stabil, dar trebuie sa semnezi contract pe 10 ani, si nu poti sa iti dai demisia, cred ca te pun sa platesti daune - la fel cu facultatea, daca vrei sa o abandonezi, trebuie sa platesti cat ai stat - va pun brom in mancare/bautura, in ceai am inteles ca sa nu vi se mai scoale. Sa nu mai aveti asa chef de sex - dimineata trezirea, dati ture pe acolo si tot felul de alte prostii, pe langa datul cu matura prin curte - trebuie sa purtati uniformele alea urate, vara muriti de cald, iarna degerati - salariile nu sunt foarte mari, sfatul meu e sa dai la STS, probele fizice sunt date la misto dar cele scrise sunt mai grele, la MApN am inteles ca nu sunt salarii foarte mari Sunt multe motive pentru care iti recomand sa nu te duci acolo, dar e alegerea ta. Eu iti spun parerea mea si ce am vorbit cu persoane de acolo, cunosc mai multe.

Mie imi place, bravo A, eu nu sunt foarte pretentios la partea de grafica.

Oare ne lasa si pe noi sa il folosim sa crack-uim md5-uri?

XSSF - Cross-Site Scripting Framework v.2.0 Released Friday, June 24, 2011 The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes. XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers. XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Framework allows users to launch MSF browser based exploit easilly from an XSS vulnerability. Download: https://code.google.com/p/xssf/downloads/list Video demo: http://www.youtube.com/user/X0x1RG9f Sursa: Security-Shell: XSSF - Cross-Site Scripting Framework v.2.0 Released

Poza e facuta la Nicolae Balcescu - Lahovari. Da, e cu mine, o aveam de mult la avatar.

Ca sa inteleaga toata lumea... NU folosesc eu acest ID, poveste lunga. Daca il aveti in lista aflatii IP, trimiteti un fisier si verificati cu netstat sau cu Wireshark incotro se duc datele, nu cred ca trec prin serverele Yahoo. Trimiteti o poza ceva. Sau cel mai bine dati ignore. Desi pe mine ma amuza mass-urile lui. Nu stiu cine e, dar incearca sa va dea stealere. Daca nu aveti ce face, luati fisierele de la el, dar NU LE EXECUTATI, si trimiteti-mi PM cu un link catre ele.

A mea e simpla, dar nu cred ca o ghiciti...

http://www.meh.ro/wp-content/uploads/2011/06/meh.ro7678.jpg

Am vazut ca unele avatare sunt mai mari, cred ca se poate ceva. Vedeti YDK. Dar nu am timp momentan.

