Hey Can Anyone tell me about astalavista.com its sems to be good-Site www.astalavista.com
Printable View
Hey Can Anyone tell me about astalavista.com its sems to be good-Site www.astalavista.com
Why don't you try agian... only this time make it seem as if you've got a real question to ask other-wise im just going to blurt out random things about it. Now then...
You posted a link to it here...
It has downloads...
People such as yourself seem to like it...
|The|Specialist wouldn't give these *******s money...
It has been a few years since |The|Specialist has seen that site...
Oh yeah, and |The|Specialist quickly remembers why he doesn't browse it...
|The|Specialist is bored and is running out of things to say about it...
They ask for membership fee to provode you exploits and tools i think that is like saying hey you don't know how to use google ok here is a site with all the exploits at a single place.now you don't have to search.
Although i must add here that i have never been a member of that site so i don't know what type of exploits they provide or any such information.
But as far exploitation goes even if they provide you a more then POC exploit then also you won't be able to use it in most of situations.
There are various reasons for that when you design you have to consider :
1)software itself
2)OS
3)port number
4)type of connection between attacker and shell after success exploitation of vulnerability.
ok so say you wish to use that exploit that they provide now software is no problem OS is OK(lets say)port number is same
but what about 4th constraint?firewalls are every where on internet today.
they may be configured to block:
1)all incoming requests to any port number other then used by allowed services.
2)all outgoing requests (reverse shell becomes useless here)
etc.....
now in this simple case you can't use a bind shell exploit as you are not allowed to bind to any port number other then used by legal services allowed on that system.
You can't use reverse shell in which you send a shell to a perticular IP on a perticular port.
SO............?
this are the two vary basic POC exploits provided by various sites and attackers online i don't think astalavista will provide any thing more then that.
One solution is rebind shell which bind shell to same port number as used by service being exploited but they can't provide a universal shellcode for everyone as there are constraints related to prot number and IP check(to check ip address of requesting party so that any one trying to telnet on that port doesn't get a shell)
If you need more information about what i said above see this http://phrack.org/show.php?p=62&a=7
SO my answer to what i think you wanted to ask is don't waste your money.get a book on exploit programming read about buffer overflow and try to exploit simple known vulnerabilities on some old box this may take time(as you need to know c,asm,network programming in c) but once you master that you will be able to write your own exploits for any advisory released.
Umm NEW site??? I've been visiting that thing for quite a few years, albeit admittedly not on a regular basis. They have some good papers once in a while about various things... I don't know anything about memberships and what have you though.
You call it a new website i used to visit it almost 5 years ago if i am not mistaking..... The feature i like about this website is cracks & Serials..... Other than that nothin great in it for me after joinning with AO.
Hi
Well, astalavista.com. As mentioned, it's already out there for quite a while and had
its start in the context of serials/cracks. But anyway, I want to add the following thing.
And apologize for this single-sided, simplistic "argument", but I could not resist... :D
Today[1], a publication about
"Reverse code engineering: An in-depth analysis of the bagle virus"[2]
has been published there.
Remarkable, that this one was published here by the author himself, and
discussed a long time ago[3].
Cheers
[1] http://www.astalavista.com/
[2] http://www.astalavista.com/?section=...d=file&id=3322
[3] http://www.antionline.com/showthread...hreadid=263687
You don't have to apologise.That is a really good example of what i was trying to say above.Quote:
Originally posted here by sec_ware
Hi
Well, astalavista.com. As mentioned, it's already out there for quite a while and had
its start in the context of serials/cracks. But anyway, I want to add the following thing.
And apologize for this single-sided, simplistic "argument", but I could not resist... :D
Today[1], a publication about
"Reverse code engineering: An in-depth analysis of the bagle virus"[2]
has been published there.
Remarkable, that this one was published here by the author himself, and
discussed a long time ago[3].
Cheers
[1] http://www.astalavista.com/
[2] http://www.astalavista.com/?section=...d=file&id=3322
[3] http://www.antionline.com/showthread...hreadid=263687
Greeting's
Well just before you go to that site or even download any file, better check for these
1. your OS and other important software like antivirus, firewall are up-to-date
2. If you can switch to firefox browser or set security settings to high (or better add this site to restricted zone).
3. Run a complete scan of your system and the files you downloaded from that site.
anyway the site is old like most of the members said and if you really want to know what the site is about the best thing is you visit it personally just check that you have atleast a good anti-virus installed and a well configured firewally (not one that you have configured to "allows everything")
Happy surfing.
That's not called a firewall, but a resource hog. It doesn't perform any functions that a firewall would be expected to [PEBKAC].Quote:
Originally posted here by ByTeWrangler
atleast a good anti-virus installed and a well configured firewally (not one that you have configured to "allows everything")
Yes, the infamous PEBKAC error (I always spelled it PEBCAK)...
The cause of all my problems.
You can spell it either-or... it's not important... what's important is that the P still exists somewhere :DQuote:
Originally posted here by Striek
Yes, the infamous PEBKAC error (I always spelled it PEBCAK)...
The cause of all my problems.
