Do you know? Even in DNS take down you can youcan access your favourite
sites.
People may think that in DNS shoutdown they can lost access to their
addicted websites.
But after reading this article you will know how easily you can access
your websites. You can access them by typing their
Hi
To any security-aware VPN providers out there reading this:
More than 800 hosts (mostly from Asia) started hitting TorVPN.com's
webserver on HTTPS with login requests.
Before blocking them all (and adding them to the proxy list section of my
site after testing, heh)
I decided to
Querying IP-address against the NiX database will help you in case of
abuse. The following information will be provided if the IP is listed:
IP Country/Region/City
Data Center Details (Currently over 68 million hosting provider IP's are
listed)
Satellite Provider Details
Open Proxy Details
Tor
http://seclists.org/nmap-hackers/2011/5
That's pathetic. Anonymous is usually being called on situations like this
...
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by
In message c2122821abc4d89254092500a8814215.squir...@gameframe.net,
nix@mypro
xylists.com writes:
Hello list.
I've source compile of BIND 9.8.1 on the server.
I've been investigating weird iptables messages as follows:
Oct 29 14:53:13 NIX kernel: IN= OUT=eth0 SRC=MY_SERVER_IP
DST
Hello list.
I've source compile of BIND 9.8.1 on the server.
I've been investigating weird iptables messages as follows:
Oct 29 14:53:13 NIX kernel: IN= OUT=eth0 SRC=MY_SERVER_IP DST=62.80.128.29
LEN=114 TOS=0x00 PREC=0x00 TTL=64 ID=31795 PROTO=UDP SPT=53 DPT=5060
LEN=94
I received a message
Hi List,
i thougt this could be interesting. My english is not very good so i
copied
the following information from FSecure (
http://www.f-secure.com/weblog/archives/2249.html)
Chaos Computer Club from Germany has tonight announced that they have
located a backdoor trojan used by the
I regularly trawl Pastebin.com to find code - often idiots leave some 0day
and similar there and it is nice to find.
Well, seeing as I have no test boxes at the moment, can someone check this
code in a VM? I am not sure if it is legit or not.
http://pastebin.com/ygByEV2e
Thanks :)
http://packetstormsecurity.org/files/25728/w000t-shell.c.html
It's a trojan, based on the w00t-shell.c code; the shell code adds a
passwordless root account under the name w000t.
Nice try though. I was not aware that this shellcode was freely available
but after debugging the same
I'd be interested to know if you find more than 1% active in that list.
My timeout was 45 seconds, so you might do much better if you're
patient. But the live ones are usually pretty fast.
I forgot to post list yesterday after testing.
|NiX| Checked 135440 proxies in 0 days 4 hours 11
not asked, but ~suggested:
This is offered as data you may be able to use for forensic purposes
or router block lists.
It's stupid to block blindly. So for example, every proxy is being tested
before it's being added to the blacklist, at least when it comes to NiX
API.
This way if someone
Youku or QQ) in Chinese-speaking countries.
Thanks for the list, I will post working proxies out of that list as soon
as NiX Proxy Checker has finished. It can beat 600k proxy in 24 hours so
this list has been checked in ~5.5 hours.
I believe those proxies are new botnet proxies, just like port
Look like my sites were not vulnerable. Does any of you know which setting
or module prevents kingcope's 'killer' from working?
I have the latest mod_qos and suhosin extension installed. ModSec is
disabled. I simply haven't had time to investigate this issue.
Thanks
Hello list, as the subject says. I run a PR4 proxy site. Im looking for LE
parthers. If you host PR3+ based security site or any IT related site.
Don't hesitate to contact me.
A brand new PR4 backlink from my main page will help your site in terms of
SEO and best part is, no need to pay anything.
Are you a member of the intelligence community?
Andrew
I don't think so. Which community you are referring to?
---
Independent consultant
www.n3td3v.org.uk
- Original Message -
From: n...@myproxylists.com n...@myproxylists.com
To: full-disclosure@lists.grok.org.uk
On 8/23/11 6:20 PM, n...@myproxylists.com wrote:
This is what you jealous people want to say.
