Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
The ha.ckers.org and sla.ckers.org web application security lab house rules and a place for you to introduce yourself if you like. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: PreviousFirst...23456789101112...LastNext
Current Page: 7 of 13
Re: Introductions
Posted by: rsnake
Date: March 21, 2007 04:40PM

No YOU rule! :) Welcome to the forums. Bounce away!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Introductions
Posted by: Kyran
Date: March 21, 2007 05:42PM

Tribute Wrote:
-------------------------------------------------------
> Welcome Syl4r. Heroes fan?

You say that like there are people that DON'T like Heroes!

- Kyran

Options: ReplyQuote
Re: Introductions
Posted by: Syl4r
Date: March 22, 2007 06:00AM

What is this Heroes you all speak of? It's my name!!

I like to eat Braaaaaaiiinnnssss



Edited 1 time(s). Last edit at 03/22/2007 06:06AM by Syl4r.

Options: ReplyQuote
Re: Introductions
Posted by: WhiteAcid
Date: March 22, 2007 08:43AM

Heroes--Zeroes

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Introductions
Posted by: goodwinster
Date: March 22, 2007 12:37PM

Hi; I'm goodwinster.

I'm a security geek based in Leicestershire, UK.

You might have seen some of my work on Joe Walker's blog. I've been hanging around for a few months now; thought I'd join in the fun.

Options: ReplyQuote
Re: Introductions
Posted by: rsnake
Date: March 22, 2007 01:25PM

Nice to meet you, goodwinster. Glad you have you finally join. I like to see the lurkers joining in. It'll keep the discussion alive!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Introductions
Date: March 22, 2007 03:56PM

I don't like "Heroes", but then again I don't like a lot of television shows.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Introductions
Posted by: fayte
Date: April 20, 2007 01:49PM

Hey,

Meaning to say hi for a while. Im a pen-tester in the uk focusing mainly on web-apps. Dabble in social engineering too.

Great community you have here, should be at Defcon this year so if anyone is going I might see you there!

-Joe

Options: ReplyQuote
Re: Introductions
Posted by: id
Date: April 20, 2007 04:03PM

Hi Joe, Both RSnake and I will try and be there, it's usually a lot of fun. Glad to have you here!

-id

Options: ReplyQuote
Re: Introductions
Posted by: rsnake
Date: April 21, 2007 12:13AM

Yah, and welcome... like id said, we both try to be there every year. But one way or another I'll post that info when it gets closer.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Introductions
Posted by: devilx
Date: April 26, 2007 04:30AM

Hey all,
This is devilx here. Just started working on web app penetration testing. Still got a long way to go, lot to learn.

Cheers

Floating around...

Options: ReplyQuote
Re: Introductions
Date: April 26, 2007 06:29AM

welcome to the forums.

Options: ReplyQuote
Re: Introductions
Posted by: Anonymous User
Date: April 26, 2007 02:11PM

Hi I'm Ronald, I was Jungsonn but I switched names. Nicks suck!

sorry ^^

Options: ReplyQuote
Re: Introductions
Posted by: WhiteAcid
Date: April 26, 2007 02:13PM

Arg, getting used to a new nick is tricky, especially when we don't have avatars, Oh well.. I'll have to get used to it I guess.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Introductions
Posted by: Anonymous User
Date: April 26, 2007 02:21PM

Yeh i'm trying to insert my url

Options: ReplyQuote
Re: Introductions
Posted by: Anonymous User
Date: April 26, 2007 02:24PM

Hmm it should work now. I've updated my site also it's moved to 0x000000.com

Options: ReplyQuote
Re: Introductions
Posted by: rsnake
Date: April 27, 2007 09:28PM

@devilx - welcome to the forums!

@Ronald - Oh, that's confusing. Well, welcome (back) to the forums. :)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Introductions
Posted by: Anonymous User
Date: April 29, 2007 12:52PM

thanks m8!

Options: ReplyQuote
Re: Introductions
Posted by: MonsterLishis
Date: May 01, 2007 01:34PM

hey just joined trying to learn how to do different things in xss.

Options: ReplyQuote
Re: Introductions
Posted by: rsnake
Date: May 01, 2007 10:43PM

MonsterLishis for shizzle! Welcomizzle.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Introductions
Posted by: larkadragon
Date: May 07, 2007 04:12PM

Hello, I'm a recentish follower of ha.ckers I've only just plucked up enough courage to post my introduction.

I'm a first (moving to second) year Internet Computing student in the UK. A fourth year who spent the majority of his "Java demonstrator" time on his knees trying to explain the concept of Objects [to me], introduced me to the web application security lab after a discussion on what my course involves.

In my third year I'll be moving into the more meaty part of my course, and while I'm sure security will be a taught part of the course, I don't see there being any harm in learning before my class runs. From what I gather since the IT professionals "create" the holes in security, the more I understand about the holes you guy's are finding then the less likely the chance that I'll repeat those you find. Theoretically.

I'm here to read, learn and make you wish you had a baseball bat to force concepts into my head ;)

I'm most interesting in HTML/CSS/JAVA/JavaScript/XML (I am still learning the last three and building knowledge on the first two. Apparently there is more to HTML than what I thought(?)) although I'm becoming interested in database/php/mySQL, especially on the security end.

