Jump to content

Search the Community

Showing results for tags 'file'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL










  1. Salut! Recent, eu impreuna cu cateva persoane, am lansat un proiect fain. Este vorba de un site de File Upload & Sharing. Focusul principal este pe partea de video. Fisierele .mp4 putand sa fie redate intr-un player video (buffering deloc si un minim de reclame foarte safe). Serverele dedicate au acces la internet la viteze de 1Gbps ceea ce permite o viteza foarte buna de download si upload. Nu exista timp de asteptare pentru download, si nu exista viteze limitate de download sau upload. Puteti arunca o privire pe yucloud.co Astept parerile voastre .
  2. ------------------------------------------------- Russian thread google translated: ------------------------------------------------- Neutrino Bot - The main functional * HTTP (S) flood (methods GET \ POST) * Smart DDoS * AntiDDOS flood (Emulation js \ cookies) * Slowloris flood * Download flood * TCP flood * UDP flood * Loader (exe, dll, vbs, bat ... + can specify parameters for running the file) * Keylogger (Multilanguage) (support for virtual keyboards (removal of screenshots in the clique size 60x60)) (possibility to monitor the specified window) * Command shell (remote command e
  3. The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04 [1]. If you don't want to update your kernel and you don't use overlayfs, a viable workaround is to just remove or blacklist overlayfs.ko / overlay.ko. Details ============================
  4. Static Malware Analysis Starting here, I would like to share the results of my recent research into malware analysis. We will begin with some basics and proceed to advanced levels. In this first installment, we will discuss the techniques involved in static analysis of malware. I will also include some files for illustrative purposes in this document. Before we directly move onto the analysis part, let us set up context with some definitions. What is Malware? Malware is any software that does something that causes detriment to the user, computer, or network—such as viruses, trojan horses, wo
  5. When performing a Web Application Security Assessment, an important step is Fingerprinting which allows for further exploitation by an attacker. So as a security researcher/pentester, we should do well at fingerprinting the web server, which gives lot of information like application name, software version, web server info, OS, and more. This helps for known vulnerabilities, researching vulnerabilities and exploiting. So here I will discuss some techniques which are required for this task: Finger Print Methodology How to perform this activity: obviously for an attacker there is no hard and fast
  6. Hi all?? Baidu Security Team found a vulnerability in extjs,with this vulnerability we can read arbitrary file and request internal http services File: /examples/feed-viewer/feed-proxy.php line:3-line:6 $feed = $_REQUEST['feed']; if($feed != '' && strpos($feed, 'http') === 0){ header('Content-Type: text/xml'); $xml = file_get_contents($feed); When we request like this url http://dev.sencha.com/extjs/5.0.0/examples/feed-viewer/feed-proxy.php?feed= if the resource exist,we can get internal http services info ??strpos($feed, 'http') === 0?? we can re
  7. TCPDF library Universal POI Payload to Arbitrary File Deletion [+] Author: Filippo Roncari [+] Target: TCPDF library [+] Version: <= 5.9 and probably others [tested on v5.9] [+] Vendor: http://www.tcpdf.org [+] Accessibility: Remote [+] Severity: High [+] CVE: n/a [+] Advisory URL: n/a [+] Contacts: f.roncari@securenetwork.it / f@unsec.it [+] Summary TCPDF library is one of the world's most used open source PHP libraries, included in thousands of CMS and Web applications worldwide. More information at: http://en.wikipedia.org/wiki/TCPDF. A universal Object Injection payload for vulnerabl
  8. MasterLight


