General Security Discussions - iExploit

Ftp

nfs3210 — Thu, 09 May 2013 10:37:24 -0400

Can help me with some code! How find username and password for FTp?(Link removed. Please refrain from posting crime-engaging content in the future. Moved to relevant board. - m0rph)

uploading vulnerable application to get root ?

mandi — Wed, 20 Feb 2013 10:29:52 -0500

hi guys,

I got a question in mind,this question came as a result of debate between my friends,

while we are discussing about privilege escalation one of my friend said
"say if we have backdoor access with limited privileges to a
web-server,we could have gain root access by uploading a vulnerable
application and exploit it to become a root"

but another one saying that "no ,even if you exploit the bug you can
only get the privilege of the current user,not the root privilege" .

i am not sure which one is correct,so tought of asking here

which one would be true ?

eigrp becomes open standard!

mandi — Wed, 13 Feb 2013 14:22:23 -0500

It's been a while since i made a useful post here

have a look at the following links

[code]

[/code]

[code]
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps6630/qa_C67-726299.html
[/code]

Bypassing Microsoft Office 2010 Activation at work...

Mr. P-teo — Mon, 21 Jan 2013 13:09:22 -0500

So my boss is a real tight arse, wasn't going to buy a business license and told me i have to find a copy of Office 2010 for free, but im only allowed to use our copy (which has been used to many times). So playing around i noticed that if i disconnect from the internet im still able to use Word, even after i close the activation window and this got me thinking "can i block just the word/office server etc."

So i knew what i was going to do, time to crack open Wireshark and get listening in on what connections are being made and sure enough on startup of Word a connection is being made to a domain by the name of office14.microsoft.com...

So i know what it was connecting to, just have to block the connection. And oh joys, windows Hosts file. A simple line of text containing the IP and that domain and we are all good. After a quick restart Word was fully working. The only issue what it prompts the user to activate we just close that window and keep using.

So that was my little security bypassing story. Good day.

[News] Backtrack 5 R3 Blackhat Edition Release Announced

Xin — Wed, 01 Aug 2012 16:36:54 -0400

http://www.backtrack-linux.org/backtrack/backtrack-5-r3-release-aug-13th-2012/

I believe there is already a copy on the pirate bay, however I will wait for the official release.

A Good question" / Discussion on Keylogger & rat etc.,

speak2sohail — Mon, 31 Dec 2012 05:02:55 -0500

Is there anyway to find the UserID / info of the SERVER" (spyware) which is already complied ??????????? is there any decomplier or something, need lil help here for my own knowledge...... :P :P

i want to hack my institute's web cams.. Need help.

wolfkron — Sat, 20 Oct 2012 05:52:40 -0400

guys, i want to hack my tuition institute's web cams.

so can anyone tell me how can i perform this job. As i am not very good at hacking so detailed explanation is needed.
reply as soon as possible.
waiting............

you can also send me email at wolfkron@in.com

Moved: General Security Discussions. -m0rph

Need some help asap (if possible)

Mr. P-teo — Wed, 26 Sep 2012 06:36:03 -0400

So i recently started my new job and when i FTP connected to the server i found this file - http://pastie.org/private/s9ux7wk93hcqol4yvpjqq

I believe it's an exploit to get root access remotly but i wouldn't mind a second opinion, i know it's not one of the wordpress files.

Any help would be great thanks.

Blind Sqli big site . should i report it ?

Hardcore-Gabber — Mon, 17 Sep 2012 19:13:53 -0400

Founde Blind Sql Injection in a site that is serving downloads and hade about 90 million of downloads in 4 months .and this are only downloads from the website directly .

My question should i report it ? could i get a reward from the owners ? or just leave it ?

Warning when Buy Domain from GoDaddy

blackhathunter — Sun, 28 Oct 2012 11:23:31 -0400

1. GoDaddy
company used sexual advertising several times to promote its services, which has led to backlash several times.
.
2. in early 2011 then-CEO Bob Parsons killed a wild elephant in Zimbabwe, which many believed was just another sign that the company was willing to engage in unethical practices.

3. buying domain names users search for and then inflating the value of these domains when users return to purchase them so GoDaddy makes a larger profit on the transaction.

4. In late 2011, GoDaddy also initially supported SOPA, which also
indicated the company was not willing to support its customers freedom
of speech and activity on the internet.

