Nytro

De unde sti ca e Fake? Si un scan nu te ajuta cu nimic, poate fi falsificat. Insa un screenshot nu ar strica. PS: Sa uploadeze cineva altundeva, urasc jegul de rapidshare.

Postul de deasupra ilustreaza ce inseamna "Offtopic" (nu are legatura cu subiectul ci cu pax) si "Redeschidere topic" (ultimul post a fost scris acum 2-3 luni, si nu are un motiv serios pentru redeschiderea acestui subiect). Asadar, pentru cei care nu au inteles cum sa treaba cum avertismentele, puteti lua acest post drept un exemplu de "asa NU se face". PS: Abtineti-va de la comentarii inutile. Adica sa nu va vad ca scrieti ceva in legatura cu acest post, va fi offtopic. Daca aveti ceva de zis in legatura cu subiectul, da, puteti spune, nici o problema.

Te referi la forum si la comentariile de la torrente? Eu nu ma uit la asa ceva, daca descarc ceva (foarte rar) descarc si atat, restul nu ma intereseaza.

User Name: Daca se schimba username-urile, se ajunge la confuzii. FakeCN: Nu e nimic la VIP Area alexalghisi: Daca se cere un numar de posturi se ajunge la spam, posturi stupide si inutile.

Paxnwo, pe care il cunosc chiar, are ban (temporar). Si mai are si o bere de dat. Cum sa spun, si mama daca ar face offtopic ar primi warn

Se pot discuta multe lucruri interesante, dar sunt putini care ar participa la discutii. Zilele astea vreau sa mai fac mici modificari la RST, sa vedem, usor-usor, unde se ajunge

Nu poate fi inchisa aceasta categorie, e ca si cum ai merge la scoala si nu ai avea pauze. Pe langa tampeniile care se poasteaza aici, se mai posteaza si lucruri interesante (non-IT). In plus, aici se poate discuta despre orice, acesta e avantajul sectiunii. Aici razi, faci caterinca... E nevoie si de asa ceva. La celelalte categorii nu admit asa ceva. Si nu e vina mea ca majoritatea utilizatorilor intra aici pentru aceasta categorie, si nu dau cu vizita si prin altele, sa se lege ceva si de ei. Si se trezesc dupa 2-3 ani ca nu stiu mare lucru, si poate isi fac si iluzia ca o sa lucreze in domeniul IT.

"Pentru ca nu se mai posteaza articole si lucruri interesante, nimic calitativ." Eu cel putin am inceput sa postez. Sper sa ma ia si altii drept exemplu. "In care sa nu fie luat la misto un user al forumului, care sa contina o argumente cand se prezinta o idee." Nu sunt chiar atat de multe posturi fara rost cum zice lumea "Te cred, nu prea sunt membri care sa merite rang de moderator, care sa contribuie la dezvoltarea acestui forum, cat si la combaterea idiotiilor." Doar 2 membri as putea propune pentru un post de moderator, dar deocamdata nu cred ca e necesar deocamdata. "Imi pare rau, insa aici nu este vorba de tine.. ci de majoritatea userilor care le vorbesc noilor membrii foarte urat daca gresesc.." De multe ori merita asta. Vin cu intrebari penibile, nu se intereseaza in legatura cu problema lor, si iti dau in cap cate o intrebare stupida... "anul trecut situatia era mai altfel" Nu era mare diferenta. Niciodata nu a fost o mare diferenta intre ce e acum si ce "era odinioara". "acum totul se rezuma la stealere, keylogger, spam, off-topic" Fiecare cu ce ii place. Spam nu prea se face, iar offtopicul rezulta avertisment. "Invision Power Board 3.1.2, mi se pare bun.. " Cred ca vBulletin e cea mai buna solutie. Sau phpBB.

"Eu cred ca da." Cum adica "a murit"? Ca nu prea mai face lumea "chestii" marca RST? Sau ca nu se mai posteaza articole sau lucruri interesante? "Teme, hm..o sa caut." Daca tot cauti, sa faci rost si de tema, ca am gasit unele teme acceptabile, dar nu le-am gasit niciunde. "Selectiile se pot face dupa calitatea posturilor." Ar fi multe de discutat aici. Ce inseamna un post de calitate? "In unele cazuri nu se prea primeste avertisment.." Am dat peste 460 de warn-uri, dar nu stau sa iau fiecare topic la rand si sa dau warn la fiecare abatere. "Pt. ca nu vor sa se implice.." Nici eu nu ma mai implic asa de mult, fiecare cu problemele lui. "daca esti un membru nou si iti spui punctul de vedere iti sar in cap toti daca gresesti" Eu "m-am luat de tine" pentru ca vorbesti de RST-ul de odinioara, cand de fapt nu pari un membru foarte vechi al forumului. blech: Da, au murit . Mai sunt, numai ca au si ei alte treburi, au altele pe cap, mai importante ca RST desigur.

