Jump to content

Search the Community

Showing results for tags 'program'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. Salut, am facut un program care posteaza singur in Grupurile de pe Facebook Sunt 3 fisiere : 1. grupuri.txt - aici pui link catre grupuri 2. text.txt - aici va fi textul de postat 3. config.txt - momentan aici se pot seta nr de secunde de asteptat intre postari Astept pareri si ce imbunatatiri sa-i adaug. Inca nu e gata, voi pune link de download cand este gata. Si cred ca o sa-l las pe consola momentan, fara interfata.
  2. Zemana AntiMalware 2 reprezinta un antivirus complementar, bazat pe tehnologia cloud ce iti protejeaza calculatorul impotriva tuturor amenintarilor de tip malware: virusi, troieni, adware, spyware, etc. Te ajuta in a indeparta aplicatiile nedorite, toolbarurile inutile, sau extensiile nedorite din browser, folosind mai multe motoare de scanare. Poti folosi acest program alaturi de orice alt antivirus deja instalat in PC-ul tau. Gratie unei promotii speciale poti avea acest program gratuit cu licenta pe viata! Acceseaza acest link pentru a beneficia de oferta: Free Zemana AntiMalware 2 (100% discount) | Daily giveaways and discounts | SharewareOnSale -> Sursa: Zemana AntiMalware – licenta gratuita pe viata
  3. Salut tuturor, stie cineva un program gen sa poti trimite acelasi mesaj la mai multe persoane de odata? Ca din cate am vazut la yahoo, dupa vreo 2 mesaje cu 70 de persoane iti blocheaza contul.
  4. cine ma poate ajuta sa imi configurez utorrentul sa pot downloada in Anglia ?, mentionez ca nu merge deloc download-ul cu orice program as incerca sa downloadez , nici bitcomet , nici utorrent , nimic , se blocheaza la finding peers .
  5. Stie cineva un program prin care sa te conectezi la un proxy manual?, in trecut am folosit un ceva, da am uitat numele.....deci nu vreau un program din asta de vpn, vreau unul care sa bag eu proxy cu portul, si sa dau pe un buton de conectare si gata (cred ca se intelege).
  6. intentionez sa platesc un designer sa/mi faca designul la un proiect, dar inainte sa fac acest lucru ma gandesc sa fac o schita ceva cum sa faca siteul .. ca nu vreau sa ma lass in baza lui ca sigur nu iese cum vreau eu . cu ce program as putea face eu asa ceva ? exista un program simplu de folosit pentru asa ceva ?
  7. Salut . Imi cer scuze daca am esit sectiunea. As dori sa stiu daca exista vre-un program cu care pot schimba anumite date la un o anumita ora setata de mine. Mai exact este vorba despre un joc de manager de fotbal,unde as vrea sa schimb tactica exact inaintea orei de incepere a meciului.
  8. The NSA’s phone-snooping program is on its last legs after senators voted Tuesday to approve the USA Freedom Act, banning bulk collection of Americans’ data two years after the practice was revealed to the public by Edward Snowden. President Obama signed the bill late Tuesday, moving quickly to kick-start several Patriot Act powers that expired this weekend after senators missed a deadline for renewing them. But the bill, which cleared the Senate on a 67-32 vote, puts limits on a key power. Investigators still can demand businesses to turn over customers’ documents and records, but the data must be targeted to individuals or groups and cannot be done indiscriminately. The National Security Agency must end its snooping program within six months, forcing intelligence officials to set up a system that will leave the information with phone companies. Investigators will be able to submit a query only if they have a specific terrorism lead. “It’s the first major overhaul of government surveillance in decades and adds significant privacy protections for the American people,” said Sen. Patrick J. Leahy, a Vermont Democrat who led a two-year fight to end the NSA’s snooping. “Congress is ending the bulk collection of Americans’ phone records once and for all.” Supporters of the NSA program predicted that intelligence officials will not be able to get the same kinds of results if phone companies rather than government agencies hold the data. Senate Majority Leader Mitch McConnell, Kentucky Republican, said Mr. Obama will be blamed for weakening U.S. security and that the NSA program’s end was in line with the president’s opposition to detaining suspected terrorists at Guantanamo Bay, Cuba, and failing to confront the Islamic State. “The president’s efforts to dismantle our counterterrorism tools have not only been inflexible, they are especially ill-timed,” Mr. McConnell said. But it was the majority leader’s miscalculations about scheduling that backed NSA supporters into a corner. Mr. McConnell wanted the entire program to be extended and tried to use the June 1 expiration deadline to force fellow senators into a take-it-or-leave-it choice. But his colleagues, including a large percentage of Republicans, rejected his bid, sending the Senate over the deadline and undercutting Mr. McConnell’s leverage. On Tuesday, Mr. McConnell made a last-ditch effort to change the bill, doubling the six-month grace period for the NSA and requiring the government to certify that it could keep producing the same results even without storing the phone data itself. Even some senators who were sympathetic to his cause, though, voted against the amendments, saying any changes would have sent the bill back to the House and prolonged the fight, leaving the Patriot Act neutered in the meantime. Nearly half of Senate Republicans voted for the USA Freedom Act, joining all but one Democrat and a Democrat-leaning independent. The vote was a major vindication for the House, which for the second time this year has driven the legislative agenda on a major issue, striking a bipartisan compromise that senators were forced to accept. The bill also had the backing of the intelligence community, which has assured Congress that it won’t be giving up any major capabilities and can make the new system work even with the data held by phone companies instead of the NSA. Mr. Obama initially defended the program, but after several internal reviews found it to be ineffective and potentially illegal, he said he would support a congressional rewriting to end the law. The George W. Bush and Obama administrations justified the program under Section 215 of the Patriot Act, which gives federal investigators power to compel businesses to turn over customers’ documents and records. Using that power, the NSA demanded the metadata — the numbers, dates and durations involved — from all Americans’ calls. The information was stored and queried when investigators suspected a number was associated with terrorism and wanted to see who was calling whom. Backers said the program didn’t impinge on Americans’ liberty because the information, while stored by the government, wasn’t searched until there was a specific terrorism nexus. They said there were never any documented abuses of the program. But opponents said repeated reviews, including one last month by the Justice Department’s inspector general, found the program has never been responsible for a major break in a terrorism case. Given its ineffectiveness, they said, it was time to end it. Sen. Ron Wyden, an Oregon Democrat who had been battling behind closed doors for years as a member of the intelligence committee to end the program, said the vote was a first step. He said he and like-minded colleagues now will turn to other powers under the Foreign Intelligence Surveillance Act that the government uses to scoop up emails — a power Mr. Wyden said is increasingly gathering information on Americans, contrary to its intent. “This is only the beginning. There is a lot more to do,” he said. Some of Mr. Wyden’s colleagues in those fights, including Sen. Rand Paul, Kentucky Republican, voted against the USA Freedom Act. “Forcing us to choose between our rights and our safety is a false choice,” said Mr. Paul, who is running for the Republican presidential nomination and making his stand against the Patriot Act a major part of his campaign. Mr. Paul even used the obstruction powers the Senate gives to a single lawmaker to block action Sunday, sending Congress hurtling across the deadline and causing three powers to expire: the records collection, the ability to target “lone wolf” terrorists and the power to track suspected terrorists from phone to phone without obtaining a wiretap each time. The lone-wolf and wiretap powers were extended without changes. Source
  9. Stie cineva un program de picat resurse la site-uri de ex dai flood si apare cand intri pe site ceva de genul ca numai are resurse
  10. Care imi poate da un program sa fac un keylooger sa ii trimit iubitei sa o spionez umpic? As fi recunoscator.
  11. WE’VE SUSPECTED IT all along—that Skynet, the massive program that brings about world destruction in the Terminator movies, was just a fictionalization of a real program in the hands of the US government. And now it’s confirmed—at least in name. As The Intercept reports today, the NSA does have a program called Skynet. But unlike the autonomous, self-aware computerized defense system in Terminator that goes rogue and launches a nuclear attack that destroys most of humanity, this one is a surveillance program that uses phone metadata to track the location and call activities of suspected terrorists. A journalist for Al Jazeera reportedly became one of its targets after he was placed on a terrorist watch list. Ahmad Muaffaq Zaidan, bureau chief for Al Jazeera’s Islamabad office, got tracked by Skynet after he was identified by US intelligence as a possible Al Qaeda member and assigned a watch list number. A Syrian national, Zaidan has scored a number of exclusive interviews with senior Al Qaeda leaders, including Osama bin Laden himself. Skynet uses phone location and call metadata from bulk phone call records to detect suspicious patterns in the physical movements of suspects and their communication habits, according to a 2012 government presentation The Intercept obtained from Edward Snowden. The presentation indicates that Skynet looks for terrorist connections based on questions such as “who has traveled from Peshawar to Faisalabad or Lahore (and back) in the past month? Who does the traveler call when he arrives?” It also looks for suspicious behaviors such as someone who engages in “excessive SIM or handset swapping” or receives “incoming calls only.” The goal is to identify people who move around in a pattern similar to Al Qaeda couriers who are used to pass communication and intelligence between the group’s senior leaders. The program tracked Zaidan because his movements and interactions with Al Qaeda and Taliban leaders matched a suspicious pattern—which is, it turns out, very similar to the pattern of journalists meeting with sources. We should note that the NSA has a second program that more closely resembles the Terminator‘s Skynet. This one is called MonsterMind, as revealed by Edward Snowden last year in an interview with WIRED and James Bamford. MonsterMind, like the film version of Skynet, is a defense surveillance system that would instantly and autonomously neutralize foreign cyberattacks against the US, and could be used to launch retaliatory strikes as well. Under this program algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat. Snowden also suggested, however, that MonsterMind could one day be designed to return fire—automatically, without human intervention—against an attacker. Because an attacker could tweak malicious code to avoid detection, a counterstrike would be more effective in neutralizing future attacks. Sounds a lot like Skynet. No word from the NSA on why they didn’t use that iconic film name for its real-world Skynet. Source
  12. In the world we live in, there are different kinds of professions where debugging has been a vital piece of knowledge we must have in order to do our jobs successfully or more efficiently. There are different professions where debugging knowledge is important and are outlined below: Programmers: every programmer knows that debugging the program when it’s not working properly is the only right way to determine why the program is misbehaving and is not producing the intended results. There are still those programmers out there who use different kinds of print statements in order to display the debugging information in a way that makes sense to them only and for a limited amount of time. After a certain period of time, the debugging comments displayed in the stdout (or anywhere else where the output could easily be inspected, like in a file) don’t make any sense anymore, which is the primary reason why we should stop debugging like that – if we can even call it debugging at this point. In any case, whenever we put any kind of print statements into the code, the whole code needs to be recompiled when written in a low-level programming language. System Administrators: various system administrators are tasked with setting up and maintaining a whole infrastructure of the company, which is not an easy task to deal with. There will be different times when the programs of the programmers will malfunction and the system administrator will be the only one having access to the production environment where the program malfunctions. At times like these, the administrator should use a debugger in order to determine what the problem is and report it back to the programmers in order to fix