foxsin tech: أبريل 2015

الاثنين، 27 أبريل 2015

WordPress Patched Zero Day XSS Vulnerability With New 4.2.1 Security Release

WordPress Patched Zero Day XSS Vulnerability With New 4.2.1 Security Release.

WordPress 4.2.1 version is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.

What is Cross Site Scripting (XSS)?
'XSS' also known as 'CSS' - Cross Site Scripting. It is a very common vulnerability
found in Web Applications, 'XSS' allows the attacker to INSERT malicous code, There are many types of XSS attacks.

Read more here about Cross Site Scripting with Example.

WordPress clients can likewise briefly disable remarks meanwhile until the patch has been issued by the WordPress security group.

Source: Wordpress

الاثنين، 20 أبريل 2015

PixieWPS Offline Bruteforce WPS Pin Exploiting Tool

PixieWPS Offline Bruteforce WPS Pin Exploiting Tool

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack).

It is meant for educational purposes only. All credits for the research go to Dominique Bongard.

DEPENDENCIES
Pixiewps requires libssl. To install it:

sudo apt-get install libssl-dev

INSTALLATION
Pixiewps can be built and installed by running:

~/pixiewps$ cd src
~/pixiewps/src$ make
~/pixiewps/src$ sudo make install

USAGE

Usage: pixiewps <arguments>

Required Arguments:

-e, --pke : Enrollee public key
-r, --pkr : Registrar public key
-s, --e-hash1 : E-Hash1
-z, --e-hash2 : E-Hash2
-a, --authkey : Key used in HMAC SHA-256

Optional Arguments:

-n, --e-nonce : Enrollee nonce
-S, --dh-small : Small Diffie-Hellman keys (--pkr not needed)

-h, --help : Display this usage screen

Download

الجمعة، 17 أبريل 2015

Evolve: Python Based Web Interface For Memory Forensics Framework Volatility

Evolve: Python Based Web Interface For Memory Forensics Framework Volatility.

Installation

This requires volatility to be a library, not just an EXE file sitting somewhere.
Run these commands at python shell:

pip install volatility
pip install yara
pip install distorm3

Note: you may need to prefix 'sudo' on the above commands depending on your OS.

Usage

-f File containing the RAM dump to analyze
-p Volatility profile to use during analysis

Features

Works with any Volatility module that provides a SQLite render method (some don't)
Automatically detects plugins - If volatility sees the plugin, so will eVOLve
All results stored in a single SQLite db stored beside the RAM dump
Web interface is fully AJAX using jQuery & JSON to pass requests and responses
Uses Bottle module in Python to provide a standalone web server
Option to edit SQL query to provide enhanced data views with data from multiple tables
Run plugins and view data from any browser - even a tablet!
Allow multiple people to review results of single RAM dump

Coming Features

Save custom queries for future use
Import/Export queries to share with others
Threading for more responsive interface while modules are running
Export/save of table data to JSON, CSV, etc
Review mode which requires only the generated SQLite file for better portability

Download

الاثنين، 13 أبريل 2015

Maldroid Framework To Extract Actionable Data From Android Malware

Maldroid: Simple Framework To Extract Actionable Data From Android Malware (C&Cs, phone numbers etc.) .

Maldrolyzer
Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers etc.)

Installation
You have to install the following packets before you start using this project:

Androguard (https://github.com/androguard/androguard)
PyCrypto (easy_install pycrypto)
pyelftools (easy_install pyelftools)
yara (easy_install yara)

Architecture
Idea is really simple and modular. The project has couple of directories, which host a place for you static analysis or output processing:

plugins - this is were the code responsible for the malware identification and data extraction is. Every class has to inherit from Plugin class from templates.
Method recon identifies the malware - put there all of the code you need to make sure you can extract the data. Method extract does the usual extraction. There is no specific format for the extracted data, but it's good to keep it in Python dictionary, so that the output processors could read it in a uniform way.

processing - this is were you put classes that inherit from Output Processor class. They are invoked after the data extraction and get the extracted info.
process method takes the data and produces some kind of a result (i.e. adds a file or C&C to you database, checks if the C&C is live etc.)
If you want to contribute, write a plugin that decodes some new malware family. It's easy, just look at the existing plugins.