"Am cateva sugestii pt. a reinvia RST-ul.." A murit? Nu cred "Propun mai intai un upgrade la forum, la versiunea 4, are mai multe functii. O tema noua, aici va descurcati." Arata-ne niste teme frumoase. Eu am cautat si am gasit numai porcarii. "Propun banarea tuturor idiotiilor. " Fa o lista. De unde stiu cine e idiot si cine nu? Pe ce criterii sa se faca selectia? "Propun curatarea forumului de membri vechi si inactivi, avand 0 posturi. " Cu ce incurca? Sunt numai buni, nu deranjeaza cu posturi inutile. Si au cont ca sa poata vedea link-urile de pe forum. "Propun oprirea contorizarii posturilor la Off-topic, precum si banarea idiotiilor care fac spam, spread, si celor care incurajeaza aceste activitati pe RST. Daca un bou isi baga pula in autorul thread-ului, asta nu inseamna ca trebuie sa isi bage si urmatorul." Nu conteaza numarul de posturi, la nimic. Ca fac spread nu are nici o legatura cu faptul ca au cont pe RST, asta tine de etica lor, poate fac bani din datele pe care le fura. Daca un bou isi baga pula in orice, primeste avertisment. Urmeaza ban apoi. "Dupa ce faceti cele de mai sus, puteti sa opriti inregistrariile pe acest forum. Veti avea un forum curat, si cativa membri cat de cat cerebrali.. " De ce sa fie oprite inregistrarile? Cum ar fi sa fie oprite, si tu sa nu ai cont? Sunt destui membrii pe care ii duce capul, dar nu se implica prea mult. PS: De unde sti cum era RST-ul "odinioara". Ai si decat 73 de posturi... Eu am cont de 3 ani si ceva, si pot spune ca nu era mare diferenta, era doar mai multa implicare.

Nu e nevoie, e offtopic, aici va puteti caca in topicuri. Nu (prea) imi pasa de categoria asta, insa sa nu va prind cu tampenii la alte categorii. PS (informativ): Am dat peste 460 de warn-uri

Rangeut: Amice, daca singura categorie care o vizitezi e Offtopic, inteleg de ce nu iti place. Stiu, e mult mai usor sa citesti o bazaconie de aici decat un articol de calitate. Daca o sa cauti, o sa gasesti si lucrui interesante pe aici, dar nu la Offtopic. Ma asteptam la un astfel de val de posturi si vizualizari. "Nu stiu" de ce...

Bine ai revenit. Poti sa ramai

XPath Injection Similar to SQL Injection, XPath Injection attacks occur when a web site uses user-supplied information to construct an XPath query for XML data. By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured, or access data that he may not normally have access to. He may even be able to elevate his privileges on the web site if the XML data is being used for authentication (such as an XML based user file). Querying XML is done with XPath, a type of simple descriptive statement that allows the XML query to locate a piece of information. Like SQL, you can specify certain attributes to find, and patterns to match. When using XML for a web site it is common to accept some form of input on the query string to identify the content to locate and display on the page. This input must be sanitized to verify that it doesn't mess up the XPath query and return the wrong data. XPath is a standard language; its notation/syntax is always implementation independent, which means the attack may be automated. There are no different dialects as it takes place in requests to the SQL databeses. Download: http://sec4app.com/download/XPathInjection.pdf

WebCruiser - Web Vulnerability Scanner WebCruiser - Web Vulnerability Scanner, a compact but powerful web security scanning tool that will aid you in auditing your site! It has a Vulnerability Scanner and a series of security tools. It can support scanning website as well as POC (Proof of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, an XPath injection tool, and a Cross Site Scripting tool! Key Features: * Crawler(Site Directories And Files); * Vulnerability Scanner: SQL Injection, Cross Site Scripting, XPath Injection etc.; * SQL Injection Scanner; * SQL Injection Tool: GET/Post/Cookie Injection POC(Proof of Concept); * SQL Injection for SQL Server: PlainText/Union/Blind Injection; * SQL Injection for MySQL: PlainText/Union/Blind Injection; * SQL Injection for Oracle: PlainText/Union/Blind/CrossSite Injection; * SQL Injection for DB2: Union/Blind Injection; * SQL Injection for Access: Union/Blind Injection; * Post Data Resend; * Cross Site Scripting Scanner and POC; * XPath Injection Scanner and POC; * Auto Get Cookie From Web Browser For Authentication; * Report Output. System Requirement: Windows with .Net Framework 2.0 or higher Homepage: http://sec4app.com/ Download: http://sec4app.com/download.htm