it as soon as possible. Security Researchers: debugger skills can be lethal in the hands of a security specialist, because he can use it to make a program do unexpected things. Debuggers are indispensable when used to analyze how the program works in order to gain deeper understanding about the program internals. There are various fields of a security domain where knowledge about debuggers is a must have skill and the people not having mastered it already will have a hard time completing their jobs; such fields include reverse engineering, malware analysis, exploit writing, etc. The skills will come in handy even when dealing with web applications, for example, when we’ve reversed engineered a web application written in ASP.NET, which used custom encryption/decryption functions in order to pass data between the client and a server in an encrypted form. Having the reverse engineering skills, we quickly put together an algorithm, which was able to decrypt the encrypted data in order for us to modify it and then re-encrypt the data back to its encrypted form to have it sent to the server for processing, which revealed interesting XSS, URL redirection and other kinds of bugs. Despite our job profession outlined above, we should invest the time and learn how to debug properly, which will enable us to find problems sooner and with ease; no more print statements need be introduced into the code. When debugging properly, we have to choose a debugger of our choice and run the program in a debugger, and set appropriate breakpoints so the execution will stop at the time of the program misbehavior, after which we can inspect the program state. Inspecting the program state doesn’t include only a few of the items we had output to the stdout when doing it the wrong way, but the whole program state – we no longer have to put additional print statements into the code, recompile and rerun the program in order to get more information about the program state. Instead we can get all that information for free out of a program stopped in a debugger without many problems. Presenting different kinds of debuggers There are many debuggers that we can use for debugging and are separated into two groups at the highest level, which are presented below. Note that most operating systems are constituted from two parts: the user-mode applications in ring 3, where all of the applications run from and have only limited access via the system calls to the kernel-mode operating system code in ring 0. Therefore, depending on whether we’re debugging a user-mode application in ring 3 or an operating system function/structure in ring 0, the debuggers are divided between two groups presented below. Kernel-Mode debuggers: the debuggers running in kernel-mode, which are able to debug the kernel operating system internals as well as the user-mode applications. An example of debuggers supporting kernel-mode debugging are the following: SoftICE, Syser, HyperDbg, WinDbg, Gdb, VirtDbg. User-Mode debuggers: the debuggers running in user-mode, which are able to debug only the user-mode applications, but don’t have access to the kernel. User-mode debuggers are the following: OllyDbg, Hopper, Hiew, Ida Pro, Dbg, x64dbg, VDB, Radare, etc. All of the debuggers have support for debugging local programs or systems, but only some of them have remote debugging possibilities that allow us to use debuggers in the cloud. The following debuggers have a possibility of a remote debugging session, which we can use in a cloud-based session and debug the problem remotely: WinDbg Gdb VirtDbg Ida Pro Radare Hopper Remote debugging In this example, we’ll take a look at how we can debug an application running in the cloud remotely by using gdb, which can be downloaded and installed by running the following commands: wget ftp://sourceware.org/pub/gdb/releases/gdb-7.5.tar.bz2 # tar xvjf gdb-7.5.tar.bz2 # cd gdb-7.5/gdb/gdbserver/ # ./configure && make && make install Let’s first display all the parameters that we can pass to gdbserver program. # gdbserver Usage: gdbserver [OPTIONS] COMM PROG [ARGS …] gdbserver [OPTIONS] --attach COMM PID gdbserver [OPTIONS] --multi COMM COMM may either be a TTY device (for serial debugging), or HOST:PORT to listen for a TCP connection. Options: --debug Enable general debugging output. --remote-debug Enable remote protocol debugging output. --version Display version information and exit. --wrapper WRAPPER -- Run WRAPPER to start new programs. --once Exit after the first connection has closed. Let’s now present a simple program, that accepts exactly one argument, which must be set to the “secretarg” string in order for the program to return the secret key “KeepingHiddenSecrets”. Otherwise, the program exists with a notification that incorrect input string was passed to the program as the first argument. The program can be seen below. #include <stdio.h> int main(int argc, char **argv) { if(argc != 2) { printf("The wrong number of parameters passed into the program; quitting.\n"); exit(1); } if(strcmp(argv[1], "secretarg") == 0) { printf("The secret password is: KeepingHiddenSecrets.\n"); } else { printf("The secret password is not revealed to you, because you didn't supply the right secret argument.\n"); } return 0; } We can compile the program into the main executable by simply running the “gcc main.c -o main” command, after which we can run the program by running “./main secretarg”, which will print the secret key to the standard output. Imagine that we’re a system administrator or a security researcher and only have access to the main executable, but we don’t have the code, neither we know the secret argument we have to pass to the program in order to reveal the secret key. To complicate matters somehow, let’s also imagine that the program is running on a server on the cloud and can’t be easily recompiled and used on our local computer; nevertheless, we have access to the server and we’re able to run and debug the program. Note that the compiled program should also be copied to the host system where we’ll be inputting the gdb commands in order to be sent to the gdbserver, so the gdb will be able to load and use program symbols. In such cases, it’s best to run the program remotely in the cloud in gdbserver in order to debug it. We can use the command line below to bind to the 0.0.0.0:8080 host and port combination where the remote debugging session will be accessible. We have to run the following commands on the remote host in the cloud where the program will be debugged. Note that the two processes are created during the debugging session because we’ve invoked the program two times, once with the wrong input parameter and another time