Nytro

Cred ca il aveam si eu in lista pe acel domn, i-am dat ignore, desigur.

http://msdn.microsoft.com/en-us/library/ms740673%28VS.85%29.aspx Functiile: http://msdn.microsoft.com/en-us/library/ms741394%28VS.85%29.aspx

Sub XP, bateria tine mai mult decat sub Windows 7 de Mina Hutterer | 13 noiembrie 2009 Desi noul sistem de operare Microsoft atrage printr-un design nou si o ergonomie mai buna decat Windows Vista (si cu siguranta mai atragatoare decat Windows XP), acei utilizatori care sunt mai interesati de durata de viata a bateriei este posibil sa prefere in continuare vechiul XP. O serie de teste realizate de Laptop Mag au demonstrat ca utilizatorii de netbook obtin o durata mai mare de activitate a bateriei in Windows XP decat in Windows 7. Testele au demonstrat ca bateriile netbook-urilor care ruleaza Windows XP au "tinut" cu 47 de minute mai mult decat cele ale netbook-urilor cu Windows 7. NU trebuie omis faptul ca W7 este un sistem de operare mai costisitor ca resurse decat venerabilul XP. Windows 7 ofera o interfata grafica plina de efecte si are mai multe procese care ruleaza in fundal, ceea ce explica durata mai scurta intre doua incarcari ale bateriei. Este posibil insa ca bateria sa tina mai mult sub W7 daca efectele grafice Aero si indexarea (care presupune acces frecvent la hard disk) sunt oprite.

Vazand cat de cautate inca sunt aceste coduri, am decis sa fac un pack cu ele. Le-am gasit pe 2 site-uri. Nu garantez ca nu sunt infectate, in nici un caz nu le-am testat. Am decis sa le postez pentru ca nu mai joc Counter-Strike de mult timp. Descarcand aceste coduri, iti demonstrezi singur ca esti ratat. Citeste Coduri.txt din arhiva. Codurile sunt: -rw-rw-rw- 1 root root 197275 2009-11-15 20:33 AbsoHack 9.0.0.rar -rw-r--r-- 1 root root 105198 2009-11-15 20:26 Aim-Hack-Wall.zip -rw-r--r-- 1 root root 258545 2009-11-15 20:26 BaDBoYv4.2.zip -rw-r--r-- 1 root root 99226 2009-11-15 20:27 CDDisabler4.33.4b.rar -rw-r--r-- 1 root root 185892 2009-11-15 20:25 CN Hack Final.rar -rw-r--r-- 1 root root 1337042 2009-11-15 20:27 CS_OGCFXv3.3.rar -rw-r--r-- 1 root root 81675 2009-11-15 20:25 HLGL2.rar -rw-r--r-- 1 root root 105763 2009-11-15 20:24 MPH Leis 05.rar -rw-r--r-- 1 root root 115338 2009-11-15 20:23 MPH UNHEIL Release 01 Leis r06.rar -rw-r--r-- 1 root root 460882 2009-11-15 20:27 OGCBeginsv11Publicv2.3.rar -rw-r--r-- 1 root root 10373 2009-11-15 20:25 OGC_Glhack27.rar -rw-r--r-- 1 root root 216387 2009-11-15 20:25 OGC_Owned.rar -rw-r--r-- 1 root root 117049 2009-11-15 20:25 OGZ_Remake.rar -rw-r--r-- 1 root root 199767 2009-11-15 20:24 Pure Ring0-Hack.rar -rw-r--r-- 1 root root 46181 2009-11-15 20:27 RingDingDing.rar -rw-r--r-- 1 root root 160021 2009-11-15 20:26 YaMH-v2.0.zip -rw-r--r-- 1 root root 142970 2009-11-15 20:25 YaMHCsCodNou.rar -rw-r--r-- 1 root root 91678 2009-11-15 20:27 aimbot.rar -rw-r--r-- 1 root root 146381 2009-11-15 20:25 biolaPEG.rar -rw-r--r-- 1 root root 532116 2009-11-15 20:25 bonns.rar -rw-r--r-- 1 root root 146381 2009-11-15 20:26 cs-biolapeg.rar -rw-r--r-- 1 root root 532116 2009-11-15 20:26 cs-bonns.rar -rw-r--r-- 1 root root 185892 2009-11-15 20:26 cs-cn-hack-final.rar -rw-r--r-- 1 root root 81675 2009-11-15 20:26 cs-hlgl2.rar -rw-r--r-- 1 root root 10373 2009-11-15 20:26 cs-ogc-glhack27.rar -rw-r--r-- 1 root root 216387 2009-11-15 20:26 cs-ogc-owned.rar -rw-r--r-- 1 root root 117049 2009-11-15 20:26 cs-ogz-remake.rar -rw-r--r-- 1 root root 20781 2009-11-15 20:26 cs-serenity-aimbot.rar -rw-r--r-- 1 root root 138298 2009-11-15 20:24 misanthrop hook v4.rar -rw-r--r-- 1 root root 20781 2009-11-15 20:25 serenity_aimbot.rar -rw-r--r-- 1 root root 136495 2009-11-15 20:26 super-simple-wall-v4.3.zip -rw-r--r-- 1 root root 36068 2009-11-15 20:26 unban-cs-16-scoate-ban-ul-de-pe-server.zip -rw-r--r-- 1 root root 302756 2009-11-15 20:27 ustlehookv1.o.rar Download: hxxp://www.speedyshare.com/files/19310755/Coduri.rar hxxp://www.netdrive.ws/252674.html Password: plm Enjoy copii fara viitor.