Usage

So, you have an APK sample and you don't know what it is and where is the C&C? Type:

python maldrolyzer.py [sample_path]

If maldrolyzer knows the malware family it will display some useful information like:

{'c2': ['http://esaphapss.net/bn/save_message.php'],
'malware': 'xbot007',
'md5': 'ce17e4b04536deac4672b98fbee905e0',
'sha1': 'a48a2b8a5e1cae168ea42bd271f5b5a0c65f59a9',
'sha256': 'c3a24d1df11baf2614d7b934afba897ce282f961e2988ac7fa85e270e3b3ea7d',
'sha512': 'a47f3db765bff9a8d794031632a3cf98bffb3e833f90639b18be7e4642845da2ee106a8947338b9244f50b918a32f1a6a952bb18a1f86f8c176e81c2cb4862b9'}

Download

السبت، 11 أبريل 2015

URL Redirection Vulnerability On PayPal Developers Website

URL Redirection Vulnerability On PayPal Developers Website.

Hi, my name is Rui Silva and I’m a security researcher from Portugal with 17 years old. I will explain how I found one url redirection vulnerability on PayPal Sub domain developer.paypal.com !

Description:
[#] Title : URL Redirection Vulnerability on PayPal Developers
[#] Status : Unfixed/Duplicate
[#] Severity : Medium
[#] Works on : Chrome Version 41.0.2272.118 m

POC:

Steps to reproduce:
First signup on PayPal Website.
After this go to: developer.paypal.com/developer/login?successRedirect=
On sucessRedirect= add http:/google.pt

Final URL:
developer.paypal.com/developer/login?successRedirect=http:/google.pt

Now open this url on a tab on chrome browser and click enter.
After click enter signin on your paypal account and you will be redirected to google.pt website.

After found I report this to PayPal Security Team.
One week later they reply me.

PayPal Reply:

And after wait… 1 or 2 hours later they reply me again

Reply:

Thanks to all for your support!
I hope you enjoyed the article

Video:

HOC Team is congratulate to Rui Silva for Found the Bug.

الأربعاء، 8 أبريل 2015

Top 10 DDoS Attack Trends And Their Implications

Top 10 DDoS Attack Trends

Discover the latest DDoS attacks and their implications.

DDoS attacks are constantly evolving, both in terms of size as well as sophistication. Not keeping up with the changes in the DDoS attack landscape could leave your business vulnerable to attacks. This paper outlines the top 10 DDoS attack trends.

Whitepaper is Published by Imperva Download free

Download Now

الثلاثاء، 7 أبريل 2015

Anonymous Hactivists Attack On Israel Cyber Space

Anonymous Hactivists Attack On Israel Cyber Space.
Tango Down! #OpIsrael On 7th Apr.

Anonymous mission is to erase Israel cyberspace on 7th Apr for crimes in Palestine. Israel Computer Emergency Response Team (CERT) said it is alleged that Anonymous have targeted lots of websites.

Hackers also targeting websites via hidden virus like trojan horse. OpIsrael Twitter account claimed that they hacked +150,000 Gmail , Facebook, Hotmail and phone numbers.

+150000 leaked information Phone numbers Facebook accounts-Gmail accounts-Hotmail accounts http://t.co/HCyltzEuKW #Opisrael #Opisrael2015
— #OpIsrael (@Op_Israel) April 7, 2015

Also they hacked 6000 israel modems in Operation Israel.

6000 modems hacked by Anonymous Arabe http://t.co/KZ52tynpjQ #opisrael pic.twitter.com/KT2j6gqk4D
— #OpIsrael (@Op_Israel) April 6, 2015

They given message in Video:

"Greetings World, We Are Anonymous, This is a message to the foolish Zionist entities, We are coming back to punish you again, for your crimes in the Palestinian territories, as we do every year on 7 April, All we see is continuous aggression, bombing, killing and kidnapping of the Palestinian people, as in the last war against Gaza in 2014,
We also see complete silence from other Arab, and foreign countries, Although this is nothing new to us, we refuse to stand by idly. Our response to these heinous crimes against humanity, will be on 7 April 2015. As we did many times, we'll take down your servers, government websites, Israeli military websites, banks, and public institutions. We'll erase you from cyber space as we have every year, 7 April 2015, will be an electronic holocaust, a message to the youth of Palestine,"

Mostly websites are under DDOS (Distributed Denial of Service) Attack which sent million fake traffic on israel websites and it gets down.

