Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
s
Posted by: Anonymous User
Date: September 03, 2009 06:09PM

p



Edited 1 time(s). Last edit at 10/16/2009 03:51AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: thornmaker
Date: September 03, 2009 08:35PM

So what exactly is your phpids bypass using your super special (and allegedly copyrighted) prototype with comments technique?

Options: ReplyQuote
c
Posted by: Anonymous User
Date: September 04, 2009 01:38AM

x



Edited 1 time(s). Last edit at 10/16/2009 03:51AM by philip_clarke.

Options: ReplyQuote
o
Posted by: Anonymous User
Date: September 04, 2009 02:25AM

c



Edited 1 time(s). Last edit at 10/16/2009 03:52AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: Gareth Heyes
Date: September 04, 2009 03:34AM

Quote

I am declaring copyright on the following perl compatible regular expression and all derivations for the following.

No you are not. So you read sla.ckers and suddenly you think you have a new obfuscation technique? This stuff has been posted before by any of us and we didn't declare it copyrighted.

Go look for script kiddie investment forum and leave us alone.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: thornmaker
Date: September 04, 2009 09:07AM

> gets through PHP-ids 0.6.1.1. without triggering the javascript components but does trigger common comment types and basic directory traversal rules.

in other words, it was detected

Options: ReplyQuote
d
Posted by: Anonymous User
Date: September 04, 2009 09:58AM

it



Edited 1 time(s). Last edit at 10/16/2009 03:52AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: Gareth Heyes
Date: September 04, 2009 10:21AM

String./* another */
prototype // another comment
./* another comment */a

This is well known. You don't have anything.

PHPIDS detected your attack, come back when you execute code.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
x
Posted by: Anonymous User
Date: September 04, 2009 10:46AM

d



Edited 1 time(s). Last edit at 10/16/2009 03:53AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: thrill
Date: September 04, 2009 10:47AM

@phillip

I think you might have misunderstood the purpose of these forums. These forums are used not only as a learning platform but also as a place for people to bounce ideas around. We really do not want nor need any copyrighted code on these forums, nor do we want someone coming in who is going to take the hard work everyone else has put around here in developing very useful systems and turning around trying to make a profit out of it by claiming it their own. I'm not saying you are doing the latter, but claiming copyright on some code, and any derivative, is lame and unwanted in these forums.

So please do us all a favor, go back to your posting, remove the code and the copyright statement, unless you prefer I delete the entire posting.

Thanks!

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: Gareth Heyes
Date: September 04, 2009 10:51AM

Yeah totally agree with thrill

Remove your "copyright" or we'll delete the post.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
z
Posted by: Anonymous User
Date: September 04, 2009 11:08AM

@thrillt o s s e r



Edited 1 time(s). Last edit at 10/16/2009 03:53AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: thrill
Date: September 04, 2009 11:27AM

@phillip

PHP-IDS is copyrighted, but it is an entire program that was worked on by many people. You're trying to copyright a single word, which since you seem well versed in searching, you will find has already been used in previous postings. Maybe not specifically for a perl function, but it has been used.

The point of the matter is that if you do not want your code (and by code I really do mean code, not just a single word) used, then really, don't share it here. By sharing it and stating you own the copyright to it, all you are doing is hamstringing everyone else here that has to tip toe around your single word, and speaking for both RSnake and id, I _KNOW_ they do not want to be served with a cease and desist notice based on someone's posting using your copyrighted word.

So I'll ask again, please remove any portions of your posting which you feel you are entitled a copyright, along with the copyright notice.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
o
Posted by: Anonymous User
Date: September 04, 2009 11:41AM

d



Edited 1 time(s). Last edit at 10/16/2009 03:54AM by philip_clarke.

Options: ReplyQuote
r
Posted by: Anonymous User
Date: September 04, 2009 01:36PM

.t



Edited 1 time(s). Last edit at 10/16/2009 03:54AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: thrill
Date: September 04, 2009 02:15PM

And you know, there is a van full of super attack ninja's sitting just down the street from your home, waiting for that one day you will forget to lock your windows, at which point they're going to come in and create havoc in your home for absolutely no reason other than the fact that just plain and simply do not like you.

Of course, you wanting to protect everyone's interest in their code and hard work must also mean that you have millions of dollars (or quid as it where in your neck of the woods) ready at your disposal just waiting for the chance to take on the WAF industry which seems to have targeted you by taking your carefully thought out words, which may or may not be included in their definitions, or may or may not already be defined within their methodology.

