alien

"ai tastat un numar gresit" deci fake, ca eu stiu din surse mai sigure ca am telefonul ascultat.

Hai ca mi-a placut de ala: "Hackeri sunt ... prea grei! Profesori...". Asa da, un pic de respect!

Tocmai a bootat pe RaspberryPI

Bun. Si ce siguranta am eu sa-mi bag toate datele personale intr-o aplicatie luata de pe un site de hacking? Mie, cel putin, open source imi inspira incredere.

De ce nu publicati codul sursa, open source? Daca tot e gratis.

Foarte curat codul. Recomand sa aruncati un ochi pe el. O sa-l compilez sa vad cum se comporta, din ce am vazut din cod nu ar avea ce sa nu mearga la el. E simplu si eficient

Nu.

wtf???

Stiri din domeniu gasesti aici: https://rstforums.com/forum/stiri-securitate.rst Multa bafta lui Tex!

Exista metoda anonima de plati online folosind LR.

Apropo de coding style, cred ca am mai postat pe aici. E un site ce cuprinde o gramada de standarduri de la management, interface, websites, database, naming convetions. SSW Rules to Better ...

Daca nu scrieti cod ca robotii o sa vedeti ca aveti timp si de documentatie. Eu nu pot sa sufar programatorii care merg pe conceptul "code first, think later". Recunosc, cateodata poate sa fie mai rapid. Dar de cele mai multe ori ajungi in situatia de a implementa un lucru de 10 ori: code, code, code, compile, test, recode, recode, recode, compile, test etc... Dar daca incepi cu un mic design, iti aranjezi putin structura(descri functii, proprietati etc), scri documentatie care sa evidentieze functionalitatea si apoi te apuci de implementarea propriuzisa o sa ai surpriza ca in final sa ai ceea ce se numeste "beautifull code". Si inca ceva: puteti ca ma tarziu sa ajungeti intr-o companie in care dati peste un besmetic ca mine care are tot dreptul sa va dea revert la codul la care ati muncit o zi intreaga intr-o secunda, doar pentru faptul ca nu e documentat sau ca nu se intelege.