Cu placere. Concluzia e simpla: Daca nu ai ce face cu banii si vrei sa lucrezi in domeniul IT, fa acele cursuri. De fapt, cred ca vor fi utile si daca nu vei lucra in domeniul IT, dar banii tot trebuie sa ii dai.

Download: http://www.ngssoftware.com/papers/StoppingAutomatedAttackTools.pdf

Hacking CSRF Tokens using CSS History Hack Credits: http://securethoughts.com/2009/07/hacking-csrf-tokens-using-css-history-hack/ Update: Security researchers Sirdarckcat and Gareth were kind enough to share the code for a pure CSS based CSRF token finder here . This is stealthier than my PoC below, which used a combination of both JS and CSS. So, it will still work even if you disable javascript and you are not safe anymore . To make this PoC more responsive to the client, you need to use multiple CSS stylesheets using the import command. The only problem I see with this pure CSS based approach is there will be network latency involved with large key spaces because your large CSS stylesheet will need to be downloaded by your browser. I was thinking about the problem of Cross Site Request Forgery and current mitigation strategies used in the Industry. In many of the real world applications I have tested so far, I see the use of random tokens appended as part of url. If the request fails to provide any token or provide a token with incorrect value, then the request is rejected. This prevents CSRF or any cross domain unauthorized function execution. Uptil now, it was considered infeasible for an attacker to discover your CSRF token using Brute Force Attacks on the server. The reasons being: It generates lot of noise on the network and is slow. So most probably an IDS or Web App Firewall will pick up the malicious behavior and block your ip. For example, a Base16 CSRF token of length 5 characters (starting with a character) will generate approximately 393,216 requests. Many applications are programmed to invalidate your session after it detects more than a certain number of requests with invalid token values. E.g. 30. I am going to change this belief by showing you a technique to quicky find csrf tokens without generating alerts. This technique is a client side attack, so there is almost no network traffic generated and hence, your server and IDS/Web App Firewalls won’t notice it at all. This attack is based on the popular CSS History Hack found by Jeremiah Grossman 3 years ago. In this exploit, we discover the csrf token by brute forcing the various set of urls in browser history. We will try to embed different csrf token values as part of url and check if the user has visited that url. If yes, there is a good chance that the user is either using the same CSRF token in the current active session or might have used that token in a previous session. Once we have a list of all such tokens, we can just try our csrf attack on the server using that small list. Currently this attack is feasible for tokens with length of 5 characters or shorter. I tried it on a base16 string of length 5 and was able to brute force the entire key space in less than 2 minutes. Some of the prerequisites for this attack to work are either CSRF token remains the same for a particular user session. e.g. csrf token=hash(session_id) OR CSRF token submitted in older forms for the same session is accepted. Many times, this is the case as it enhances user experience and allows using forward and back browser buttons. Proof of Concept is available here. Before running the PoC, you need to change the url and csrftoken paramater values. For testing using the defaults, you need to first visit one of the following urls, e.g. SecureThoughts by Inferno [change b59fe to any 5-digit base 16 string starting with a character, i.e.greater than a0000] SecureThoughts by Inferno [which is 301 redirect to previous url]. Note: SecureThoughts by Inferno and SecureThoughts by Inferno are treated differently while storing in browser history. A sample run will look like this – For making this attack unfeasible, Server-Side Solution (for developers): Make your CSRF tokens long enough (8 or more chars) to be unfeasible for a CLIENT SIDE attack. The ever-increasing processing power will make this attack feasible for longer tokens as well. Store your CSRF token as part of hidden form field, rather than putting in url. Use a different random token for every form submission and not accept any obsolete token, even for the same session. [*]Client-Side Solution (for your customers/users): Use a browser plugin such as SafeHistory, which defends against visited-link-based tracking techniques. Use the private browsing mode in your browser. And last, but not the least, XSS obliterates all the CSRF protections possible. So, get rid of XSS first. I would like to thank Jeremiah for providing his insightful feedback on this post.