I don't care, i don't have any business with glype.com nor with you .
Well then I wonder why you made this accusation to public. What comes to
proxifying, there are always some similarities.
Im
Reagrding this bug,
The release should have also specified a bugfix / workaround, ofcourse
usually this is the case, altho the one i have seen, does not work on all
boxes.
On a BSD 8.0 box, it killed eveything, swap/ram, eveything died/needed
reboot. now, what is quite annoying, i guess is
Random GlobaLeaks Contributors
Please spread across the anonimity communities and mailing lists
Im involved in anonymity and privacy research and development. I've
recently released NiX Web Proxy Script:
http://myproxylists.com/proxy-script
A fully working online demo: http://myproxylists.com
Im involved in anonymity and privacy research and development. I've
recently released NiX Web Proxy Script:
http://myproxylists.com/proxy-script
A fully working online demo: http://myproxylists.com/nix_web_proxy/
PS. Does tor2web require custom modification before you can use a
spesific
Im involved in anonymity and privacy research and development. I've
recently released NiX Web Proxy Script:
http://myproxylists.com/proxy-script
A fully working online demo: http://myproxylists.com/nix_web_proxy/
PS. Does tor2web require custom modification before you can use a
spesific
Hello list, is there interests of any kind to subjects feature?
I mean web proxy https://myproxylists.com/nix_web_proxy/ with same
features as firefox add-ons tamper data, modify headers and modify cookies
has? I think it would be quite cool feature while having 50-100 proxies to
choose from
I'm flooded with requests for a POC and many doubt that these
vulnerabilities are exploitable. And since this vulnerability is
rather technically interesting I believe many could learn from it.
http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html
Could you fix that font on your
Hi,
its kinda sstupid/s incorrect way of detecting ddos by reading http
responce.
if server says error 408, it could be just a script which takes long to
complete. if there is some caching server, e.g. nginx, before actual web
server, e.g. apache httpd, then error 502 could be a
were also charged by paypal for a
certain percentage of each fraudulent payment!
This is where NiX API comes in:
In most cases, the malicious user is denied access even before a
fraudulent purchase is made!
Since implementation of NiX API with it's current featuers: 0 fraudulent
purchases
It definitely does something
Well, what?
Example 1:
Your run a forum and ban a user for reason or another. You also
blacklisted his whole ISP subnet because you was very pissed due to abuse.
If he wants to, he will be back in less than five minutes with a proxy.
NiX API is effectily
On Thu, 09 Jun 2011 18:05:37 +0300, n...@myproxylists.com said:
In most cases, the malicious user is denied access even before a
fraudulent purchase is made!
Since implementation of NiX API with it's current featuers: 0 fraudulent
purchases in last 2-3 weeks period. It definitely does
while filing
their
forms regarding unauthorized claims. We were also charged by paypal for
a
certain percentage of each fraudulent payment!
This is where NiX API comes in:
In most cases, the malicious user is denied access even before a
fraudulent purchase is made!
Since implementation
Now we maybe found the answer at what the API do..
It scan back at wellknow proxy port from the connection attempt from the
visitor ? In irc daemon I know they use those kind of trick a lot to
prevent botnet, but well, scanning back your potential buyer is kinda not
ok in my opinion.
This
On Thu, Jun 9, 2011 at 11:02 AM, n...@myproxylists.com wrote:
On Thu, Jun 9, 2011 at 9:49 AM, n...@myproxylists.com wrote:
You're a legit user -- Why in earth you would like to use a proxy or
or
anonymizer to do the purchase?