22,000 Boycotters pledged to move over 82,000 domain names from GoDaddy over the boycott period.

Boycott GoDaddy until they send a letter to Congress
taking back any and all support of the House and Senate versions of the
internet censorship bill, both SOPA and PIPA.

Since the announcement of the boycott of GoDaddy, GoDaddy has just publicly
dropped their support of the heinous Stop Online Piracy Act or SOPA.
But, they still support the Senate version of SOPA, called PIPA or
PROTECT-IP. If you work on the internet and do business with GoDaddy
you're supporting a company who is actively working against your best
interests.

Attacking SSH service running from Windows to Linux

devender — Sun, 22 Apr 2012 11:20:52 -0400

Hi All,

I am accessing Linux box from my Windows box using putty through SSH (port 22).

Is there any way I can hack this service session from backtrack 5? If yes then how? What kind of countermeasures can we take to safeguard this kind of issue.

Please suggest.

- Dev

Windows 8 secure boot - the end of dual-booting

m0rph — Mon, 26 Sep 2011 16:53:06 -0400

I saw this article:


http://news.cnet.com/8301-1009_3-20111545-83/microsoft-addresses-windows-8-secure-boot-issue/?tag=mncol;title

So, basically, Microsoft is implementing this new craptacular secure boot option with Windows 8 that will inadvertently prevent people from dual-booting if they want to. I guess all of the drivers that come with the computer you will want to buy will have to have Microsoft certificates, otherwise secure boot won't work.

I guess, yeah, from a security standpoint, it's cool, and will stop people stealing laptops or infiltrating a company and throwing in a thumb-drive with a live distro on it (for example), and being able to read files. However, it also limits the user to what they can do with their own property. Which, we all know, is not something we like to be told as hackers. If it's ours, we should be able to do with it as we please.

Any thoughts?

I think this is just a feeble attempt by Microsoft to try and boost sales in an already SOMEWHAT (not completely) monopolized market. At least, seeing as how they continually fail miserably in the mobile-phone market.

Need Some help !!!

rude_Legion — Wed, 26 Sep 2012 13:53:49 -0400

Need some help for skype

Some questions as usual

mandi — Thu, 20 Sep 2012 06:39:51 -0400

hi guys,
I got some doubts running in my mind ,so as usual i decided to post here.

I just finished my ccna,i had a tought when i am doing my ccna,
There are lots of local exploits being published for operating systems like linux and windows throught the year.

i)But the amount of bugs(local exploitation bugs such as an bof,stack offerflow,race condition bla bla) i had seen for the cisco ios is very rare,it is just an proprietary operating system
why there isn't many such bugs for cisco ios ?

ii) i dont know what kind of security features make it special,as far as i have searched i had seen some presentations by fx phenoelit other than that i couldn't find any promising materials regarding that ,for me it looks like an area which wasn't explored much(just my personal view,correct me if i am wrong),why is this ?

iii)is there any materials for understanding the internal ios implementations and things ?

Next question is about how to structure my learning towards local exploitation?

here are the things i had done till now
i)studied operating systems concepts book by "operating system concepts silberschatz" till chapter 14(at least 3 times,so i feel i am ok with the os theory part)
ii)i feel i had good basic understanding about networks,i had completed ccna and rhce training.
iii)regarding coding i am just a novice,i just know what are things and for what it is used(just having some theoretical knowledge)
iv)have basic understanding of web-application technologies and attcks

1)i want some advice from you guys (just another guy asking this 1000th time)how can i continue from here to become good in writing local exploits and reverse engg?
what are the things i should start from here like learning processor,assembly,h/w etc.,i don't know in which order i should begin,hope some one will clarify me..

My English Paper

Amara — Wed, 12 Sep 2012 22:34:41 -0400

I have already posted a thread in EZ about this and I figure I should post one here as well. I could use any and all input on this paper. I wrote about the OSI Model for my english class. Its my last paper for the term and I really want to make an A on it. So I figure I would post it and get feedback. I will warn that I will ignore you if you are rude, but critique is welcome. The assignment is turned in but I will be revising my final draft so feel free to provide input to be considered. I didn't go into detail but I probably will. Most of the Examples are my own except the IP address and the MAC Addresses. The very last paragraph is based on my understand of the OSI model, none of the information is from my sources. I read enough to understand how it works in my mind without having to go back and reread :D. Anyways thanks for looking :D

http://upload.evilzone.org/download.php?id=9234959&type=rar

Also I just used the upload link that I used in EZ so I hope thats ok. Its late and I can fix it tomorrow if its not XD.