METASPLOIT UNLEASHED - MASTERING THE FRAMEWORK This free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals, we are proud to present the most complete and in-depth open course about the Metasploit Framework. This is the free online version of the course. If you enjoy it and find it useful, we ask that you make a donation to the HFC (Hackers For Charity), $4.00 will feed a child for a month, so any contribution is welcome. We hope you enjoy this course as much as we enjoyed making it. The "full" version of this course includes a PDF guide (it has the same material as the wiki) and a set of flash videos which walk you though the modules. Due to recent changes in the Metasploit Framework, and the ongoing development process, we are waiting for the MSF to stabilize and to have its full feature set to be implemented. We will announce the release of the MSFU videos once they are ready, Stay Tuned! http://www.offensive-security.com/metasploit-unleashed/

This is big kernel development pack with info about driver and rootkit programming on Windows and Unix. Guides\Books are in English and Russian There are also a lot of undocument NT functions Link: http://www.mediafire.com/?nyhmnvyazmn Pass: http://unkn0wn.ws/

While many ActiveX components are slowly being replaced with technologies considered more secure and/or web-mature, many developers still utililise ActiveX controls as a quick way to push advanced functionality out to web browsers. ActiveX security is based on digital signatures, if you trust the source of the component then it is safe to run the control. That said, when the control is run, it runs like any other Win32 desktop application and has access to the same resources, unlike Java, which executes inside a safe environment known as a “sandbox”, thus limiting what the Applet has access to. Well that’s how the sandbox works in theory at least. In other words, you better trust the authors of the ActiveX component. In this paper, I won’t be focusing on the ActiveX security model, but rather on the identification of vulnerabilities in the ActiveX control itself, not in the way the control interacts with its environment. This is an interesting topic, as the presence of such vulnerabilities could enable malicious individuals to compromise a user’s computer, simply by guiding them to a malicious web site. In other words, no actions, on the part of the user, are required for remote code execution. The paper can be viewed here: http://blog.sat0ri.com/wp-content/uploads/2009/08/Identifying-Vulnerabilities-in-ActiveX-Controls.pdf

Eu am cursurile de la o colega, dupa ce termin o carte ( pe care o "citesc" din februarie ) ma apuc de cursuri, dar invat ce e in ele, asa, pentru mine. Desigur, nu o sa am diploma, dar cred ca ma vor ajuta in viitor.

Au facut niste colegi ai mei, si acum nu stiu absolut nimic, de fapt niciodata nu au stiut, dar toti le-au luat pentru ca examenele se dau astfel: se da mai intai ce trebuie sa inveti, apoi examenul se da pe Internet, pe site-ul lor cred. Asta inseamna ca in afara cursurilor pe care le ai pe foi si foile le ai in fata, mai poti cauta si pe Google, sau intreba pe cineva pe messenger. Practic, nu e nevoie sa citesti niciodata cursurile, decat te uiti la titluri si sub-titluri ca sa sti unde sa cauti ulterior.

Ban permanent, nu suport jegurile care vorbesc de rau pe la spate. Macar sa spuna in fata si sa aduca niste argumente. Ban permanent. S-a facut de ras deja, a demonstrat ca e ratat.

Nu poti sa vezi. Dar daca preiei intrebarea, o hash-uiesti, claculezi valoarea md5 pentru ea si o cauti apoi in baza de date unde gasesti raspunsul.

Salut, bine ai venit.

E un ratat asta, are ban. Doar un alt script kiddie. Desigur, ce are nu sunt gasite de el, le gaseste pe cine stie ce site-uri si incearca sa le vanda.

Si ce sa facem cu ele? Sa cautam SQL Injection cand stim ca deja e SQL Injection, noi sa exploatam? Mi se pare o prostie sa cauti site vulnerabil dupa un dork. A, da, putem apoi posta la ShowOff demonstrand ca suntem "lit"...

Uite ca sunt si ratati straini. Ban permanent! Script kiddie. Trashed.