However i consider antionline forums more powerful than Astalavista Price Powered tools but sometime their design and infos prove to be really superior,plz do not take it otherwise what i am trying to say is that perhaps we can take some good things from them and implement it onto our own
Thank You
Yeah, everyone knows that this site has almost always looked like a ball of **** inside a play-doh'-container and before that, the place looked as if it where something JP made with frontpage then used as toilet paper to wipe his ass with. But in all honesty, I don't think there is really anything good about that site to add to AO.
Ay This is http://penguin-skills.com/ can anyone give anyfeedback on it.Seemed to be too complex infos on it for a newbie and i thought antionline forum can solve it.
Thank You
What is so complex about it? Its just a vulnerability archive... if you have any particular questions then why don't you just ask?
Hey Mr Specialist u should be nice in ur language Plz it is not pleasant to hear from you like that
Nobody's gonna hold your hand on the Internet! If you can't take it... go back from wherever you came. Nobody's forcing you to be here, and nobody has to do anything for you. I don't even get what he said that made you jump off your seat but that's irrelevant.Quote:
Originally posted here by san_debo2
Hey Mr Specialist u should be nice in ur language Plz it is not pleasant to hear from you like that
Anyway I'll let TheSpecialist take care of you in his own style, if he finds it fit to do so :D
Quote:
Originally posted here by san_debo2
Ay This is http://penguin-skills.com/ can anyone give anyfeedback on it.Seemed to be too complex infos on it for a newbie and i thought antionline forum can solve it.
Thank You
That is a list of exploits.Dude in order to understand any exploit first you have to understand vulnerability itself take for example first exploit in the list http://penguin-skills.com/index.php?action=view&id=401
Now that is Prozilla 1.3.6 remote stack overflow exploit.
find out what is :
1)prozilla
2)stack overflow
3)remote exploit
here are some good links for you if you are interested in exploit programming and understanding buffer overflow:
http://phrack.org/show.php?p=55&a=15
http://www.securiteam.com/securityre...OP0B006UQ.html
http://jikos.jikos.cz/remotesploits.html
Now apply reverse engineering on that software and see that vulnerability for your self.
No one is going to help you no one has enough time for that it would take me about one hour if i try to explain you what buffer overflow is and what you can do with it(BTW that information is available on net just google) and even if i do you won't understand it properly because it takes knowledge of ASM ,networking,c,shellcoding and network fundamental atleast.
Trust me it is difficult to explain try to do what i said above if you are interested in learning exploitation(as it appears from what you asked above)then do what i said and try to figure out how that POC exploit works.set up a LAN at your home and install windows 2000 server on it(unpatched)get a webdav exploit and try to exploit that with a POC exploit available on net.
If it doesn't work then make a post about it.if you don't understand anything ask that question properly.
By the way do you have a copy of hacking the art of exploitation?It is a nice book read that it will give you a good introduction of exploitation.
Exploitation is very interesting topics to me personally it is the most challenging topic I learnt a lot while learning exploitation techniques and programming.Best of luck.
Well more or less, to understand overflows you need a serious grounding in programming... what happens afterwards does involve everything you said... and to create exploits you definitely need to know more than just code. But you don't always need disassembled binaries to get exploits going... a debugger usually is needed.Quote:
Originally posted here by littlenick
... it takes knowledge of ASM ,networking,c,shellcoding and network fundamental atleast.
Great book indeed, I'm trying hard to find time to get deeper into it. And yes, I think exploiting does show a thorough understanding of code in all its forms... especially since there isn't always a recipee, and you need to tweak and try out different things.Quote:
By the way do you have a copy of hacking the art of exploitation?It is a nice book read that it will give you a good introduction of exploitation.
Exploitation is very interesting topics to me personally it is the most challenging topic I learnt a lot while learning exploitation techniques and programming.Best of luck.
But IMO there's a long way to go until you can really get into it. A lot of stuff you need to know about computers in general and the way in which they work in particular.
Cheers!
|The|Specialist is a dangerous criminal and generally not a nice guy, just ask anyone else here. At some point... everyone is a sociopath.Quote:
Hey Mr Specialist u should be nice in ur language Plz it is not pleasant to hear from you like that
Quote:
Hey Mr Specialist u should be nice in ur language Plz it is not pleasant to hear from you like that
|The|Specialist also has a very over-inflated ego, as is evidenced by his references to himself in the third person. His use of foul language and constant brags about being a 'criminal' as if it were stylish merely exemplifies his ignorance and total disregard for any modicum of decorum, most especially in this security oriented web forum. I would suggest to you, San_debo2, to place him on your ignore list if you can't handle what he has to say. I'm quite sure he won't really care one way or the other. His typical modus operandi from what I've seen since being here is to be insulting, usually completely fragmenting a topic thread while adding nothing of true value. Were you to choose to ignore him, you wouldn't miss very much, other than the occasional chuckle at his 'gutter wit'.Quote:
|The|Specialist is a dangerous criminal and generally not a nice guy, just ask anyone else here. At some point... everyone is a sociopath.
[edit] Since posting this earlier today, I have received greenies from MANY other members, both senior and not so senior here at AntiOnline. I'm curious - If we all put him on ignore, would he just go away?
Wishfully thinking, and thanks much for the support!
|ce
[/edit]