Thanks for the reads to come and read!

Options: ReplyQuote
Re: Introductions
Posted by: Mephisto
Date: May 07, 2007 04:14PM

I've never "officially" welcomed anyone to the forums, so I'll do it now...

"Welcome to the forums!"

Options: ReplyQuote
Re: Introductions
Posted by: rsnake
Date: May 07, 2007 09:27PM

That was a great intro. I'm glad you posted what you're learning in school, that's useful to know. And yes, there is a lot to HTML that most people don't realize. If you have Firefox go here: view-source:http://ha.ckers.org/weird/dandb.html I show this to people who tell me they know HTML. HTML is extremely complicated, and 80% of the tactics used on the XSS Cheat Sheet uses tricks in HTML that most people never think about, let alone program against.

Anyway, welcome!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Introductions
Posted by: larkadragon
Date: May 13, 2007 07:15AM

I had a look at the source and my jaw dropped - is there another "bit" to the html or is the whole thing JUST HTML. I have never seen half of those tags and the other half I haven't seen used in that way - you have me intrigued! :D

I have had a look at the XSS Cheat Sheet, but since I'd never heard of XSS before I was introduced to ha.ckers.org I'm still finding it difficult to understand/use. I have this intimidation-fear of new languages before I actually start to use them.

Is HTML a markup language for layout (although seeing the dandb.html file and after seeing how meta tags can be used I think it can do more than just let a web page look pretty) and XSS is a programming language which can be used to attack them?
(or is there a thread somewhere that explains this?)

Thanks for the welcome!

Options: ReplyQuote
Re: Introductions
Posted by: rsnake
Date: May 13, 2007 01:53PM

Yah, that's really all HTML... although there is some CSS in it too for part of it. HTML is all presentation layer. What people often fail to understand about the XSS cheat sheet is that they think it's about JavaScript. It's not. It's about HTML used to get JS on a page (there are a few exceptions like straight JS injection or header splitting, etc... but for the most part it's all HTML injection that causes JS to run). The Cheat Sheet is pretty complicated, and lots of it is only useful in very particular situations, so I don't blame you for feeling a little intimidated. But trust me, you can figure it out, it's not rocket science.

XSS isn't a language at all, it's just an HTML fragment that gets outputted by the server side code (in most cases). That's the easiest way to think of it. One of the obvious exceptions is stuff like anchor tags url/file/path/to/function.php#exploit-goes-here where it doesn't even get sent to the server, but JavaScript that runs client side does something unsafe with the anchor tag that causes code to run that the attacker controls.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Introductions
Posted by: larkadragon
Date: May 25, 2007 11:05AM

I thought that HTML was "client based" while PHP was server-side, how does HTML become outputted by the server side code? (At least, that's what was hammered into my head during a basic php class.)

I've just finished my first and last exam (I swear, if I see another snippet of MARIE code or have to explain Skipcond one more time I will melt into a pile of smush!) so I had (another) look at the code and I think I've figured it out - except the A STYLE tag. Does that do anything?

I'd also like to point out that it is a very sneaky (because it looks scary!) bit of html, in my opinion!

Options: ReplyQuote
Re: Introductions
Posted by: Ers_Dokutn
Date: May 25, 2007 07:47PM

Hi, I think I may as well make an introduction here since I like this site.
I'm not a hacker actually, just a guy who likes mess with various stuff, so don't expect any insight from me. I'm interested in a lot things from genetic algorithms to cg graphics, game development and php,sql,unix blah blah blah...

I hope my introduction wasn't too boring, anyway.
I'm just gonna say, that every time I read your blog, I learn something, and that's cool man!

Options: ReplyQuote
Re: Introductions
Posted by: Kyran
Date: May 26, 2007 01:30PM

Ers_Dokutn Wrote:
-------------------------------------------------------
> I'm not a hacker actually, just a guy who likes
> mess with various stuff,
I think most people agree that's what hacker really means in the normal sense.

- Kyran

Options: ReplyQuote
Re: Introductions
Posted by: rsnake
Date: May 28, 2007 12:23PM

Ers_Dokutn - Welcome to the boards! As Kyran said, I think a lot of people fall into that category. For many years I never thought of myself as a hacker, even though I had the 139th hacking site on the Internet (it was pretty terrible actually). But I'm sure if you have experience with different technologies you can be helpful when we talk about those specific technologies.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Introductions
Posted by: sjraptor
Date: June 19, 2007 01:03PM

Hey all. Long time fan of ha.ckers and sla.ckers, I've been following the blog and lurking the forum for a while. I'm 20, still in college, on my second internship, and still very new to web app security. I know a little html/css (like larkadragon said above, "my jaw dropped" with that example) and have some idea behind some of the stuff you guys do. But... I'm doing my best to learn and I hope to contribute my own work some day. Still have RFC2616 on my plate :)

-Marcin
http://tssci-security.com



Edited 1 time(s). Last edit at 06/19/2007 01:12PM by sjraptor.

Options: ReplyQuote
Pages: PreviousFirst...23456789101112...LastNext
Current Page: 7 of 13


Sorry, only registered users may post in this forum.