الأحد، 5 أبريل 2015

Windows 7 Todas as Versões 2015 Torrent PT-BR

Todos Hotifix ate a data (17-04-2015).

Sem programas Instalados, somente 11 imagens na arquitetura x86x64, adcionado o netframework 4.5 e seus updates foi integrado apenas drive USB3.

Windows 7 Starter [x64]

Windows 7 Home Basic [x64]

Windows 7 Profissional [x64]

Windows 7 Ultimate [x64]

Windows 7 Enterprise [x64]

Windows 7 Starter [x86]

Windows 7 Home Basic [x86]

Windows 7 Home Premium [x86]

Windows 7 Profissional [x86]

Windows 7 Ultimate [x86]

Windows 7 Enterprise [x86]

SENHA PARA DESCOMPACTAR: c0l3t1v1d4d3@!

Tutorial como criar um Pen Drive com Windows Bootavel
Veja o vídeo explicado passo a passo :

Tamanho: 6 gb

Formato: ISO

Facilidade de Uso: 10

Interface Gráfica: 10

Número de Mídias: 1 dvd

Idioma: PT-BR

Download WINDOWNS 7 ATUALIZADO 2016

Download WINDOWNS 7 2016 :

Download TORRENT

Download TORRENT :

Commix Command Injection Exploiter To Test And Find Web Application Bugs

Commix Command Injection Exploiter To Test And Find Web Application Bugs.

Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.

By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.

Requirements
Python version 2.6.x or 2.7.x is required for running this program.

Installation

Download commix by cloning the Git repository:

git clone https://github.com/stasinopoulos/commix.git commix

Usage

Usage: python commix.py [options]

Options

-h, --help Show help and exit.
--verbose Enable the verbose mode.
--install Install 'commix' to your system.
--version Show version number and exit.
--update Check for updates (apply if any) and exit.

Target

This options has to be provided, to define the target URL.

--url=URL Target URL.
--url-reload Reload target URL after command execution.
Request

These options can be used, to specify how to connect to the target
URL.

--host=HOST HTTP Host header.
--referer=REFERER HTTP Referer header.
--user-agent=AGENT HTTP User-Agent header.
--cookie=COOKIE HTTP Cookie header.
--headers=HEADERS Extra headers (e.g. 'Header1:Value1\nHeader2:Value2').
--proxy=PROXY Use a HTTP proxy (e.g. '127.0.0.1:8080').
--auth-url=AUTH_.. Login panel URL.
--auth-data=AUTH.. Login parameters and data.
--auth-cred=AUTH.. HTTP Basic Authentication credentials (e.g.
'admin:admin').

Injection

These options can be used, to specify which parameters to inject and
to provide custom injection payloads.

--data=DATA POST data to inject (use 'INJECT_HERE' tag).
--suffix=SUFFIX Injection payload suffix string.
--prefix=PREFIX Injection payload prefix string.
--technique=TECH Specify a certain injection technique : 'classic',
'eval-based', 'time-based' or 'file-based'.
--maxlen=MAXLEN The length of the output on time-based technique
(Default: 10000 chars).
--delay=DELAY Set Time-delay for time-based and file-based
techniques (Default: 1 sec).
--base64 Use Base64 (enc)/(de)code trick to prevent false-
positive results.
--tmp-path=TMP_P.. Set remote absolute path of temporary files directory.
--icmp-exfil=IP_.. Use the ICMP exfiltration technique (e.g.
'ip_src=192.168.178.1,ip_dst=192.168.178.3').

Disclaimer
The tool is only for testing and academic purposes and can only be used where strict consent has been given. Do not use it for illegal purposes!!

Download

السبت، 4 أبريل 2015

Windows 7 Todas as Versões 2015 PT-BR

Todos Hotifix ate a data (17-04-2015).

