Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: 12Next
Current Page: 1 of 2
The Utimate Hacker Web Directory (HWD)
Posted by: iota
Date: March 01, 2007 06:34AM

Hi Security Gods/Geeks

I'm plannned to create hacking/security web directory.
I googled it but found very little related to it.
Google lists some links in Google Hacking Dir.

But as you know, when we search "hack || hacking", the returned results might not always be related to Computer Hacking/Security stuffs.

Thousands of sites use "hack*" words for another means of tweaks/innovation.

So, whether my idea seems stupid or useful on your mind, I'd like you to share
your favorite bookmarket.



Edited 1 time(s). Last edit at 07/05/2008 10:32AM by iota.

Options: ReplyQuote
Re: Hacker's Web Directory
Date: March 01, 2007 02:18PM

Sites I frequent other than this one:

http://www.bindshell.net/
http://www.milw0rm.com/
http://www.securityfocus.com/
http://www.securityreason.com/

Mostly Hardware hacking, but it's a mixed bag:
http://www.hackaday.com/
http://www.i-hacked.com/


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: backbone
Date: March 02, 2007 10:20AM

i have one or two

www.ngsec.com
www.hackthissite.com
www.darknet.org.uk

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: iota
Date: March 03, 2007 09:35AM

DEMO - http://www.ak.flashmo.com/hwd/
[ajax will make your browser hanged if your connection is bad.]

Before I add your links,please perform penetration hacking into the site first on application layer.
Let me know bugs before a bad guy destroys it.

Please feel free to post as much juck data as you like like XSS/SQL-injection.
Thank you so much.

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: digi7al64
Date: March 04, 2007 02:58AM

negative integer value on vote.

Notice: Undefined variable: lk in /home/.giles/ak/ak.flashmo.com/hwd/vote.php on line 75

Warning: mysql_close(): supplied argument is not a valid MySQL-Link resource in /home/.giles/ak/ak.flashmo.com/hwd/vote.php on line 75

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: iota
Date: March 04, 2007 04:02AM

Thanks, digi7al64.

I've added your nick in "Who Hack" page along with your found Improper Input vulnerability.
If you have your web site link, plz give.

Welcome anyone for pen-hack.
This may be a web hacking game for you.!!!

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: WhiteAcid
Date: March 04, 2007 04:07AM

Quote
http://www.ak.flashmo.com/hwd/goto.php?id=100
Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 5 in /home/.giles/ak/ak.flashmo.com/hwd/goto.php on line 35
Wanna attack with custom header?

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: iota
Date: March 04, 2007 06:42AM

I've added you, WhiteAcid.
Thanks for playing the Game.

Options: ReplyQuote
Re: Hacker's Web Directory
Date: March 06, 2007 01:45AM

Well if it counts any I was told, "Wrong User-Agent on first view" using the Wii.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: WhiteAcid
Date: March 06, 2007 02:19AM

You really shouldn't be using AJAX so much. Have a read of this: Why Ajax Sucks (Most of the Time).

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer



Edited 1 time(s). Last edit at 03/06/2007 12:24PM by WhiteAcid.

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: SW
Date: March 06, 2007 11:55AM

@ iota - I got wrong user-agent too using Iceweasel. :-\

@ WhiteAcid - I agree that AJAX sucks and shouldn't be used too much but it is very good for greasemonkey and xss.

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: WhiteAcid
Date: March 06, 2007 12:25PM

It is actually very good if used well. gmail does well using it, as does google maps. iota's site does not, nor would this site if it took a similar approach.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: jungsonn
Date: March 07, 2007 12:11PM

I'm more into the philosophies about security, they give abstract ideas to wrap my mind around, it can be anything though. Sites I visit most are bugforums where people found bugs, so it's easy to exploit or use them in another context.

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: iota
Date: March 08, 2007 08:41AM

Thank you so much for all your advices.

I'm weak in identifying proper ajax approach.
I need to study much about this later.