with the right input parameter. The first invocation of the program revealed that the input argument was not correct, while the second invocation received the secret password, because we’ve passed the correct input argument to the program invocation. # gdbserver --multi 0.0.0.0:8080 Listening on port 8080 Remote debugging from host 4.3.2.1 Process /srv/main created; pid = 20272 The secret password is not revealed to you, because you didn't supply the right secret argument. Child exited with status 0 Process /srv/main created; pid = 20274 The secret password is: KeepingHiddenSecrets. Child exited with status 0 Then we can use the netstat command to confirm whether the gdbserver has actually been started, which can be seen below. # netstat -luntp | grep LISTEN tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 20223/gdbserver After starting the remote session, we can connect to it by executing the following commands on the client, which connects to the remote session and starts debugging the remote process. # gdb (gdb) target extended-remote 1.2.3.4:8080 Remote debugging using 1.2.3.4:8080 (gdb) set remote exec-file /srv/main (gdb) file /tmp/main Reading symbols from /tmp/main...done. (gdb) set architecture i386:x86-64:intel The target architecture is assumed to be i386:x86-64:intel (gdb) run test Starting program: /tmp/main test [Inferior 1 (process 20272) exited normally] (gdb) run secretarg Starting program: /tmp/main secretarg [Inferior 1 (process 20274) exited normally] At this point we can run any command supported by the gdb debugger right on the remote session in the cloud, which enables us to do anything we would have done with a local process. Conclusion Debugging skills are a vital and very important piece of knowledge we have to gain in order to complete our job faster and more efficiently. The hardest thing to do in the process is grasping the idea that such a knowledge will actually benefit us all. After we’ve convinced ourselves that the debugging knowledge will come in handy, we have to choose an appropriate debugger and learn as much as we can about it. Usually, there are different articles and tutorials, even books written on the subject, but we must not despair. We can start slow with a simple tutorial and work our way from there. Whenever a new bug arises, we should take some extra time to find the problem with a debugger rather than using print statements. At first, it will seem like a waste of time, but sooner or later, it will become extremely easy and the first benefits of the newly acquired knowledge will be visible. We’ve seen how easy it is to debug applications in the cloud by using one of the remote capabilities of various debuggers that support it. By using remote debugging, we can easily start a program in the cloud and debug it remotely, not having to setup our own environment when trying to determine what the problem was. If the client wishes to debug a software, which requires various pieces to work together, we can easily use remote debugging capabilities to remotely identify the problem they have been facing. This gets more and more important when debugging SCADA applications, which require certain kinds of hardware that we normally don’t have access to in our every day lives, like a nuclear plant, an air conditioning, etc. In such circumstances, we would have to fly to the client’s location in order to identify the problem at hand, but by using remote debugging capabilities we can do it from our own office from an entirely different country, which reduces costs considerably. We should all invest the time to learn and obtain debugging knowledge, which will save us time and money when trying to determine the cause of the problem. It is only by practicing that we become better and better at what we do and it’s the same with debugging: keep practicing and enjoy using your newly obtained knowledge. Source
  13. In previous articles, we got to know the basics of the Stack Based Buffer Overflow and changing the address in the run time by modifying the register value using the debugger. In this article, we will analyze another simple C program which takes the user input and prints the same input data on the screen. In this article, we will not change any values by modifying the value through debugger like we did in the last article, but we will learn how to do it by user input values. Let us have a look at the program. In the program shown in the above screen shot, we have created two functions marked as 1 and 2. The 1st is the main function of the program from where the program execution will start. In the main function, there is a command to print message on the screen, then it is calling the V1 function. The 2nd one is defining the V1 function in which we have defined an array of size 10, then there are commands to take the user input and print it back to the output screen. In the V1 function, we have used the ‘gets’ function to take the user input. The ‘gets’ function is vulnerable to buffer overflow as it cannot check whether the size of the value entered by the user is lesser or greater than the size of the buffer. So, ‘gets’ would take whatever value the user enters and would write it into the buffer. If the buffer size is small, then it would write beyond the buffer and corrupt the rest of the stack. So, let’s analyze this with a debugger. Note: You can download the EXE file here: Download Now, let’s run this program normally. We can see that our program runs perfectly and it asks to “Enter the name”. When we enter the name and hit the enter key it accepts the value without crashing the program, as the input string is less than the size of the buffer we have created. Now, let us run the program again in the same manner, but this time we will enter a value which is greater in size than the buffer size. For this we enter 35 A’s (41 is the hexadecimal representation of A), then the program throws an error and our program gets crashed. We can see the same in the below screen shot. If we click on “click here” in the window shown in the above screenshot, we can see the following type of window on the screen. By closely looking into the red box, we can see the offset is written as ‘41414141’, which is actually the hexadecimal value of A. This clearly indicates that the program is vulnerable to buffer overflow. Note: In many cases, an application crash does not lead to exploitation, but sometimes it does. So, let us open the program with the debugger and create a break point just before the function ‘V1? is called and note down the return address. The return address is actually the next instruction address from where the function call happened. We can see the same