pr00f
Active Members-
Posts
1207 -
Joined
-
Last visited
-
Days Won
11
Everything posted by pr00f
-
Lista mai mare pe http://web.textfiles.com/ezines/, probabil sa fie si mirrors. Iar aici altele cached https://web.archive.org/web/20120426235852/http://www.gonullyourself.org:80/ezines/
- 1 reply
-
- 3
-
hcpxread is an interactive tool made to view, parse, and export .hccapx files. You can learn more about the HCCAPX format from the official docs. Long story short, Features Interactive menu Reads and outputs AP data Shows summary of the loaded access points Usage $ go get github.com/vlad-s/hcpxread $ hcpxread _ _ | |__ ___ _ ____ ___ __ ___ __ _ __| | | '_ \ / __| '_ \ \/ / '__/ _ \/ _` |/ _` | | | | | (__| |_) > <| | | __/ (_| | (_| | |_| |_|\___| .__/_/\_\_| \___|\__,_|\__,_| |_| Usage of hcpxread: -capture file The HCCAPX file to read -debug Show additional, debugging info Note: debugging will disable clearing the screen after an action. Example $ hcpxread -capture wpa.hccapx INFO[0000] Opened file for reading name=wpa.hccapx size="6.5 KB" INFO[0000] Searching for HCPX headers... INFO[0000] Finished searching for headers indexes=17 INFO[0000] Summary: 17 networks, 0 WPA/17 WPA2, 16 unique APs 1. [WPA2] XXX B0:48:7A:BF:07:A4 2. [WPA2] XXXXX 08:10:77:5B:AC:ED ... 17. [WPA2] XXXXXXXXXX 64:70:02:9E:4D:1A 99. Export 0. Exit network > 1 Key Version |ESSID |ESSID length |BSSID |Client MAC WPA2 |XXX |3 |B0:48:7A:BF:07:A4 |88:9F:FA:89:10:2E Handshake messages |EAPOL Source |AP message |STA message |Replay counter match M1 + M2 |M2 |M1 |M2 |true ... Asciicast https://asciinema.org/a/H4pUedh9z9sLHH5iZuWouxeZU Github https://github.com/vlad-s/hcpxread
-
https://www.it-sec-catalog.info/ Available from https://it-sec-catalog.info/ and https://www.gitbook.com/book/arthurgerkis/it-sec-catalog. About this project This is a catalog of links to articles on computer security — software and hardware analysis and vulnerability exploitation, shellcode development and security mitigations, including computer security research, and malware stuff. Slides are not included (there is other project for that). Advisories without much details are also not included. All articles are only in English. Project is running since 2010. Author and contributors Author of this project: Arthur (ax330d) Gerkis, contributors: Nitay Artenstein, Joe (j0echip) Chip. Thanks to everyone who helped with the project.
- 1 reply
-
- 8
-
Introducing 306 Million Freely Downloadable Pwned Passwords
pr00f posted a topic in Stiri securitate
Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which require authentication to move into the modern era of how we think about protecting accounts. In that post, I talked about NIST's Digital Identity Guidelines which were recently released. Of particular interest to me was the section advising organisations to block subscribers from using passwords that have previously appeared in a data breach. Here's the full excerpt from the authentication & lifecycle management doc (CSP is "Credential Service Provider"): NIST isn't mincing words here, in fact they're quite clearly saying that you shouldn't be allowing people to use a password that's been breached before, among other types of passwords they shouldn't be using. The reasons for this should be obvious but just in case you're not fully aware of the risks, have a read of my recent post on password reuse, credential stuffing and another billion records in Have I been pwned (HIBP). As I read NIST's guidance, I realised I was in a unique position to help do something about the problem they're trying to address due to the volume of data I've obtained in running HIBP. https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/ https://haveibeenpwned.com/Passwords- 1 reply
-
- 5
-
https://www.humblebundle.com/books/cybersecurity-wiley Social Engineering: The Art of Human Hacking The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation Threat Modeling: Designing for Security Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition Cryptography Engineering: Design Principles and Practical Applications The Art of Deception: Controlling the Human Element of Security The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code Unauthorised Access: Physical Penetration Testing For IT Security Teams Secrets and Lies: Digital Security in a Networked World, 15th Anniversary Edition CEH v9: Certified Ethical Hacker Version 9 Study Guide Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition // Removed - Am scos link-ul celalalt Ce scrie acolo: "Support charity". Preturile sunt foarte mici, oricine isi poate permite. // Nytro
- 1 reply
-
- 2
-
netattack - Scan and Attack Wireless Networks
pr00f replied to Fi8sVrs's topic in Wireless Pentesting
pana sa compilezi aircrack care-i ditamai chestia, ca sa faci DOAR deauth (posibil sa poti compila direct ala de deauth, nu stiu), e mai usor sa lasi python-ul sa-ti interpreteze codul de mai sus. plus ca daca scrii cacaturi de genul, inveti 1) cum sa scrii cacatul pe care vrei sa-l implementezi in limbajul x, 2) cum functioneaza cacatul pe care-l scrii (in anumite cazuri) si 3) si cum sa implementezi cat mai bine cacatul y. my 2c. -
https://virustotal.com/en/file/539613fea4aacc576de2ef99ed13f896ba9069899f8f3eebea88ec7a136dbfa1/analysis/1499690941/ https://malwr.com/analysis/MjdhN2E4ZWMwNzc1NDZiMzk3NjJkOTMyYmE0ZTI4NmE/ λ strings SQLi\ Dumper\ 9.2.1\ Cracked.exe|awk '/DOS/' !This program cannot be run in DOS mode. !This program cannot be run in DOS mode. get_IsDOSEntry IsDOSEntry !This program cannot be run in DOS mode.