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: rsnake
Date: March 09, 2007 04:17PM

I think there is a way to get around a lot of this guy's concerns as long as every action you perform changes the URL (#anchor tags) so that you can get back to the exact point based on either user credentials or in the case of something like maps a set of identifiers in the anchor tag. But I think Ajax is flawed in other ways... it hurts SEO (spiderability of the site) and it's terrible for cross browser compliance and disabled users.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: iota
Date: March 10, 2007 05:46AM

Yeah


For Back Button

There is a JavaScript module called DHTML history which lets us to record ajax actions. It's lightweight. This was developed since last 2 or 3 (I don't remember exactly) years ago.


For SEO

There are already SEO hacks for ajax. A little tricky. To optimize, someone need to create pure HTML index page that links to other pure html pages. Then that index page is submitted to dozens of search engines. He then must use server side User-Agent detection - if bot, let it index there, If user, redirect to ajax page.


For Browser Compatiblity

Yeah, I created an ecard site which uses Backbase (http://www.backbase.com) ajax interface - which is not compatible in Opera.
So for this, the solution is graceful degration of the site - reverting ajax site to normal site with simple html , simple Server side scriptin.


That's why for best solutions, a web developer should not be lazy for creating two versions of site.


I plan to develop two versions, ajax & simple site for best compatibility and accessibility issue. No problem will arise ?



rsnake Wrote:
-------------------------------------------------------
> I think there is a way to get around a lot of this
> guy's concerns as long as every action you perform
> changes the URL (#anchor tags) so that you can get
> back to the exact point based on either user
> credentials or in the case of something like maps
> a set of identifiers in the anchor tag. But I
> think Ajax is flawed in other ways... it hurts SEO
> (spiderability of the site) and it's terrible for
> cross browser compliance and disabled users.

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: tx
Date: March 10, 2007 02:47PM

iota Wrote:
-------------------------------------------------------
> For SEO
>
> There are already SEO hacks for ajax. A little
> tricky. To optimize, someone need to create pure
> HTML index page that links to other pure html
> pages. Then that index page is submitted to dozens
> of search engines. He then must use server side
> User-Agent detection - if bot, let it index there,
> If user, redirect to ajax page.
>
Isn't that just cloaking? I thought google banned when they found a site doing that?
(that's of course assuming that they'd find out at some point)

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: rsnake
Date: March 10, 2007 09:51PM

It's only "bad" if you are doing it to mis-represent what is on the page. If the page actually does contain that information I doubt they would do anything. But this does create double code or forked code. Pretty ugly.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Hacker's Web Directory
Date: March 10, 2007 11:58PM

I found one of the porn redirects posted in the redirection thread to be using cloaking, but I'm not complaining, because it's actually been helping my site.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: rsnake
Date: March 11, 2007 12:36AM

How is that helping your site?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Hacker's Web Directory
Date: March 12, 2007 02:50AM

I noticed in my statistic logs that a large influx of visitors had actually been looking for a certain porn site, which for some reason, which I'm still not completely sure of, led them to my site. After investigating the search engine they arrived from I realized that when people searched for the site they received the title, and description of the site, however the URL's redirection points specifically to my site, and was the only result for search. I'm at a loss as to how, or why it occurred on the search engine, but like I said, it's been helping me out. Then I searched Google for the same site, and saw that their cached page, which obviously uses cloaking, specifically mentioned my site's URL, title, description, and a few lines of the disclaimer for some reason.
I'm honestly not making this up, and was truly baffled as to why these domains point solely to my site now, but like I said, I'm not complaining. I appreciate the traffic even if they don't find my site relevant to their interests.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Hacker's Web Directory
Date: March 12, 2007 02:53AM

If I hop on the computer after my girlfriend's site-raiding's complete I'll take a screenshot for you to show you what exactly I mean.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: iota
Date: June 17, 2007 10:29AM