Ce o sa ma mai distrez luni la munca! #define struct union #define else

Simple demo C# program made in college to demonstrate tree view file explorer. Poate va ajuta pe astia care sunteti anul 2 pe la info hg clone https://bitbucket.org/rokill3r/filetreeview using System; using System.Collections; using System.Windows.Forms; using System.Drawing; using System.IO; namespace cd_tree { public class FileTree : TreeView { public FileTree() { GenerateImage(); Fill(); } const int HD = 0; const int FOLDER = 1; const int GLMODEL = 2; const int OTHERS = 3; protected void GenerateImage() { ImageList list = new ImageList(); list.Images.Add(new Icon("ico/hd.ico")); list.Images.Add(new Icon("ico/folder.ico")); list.Images.Add(new Icon("ico/glmodel.ico")); list.Images.Add(new Icon("ico/otherfiles.ico")); ImageList = list; } public void Fill() { BeginUpdate(); string[] drives = Directory.GetLogicalDrives(); for (int i = 0; i < drives.Length; i++) { DirTreeNode dn = new DirTreeNode(drives[i]); dn.ImageIndex = HD; Nodes.Add(dn); } EndUpdate(); // modify the tree JIT BeforeExpand += new TreeViewCancelEventHandler(prepare); AfterCollapse += new TreeViewEventHandler(clear); AfterCheck+=new TreeViewEventHandler(prepare_check); } public void Open(string path) { TreeNodeCollection nodes = Nodes; DirTreeNode subnode = null; int i, n; path = path.ToLower(); nodes = Nodes; while (nodes != null) { n = nodes.Count; for (i = 0; i < n; i++) { subnode = (DirTreeNode)nodes[i]; if (path == subnode.Path) { subnode.Expand(); return; } if (path.StartsWith(subnode.Path)) { subnode.Expand(); break; } } if (i == n) return; nodes = subnode.Nodes; } } void prepare(object sender, TreeViewCancelEventArgs e) { BeginUpdate(); DirTreeNode tn = (DirTreeNode)e.Node; try { tn.populate(); EndUpdate(); } catch (Exception ex) { EndUpdate(); MessageBox.Show(ex.Message + "\n\n" + ex.StackTrace, "Problems"); } } void prepare_check(object sender, TreeViewEventArgs e) { BeginUpdate(); DirTreeNode tn = (DirTreeNode)e.Node; try { tn.Expand(); tn.populate(); EndUpdate(); } catch (Exception ex) { EndUpdate(); MessageBox.Show(ex.Message + "\n\n" + ex.StackTrace, "Problems"); } } void clear(object sender, TreeViewEventArgs e) { BeginUpdate(); DirTreeNode tn = (DirTreeNode)e.Node; tn.setLeaf(true); EndUpdate(); } public class DirTreeNode : TreeNode { string path; int type; public virtual string Path { get { return path; } } public DirTreeNode(string s) : base(s) { path = s.ToLower(); setLeaf(true); type = HD; ImageIndex = type; SelectedImageIndex = type; } DirTreeNode(string s, int aType) : base(new FileInfo(s).Name) { path = s.ToLower(); type = aType; ImageIndex = type; SelectedImageIndex = type; if (type == FOLDER || type == GLMODEL) setLeaf(true); } public bool IsSpecialFile(string s) { if (!s.EndsWith(".dll")) return false; ImageIndex = GLMODEL; return true; } internal void populate() { if (type != FOLDER && type != HD) return; ArrayList folder = new ArrayList(); ArrayList special = new ArrayList(); ArrayList other = new ArrayList(); string[] files = Directory.GetFileSystemEntries(Path); for (int i = 0; i < files.Length; i++) { FileAttributes fa = File.GetAttributes(files[i]); if ((fa & FileAttributes.Directory) != 0) folder.Add(new DirTreeNode(files[i], FOLDER)); else { if (IsSpecialFile(files[i])) special.Add(new DirTreeNode(files[i], GLMODEL)); else other.Add(new DirTreeNode(files[i], OTHERS)); } } bool ischecked = false; if (this.Checked == true) ischecked = true; // add the node Nodes.Clear(); foreach (DirTreeNode dtn in folder) { if (ischecked) dtn.Checked = true; Nodes.Add(dtn); } foreach (DirTreeNode dtn in special) { if (ischecked) dtn.Checked = true; Nodes.Add(dtn); } foreach (DirTreeNode dtn in other) { if (ischecked) dtn.Checked = true; Nodes.Add(dtn); } ImageIndex = type; } bool isLeaf = true; internal void setLeaf(bool { ImageIndex = type; Nodes.Clear(); isLeaf = b; if (IsExpanded) return; if (!isLeaf) return; Nodes.Add(new TreeNode()); } } } static class Program { /// <summary> /// The main entry point for the application. /// </summary> [STAThread] static void Main() { Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); Application.Run(new Form1()); } } }

I din this in college, 2nd year. I will search and post the code if I find it.

La mai multi!

Chiar domeniul meu. Mersi!

Da e detectat de AV Oricum interesant!

Eight Reasons C# is the Best Language for Mobile Development | Xamarin Blog JAVA can suck my balls!

Eu recomand SSW Rules to Better ... Si ca si old school general rule: "Maximum Line Width is 80 Characters!"

Si cum il rulezi? cu "./binar &" sa-l bagi in bg? Logheaza doar cheile din sesiunea unde e rulat? if (code != last) - nu o sa logheze chei consecutive?