BinPack: Las Vegas Edition Release For those weren’t able to score a BinPack disc, don’t worry we have setup a torrent of the iso. The disc contains a portable security environment customized for all the various Black Hat, DEFCON, and Security B-Sides attendees as well as the BinPack tool. Here is the latest screenshot of the tool. There are several bugs to be worked out with this version, which is why there is two releases; one stable and one alpha. Download: http://westcoasthackers.net/blog/2010/07/binpack-las-vegas-edition-release/

Injector is a little tool that will inject your code into a target process. Injector is a POST EXPLOITATION tool. it use generic shellcodes (may be generated from metasploit) and inject the shellcode into the target process and then run the code with the context of target process. By doing this it can evade anti viruses and provide a very powerful base for post exploitation. Key Features & Benefits: *ask for a file (means provide flexibility. you can choose your own codes). *Can provide On demand shells.(inject code into the processes and get shell). *Evade Anti viruses(because we are not generating exe, we are injecting direct shellcode.) This is one of the most powerful technique employed with this tool set. *Alphanumeric shellcodes are bullet proof solution for Anti viruses.. *can backdoor a process (bind shell). *can provide ability to switch from one exploitation tool to other..(for eg.. inject meterpreter shellcode -Metasploit, inject bind shell --Core Impact(we can connect core impact ) This is a small but very powerful utility that will inject direct shellcode into a process..and provide a powerful protection against anti viruses. Explanation: suppose we have a bind/reverse shell. now we want upload some tools. for eg. netcat or simply we may want to upgrade it to a meterpreter shell but victim is using latest Anti Virus then up gradation will fail or uploaded tools will be deleted.. Now the Game Begin how antivirus detect our tools.. because of some signatures, yes right. ok now we will try to pack or encrypt our exes then reupload on victim machine but antivirus detect and delete them.. now we face a very interesting question.. HOW antivirus know that our encrypted/packed file was the same malicious file?? basically antivirus load the file and detect the packer then decrypt the file and match the signature. now it provide a very important point what if we don't upload exe but we upload encrypted shellcode with injector. note that these shellcodes are not detectable because they are just raw instructions antivirus can't load the file and can't decrypt the instruction.. So in this way we can Bypass AV.. Hope your are getting what i am saying.. Injector will give you all the powers that will need in your post exploitation phase. Vid tut: http://vimeo.com/14139105 Download: https://sites.google.com/site/mamit30/home/injector/injector.rar?attredirects=0&d=1 Sursa: h4cky0u.org :: Login

The latest buzz word in the information security industry is “insecure DLL loading“, “DLL hijacking” or “DLL preloading“. Mr. HD Moore, the author of Metasploit has gone ahead and made it VERY easier for a lot of us to test such attacks at leisure. Hence you see such a spurt in proof-of-concept codes online! Mr. Peter Van Eeckhoutte has been maintaining a list of such vulnerable applications on his wonderful blog hosted here. This toolkit uses native JScript, automatically kills spawned processes, reduces the memory usage by ProcMon, and automatically validates every result from the CSV log. This is a complete re-write from the version 1 of the tool. This kit will turn your desktop PC into a vulnerability mincing machine by launching the file handlers for every registered file type, while recording whether or not a DLL was accessed within the working directory of the associated file! The DLLHijackAuditKit will help you verify if a application is vulnerable to DLL preloading attacks. How to use DLLHijackAuditKit v2? 1. Download ProcMon from here and copy the procmon.exe binary into the DLLHijackAuditKit directory. Launch the Process Monitor, accept the EULA, and exit. 2. Download Ruby from here and install it normally. 3 .Browse to this directory and launch 01_StartAudit.bat as an Administrator. The Administrator bit is important, as it will allow the script to kill background services that are spawned by the handlers and prevent UAC popups. 4. After the audit script completes (15-30 minutes), switch to the Process Monitor window, and access File->Save from the menu. Save the resulting log in CSV format to the local directory with the name “Logfile.CSV”. 5. Launch 02_Analyze.bat as an Administrator. This will scan through the CSV log, build test cases for each potential vulnerability, try them, and automatically create a proof-of-concept within the Exploits directory should they succeed. 6. Identify the affected vendor for each generated proof-of-concept and ask them nicely to fix their application. Send them the calc.exe-launching PoC if necessary. It is very easy to use but looking at today’s emerging tool this is small and also does the work! There are some known issues with this tool working on a Windows XP machine, etc. Hopefully Mr. Moore fixes them soon. Till then you can try being a vulnerability discoverer with this simple tool! Grab your pie while this vuln is hot! Download: http://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip Sursa: h4cky0u.org :: Login