-
I'll just start this post with stating that I'm not doing this with malicious intents, nor am I going to use this for other purposes than learning, or advice using this on servers others than your own. That being said, let's get down to business. Why a SSH brute-forcer? Because too many people are still using password authentication with weak passwords. There are still many servers with sshd open with the default port exposed to internet, using accounts with weak passwords. Have a RaspberryPi? Put it on the Internet! Just take a look over Shodan's raspbian with port 22 query. It's crazy. We're kinda fighting fire with fire. Why Go? Because it's awesome, it's static typed, it's fast, has a big and very useful default library... did I mention it's awesome? And also because I'm on my journey learning Go, and this way I can learn how to use channels, ssh connections, and so on. How can I protect against this? For a start, edit /etc/ssh/sshd_config to disable password authentication and root login. A basic setup means: Changing the default port - many brute-forcers do not scan every port on the machine just to find an SSH server, they just check for port 22. Disable root login - if, by any chance, you need to be able to login as root remotely, use public key authentication. Disable password authentication - I can't stress this enough; just do it. Everyone can and should use public key authentication instead of password authentication. A passphrase is a big plus. Something to start your journey with: Port 2244 PermitRootLogin no #PermitRootLogin without-password #if you need pubkey root login PubkeyAuthentication yes PermitEmptyPasswords no PasswordAuthentication no This post assumes basic Go knowledge, and is not meant towards complete newbie gophers. I am a rookie myself, and currently trying to improve this. For testing, I’ve included a Dockerfile along the project for building a simple testing environment, but more on this at the end. Github: https://github.com/vlad-s/gofindssh Sursa: https://medium.com/@0x766c6164/writing-a-simple-ssh-brute-forcer-in-go-19c4f928cd3b
-
Introduction This repository contains a library that allows native Linux programs to load and call functions from a Windows DLL. As a demonstration, I've ported Windows Defender to Linux. $ ./mpclient eicar.com main(): Scanning eicar.com... EngineScanCallback(): Scanning input EngineScanCallback(): Threat Virus:DOS/EICAR_Test_File identified. What works? The intention is to allow scalable and efficient fuzzing of self-contained Windows libraries on Linux. Good candidates might be video codecs, decompression libraries, virus scanners, image decoders, and so on. C++ exception dispatch and unwinding. Loading additional symbols from IDA. Debugging with gdb (including symbols), breakpoints, stack traces, etc. Runtime hooking and patching. Support for ASAN and Valgrind to detect subtle memory corruption bugs. If you need to add support for any external imports, writing stubs is usually quick and easy. Why? Distributed, scalable fuzzing on Windows can be challenging and inefficient. This is especially true for endpoint security products, which use complex interconnected components that span across kernel and user space. This often requires spinning up an entire virtualized Windows environment to fuzz them or collect coverage data. This is less of a problem on Linux, and I've found that porting components of Windows Antivirus products to Linux is often possible. This allows me to run the code I’m testing in minimal containers with very little overhead, and easily scale up testing. This is just personal opinion, but I also think Linux has better tools. ¯\_(ツ)_/¯ Windows Defender MsMpEng is the Malware Protection service that is enabled by default on Windows 8, 8.1, 10, Windows Server 2016, and so on. Additionally, Microsoft Security Essentials, System Centre Endpoint Protection and various other Microsoft security products share the same core engine. The core component of MsMpEng responsible for scanning and analysis is called mpengine. Mpengine is a vast and complex attack surface, comprising of handlers for dozens of esoteric archive formats, executable packers, full system emulators for various architectures and interpreters for various languages. All of this code is accessible to remote attackers. Source: https://github.com/taviso/loadlibrary
- 1 reply
-
- 2
-
L-am furat eu, sa traiesti
-
Bundle complet de la Humble Bundle - https://www.humblebundle.com/books/python-book-bundle https://mega.nz/#!Y5F2AChA!iUCTpd6hyZJnk-nzsjuQulmGxhk_rU4O8tEnqSuK040
-
- 3
-
Alternativa cu jQuery (function() { $('.dash-to-slash').on('keyup', function (e) { $(this).val($(this).val().replace(/-/, '/')); }); })() @costi naming-ul tau spune 'replaceAllDashes', dar ii dai dash-ul ca parametru. Plus ca nu rescrii input-ul, ci-l adaugi in DOM.