in the below screen shot. (We have already mentioned all the basics in previous articles, so we are not going to discuss basics in detail again.) We can create the break point by selecting the address and pressing the F2 key. Run the program by hitting the F9 key and then click on F7 which is Step Into. It means we have created a break point before the V1 function call, after that the function ‘V1? is called and execution control has switched to the V1 function, and the Top of the Stack is now pointing to the return address of the main function, which can be seen in the screen shot given below. Now, we will note down the written address position as well as the written address from the Top of the Stack, which is the following. Table 1 Return Address Position Address Return Address to the Main Program 0022FF5C 004013FC We will overwrite this return address with the user input data in the next step of the article. If we look at the program screen we can see ‘Main Function is called’ is being shown on the screen. Now, hit Step Over until we reach the ‘gets’ function. This can be done by pressing the F8 key. As can be seen in the above screenshot, we have reached the gets function, now the program has continued to run. When we look at the program screen, we can see the program is asking to enter the name, so enter the name and hit the enter key. As can be seen, when we enter the name and hit the enter key, then execution control has moved to the next instruction and the program has again reached the Paused state. Now, hit the Step Over (F8 Key) until we reach the RETN instruction. If we look into the window 4 now, we can see that the top of the stack is pointing to the return address which is the following. Table 2 Return Address Position Address Return Address to the Main Program 0022FF5C 004013FC Now, we will have to compare the addresses of Table 1 and Table 2. Till now nothing caused any change in the tables we created, as we did not input anything wrong in the program. So, let us restart the program again and input a very long string value into the program input and analyze the return address when the program execution control reaches the RETN instruction. We can restart the program by pressing CTRL+F2 and input 35 A’s into the program. As can be seen in the above screenshot, we have entered a very long input value in the program, now hit the F8 key (Step Over) until we will reach the RETN instruction. Now, we will create another table and note down the Top of the Stack values into the table. Table 3 Return Address Position Address Return Address to the Main Program 0022FF5C 41414141 If we compare Table 2 and Table 3 addresses, we can see return address to the main program has been replaced to 41414141 in Table 3. 41 is actually the ASCII HEX value of A. So, we can see the return address has been overwritten by the user input value A. Now think, what if we could modify the input value at this position, and write some different address which points it to a location in the memory that contains your own piece of code. In this way, we can actually change the program flow and make it execute something different. The code that we want to execute after controlling the flow is often referred to as a “SHELLCODE”. We will discuss shellcode in later articles. But the string that we have entered contains 35 A’s, we do not know which ones have overwritten the stack. We will have to identify the positions in the user input where the stack is overwritten into the memory. We can do it by entering some pattern instead of A’s. The input pattern could be anything. We will use the following pattern. A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6Q7U8S9T0U1V2W3X4Y5Z6 In this article, we have created this pattern manually, but in further articles we will use automated Metasploit scripts to generate the pattern. Now, we need to restart the program again in the debugger and enter the above pattern as an input in the program we created. As can be seen in the above screenshot, we have entered the pattern when the program asked for the input. Now, press F8 (Step Over) until we reach the RETN instruction. As we can see in the screenshot, we have reached the RETN instruction which can be seen in screen 1, and the Top of the Stack address has been overwritten by the user input and is pointing to the value “O5P6?. So, this 4 byte data is actually the return address in the user input. So, let us verify this by replacing the “O5P6? to “BBBB” in our pattern before entering the user input. So, now according to our logic, the return address should point to “BBBB” in the memory when we reach the RETN instruction. As can be seen in the above screenshot, our B’s have been successfully written in the position where the return address should be. So, if we change our B’s to the address somewhere else in the memory, then the program execution would go to that address and execute that instruction. In this way, we can control the program flow and run our own code just by manipulating the input data. So we have understood the following things by completing this exercise: Finding and Analyzing Buffer Overflow Overwriting Stack by User Input Data Identifying the Return Address Position in User Input References https://www.owasp.org/index.php/Buffer_overflow_attack http://en.wikipedia.org/wiki/C_file_input/output http://www.exploit-db.com/ http://www.pentesteracademy.com/ https://www.corelan.be/ Source
  14. In the previous article, we learned about the basics of the Stack Based Buffer Overflow, such as analyzing the stack, creating breakpoints and analyzing the function call and registers. With the help of these skills, we will now see how we can manipulate the return addresses dynamically into the program. We will analyze a program in which a function ‘do_not_call’ is defined but has never been called throughout the program. So, our goal is to change the register address in a way so that this function is called and performs the operation which is given in the function. We will perform this task by manipulating the register addresses while the program is running. Let’s take a look at the program. We have already given the source code and the binary file of the program in the end of the article. You can download it here: Download As can be seen in the above screenshot, we have mentioned a number for each function. The description for the same is given below. First of all, we have created a function “do_not_call” which prints the message “Function do_not_call is called” by the printf command. This is another function. The name of this function is ‘function1?, which has the integer return type with one argument. In the next line we have