So using your thinking, I hereby declare copyright (c) 2009 to any letter and/or character defined in the ASCII definitions, but not limited to just those characters, but any combination of bits and bytes which used in conjunction can form words, regular expressions, random characters and even white spaces and carriage returns. But I also do hereby grant unlimited permission to the users of the sla.ckers.org forums, the ha.ckers.org blog. Any other web site or print publication is hereby warned that an van full of attack lawyers may or may not be sent to your place of business in order to prevent you from using my hereby legally copyrighted characters.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
t
Posted by: Anonymous User
Date: September 04, 2009 02:29PM

r un



Edited 1 time(s). Last edit at 10/16/2009 03:54AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: tx
Date: September 04, 2009 02:37PM

Just an announcement: I am declaring copyright on the following perl compatible regular expression as well as all derivations and subsets:
/.*/si

I believe that that regex could be a valuable and necessary rule for WAF software, possibly requiring some refinement to reduce the rate of false positives (depending on the scope of the application). For example, this derived expression represents a subset of the patterns matched by my rule and is included in my copyright claim as a derivative work:
/([^\w\s])*/si

-tx @ lowtech-labs.org

Options: ReplyQuote
e
Posted by: Anonymous User
Date: September 04, 2009 02:53PM

pe



Edited 1 time(s). Last edit at 10/16/2009 04:11AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: thrill
Date: September 04, 2009 05:39PM

You think you are helping the community, when in reality all you are doing is hurting it by bringing in stupid legalities that until now had been completely absent not only from this site, but also from the minds of all those who contribute here.

Regardless of what disclosures you put down, as I mentioned above, unless you have a wad of cash and an attorney who doesn't want 2 wads of cash to pursue your legal complaint, then it really makes no sense for anyone here to start copyrighting their work. In the case of a piece of software being developed (PHP-IDS), then it is the responsibility of the creator(s) to release their code under a specific license which would protect their work, but in the case of someone attempting to copyright a single word, it's not only ridiculous, but also annoying given the fact that the word 'prototype' has already been used multiple times, so by virtue of public domain your attempt to copyright a word that was already previously used on this very site multiple times, it is invalid, ignorant, and shows lack of respect for the work done by members of this board prior to you joining it.

Prior use of the word
prototype

1. Re: Tricks for getting a reference to window (rev 16)
2. Re: JSReg sandbox challenge
3. Re: XSS attacks filtered output
4. Re: New XSS vectors/Unusual Javascript

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
q
Posted by: Anonymous User
Date: September 04, 2009 06:06PM

e



Edited 1 time(s). Last edit at 10/16/2009 03:51AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: tx
Date: September 04, 2009 06:26PM

Quote

The references do not refer to a software filter to detect the vector, those are the vectors so legally aren't relevant although they coudl be used as a basis to prove the validity of "the software". The legal argument still stands.

Prior use (PHP-IDS default_filter.xml updated 3 weeks ago):

   <filter>
        <id>20</id>
        <rule><![CDATA[([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z_@>\|])(\s*return\s*)?(?:globalstorage|sessionstorage|postmessage|callee|constructor|content|domain|prototype
|try|catch|top|call|apply|url|function|object|array|string|math|if|elseif|case|switch|regex
|boolean|location|settimeout|setinterval|void|setexpression|namespace|while)(?(1)[^\w%"]|(?:\s*[^@\s\w%",.+\-]))]]></rule>
        <description>Detects JavaScript language constructs</description>
        <tags>
            <tag>xss</tag>
            <tag>csrf</tag>
            <tag>id</tag>
            <tag>rfe</tag>
        </tags>
        <impact>4</impact>
    </filter>
Whitespace added for readability.

BTW, the reason you haven't seen
/\..*prototype.*=/si
as a rule in any WAFs is because it would be a horrible rule with the potential for tons of false positives. ie.
Quote

Hello. I built a new prototype for my robot, you can check out the plans here h+tp://www.example.com/index.php?id=1

-tx @ lowtech-labs.org

Options: ReplyQuote
c
Posted by: Anonymous User
Date: September 04, 2009 06:38PM

l



Edited 1 time(s). Last edit at 10/16/2009 03:55AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: thrill
Date: September 05, 2009 01:32AM

@phillip

Back in the BBS days I used to run a 12 node BBS using PCBoard 15.x, they came out with the PPL (PCboard Programming Language) which created .PPE's, which in reality were tokenized programs rather than real executable programs. The majority of the programs I wrote were written because I found programs I wanted for my own system which were being sold for $29.99 or more by other program writers. In most instances I released my works as "BumWare", meaning, in order to receive a license to run my software, you needed to give some cash to a bum you saw on the streets.