[C++] Notiuni de limbaj E un articol scris de mine inainte de examenul de POO (Programare Orientata pe Obiecte) - C++. M-am gandit ca poate ajuta cat de cat colegii mei. - Introducere - Mediu de lucru - Exerci?iul 0: caractere speciale - Exerci?iul 1: const - Exemplul 2: Constructori: - Exerci?iul 3: Func?ii virtuale Acopera notiuni de POO. E scris pentru a exemplifica probleme care pot sa apara in programe C++ si care pot fi de la usor la foarte greu de identificat. Insa este doar o mica colectie, cu explicatiile de riguare. Probleme pot fi multe si foarte variate, si am acoperit foarte putin. PS: Necesita cunostinte de POO: sa stii ce e ala constructor, constructor de copiere, derivare, cateva notiuni cel putin elementare. "Citat": S? lu?m acum un exemplu mai interesant. Lu?m clasele Test ?i Test2, care e derivat? din Test, ambele cu parametru int implicit 0. ?i cre?m un obiect x ?i înc? unul y = x. #include <iostream> using namespace std; class Test { int x; public: Test(int i = 0) : x(i) { cout << "Test: " << i << "\n" ; } ~Test() { cout << "~Test: " << x << "\n" ; } }; class Test2: public Test { int y; public: Test2(int i = 0) : y(i) { cout << "Test2: " << i << "\n" ; } ~Test2() { cout << "~Test2: " << y << "\n" ; } }; int main() { Test2 x(3), y = x; return 0; } În ce ordine se vor apela constructorii? E simplu: Test: 0 - Pentru x, mai întâi se apeleaz? constructorul clasei de baz? cu valoarea implicit? Test2: 3 - Apoi constructorul s?u, Test2, cu valoarea 3 ~Test2: 3 - Destructor y ~Test: 0 - Destructorul clasei de baz? ~Test2: 3 - Destructor x ~Test: 0 - Destructorul clasei de baz? Ce se întâmpl? apoi? E simplu: pentru y nu se apeleaz? constructorul normal, ci se apeleaz? constructorul de copiere, care nu este definit de noi. Deci se creaz? y, un al doilea obiect, de aceea vedem c? se apeleaz? de dou? ori seria ~Test2/~Test. Îns? lucrurile devin mai interesante dac? definim un constructor de copiere pentru Test2. S? îl definim ?i s? increment?m cu 1 valoarea lui y (din Test2) pentru a face diferen?a între obiectele x ?i y. Test2(Test2 &ob) { cout << "Copiere Test2\n" ; y = ob.y + 1; } La rulare, se va afi?a: Test: 0 - Pentru x - baza Test2: 3 - Pentru x – constructorul din derivat? Test: 0 - Interesant. Acum, înaintea constructorului de copiere care se apeleaz? la crearea lui y, se apeleaz? constructorul din clasa de baz? pentru y. Motivul e simplu: se creaz? un nou obiect Test2 ?i asta presupune apelul constructorului clasei de baz?, clasa Test. În primul caz, în care nu aveam un constructor de copiere, x-ul se copia bit cu bit in y ?i nu se mai apela niciun constructor al clasei de baz?. A?adar, aten?ie la astfel de lucruri m?runte Copiere Test2 - Se apeleaz? ?i constructorul de copiere ~Test2: 4 - Destructorul lui y mai întâi, destructorii se apeleaz? în ordine invers? ~Test: 0 - Destructorul din baz? al lui y ~Test2: 3 - Destructorul lui x ~Test: 0 - Destructorul din baz? al lui x Download: http://www.speedyshare.com/files/29050808/C_notiuni_de_limbaj.pdf http://www.mediafire.com/?sn66k96645034tj http://www.megaupload.com/?d=RZ13C013 RTTI - Runtime Type Identification/Information: E o facilitate a limbajului care permite identificarea tipului variabilelor la executie. Pentru inceput e necesar un header: #include <typeinfo> Utilitatea lui e urmatoarea: poti identifica tipul unei variabile, de obicei pointer, la executie, si poti preveni anumite erori. Sa zicem ca avem o clasa A, o clasa B care o mosteneste pe A, si o clasa C care o mosteneste pe A. Folosind un pointer la A vom putea indica catre un obiect de tipul A, B sau C, si e posibil sa nu stim sigur catre ce tip de obiect indica pointerul. A *p; Putem avea: p = new A; // Clasic p = new B; // B fiind derivata din A p = new C; // Putem crea p-ul in functie de niste date introduse de la tastatura de exemplu, deci nu putem stii catre ce tip indica, aici ne ajuta RTTI-ul. Pentru a obtine tipul unei variabile, apelam functia "typeid()". Functia NU returneaza un sir de caractere care reprezinta numele tipului variabilelei, ci returneaza un obiect de tipul "type_info". Aceasta este de fapt o clasa cu cateva metode. Deci functia va returna un obiect care are metodele: - name() - Cea mai importanta metoda, returneaza un sir de caractere care reprezinta numele tipului variabilei (pointer, obiect, int... ) ca parametru. De exemplu, typeid(x).name va fi "i" in cazul in care x e un int, va fi "l" pentru cazul in care e un long si asa mai departe. Insa utilitatea apare la pointeri cand lucram cu clase derivate. Sa luam urmatoarele clase: class C1 { public: C1() { cout << "C1\n"; } }; class C2: public C1 { public: C2() { cout << "C2\n"; } }; Apoi vrem sa cream un pointer si sa vedem tipul sau: int main() { C1 *x = new C1; cout << typeid(x).name(); return 0; } E cazul clasic, se va afisa "P2C1". "P" = pointer, "2"-ul reprezinta numarul de caractere al numelui clasei. Clasa "C1" are 2 caractere, daca aveam clasa "Test" aveam 4 caractere. Iar "C1" reprezinta desigur tipul pointerului. De asemenea: C1 *x = new C2; cout << typeid(x).name(); Va afisa TOT "P2C1" pentru c x este un pointer la tipul C1, chiar daca indica spre un obiect de tipul C2. De asemenea: C1 *x = new C2; cout << typeid(*x).name(); Va afisa "2C2", deci va afisa ca indica spre un obiect de tipul C2. Despre type_info ar mai fi important ca supraincarca operatorul ==, astfel poti compara typeid(x) == typeid(y). La fel si !=. E scris pe la 23:00 - 24:00 inainte de examen, nu am avut timp sa scriu mai mult. Sper sa va ajute.

Iar incepeti cu topicuri dinastea penibile? Inchis si mutat la gunoi.