created a local variable. This function prints the message “function1 is called”. This is the main function of the program. The program execution will begin with this function. First, we gave a command to print the message “Main function is called”, and in the next step we initialized the local variable. In the next line, we have called the ‘function1?. You must have noticed that we have not called the “do_not_call” function in our program. Let us verify it by running the program normally. As we can see in the above screenshot, when we run the program normally, it prints two messages, ‘Main Function is called’ and ‘Function1 is called’. Now, we will open the program in Immunity Debugger. After opening the program with Immunity Debugger, we can see four different screens. Each screen is showing a different kind of program data. If we scroll down the first screen we can see all assembly language instructions as well as the strings we have used in the program. You can see the same in the screenshot given below. As can be seen in the above screenshot, the main function starts by pushing the EBP resister into the memory and ends at the RETN instruction. For a better understanding, we have created a table in which we have the starting and ending address of all the functions defined in our program. Function Name Function Starting Address Function Ending Address Main Function 004013C4 00401416 Function 1 004013A4 004013C4 Do_not_call 00401390 004013A3 Now we will make a list of all the function calls taking place in the program. After analyzing the main program, we can see the following function calls: After taking a close look at the above screenshot, we find that there are four function calls in the main program. If we closely look at the functions which are being called, then in the fourth function call, we can see that it is calling to ‘Second.004013A4? in which the last 8 digit address is actually the starting address of ‘function1?. We can verify the same by checking the table we have created above. In simple terms, this statement is calling function1 as we have defined in the program source code. Now, we will create a break point to analyze the Stack, Return Addresses, etc. (We have already mentioned all the basics in the previous article, like what is a breakpoint and how do we create a breakpoint in the debugger, etc., so we are not going to cover this again in this article.) The following steps are mentioned below to further analysis. Create the breakpoint before the 4th function call. We can do this by clicking on the instruction and hitting the F2 key, after that run the program. We can run the program by pressing F9. Now, we can see the following screen in the debugger. As of now, the program execution control has reached that position where we have created the breakpoint. In screen 1, we have created the breakpoint on “00401401” and now the program has paused on this instruction. We can see in screen 2 the EIP register is pointing to the address at which we have created the breakpoint. Now we will execute the instructions step by step for understanding the concept more clearly. Let us execute the next instruction; we can do this by pressing the F7 key, which is Step into. As we can see, execution control is pointing to the next instruction in screen 1 and EIP is also pointing to the instruction address. Now, the execution control would go to address “004013A4? which is the starting address of the function1. We will now execute it and see what changes we come across. Again hit the F7 key to execute the next instruction. We get the following output screen. This step is very critical and important to understand. As can be seen in the above screenshot, the execution pointer has switched from 00401408 (No-1) to 004013A4 (No-2) which is the starting point of ‘function1?. Also, when we take a look at screen 4 we see that the Top of the Stack (No-3) is pointing the address 0040140D (No-4), which is the next instruction from the function call. This address is also called the return address to the main program. It means that after the execution of ‘function1? is complete, then the execution control would switch to this address. If we change this return address, we can actually change the order of execution of the program. So, let us change the return address in the debugger with the address of the ‘do_not_call’ function address which was in the above table. The function “do_not_call” address is: “00401390” To change the address, we will have to right click on the address and click on modify. After that, change the Hexadecimal value and then click on OK. Now, we can see our changes are reflected on screen 4. The top of the stack is pointing to the address of the ‘do_not_call’ function. This will allow us to execute the ‘do_not_call’ function, which was not supposed to be executed in the actual program. Now, we will execute each instruction step by step until we reach the RETN instruction. As we can see, program execution control has reached the RETN instruction. It means the function1 execution has completed and now the execution control will go to the main program (according to our program), but we had changed the return address in the previous step to the function ‘do_not_call’, so the execution control will go to the ‘do_not_call’ function and execute the instruction that it is defined to execute. So, let us execute next instruction step by step and we will see the ‘do_not_call’ function has successfully executed. We can verify the same by checking the output of the program. As can be seen in the above screenshot, by dynamically changing the return address of the program, we are successfully able to execute the function the program was not supposed to execute. So in this article we have learned… Monitoring and Analyzing the Register Value Analyzing Top of Stacks Changing the Return Address References https://www.owasp.org/index.php/Buffer_overflow_attack http://en.wikipedia.org/wiki/C_file_input/output http://www.exploit-db.com/ http://www.pentesteracademy.com/ Source