Acest topic mi-a schimbat viata. Pana sa citesc raspunsurile unor oameni extrem de inteligenti de aici eram un tocilar care statea toata ziua in calculator si care nu socializa. Sau cel putin asta am inteles, ca daca nu te droghezi, nu te imbeti si nu fumezi, nu sti sa te distrezi, nu iti traiesti viata, nu socializezi. Cand ma duc la cate o petrecere, o sa ma imbat ca porcul si o sa fiu foarte sociabil ( PS: sunt cateva persoane cu care ma inteleg mult mai bine cand sunt beat ). In plus o sa fiu mai smecher, deoarece nu o sa ma imbat din 2 beri, si le pot arata prietenilor mei care si ei se chinuie sa arate cat de mult pot bea fara sa se imbete, ca pot sa beau pe nerasuflate o sticla de votka. A, da, daca intru in coma alcoolica si mor, sa imi scrieti pe cruce: "asta a baut o sticla de votka pe nerasuflate", sa sa stie lumea cand trece prin cimitir pe langa ce om trece. Cat despre iarba, am avut curiozitatea si ocazia de a fuma marijuana ( nici nu stiu cum se scrie ), dar nu am facut-o. Inca un motiv pentru care nu sunt sociabil. Desigur, pot incerca si prostii de la astfel de shop-uri, pe care niste oameni care stau toata ziua in fata calculatorului vor sa le inchida, asa, fara motiv cred. Ma baieti, nu cred ca ati baut cat mine si nu cred ca ati patit cate am patit eu. Vi se pare frumos sa mergeti la o petrecere, si dimineata urmatoare sa va povesteasca cineva cum vomitati ( in cazul meu, chiar mama, dar am vomitat acasa - doar de 2 ori am vomitat din bautura. Si nu mi se pare ceva cool ceea ce am facut. Incercati sa faceti acest lucru, pe care am incercat si eu sa il fac, si care partial mi-a iesit. Puneti-va intrebarea: "Ba, oare nu pot sa ma distrez si fara sa fiu ranga? In plus o sa fiu constient de ceea ce o sa fac, si o sa pot rade de cei care se dau in spectacol, rupti de beti". Si incercati sa nu mai beti, sau faceti ca mine, beti, dar nu mult, doar asa, sa va incalziti. Si o sa vedeti ca va puteti distra si asa. Da, dar nu o sa puteti face toate porcariile pe care le faceati beti si care vi se pareau cool, dar care amuzau "audienta", pe cei treji. Inca ceva: nu stiu de ce, dar am o banuiala ca voi vorbiti numai ca sa va aflati in treaba. Am o banuiala ca nu sunt mai mult de 2 care au testat ceva de la acele shop-uri, dar toti sunteti experti in ele. Eu o sa raman acelasi nesociabil ca pana acum. Tigari nu am fumat decat 2 cand eram beat, dar imi aduc aminte ca nu mi-au placut deloc, dar toata lumea funa, si vezi Doamne, nu eram ca ceilalti. In rest doar ce am mai tras cate un fum sau doua, treaz, si la fel, nu mi-a placut deloc. Droguri sau prostii de la astfel de shop-uri nu am incercat si nu o sa incerc niciodata, chiar daca voi parea in fata unor smecheri un nesociabil. PS: Ne auzim peste ani de zile, sa vedem in ce stare va fi fiecare.

In legatura cu bautura stiu cum e. Dar aici nu e vorba de bautura, nu poti compara bautura cu drogurile. Desigur, poti ajunge si alcoolic, asta in timp, dar se poate. Sa zicem ca o faci o data ( ma refer la prostiile astea de ierburi ), si daca iti place, dar sti ca iti face rau ce faci, mai iei? Cred ca da... Si asa se ajunge la dependenta.

RO: Acelasi tutorial, tradus in limba engleza. Thanx SENEQ_o. EN: A simple way to use an XSS to bypass the CSRF tokens protection. Download: Exploit-DB: http://www.exploit-db.com/download_pdf/13534 Doc: http://rapidshare.com/files/305520964/Using_XSS_to_bypass_CSRF_protection.doc http://www.netdrive.ws/250900.html http://www.speedyshare.com/668569907.html PDF: http://rapidshare.com/files/305521026/Using_XSS_to_bypass_CSRF_protection.pdf http://www.netdrive.ws/250901.html http://www.speedyshare.com/545648837.html

De acord cu black. Voi beti, fumati si va drogati pentru a fi mai "smecheri", mai "cool". Ei bine nu sunteti. Deloc. Poate sunteti pentru pretenii vostrii care fac acelasi lucru, iar voi nu faceti decat sa ii imitati ca maimutele. Va stricati singuri viata.

http://www.aircrack-ng.org/ Dar nu stiu daca merge si pentru WPA2.

for i = 0; i < 10; i++ {} // Valid for (i = 0; i < 10; i++) {} // INVALID Hmmm...

De cand ma stiu: Salam, Guta, Denisa, Copilu' de aur etc.