Si un gram de noroc LE: dar oricum vulnerabilitatea este gasita recent, ceea ce demonstreaza ca inca se poate Date range: Initial report and the POC-link executing the XSS just by visiting: Dec 22 Explained the Dropbox-syncing and extended the scope regarding services and devices: Dec 27 Vulnerability fixed: Dec 28 Received message about the Bug Bounty: Dec 29

Big tutorial database covering most important Pentesting topics, from Armitage to SQL injection. Penetration Testing Tips & Tricks - PaulDotCom Security Weekly

This guy recently found a Stored XSS on Facebook worth 3500USD dollars. This is his story how he did it: I was actually working on finding flaws on Dropbox to begin with. I noticed that when using their web interface there were some restrictions on what filenames that were allowed. If you tried to rename a file to for example: '"><img src=x onerror=alert(document.domain)>.txt it was not possible. You got this error: The following character are not allowed: \/:?*<>"| But, if you instead, connected a local directory, created a file there and synced it, you got it inside Dropbox without any problems. Using this method I was able to find two issues with their notification messages showing unescaped filenames. I reported these issues to Dropbox, they patched it really fast and I was placed on their Special Thanks page for the responsible disclosure. It didn’t end here. As I was testing out this stuff on Dropbox, I also tried to figure out how this issue could be connected with other services. I noticed their Facebook-connection and got curious on how it worked. It turned out that they had a pretty nice function going on there: “Dropbox has teamed up with Facebook so that you can do cool things like add files from Dropbox to your Facebook groups or send shared folder invitations to your Facebook friends.” Nice! I created a group, and found the connection using the “Add File” icon on the Group wall: I selected the file that I synced to Dropbox, it was called: '"><img src=x onerror=alert(document.domain)>.txt and shared it. Nothing awesome happened except the file being shared. But then, I clicked the Share-link on the entry. BAM! The title of the entry was not escaped correctly and I was able to get the Stored XSS triggered. By using the files in my Dropbox I could inject script code that was executed on Facebook.com. I reported this to Facebook directly using their Whitehat Vulnerability Reporting system, told them it was an urgent issue and how I managed to get it executed. The issue was at that time only affecting the Share-popup inside the Group page and could only be triggered by user interaction, serious or not, it was clearly not affecting all users on Facebook. At the same time I started looking on the URL of this Share-popup: https://www.facebook.com/ajax/sharer/?s=44&appid=210019893730&p%5B0%5D=entry_id&p%5B1%5D=user_that_shared_it_first This URL did not work if you tried it stand-alone. That was good, the XSS issue looked like it could only be triggered by user interaction. But then I started googling and found that you were able to create a Share-URL by using this format: https://www.facebook.com/sharer/sharer.php? So I changed my URL to that format: https://www.facebook.com/sharer/sharer.php?s=44&appid=210019893730&p%5B0%5D=entry_id&p%5B1%5D=user_that_shared_it_first BAM again! If you were logged in into Facebook, the code was executed as soon as you visited the link. Bad. Really bad. I emailed Facebook again, explaining that you could actually trigger the XSS by only visiting a link. I was also trying out if I could get other services to behave in the same way. Dropbox and Facebook had this special connection, so I was curious if this issue was isolated or if I could reproduce it by using another service. Went to Pinterest. Created a Pin named: '"><img src=x onerror=alert(document.domain)> and shared it on Facebook using my test account. I pressed the Share button on it. I was amazed – it had the same issue. Facebook replied to me, asking me how I was able to place the files on Dropbox with that filename. I explained how this was done and also told them that the service that you shared from didn’t matter, it was a general issue with the escaping that created a vulnerable vector on the Share-page. They responded and said that it was indeed the same issue and they should look into it ASAP. In the meantime, I tried the link on different devices. My iPhone could not get the XSS executed. As soon as I visited the page, I was redirected to https://m.facebook.com and that page did not have the same issue. But I also realized that you could force Facebook to skip the redirect by using a parameter called m2w, so if I appended that to the URL: https://www.facebook.com/sharer/sharer.php?s=44&appid=210019893730&p%5B0%5D=entry_id&p%5B1%5D=user_that_shared_it_first&m2w I was able to trigger the URL on both mobile devices and on desktop. Another email to Facebook. One day after that I noticed that the POC-link did not work anymore, it was finally patched. I told them I could not reproduce it anymore and it looked like it was fixed. One day later I got this email: Source: Detectify Blog – How I got a $3,500 USD Facebook Bug Bounty