via anonymous FTP to rsa.com:/pub/faq. Please send comments and corrections to faq-editor@rsa.com. === DISTRIBUTION: How to obtain this document This document has been brought to you in part by CRAM, involved in the redistribution of valuable information to a wider USENET audience (see below). The most recent version of this document can be obtained via the author's instructions above. The following directions apply to retrieve the possibly less-current USENET FAQ version. FTP This FAQ is available from the standard FAQ server rtfm.mit.edu via FTP in the directory /pub/usenet/news.answers/cryptography-faq/rsa/ Email Email requests for FAQs go to mail-server@rtfm.mit.edu with commands on lines in the message body, e.g. `help' and `index'. Usenet This FAQ is posted every 21 days to the groups sci.crypt talk.politics.crypto alt.security.ripem sci.answers talk.answers alt.answers news.answers _ _, _ ___ _, __, _, _ _, ___ _ _, _, _ _ _, __, _, _ _ ___ __, | |\ | |_ / \ |_) |\/| / \ | | / \ |\ | | (_ |_) / \ | | |_ | ) | | \| | \ / | \ | | |~| | | \ / | \| | , ) | \ / |/\| | |~\ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~~~ ~ ~ === CRAM: The Cyberspatial Reality Advancement Movement In an effort to bring valuable information to the masses, and as a service to motivated information compilers, a member of CRAM can help others unfamiliar with Usenet `publish' their documents for widespread dissemination via the FAQ structure, and act as a `sponsor' knowledgable in the submissions process. This document is being distributed under this arrangement. We have found these compilations tend to appear on various mailing lists and are valuable enough to deserve wider distribution. If you know of an existing compilation of Internet information that is not currently a FAQ, please contact us and we may `sponsor' it. The benefits to the author include: - use of the existing FAQ infrastructure for distribution: - automated mail server service - FTP archival - automated posting - a far wider audience that can improve the quality, accuracy, and coverage of the document enormously through email feedback - potential professional inquiries for the use of your document in other settings, such as newsletters, books, etc. - with us as your sponsor, we will also take care of the technicalities in the proper format of the posted version and updating procedures, leaving you free of the `overhead' to focus on the basic updates alone The choice of who we `sponsor' is entirely arbitrary. You always have the option of handling the submission process yourself. See the FAQ submission guidelines FAQ in news.answers. For information, send mail to <tmp@netcom.com>. \ \ \ \ \ \ \ \ \ | / / / / / / / / / / _______ ________ _____ _____ _____ /// \\\ ||| \\\ /// \\\ |||\\\///||| ||| ~~ ||| /// ||| ||| ||| \\// ||| ||| __ |||~~~\\\ |||~~~||| ||| ~~ ||| \\\ /// ||| \\\ ||| ||| ||| ||| ~~~~~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~ / / / / / / / / / | \ \ \ \ \ \ \ \ \ \ C y b e r s p a t i a l R e a l i t y A d v a n c e m e n t M o v e m e n t * CIVILIZING CYBERSPACE: send `info cypherwonks' to majordomo@lists.eunet.fi * Crypto Sites http://www.cryptocracking.cjb.net http://www.kanal23.knows.it ( QHQCrker) http://cryptokg.cjb.net/ Tui copy cho bác kienmanowar nè :) :P :D www.kanal23.knows.it - the site of the group who is closest to my heart www.tkm-squad.prv.pl - very good crypto site. much to learn www.witeg.prv.pl - homepage of THE crypto guy - WiTeG www.cryptosig.prv.pl (*)- an usefull IDA signature by Cauchy www.crackmes.de - tons of crackmes to test not only your crypto skillz www.bgrc.cjb.net - very nice cracking portal www.krio.cjb.net - home page of an excellent cracker and friend of mine www.tymon.prv.pl - homepage of a very good crypto cracker www.deamon.anticrack.de - site with tons of anti- tricks. www.exetools.com/forum - forum directed mostly on unpacking and related www.crackmes.prv.pl - site full of interesting and mostly crypto crackmes www.reteam.org - home page RET group.VERY nice papers and projects www.rsasecurity.com - RSA company www.certicom.com - Certicom - ecc related papers and challenges www.peid.has.it - PEiD homepage www.shoup.net - Victor Shoup's home page. Great source of information www.cryptokg.cjb.net - crypto keygenme's to test your skillz. Dead atm. www.cacr.math.uwaterloo.ca - very interesting crypto papers http://www.alpertron.com.ar/DILOG.HTM - fast DLP calculator http://www.jmilne.org/math/ - a nice math web site J.S.Milne http://www.cacr.math.uwaterloo.ca/hac/ (by benina) http://pajhome.org.uk/crypt/index.html http://www.members.shaw.ca/pccruiser s/digsigna.htm (by zombie) Something here: http://www.fortunecity.com/skyscrape 79/lesson1.htm http://www.cacr.math.uwaterloo.ca/hac/ google (by clarken) Attack Server = WMF Bài viết khá hay, các bạn newbie nên đọc qua, nếu nhai được thì lần sau mình sẽ post nhiều bài khác.Tools thì đã có key sẵn các bạn tự search nhé. Attack Server Bằng Phương Pháp Exploit Lõi Bảo Mật WMF - Bài lab này chỉ được dùng cho mục đích học tập và nghiên cứu về bảo mật, không được thực hiện trên các hệ thống mà không có thẩm quyền. Attack Server By Exploit WMF . Thực hiện bởi RedKomodo365 Chúng ta đã thực tập cách cài đặt và sử dụng Metasploit Framework với các exploit sẳn có cũng như cách thức để cập nhật mã khai thác những lổ hổng mới của các hệ thống ứng dụng như wmf, createtextrange Sau đây là một file video demo cách thức khai thác lổ hổng dựa trên lỗi bảo mật wmf mà chúng ta đã biết. Đây là một lỗi nguy hiểm ảnh hưởng đến tất cả các hệ thống MS Windows . Attacker boot máy bằng đĩa Attack Tool. Ngòai ra Attacker có thể cài đặt Metasploit Framework trên Windows như minh họa trong file video (Download source từ www.metasploit.com) Hình ảnh các bước tiến hành như sau: 1. Khởi động MSF 2.Kiểm tra IP của Attacker Machine (192.168.1.114): . === DISTRIBUTION: How to obtain this document This document has been brought to you in part by CRAM, involved in the redistribution of valuable information to a wider USENET audience. quality, accuracy, and coverage of the document enormously through email feedback - potential professional inquiries for the use of your document in other settings, such as newsletters, books,