Why I would do so and purchase unless I have something to
On Thu, Jun 9, 2011 at 2:20 PM, n...@myproxylists.com wrote:
Yes. That's the flipside of the coin. However though, any merchant that
accepts purchases from user's behind proxies or other anonymizer's is
taking a siginificant risk. According to my knowledge and experience, if
this proxy
HELo tor.hu
MAIL FROM:fulld...@tor.hu
RCPT TO:full-disclosure@lists.grok.org.uk
DATA
From: TOR fulld...@tor.hu
To: Full Disclosure full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] NiX API
However though, any merchant that accepts purchases from user's behind
proxies
On Fri, 10 Jun 2011 02:40:16 +0300, n...@myproxylists.com said:
Im happy to hear it works out to you. A few days ago, i received an
email
from https://www.proxpn.com/ admin that he suspended fraudulent user VPN
account due to the abuse. A fraudster used a stolen credit card using
their VPN
WHAT IS NIX API?
The most advanced and effective up-to-date ANTI-FRAUD/ANTI-PROXY API
solution for webmasters which enables quick and easy access prevention to
unwanted and malicious users who are difficult to block using standard
methods.
You can use this advanced technology to protect your
Never trust an Indian software company.
Sure, go ahead and trust the Pakis instead ;-)
What's wrong with those countries? I've seen users from the both countries
advertising services with words such as leading, professional and when
we look at their contact emails, we'll find
Maybe they should call that You don't have to patch genius! Lol
http://www.eweek.com/c/a/Security/Sony-Networks-Lacked-Firewall-Ran-Obsolete-Software-Testimony-103450/
I could understand if this would happend to a script kid without knowledge
of security but when it did happened to sony
Hi FD!
Hope you are doing good. I have hacked FBI and NASA :) and I think I am at
the top of the world.
I am a fu**ing a$$h0le ... I am Gay and am Fu**ing proud of it coz I can
take not 1..not 2... not 3... but 10 at a time in my a$$
In case anyone is !nterested let me know coz I can
found this
Facebook Law Enforcement Guidelines
http://exit.gulli.com/url/http://info.publicintelligence.net/Facebook2010.pdf
Interesting. Their guideline does not say anything about a court order so
we can assume they give all personal data upon request just like that.
On 04.05.11
Julian Assagne said:
--
Facebook in particular is the most appalling spying machine that has ever
been invented. Here we have the worlds most comprehensive database about
people, their relationships, their names, their addresses, their locations
and the communications with each other, their
M$ are in the love in
http://news.cnet.com/8301-31921_3-20057329-281.html
On Tue, Apr 26, 2011 at 8:12 PM, Ivan . ivan...@gmail.com wrote:
Interesting write up, and apparently old news
If you have jailbroken your phone, just use cydia and search for tool
'Untrackerd' to fix this
All iPhones appear to log your location to a file called
consolidated.db. This contains latitude-longitude coordinates along
with a timestamp. The coordinates aren't always exact, but they are
pretty detailed. There can be tens of thousands of data points in this
file, and it appears the
://subscribe.wordpress.com/?key=f789a3089316029758e7760f1dd2adademail=nix%40myproxylists.com
Unsubscribe:
http://subscribe.wordpress.com/?key=f789a3089316029758e7760f1dd2adademail=nix%40myproxylists.comb=aCdPTreN%3FJ%2Cm8TRK2pKA%2FOqOK%3FmeJaJqtroqk%3D%2Bccpazu%3D%5BB
Title: WordPress.com
The amount of the donation is not fixed.
Can I make a 0 euro donation?
Are you bored or stupid, or both?
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia -
Vulnerabilities in *McAfee.com
Am I right? Do they offer Verified by McAfee security services but are
too lazy to fix their own shit? If so, LOL :D
1. VULNERABILITY DESCRIPTION
- Cross Site Scripting
On Sun, Mar 27, 2011 at 7:45 PM, n...@myproxylists.com wrote:
Vulnerabilities in *McAfee.com
Am I right? Do they offer Verified by McAfee security services but are
too lazy to fix their own shit? If so, LOL :D
Maybe you should grow up you little twerp.
Andrew
Are you trying to make
Gmail can be blocked by simply blocking Google's SSL certificate(s).