  15. Buffer overflow is a very common and widely known software security vulnerability. It is a condition which occurs when more data is written into a block of memory (buffer) than it is allocated to hold. As buffers are created to hold a definite amount of data, the excess information stored gets overflowed to the adjacent buffers, causing overwriting or damaging the valid data which is already stored. In order to exploit buffer overflow, one should have basic knowledge about topics like stacks, CPU registers, memory allocation, etc. As it is a very vast topic in itself, in this article we will try to understand the basics of the Stack Based Buffer Overflow. First of all, we will create a simple C program and cover the basics, like how the program runs in the memory, how the function call takes place, what is the return address, etc. So let’s start with the basics. A stack is a continuous block of memory which is used to store the temporary data within your program. The stack works on a Last in First out (LIFO) basis. PUSH and POP are the two working functions in which PUSH is used to put data into the stack and POP is used to remove the data from the stack, and it grows downwards towards lower memory addresses to higher memory addresses on Intel based systems. In Intel 32 bit architecture the maximum data size would be 4 bytes, which is equal to 32 bits for each PUSH and POP operation. Basically, the stack holds following types of data of the program. Argument to the Function Calling Function Address Return Address Local Variable and couple of other things. We will see each of them in detail further in this article. Before that, let us install some tools needed for the practical session. Here, we are using the following setup. We have configured Windows XP Service Pack 2 on Virtual Machine. Immunity Debugger (We can download it by searching Google or we can by clicking on the URL which is given in the references at the end of the article.) Dev C ++ (We can download the tool by clicking the form below.) Download Note: We are assuming that you have configured the required tools and have basic knowledge about assembly language. First of all, we will start looking at the things like function call in the memory and return address etc. from the very starting stage. We have already written a simple C program in which we have defined a function which is called from the main program. The EXE file and source code of the program are given at the end of the article. We can download the EXE and the source code of the files by clicking the URL given at the end of the article. Let’s have a look at the source code of the program so that we can understand the basic concepts. As seen in the above screen shot, we have written a simple program in which we have defined some local variables; after that we have called a function with one argument value. Then, we defined the function which will print the message – “Function is called”, then we returned value 1 to the main program. After compiling the program, we will open the program with Immunity Debugger. We can open the program by clicking the file menu or dragging the .exe file into the debugger. After that, we will see the following type of code on the screen. Now, we can see four sections on the screen. Each section represents a different type of CPU processing stat. Each section is defined below. In this section, we can see the de-assemble output of the .exe file. This section gives the information about various registers and their values. We can see the various type of registers and their values in the above screen. In this section, we can see the memory dump of the program. We can see what type of data has been written by the program into the memory. We can also edit these values dynamically according to the requirement. This is the most important part: it shows the stack status of the program. If we closely look into the screen we can see ‘paused’ written in the right corner of the window. This means that after opening the program with the debugger, the debugger has paused the program, so we will have to start the program manually. Now let’s start our analysis. The first step is to identify the main function and the other functions we have defined in the program, which are then loaded into the computer memory. If we scroll down in the first area, which is the de-assemble output of the program, we can see the ASCII main function with the EXE name and another function with the assembly language code. In our case the EXE file name was First.exe so we can see the same on the screen with some extra value. In the above screenshot we have pointed to some numbers. These numbers are defined in the below section for better understanding. This is the main function in the assembly language. We can see it in the screenshot name “First.xxxxx ASCII “Main Function””. In this case, First.xxx is the name of the .exe file we have loaded into the debugger. In the left hand side, we can see the memory address according to each assembly instruction. This is basically the physical memory address of the instruction. 00401290 is the address in our case in which the program has been started. And 004012DA is the address (in our case) in the memory where the program has finished. It is the function call from the main program. This line is basically calling the function which we have defined in the C program. When we closely look at the main function call, we can see that it is calling the “First.004012D3? in which the last 8 digits are the address of the function which will be called. In the end, we can see the function loaded into the memory, which is printing the value “Function is called” through the printf function, which has been called from the program. The function has started by pushing the EBP register into the stack. In our case, the starting address of the function is “004012DE”, and the function completion address is “004012FE”. Both the addresses can be seen in the above screenshot. It is the most important part, as we will see how we can define the break point in the program. A break point helps us to freeze the program at that location and allows us to analyse things like register status, stack and frame pointer. It also allows us to change the values dynamically. So, let us create a break point just before the function call. We can set the break point by selecting the row by just clicking on it and pressing F2 for creating the break point. As shown in the above screenshot after creating the break point, the row has been highlighted. Now, we need to start the program. We can do it by hitting the F9 key. We will see some changes in the numbers on the screen. In the above screenshot we can see that the stack value has been changed and the register value has also been changed. Another interesting thing is the EIP register which holds the value at which we had set the break point. Now, we will have to use two options. Step Into Step Over Step Into: when we want to execute the next instruction after creating the break point, then we will have to use Step Into. The keyboard shortcut key for Step Into is F7. Step Over: Sometimes we do not want to get into the details of the function call, so in such situations we can use Step Over. The keyboard shortcut key for Step Over is F8. Now, we have to go to