-
Daca poti sa arunci la mine cu astea doua, fac un pomelnic cu numele tau.
-
http://forensicswiki.org/wiki/Main_Page Iar ca software ok open source ai foremost http://foremost.sourceforge.net/
-
Salut,
In legatura cu postarea ta:
Quoteam reusit in 2-3 zile sa le trag aproape pe toate de pe isohunt. Daca e le voi pune in urmatoarele zile pe megaupload.
Pentester Academy – Android Security and Exploitation for Pentesters
Pentester Academy Python for Pentesters
Pentester Academy Exploiting Simple Buffer Overflows on Win32
Pentester Academy assembly Language and Shellcoding on Linux x86_64
Pentester Academy Network-Pentesting
Pentester Academy - Web Application Pentesting + Javascript for Pentesters
Pentester Academy USB-Forensics-and-PentestingSunt si eu interesat de:
- Pentester Academy Python for Pentesters
- Pentester Academy Network-Pentesting
- Pentester Academy - Web Application Pentesting + Javascript for Pentesters
- Pentester Academy USB-Forensics-and-Pentesting
Ai putea sa-mi lasi un link de mega? Le pot tine apoi pe un VPS/torrent.
Multumesc.
-
Hint, ce vrei tu sa faci se numeste concatenare. Tu faci deja asta: "https://blockchain.info/q/getreceivedbyaddress/".$btcaddress Adica: "text" . $variabila Iar tu ai nevoie de: "text" . $variabila . "text in continuare" Respectiv, $mech->get("https://blockexplorer.com/api/addr/".$btcaddress . "/balance");
-
http://thehackernews.tradepub.com/free/w_wile229/prgm.cgi?a=1 https://mega.nz/#!w1twHIYK!vCxN4nTn8To-3SrIr8QozVBWX6J3qkQaeskWHE7EvMs
- 1 reply
-
- 2
-
Daca functioneaza ROM-urile de M8 pe M8s, incearca Android Revolution HD. L-am folosit pe Sensation si M7, este configured stock. https://forum.xda-developers.com/showthread.php?t=2694917
-
Uite asa:
-
Link-ul e de adf.ly care duce catre http://www.girlshare.ro/3489673753.5 λ wc -l girlshare.ro_adrese\ de\ email.txt 395 girlshare.ro_adrese de email.txt E bataie de joc.
-
Hi You recently downloaded a trial version of Acunetix. We are pleased to inform you that the manual web pen testing tools previously available in the paid product, are now being offered free of charge to download. Included in this suite of Manual Tools are: HTTP Editor - to create, analyze and edit client HTTP requests; as well as inspect server responses. HTTP Sniffer - to analyze HTTP requests and responses, and edit these while they are in transit. HTTP Fuzzer - to automatically send a large number of HTTP to test input validation and handling of invalid data by the web application. Blind SQL Injector - to test Blind SQL Injection vulnerabilities further Subdomain Scanner - to discover subdomains configured in its hierarchy and identifies any wildcard characters Target Finder - An IP range / port scanner which can be used to discover running web servers on a given IP or within a specified range of IPs. Authentication Tester - to test the strength of both usernames and passwords within HTTP and web forms authentication environments via a dictionary attack. Find out more in our Press Release DOWNLOAD the Free Manual Pen Testing Tools Today! Kind regards, Ian Muscat Product Communications Manager Acunetix
-
- 3
-
Vă mai amintiţi de laptopul cu 3 ecrane prezentat de Razer la CES
pr00f replied to Nytro's topic in Stiri securitate
Un prototip Motorola a fost pe olx. http://www.androidpolice.com/2017/01/09/stupid-person-trying-sell-moto-g5-plus-prototype-romania/