When you visit Gmail, Google sends your browser its SSL Server
Certificate. Without this certificate, no connection can be made.
For example, running the following command, then browsing to
https://mail.google.com/, will
Gmail can be blocked by simply blocking Google's SSL certificate(s).
When you visit Gmail, Google sends your browser its SSL Server
Certificate. Without this certificate, no connection can be made.
For example, running the following command, then browsing to
https://mail.google.com/, will
NiX Brute Forcer is a tool that uses brute force in parallel to log into a
system without having authentication credentials beforehand. This tool is
intended to demonstrate the importance of choosing strong passwords.
After you've used it, you'll see why it will outright beat any other brute
NiX Brute Forcer is a tool that uses brute force in parallel to log into a
system without having authentication credentials beforehand. This tool is
intended to demonstrate the importance of choosing strong passwords.
After you've used it, you'll see why it will outright beat any other brute
(anonymous or transparent) will get
defeated by the NiX API that are being used to abuse your sites/services.
For example my internal investigation proved that nearly all of the open
proxies are being used to abuse CPM or other ADS releated services to make
the clicks through the proxies and so
Failed on Ubuntu 10.10 (2.6.35-23-generic)
t...@bifrost:/tmp$ uname -a
Linux bifrost 2.6.35-23-generic #41-Ubuntu SMP Wed Nov 24 11:55:36 UTC
2010 x86_64 GNU/Linux
t...@bifrost:/tmp$ ./a.out
[*] Resolving kernel addresses...
[+] Resolved econet_ioctl to 0xa03d9610
[+] Resolved
Would you care to offer what particular tests you did to compare your tool
to Hydra?
Just curious.
Ryan
Execuse my english. Here´s NiX advantages over Hydra:
---
Support all proxies: HTTP/SOCKS 4 and 5 proxy support - Integrated proxy
randomization to defeat certain protection mechanisms
There are several fixes done in this release compared to the 1st version.
It is encouraged to upgrade to the latest version.
To those who want to ask, does it outperform Hydra? Yes it does,
especially in basic auth and form mode.
Full features and download: http://myproxylists.com/nix-brute
Are there any exclusively NiX forums? I've run into similar issues and
google isnt finding much for me
ugh
There are no NiX forums, if you are having issues, just ask me. What kind
of issues?
Some people have asked what advantages NiX offers over other tools, this
question should have
to Medusa for the brute force tests I run from time
to time (ie not often, a few times a year at most).
But, to make it clear, it is just my personal opinion, I am not saying
that your tool is not interesting or useless.
If you read the first post i did regarding NiX:
http://seclists.org
:
It does support only single proxy, any site that has even a bit protection
will defeat it. NiX does support HTTP/SOCKS4/SOCKS5 (as much as you have
working proxies) with randomization etc. This is significant advantage
over any other tool.
I have worked 1.5 months constantly on NiX, after i have had
any kind of FORM support from hydra, i have put a good
amount of time to FORM auto-detection logic as well (very good for less
advanced users).
Some people have asked what advantages NiX offers over other tools, this
question should have been answered now.
Good job coding it though, I can't
NiX Brute Forcer is a parallel login brute-forcer. This tool is intended
to demonstrate the importance of choosing strong passwords. The goal of
NiX is to support a variety of services that allow remote authentication
such as: HTTP(S) BASIC/FORM, MySQL, SSH, FTP. It is based on NiX Proxy
Checker
Original Message
Subject: Re: [Full-disclosure] NiX - Linux Brute Forcer (the beast) has
been released!
From:Abuse 007 abuse...@gmail.com
Date:Fri, November 12, 2010 3:22 am
To: n...@myproxylists.com
Hi, this tool is alternative to Hydras´s. It is based on NiX Proxy
Checker. Here´s the page for development status:
http://myproxylists.com/nix-brute-force
The tool will be freeware and I am quite confident that first public beta
will be available in few weeks.
If anyone is interested in beta
59 matches
Mail list logo