the next instruction, so press the F7 key as mentioned in the above step. Let us analyse the stack now. As shown in the above screenshot, nothing interesting is showing in window no 4, but we can see in window no 1 that the next instruction has been executed, and the next instruction address has been assigned into the EIP register in window no 2. We will execute the next instruction by pressing the F7 key. After this step, the screen will look like this: We can see that the next instruction has been executed and we can see lots of changes in the screen. First of all, we have noticed that the instruction executed controller has reached the address given in the previous call function. This is visible in window no 1. When we closely look into window no 4, at the top of the stack we can see the address 004012D4, which is the return address to the main program. It means after the function execution has completed, by using this address the counter will go to the main program and the program execution gets completed. So in this article we have learned… Analysing the Stack Creating the Break Point Analysing the Function Call and Register Status. References IMMUNITY : Knowing You're Secure https://www.owasp.org/index.php/Buffer_Overflows Buffer overflow - Wikipedia, the free encyclopedia Stack buffer overflow - Wikipedia, the free encyclopedia http://www.bloodshed.net/dev/devcpp.html Source
  16. Hei cine ma poate ajuta si pe mine cu un program flood si niste "Instructiuni" Multumesc anticipat
  17. Un program care ajuta la completarea simpla si corecta a cererii pentru cei care au avut norocul sa castige la loteria bonurilor ANAF. Completati datele in macheta si apoi veti avea cererea oficiala ANAF de revendicare a premiului precompletata cu datele introduse. Cerinte: .NET Framework 4.0 Adobe Reader XI Thread original:
  18. Cookies Manager Author: Doddy Hackman A simple program in PHP to help with XSS vulnerability in this program are the following: [+] Cookie Stealer with TinyURL Generator [+] Can you see the cookies that brings back a page [+] Can create cookies with information they want [+] Hidden to login to enter Panel use ?poraca to find the login A video with examples of use: Download Source: https://github.com/DoddyHackman/Cookies_Manager
  19. Diaphora, a program diffing plugin for IDA (by joxeankoret) https://github.com/joxeankoret/diaphora Source
  20. Platesc 80€ pentru un crack la urmatorul program, din cate am vazut are protectie HASP4. Executabil: formula.exe Este destul de vechi, presupun ca e facut in Visual Basic 6. Link: MEGA Metoda de plata paypal sau transfer bancar dupa ce imi aratati prin teamviewer sau video ca functioneaza. In caz ca ajuta la ceva am dongle original dar nu mai functioneaza, e expirat.
  21. Ce program pentru un smart tv 3d philips exista ? Gen cum este allshare de la samsung !?
  22. Salutare. Ideea este in felul urmator: vreau sa opresc un program sa porneasca odata cu windows-ul (w7). Calculatorul este cel de la servici si are cam toate functiile oprite, singura care merge este cmd. Am incercat din cmd sa sterg registrul respectiv, dar nu imi da voie... Aveti vreo idee?
  23. Pinterest’s journey toward becoming a fully HTTPS website opened a lot of doors, including a potentially profitable one for hackers. The social networking site this week announced that it would begin paying cash rewards through its bug bounty program, upping the stakes from the T-shirt it originally offered last May when it kicked off the Bugcrowd-hosted initiative. The news complements Pinterest’s full adoption of encrypted communication and traffic from its website. “I feel HTTPS will soon be seen as a requirement for anyone doing business online,” said Paul Moreno, security engineering lead on Pinterest’s cloud team. Pinterest spells out the scope of its bounty program on its Bugcrowd page. The company said it will start paying between $25 and $200 for vulnerabilities found on a number of Pinterest properties, including its developer site, iOS and Android mobile applications, API, and ads pages among others. “We have a strong experimentation culture and we feel that HTTPS foundation provides the minimal baseline for us to get higher value bugs,” Moreno told Threatpost. “We are experimenting with the paid approach for these community sourced higher value bugs and will evaluate the program periodically.” Many high-value Internet properties have moved to HTTPS in the wake of the Snowden revelations. The continuous flow of leaked documents demonstrating the breadth of government surveillance and collection of personal data has accelerated a number of tech companies’ migrations to HTTPS. Moreno said that Pinterest’s move to HTTPS, however, was not without its challenges. Standing out among them was the site’s working relationships with content delivery networks (CDNs) that support HTTPS and Pinterest’s digital certificates. Other expected challenges, Moreno said, were some marginal performance issues, older browser support, mixed content warnings, and referral header removal from HTTPS to HTTP sites. Once a test was rolled out to its large Pinner community in the U.K., Moreno said some unexpected issues cropped up including CDN content that broke the site’s Pin It functionality and some sitemap files that were not updated to point to HTTPS domains. Those were addressed respectively by orchestrating a DNS change to a new CDN provider, and the implementation of a meta referrer header to support HTTPS tracking to HTTP sites. “In addition, having multiple CDN providers that supported HTTPS gave us options for performance as well as commercial leverage,” Moreno said in a blogpost announcing the move. “In the end, we enhanced the privacy of Pinners by enabling encryption while also hindering exploitation by way of man-in-the-middle attacks, session hijacking, content injection, etc. This also paved the way for future products that may require HTTPS to launch,” Moreno said. Source
  24. 1. În primul rând , ar trebui s? dezinstalezi Teamviewer , dac? nu l-ai dezinstalat înc?. ( " Start " - > " Control Panel " - > "Uninstall Program" ) 2. Acum ar trebui s? merge?i în Start , apoi merge?i la " run " ?i scrie?i % AppData % - > ?terge-?i folder-ul TeamViewer. Dac? acest lucru doar v? direc?ioneaz? la AppData \ Roaming , dar nu se ?terge folderul de acolo , îl ?terge?i manual . De asemenea, asigura?i-v? c? a-?i ?ters ?i de aici " C : \\ Program Files \\ Teamviewer ". 3. Acum, instala?i TeamViewer din nou , dar nu uita?i atunci când instala?i alege-?i " Personal (pentru dumneavoastr?) " - Acum ar fi trebuit s? mearg? , dac? a?i f?cut totul corect . Tutorialul nu este creat de mine.
×
×
  • Create New...