I wrote the first and most advanced text editor in the PPE history. It allowed users to use arrow keys to navigate the text, automatic text wrapping and even autosaving every 10 seconds. I didn't write this to become a millionaire. I wrote it to improve what was already out there. There's a good chance that from my lame ass code someone made some improvements to other text editors, but the truth is that if my code contributions helped advance this thing we call the internet today, then I contributed my ingenuity to help advanced this thing we call the Human Race.

Shortly after my BBS days I discovered the internet and this new thing called Linux.. this must have been 1992 or 1993.. I also discovered this thing called IRC.. yes, I contributed some C code to BitchX and a few other projects. The truth though is that I am not a coder. My strengths fall under "complete security".. this means the keyboard you use, the mouse you operate, the OS you require and everything between you and the router that provides internet connectivity. I may not be one of these guys who are at the forefront of security, nor the guy who codes in obscurity to make things better. All I know is that whatever I can do, and contribute with, is what makes this world go around.

You own your own business, and obviously make a decent enough living so you can spend countless hours sitting on this forum not only preaching about the discoveries you have made, but also commenting on your own discoveries, and eventually, attempting to copyright a single word which thus far you have been unable to find any WAF company currently using. Which obviously means that if you can manage to copyright such a single word, income will fall from the heavens onto your lap.

You are not interested in protecting anyone's code. Not anyone here, nor any other forum you may have previously posted to, or will you eventually post to. You are a business man, and you, like every other self indulged idiot in this world just wants to get as much as you can out of whatever loophole you've managed to discover.

The rest of us however are here to learn, share our thoughts and way of thinking, and maybe, just maybe, help improve things so that maybe, just maybe, one day we will see the fruits of our labor by having a secure internet. A place parents will feel safe about their kids surfing without ending up with phishing scams, or spam, or pornography, or a shitload of other things we currently cannot protect against. We really just want to make this a better world. We don't care about money, or copyrights or legalities. We just contribute.

With that said. Please refrain from posting any code, words, phrases, philosophies, thoughts, half witted jokes or pre-natal tendencies on these forums. We really were doing quite well before you got here and I have a feeling we'll be just fine without you here.

In case you hadn't noticed, you actually managed to piss off quite a large portion of our most revered and adored members. We really do respect their opinions and their contributions. As a matter of fact, we cherish their presence on these forums. They are selfless in their pursuit of security. They are true in sharing of knowledge. They have made this board what it is today and it would be contrary to the principles this forum was formed upon to go against their beliefs and allow someone such as yourself, who is obviously just after a mighty buck, to attempt to monetize their work.

We like things the way they are. We appreciate you trying to protect our work, but no thank you. We are after a higher achievement than money, something which you obviously haven't a clue about. We appreciate you letting us know about the hole you found in the UK website. Pretty pictures they were. But for now, we'll just chug along without your help or legal expertise. Ta ta for now, toot a loot!

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
f
Posted by: Anonymous User
Date: September 05, 2009 03:28AM

w



Edited 1 time(s). Last edit at 10/16/2009 03:55AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: sirdarckcat
Date: September 05, 2009 04:04AM

this guy is a TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL TROLL.

And now, I suggest you all guys to ignore him and start trolling back, getting in a lower level than him.

So, now I declare that the following code is copyrighted to sla.ckers.org:

alert("philip_clarke is a 645543".replace(/\d/g,function(_){return "subnormal"[_]}));

and all variations!

alert("philip_clarke is a 645543".replace(/\d/g,function(_)"subnormal"[_]));

etc..!!

no offense intended :)

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 1 time(s). Last edit at 09/05/2009 04:14AM by sirdarckcat.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: thrill
Date: September 05, 2009 12:28PM

Quote

I have chronic pain syndrome

The saying goes "Misery loves company", so since you suffer of chronic pain you feel the need to be a chronic pain to everyone else.

But like sirdarckcat pointed out, at this point you are just trolling, so I will take his suggestion and ignore you from here on out.



--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
f
Posted by: Anonymous User
Date: September 05, 2009 04:43PM

u



Edited 1 time(s). Last edit at 10/16/2009 04:12AM by philip_clarke.

Options: ReplyQuote
Re: Prototyping for function obsfucation and the future of Phishing.
Posted by: rvdh
Date: September 07, 2009 08:19AM

Wow you stole like, 10 minutes of my precious time with this horseshit thread.

Options: ReplyQuote
p
Posted by: Anonymous User
Date: September 07, 2009 04:12PM

d



Edited 1 time(s). Last edit at 10/16/2009 02:09AM by philip_clarke.

Options: ReplyQuote


Sorry, only registered users may post in this forum.