  9. Security researchers are warning PC users in Australia to beware of new Breaking Bad-themed ransomware demanding up to $1000 AUD ($796 USD) to decrypt essential computer files. The attacks typically arrive in the form of a malicious zip archive which takes the name of a famous delivery firm as its file name, according to Symantec. The AV giant continued in a blog post: “This zip archive contains a malicious file called ‘PENALTY.VBS’ (VBS.Downloader.Trojan) which when executed, downloads the crypto ransomware onto the victim’s computer. The threat also downloads and opens a legitimate .pdf file
  10. Apparently harmless document files that contain a malicious macro are commonly used by cybercriminals to distribute malware. However, malicious actors continue to improve their methods in an effort to evade detection. Security researcher Bart Blaze has come across a bogus invoice spam email apparently containing a Microsoft Word document (.doc). When the document is opened, if macros are not enabled, the user is instructed to enable macros in order to view the content. Once macros are enabled, the victim is presented with an image, while in the background a piece of malware is downloaded onto
  11. Make sure to run in sandboxie i cracked it via vm and did not do further analysis. For new people at crypting upload to refud.me/scan.php to prevent detections crypted file : reFUD.me - Results crypter exe file :https://www.virustotal.com/nl/file/92f783d16a5690d2895dff345aaffcdb2650e9979e297fdb0ec7ac1ece2a972b/analysis/1431128644/ download link crypter here : have fun
  12. Cineva tot imi cerea cont premium si am uitat cine, Account type: Premium Premium expires: 2015.07.21 (75 days) File stored total: 0 B Used traffic (today): 968.8 MB Available traffic (today): 19.1 GB Keep2Share.cc Pm!
  13. Document Title: =============== PDF Converter & Editor 2.1 iOS - File Include Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1480 Release Date: ============= 2015-05-06 Vulnerability Laboratory ID (VL-ID): ==================================== 1480 Common Vulnerability Scoring System: ==================================== 6.9 Product & Service Introduction: =============================== Text Editor & PDF Creator is your all-in-one document management solution for iPhone, iPod touch and iPad. It can catch documen
  14. In this article we will learn about the one of the most overlooked spoofing mechanisms, known as right to left override (RTLO). What is RTLO? RIGHT TO LEFT OVERRIDE is a Unicode mainly used for the writing and the reading of Arabic or Hebrew text. Unicode has a special character, U+202e, that tells computers to display the text that follows it in right-to-left order. This vulnerability is used to disguise the names of files and can be attached to the carrier like email. For example, the file name with ThisIsRTLOfileexe.doc is actually ThisIsRTLOfiledoc.exe, which is an executable file with a U
  15. The mobile encryption app NQ Vault has been in the news for bad reasons. Mobile encryption apps are commonly used to prevent access to sensitive data on the phone (such as images, videos, documents and so on). These encryption apps usually offer a vault with your desired password. You can push any secret files to this vault and they would be secure, as the data present in vault is encrypted and would decrypt only when the correct password is entered. The NQ Vault app is one such mobile encryption app which boasted that it “encrypts” and secures your confidential files. All this has now become
  16. The Zero Access trojan (Maxx++, Sierief, Crimeware) has affected millions of computers worldwide, and it is the number one cause of cyber click fraud and Bitcoin mining on the Internet. Once the trojan has been delivered into the system, it begins to download many other types of malware that can each cause a great deal of damage to an organization. The trojan’s primary infection vector is spam mail and exploits kits, but it can also be distributed by P2P file sharing services and fake cracks and keygens. The trojan is unique in the fact that it connects to a P2P botnet chain that makes it very
  17. SOP Bypassing in Safari To help you understand better, http://httpsecure.org and file://httpsecure are both treated as a different origin. The Safari browser (IOS and MAC) version 6.0.2 does not enforce the same origin policy when you need to access a local resource. When an attached HTML file tries to open using the file scheme, the JavaScript code contained within can bypass the SOP and start two –way communications with different origins. Consider the following page: <html> <body> <h1> I'm a local file loaded using the file:// scheme </h1> <script> xhr = new X
  18. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Novell ZENworks Configuration Management Arbitrary File Upload', 'Description' => %q{ This module exploits a file upload vulnerability in Novell ZENworks Configuration Management (ZCM, which is part of the ZENworks Suit
  19. #!/usr/bin/python # Crappy PoC for CVE-2015-3337 - Reported by John Heasman of DocuSign # Affects all ElasticSearch versions prior to 1.5.2 and 1.4.5 # Pedro Andujar || twitter: pandujar || email: @digitalsec.net # Tested on default Linux (.deb) install /usr/share/elasticsearch/plugins/ import socket, sys print "!dSR ElasticPwn - for CVE-2015-3337\n" if len(sys.argv) <> 3: print "Ex: %s [url]www.example.com[/url] /etc/passwd" % sys.argv[0] sys.exit() port = 9200 # Default ES http port host = sys.argv[1] fpath = sys.argv[2] def grab(plugin): socket.setdefaulttimeou
  20. # Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate Product Catalogue 3.1.2 # Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category", inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/" # Date: 22/04/2015 # Exploit Author: Felipe Molina de la Torre (@felmoltor) # Vendor Homepage: https://wordpress.org/plugins/ultimate-product-catalogue/ # Software Link: https://downloads.wordpress.org/plugin/ultimate-product-catalogue.3.1.2.zip # Version: <= 3.1.2, Comunicated and Fixed by the Vendor in 3.1.5 # Tested on: Linux 2.6, P
  21. scan info link here : reFUD.me - Results download link here : I hope this link works
  22. ArkDasm ArkDasm is a 64-bit interactive disassembler and debugger for Windows. Supported file types: PE64, raw binary files. Supported processor: x64 architecture (Intel x64 and AMD64) ArkDasm is released as Freeware. Current version: 1.0.0 (April 19, 2015) Main features: parsing PE32+ imports, exports, resources subroutine stack data (arguments, local variables) recognition loading local debug symbols (.pdb file) using DIA multiline comments support bookmarks support python script support possibility to save, load database What's new: added debugger capabilities added new commands: bp,
  23. Erroare: An unhandled exception of type 'System.IO.FileNotFoundException' occurred in System.Windows.Forms.dll Additional information: Could not load file or assembly 'TCtrl Connection, Version=, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified. Source: Imports Admin_Tool_4s Public Class Form2 Dim TCTRLCon As Connection Private Sub Button8_Click(sender As Object, e As EventArgs) Handles Button8.Click TCTRLCon.Kick(TextBox1.Text) End Sub Private Sub Form2_Load(sender As Object, e As EventArgs) Handles
  24. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::HTTP::Wordpress include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info( info, 'Name' => 'Wordpress SlideShow Gallery Authenticated File Upload', 'Description' => %q{ The Wordpress SlideShow Gallery plugin contains an authenticated file upload vulnerability. We can up
  25. ################################################################################################## #Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility #Author : Manish Kishan Tanwar AKA error1046 #Home Page : https://wordpress.org/plugins/i-dump-iphone-to-wordpress-photo-uploader/ #Download Link : https://downloads.wordpress.org/plugin/i-dump-iphone-to-wordpress-photo-uploader.1.8.zip #Date : 9/04/2015 #Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi #Discover
  • Create New...