Sem programas Instalados, somente 11 imagens na arquitetura x86x64, adcionado o netframework 4.5 e seus updates foi integrado apenas drive USB3.

Windows 7 Starter [x64]

Windows 7 Home Basic [x64]

Windows 7 Profissional [x64]

Windows 7 Ultimate [x64]

Windows 7 Enterprise [x64]

Windows 7 Starter [x86]

Windows 7 Home Basic [x86]

Windows 7 Home Premium [x86]

Windows 7 Profissional [x86]

Windows 7 Ultimate [x86]

Windows 7 Enterprise [x86]

SENHA PARA DESCOMPACTAR: c0l3t1v1d4d3@!

Tutorial como criar um Pen Drive com Windows Bootavel
Veja o vídeo explicado passo a passo :

Tamanho: 6 gb

Formato: ISO

Facilidade de Uso: 10

Interface Gráfica: 10

Número de Mídias: 1 dvd

Idioma: PT-BR

Download WINDOWNS 7 ATUALIZADO 2016

Download WINDOWNS 7 2016 :

Download TORRENT

Brupload

Windows 8.1 Todas as Versões 2015 PT-BR

O Windows 8.1 Todas as Versões 2015 32 e 64 bits é a atualização com uma série de respostas às críticas feitas ao sistema operacional Windows 8. Nele, a Microsoft melhorou características básicas, como a busca e as opções de personalização. O retorno do botão Iniciar, ao canto inferior esquerdo da área de trabalho, é o ponto mais marcante dessa atualização.

Prós

Melhorou muitas funcionalidades existentes

Gratuita para atualizar

Boas opções de personalização

SkyDrive totalmente integrado

Finalmente, inicialização diretamente para o desktop

Multitarefa e redimensionamento melhorados são muito úteis

CONFIGURAÇÃO MINIMA

. Processador: Intel Core ou AMD Athlon 64 X2

. Memória RAM: 2 GB de Ram

. Disco rígido: 20 GB de espaço disponível

Todos Hotifix ate a data (15-04-2015).

Nenhum programa foi adicionado ao Windows.

Nenhum registro foi modificado.

Internet Explorer 11

Todas as versões são Pré-Ativadas

Update 3

Tutorial como criar um Pen Drive com Windows Bootavel
Veja o vídeo explicado passo a passo :

Tamanho: 5.94 GB

Formato: ISO

Facilidade de Uso: 10

Interface Gráfica: 10

Número de Mídias: 1 DVD DUAL LAYER

Idioma: Português

Download TORRENT

Download TORRENT :

Download BR2Share Parte 1

Download BR2Share :

Download BR2Share Parte 2

Download BR2Share :

Download BR2Share Parte 3

Download BR2Share :

Download BR2Share Parte 4

Download BR2Share :

Download BR2Share Parte 5

Download BR2Share :

Windows 7 e Windows 8.1 PT-BR 2015 Torrent

Windows 7 e Windows 8.1 PRO PTBR ESD 2015 32 e 64 Bits

Integrados na mesma ISO

OBS: Faça backup de seus arquivos. Teste a ISO em uma máquina virtual antes de formatar o PC.

1. Grave a ISO em uma mídia (DVD-9) ou pendrive (Rufus incluso).

2. Dê boot e instale o Windows.

3. Use o Windows Loader para ativar o Windows 7 e o Microsoft Toolkit para ativar o Windows 8.

* Atualizações até 16 de Abril de 2015

Ativador Disponível:

* Windows Loader 2.2.2 e Microsoft Toolkit

Edições Inclusas:

* Windows 7 Pro [32 e 64 Bits]

* Windows 8.1 Pro [32 e 64 Bits]

Ficha Técnica:

Função: Sistema Operacional

Fabricante: Microsoft

Idioma: Português BR

Site Oficial: http://www.microsoft.com/

Tamanho: 8,27 GB

Versão: PRO

Formato: ISO

Créditos: zero cool root

Tutorial como criar um Pen Drive com Windows Bootavel
Veja o vídeo explicado passo a passo :

Download TORRENT

Download MEGA :