Best universities for doing masters in Information security(need suggestion)

mandi — Wed, 05 Sep 2012 09:48:09 -0400

hi friends,
i am from asia, i am about to complete my UG in Information technology ,as the title says i would like some one to suggest me that

1) what are the best universities for doing masters in information security ?
i expect quality of teaching(the thing i missed very badly in my UG ),

2)is there any institutes offering a specialized degree in software security ?

3)should i go for just information security or try to choose a specialization ?
(currently i am a network related guy).

4)any more advice about doing masters in information security ?

hope ill get some nice suggestions from you guys :)

robot and how to find it

a_tek7 — Wed, 05 Sep 2012 23:30:58 -0400

what is robot and how it can be configured to hide some parts of a website from search engine for example admin 's login page?

Pentesting Course from Polytechnic Institute of New York University

Se7enisLucky — Wed, 03 Aug 2011 17:20:44 -0400

http://pentest.cryptocity.net/

Just thought should share this just like someone else shared those Harvard ones.
Cool stuff.

How to Crack Excel 2007 Password If It is Lost?

cheeryking — Tue, 03 Jul 2012 04:35:41 -0400

How can I crack the password on my Excel 2007 file?

The password on one of my Excel 2007 document was lost!!! I was
not sure if it has been changed by others or just I forgot it. Whatever,
now I cannot access the file. Does anyone know of a certain solution
that can retrieve or crack Excel 2007 password?

Have you ever suffered a lost Excel password solution like what
described above? This is a very common issue nowadays. Though password
protection really help us a lot in preventing others viewing or
modifying our private or sensitive information included in the
spreadsheet. But sometimes, it also causes annoying things, for example,
we would be denied access to open or modify our protected Excel 2007
document once its password is lost. Below are some reasons that we often
lose the password listed:

Very long combination of letters, numbers chosen in setting the password.
Changes made frequently.
Mixing up with password to open and password to modify.
Changed by family members, colleagues or illegally hacked by someone.

If you are facing Excel 2007 password forgotten problem with any one
of the reasons above, don’t worry too much about it just because
Microsoft doesn’t provide any recovery option for Excel. Instead you
should have confidence in yourself that there is professional Excel
password recovery tool existed in this situation.

Use Excel Password Recovery to perform Excel 2007 password crack.

Excel Password Recovery is a real tool for people to easily and quickly
retrieve and remove forgotten Excel password with 100% accuracy. It uses
advanced brute force attack technique to provide fast recovery with 2
editions: Standard and Professional. Below are the simple steps on Excel
2007 password crack with the professional edition of this tool.

Step1: Free download this Excel Password Recovery and then launch it quickly.

Step2: Click “Open” to load the target protected Excel document.

Step3: You have 2 options, choose one of them: 100%
instant document decryption and Recover the password. The former one
means “remove password directly”, and the latter one means password
recovery. Here we choose “Recover the password”. Next, just click “Next”
button to proceed.

Step4: Now simply by clicking “Start” can initiate forgotten Excel 2007 password recovery.

(Note: Before click “Start” button, you can select any one of the 3
listed brute-force attacks to help you recover the password in a quicker
way. And also in each attack there are some settings you can define by
yourself, such as Min and Max Length of the password, any numbers or
capital letters, special symbols included in the password etc. This is
based on the information of the password you can still remember. )

One more thing, every user can use this tool to crack or recover Excel 2007 password
offline. So it is 100% secure to your protected Excel file. If you have
showed your interest in such a powerful Excel password crack tool, then
don’t hesitate to free download its demo version to have a look first.
Well, till here, above are all for how to crack Excel 2007 password. If
you have any good problem or suggestion, just leave here a message.

Source: http://officepasswordrecovery.net/crack-excel-2007-passwor.html

Preparing for RHCE exam,Need some Advice please

mandi — Thu, 28 Jun 2012 02:03:47 -0400

Hi guys as the title saying ,i am preparing for RHCE and CCNA exams.

As far as now i am learning it from a academy,watching cbts and reading the prescribed book for RHCE.but i couldn't able to find any sort of resources for testing my self.

as far as now i have learned the few modules in there,I am looking for
some resources,links or any thing related to RHCE for evaluating myself.

also any one got some useful advice for me ?