Wireless Wep Key Cracking WEP Cracking by %ebx DISCLAIMER: I DO NOT encourage cracking others wireless protection!. This is illegal! The AP I'm cracking belongs to me and I wrote this as a proof of concept. There's a reason they have a key, they don't want you stealing their bandwidth! That beeing said: Why would you want to crack WEP protected wireless networks? 1. Because you don't have a internet connection and that bastard neighbor of yours has the money to get one 2. Your dad pulls your ethernet cable out every night at 10 so you don't stay up all night talking to some bimbo 3. Because you can and you want to! What do you need? 1. A wireless network card(obviouslly) with drivers up and running. Your need your driver to be able to inject packets, otherwise you're gonna spend days gathering enough packets for a successful crack. I had to recompile my kernel module because I use a damn Broadcom card, and injection wouldn't work..not sure why. 2. Linux (Ubuntu Gutsy in this case), though you can do this from Windows and MacOS too, with the appropriate software. 3. The aircrack-ng suite $sudo apt-get install aircrack-ng Ok..off we go [NOTE] I color coded the "sensitive" information: AP MAC address, AP Name, miscelaneous MAC addresses and my MAC address. There's a legend on the bottom with the colours and what they correspond to So..how do we crack WEP? Well basically...whenever a wireless card "talks" to a access point (AP from now on), it sends/receives some interesting info along with the packets, info that can be used to get the actual WEP key(using the aircrack utility). What we need is to gather enough packets so that aircrack can do it's job [NOTE] eth0 is our wireless card for the remaining of this tutorial STEP 1: We must put the wireless card in monitor mode. A wireless card in monitor mode basically allows us to sniff all the wireless traffic around us We do this by issuing the following command: [check screenshot 1] ebx@skynet:-$ sudo airmon-ng start eth0 You should see "monitor mode enabled" in there. That means we're good and can proceed to the next step Step 2: In this step we need to get the MAC address of the AP we're after, the AP name and the channel it's on. To do this we first sniff all the traffic so we can see what AP we're gonna focus on(the one with more beacons/data usually, if we want a random crack, or a specific one if you're set on someone "special") We do this by running: [check screenshot 1] ebx@skynet:-$ sudo airodump-ng eth0 You should get a screen similar to the one in screenshot 2 I grayed out everything I don't need. The important part is the line with the AP I got my eyes on, the one with red. We just make a note of the MAC address, the AP name and the channel the AP is on. Step 3: This is the step where we actually start capturing packets for use in the cracking We do this by running: [check screenshot 3] ebx@skynet:-$ sudo airodump-ng -c 1 --bssid [THE AP MAC ADDRESS] -w capture eth0 This starts the actual capture of packets. It captures all traffic on channel 1 (the channel the AP was on), but only the traffic going to our AP, and saves the packets in a file called capture-01.cap (airodump-ng adds the -01.cap) You should get something similar to screenshot 4. The "#Data" field is what were's interested in getting high enough. We need thousands of packets to have a successful crack. This is all fine and dandy, and we could just leave this for...hmmm...days 'till it gathers enough packets...Or we could speed the process QUITE A LOT! by using aireplay-ng Step 4: In this step we speed things up by sending a lot of packets to the AP, so we get responses from it (responses that contain that interesting data we're after This is done in 2 steps I'm not going to explain the options I use, just trust me . Or run aireplay-ng with no options so you can see the available options A. First we need to associate out wireless card with the AP so it accepts packets from us [check screenshot 5] ebx@skynet:-$ sudo aireplay-ng -1 0 -e [AP NAME] -a [AP MAC ADDRESS] -h [MY MAC ADDRESS] eth0 If we get "Association successful :-)" then we can proceed to the next step of the packet sending speed up, otherwise something is wrong, eiter you're to far away from the AP, or it has MAC filtering enabled. If we have a successful association, then we can see our MAC address appears as associated to the AP (check screenshot 5 - the left terminal) B. Now we need to start sending packets. Again I'm not going to explain the options used, just RTFM! [check screenshot 6] ebx@skynet:-$ sudo aireplay-ng -3 -b [AP MAC ADDRESS] -h [MY MAC ADDRESS] -x 100 eth0 After a bit of packet reading you should see the sent packets run like crazy, wich also makes our "#Data" field go up like there's no tomorrow!. This is good news. If this step fails, your card/driver probably doesn't have injection capabilities..wich is bad news. But not entirely, just means that you're gonna spend a whole lot more time in cracking because packets come in A LOT slower! This is it...now we just need to sit and wait for enough packets so we can begin our crack. You can just wait and try running the next step from time to time, or do it like I do, run the next step now as it updates the reading realtime. Step 5: In this step we start cracking the WEP using aircrack-ng [check screenshot 7] ebx@skynet:-$ sudo aircrack-ng -n 64 -f 4 capture-01.cap "-n 64" tells aircrack-ng to crack a 64 bit WEP (I already know the key is 64 bit as I have cracked it before ). If not sure test with "-n 64" of with no "-n" at all if that fails. "-f" is the fudge factor. If cracking doesn't work, try raising this to some other value(below 32) If enough packets were gathered, you WILL have a successfull crack. With 250.000 packets I (well aircrack-ng) cracked the key in 3 seconds! [check screenshot 8] We get the key in HEX and ASCII. We will be using the ASCII one. This is it. We have the key, now all there's left is to use it! Now we can just stop capturing (CTRL+C in the other 2 terminals, then close them). After packet capturing is over, we need to take our card OUT of monitor mode ebx@skynet:-$ sudo airmon-ng stop eth0 Step 6: This is optional. You could use any GUI manager to set things up, but I prefer doing it manually ebx@skynet:-$ sudo iwconfig eth0 essid [AP NAME] ebx@skynet:-$ sudo iwconfig eth0 ap [AP MAC ADDRESS] ebx@skynet:-$ sudo iwconfig eth0 key on ebx@skynet:-$ sudo iwconfig eth0 key s:[THE ASCII KEY] ebx@skynet:-$ sudo dhclient eth0 Sursa (si screenshots): Wireless Wep Key Cracking - rohitab.com - Forums