SSHatter is an SSH brute force utility available from SSHatter | freshmeat.net Essentially the tool is comprised of a small Perl file. The utility requires a few non-standard Perl libraries but these are easily installed. You must have Perl installed to use SSHatter. Installing SSHatter First download and unpack the tool: wget http://freshmeat.net/redir/sshatter/70781/url_tgz/get.php tar -xvzf SSHatter-0.6.tar.gz cd SSHatter-0.6/src Next you may have to install the following perl libraries. Install Parallel::ForkManager To install Parallel:::Forkmanager it is easiest to simply download the source from Parallel::ForkManager - search.cpan.org and compile the module yourself wget http://search.cpan.org/CPAN/authors/id/D/DL/DLUX/Parallel-ForkManager-0.7.5.tar.gz tar -xvzf Parallel-ForkManager-0.7.5.tar.gz cd Parallel-ForkManager-0.7.5 perl Makefile.pl make sudo make install Install Net::SSH-Perl This package is usually distributed as a package and can easily be installed on most systems. On Fedora use: sudo yum install perl-Net-SSH-Perl Once you have installed these modules you'll need to create a file full of potential targets and a file of usernames to try. A simple password file is distributed with SSHatter but you may want download and utilize a more extensive one. SSHatter also uses a file of usernames. Again, you can download an extensive file or perhaps tailor this file to the target system. For our purposes we'll simply target localhost and try and brute force the user root. $ perl SSHatter.pl usage: SSHatter.pl sleeptime: 0 - disable retries at SSHatter.pl line 62. $ echo root > users $ echo 127.0.0.1 > targets $ perl SSHatter.pl 1 targets users passwords 1 1 Evaluation The source code to SSHatter is a mere 168 lines, making it rather compact. SSHatter also supports connection attempts to alternate port numbers if the targets are listed with an IP address, then a colon and the port (i.e. 127.0.0.1:20). SSHatter does include the handy functionality of being able to sleep between tries, so you can slow your brute force attempts, which may evade some filters. All in all SSHatter is a simple, straightforward tool. It isn't particulary fast, stealthy or easy to use. It doesn't include any advanced functionality such as documentation, randomly generated passwords or a GUI. SSHatter also doesn't have any easy way to configure scans of ranges of IP's and seems to rely on a pre-built target list. SSHatter is also distributed as copyrighted material, rather than as GPL material, which will probably limit any sort of participation or active development community. Credits:CardingPower

Nu l-am incercat, nu stiu daca e infectat... “PyLoris is a tool for testing a web server’s vulnerability to Denial of Service (DoS) attacks. It uses the Slowloris method; by using all available connections web servers cannot complete valid requests. Supports SOCKS, SSL, and all HTTP request methods.” Whats new Tkinter GUI Scripting API Inteligent Thread & Exception Handling Supports options to be pulled from files Multiple concurrent attack support ScriptLoris class for easy extension and prepackaged attack creation libloris module providing attack API Highly configurable HTTP connection consuming DoS HTTPS support GET, POST, HEAD and other headers supported SOCKS4 and SOCKS5 proxies supported Written in Python Cross Platform; supported on Windows, Linux, and Mac OS X Forging Referer header for severs inaccessible directly Gzip encoding to test for CEV-2009-1891 vulnerability Many more bug fixes! and much more ! DOWNLOAD: http://sourceforge.net/projects/pyloris/files/

Da, foarte bun, il aveam ca bookmark

Esti ratat. Vreau sa vad cate vizualizari face acest topic stupid. Daca postezi ceva esti si mai ratat.

Acum vad, cred ca este doar local.

Mi s-a parut mai complex decat majoritatea celor "home-made". Screenshot: Homepage: Ecodsoft Keylogger - Best all-in-one invisible Keylogger, free download for trial! Download (trial): http://www.ecodsoft.com/downloads/ecodsoft-keylogger.exe Cracked: http://hotfile.com/dl/55138752/3f23002/Ecodsoft_Keylogger_v2.1_Incl_Keygen.rar.html http://rapidshare.com/files/407237493/Ecodsoft_Keylogger_v2.1_Incl_Keygen.rar http://www.megaupload.com/?d=XUZZVJEE http://www.sharingmatrix.com/file/13110521/Ecodsoft%20Keylogger%20v2.1%20Incl%20Keygen.rar Sau: http://hotfile.com/dl/35432952/d44dc4c/REGGOLYEKTFOSDOCE212121.rar.html PASSWORD: smartworld

Inside the Windows Vista Kernel: Part 1 http://technet.microsoft.com/en-us/magazine/2007.02.vistakernel.aspx Inside the Windows Vista Kernel: Part 2 http://technet.microsoft.com/en-us/magazine/2007.03.vistakernel.aspx Inside the Windows Vista Kernel: Part 3 http://technet.microsoft.com/en-us/magazine/2007.04.vistakernel.aspx Inside the Windows Vista Kernel http://technet.microsoft.com/en-us/library/cc748650.aspx