Hi again,

Really long time no see.
The HWD was delayed due to my other school projects and some reasons.
Now I've gathered over 600+ links in my localhost.
But these are not real number -if a site has whitepapers and tools, then the site
is listed in WhitePapers & Tools categories.
Moreover, I'll never finish collecting links!
The more I find, the more I get.
But I have to examine each if it's really Qualified.
I failed to insert tons of underground stuffs coz in my opinion, most of them don't have unambiguous discipline, style, format/rule in what they wanna present or teach or write. Or it seems to be great oldie.
I link this sla.ckers forum as a forum of the directory - coz I don't wanna put another phpBB or yaBB - it's redundant.
The directory is not complete - needs links in VOIP/Wireless/..etc categories.

But it's drawing near to be done soon.

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: tx
Date: June 17, 2007 06:19PM

@iota: You've got a bunch of interesting links there...

A couple issues:

http://www.ak.flashmo.com/hwd/manager.php?do=getPg&id=slr&&action=submit&id_cat=27&cat_no='64&name_owner=%22%3E%3Cscript%3Ei=1;alert('xss'%2bi);i%2b%2b;%3C/script%3E%3C!--&email_owner=t@x.comx&title=%22%3E%3Cscript%3Ealert('xss'%2bi);i%2b%2b%3C/script%3E%3C!--&url=http://0.0.0.1/&description=%22%3E%3Cscript%3Ealert('xss'%2bi);i%2b%2b%3C/script%3E%3C!--
3 xss alert, your program will correctly catch "> as a potential xss attack in the url variable, but then it doesn't do anything about it http://www.ak.flashmo.com/hwd/manager.php?do=getPg&id=slr&&action=submit&id_cat=27&cat_no='64&name_owner=%22%3E%3Cscript%3Ei=1;alert('xss'%2bi);i%2b%2b;%3C/script%3E%3C!--&email_owner=tx@x.com&title=%22%3E%3Cscript%3Ealert('xss'%2bi);i%2b%2b%3C/script%3E%3C!--&url=http://0.0.0.1/%22%3E&description=%22%3E%3Cscript%3Ealert('xss'%2bi);i%2b%2b%3C/script%3E%3C!--

http://www.ak.flashmo.com/hwd/manager.php?do=getPg&id=slr&&action=submit&id_cat=27&cat_no=64&name_owner=x&email_owner=x@x.com&title=x&url=http://gtgtgt.com/'&description=x : Impossible to do the request to Seeking for a site in hwd_sites_directory

The error message that return the database is :
1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''http://gtgtgt.com/''' at line 1

-tx @ lowtech-labs.org

Options: ReplyQuote
Congra:
Posted by: iota
Date: June 18, 2007 07:39AM

Thanks a lot, tx.
You're the third player in the hwd game.

You'll be credited in who hacked? page.

Options: ReplyQuote
Has launched
Posted by: iota
Date: April 12, 2008 04:14PM

1 year time is so quickly passing.

Now the Directory has been launched successfully though it's not still complete.
I have more than 1 thousand links to add :)

http://yehg.net/hwd


Thank you, guys.

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: id
Date: April 12, 2008 07:58PM

Nice Job iota, but you put FreeBSD links under Linux...with the number of *bsd derivatives, and because it *isn't* Linux, it probably makes sense to add a BSD section.

BSD
FreeBSD
OpenBSD
NetBSD
DragonflyBSD
PCBSD
OSX
etc...

Good job!

-id

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: iota
Date: April 13, 2008 02:25PM

[@id] According to your suggestion, I'd better create Unix cat under OS to separate from Linux variants.

Options: ReplyQuote
Re: Hacker's Web Directory
Posted by: iota
Date: April 13, 2008 02:29PM

I've gathered 841 sites in 114 categories.

THis ajax search will be useful for you:

http://www.yehg.org/hwd/ajxsearch

Options: ReplyQuote
Updated
Posted by: iota
Date: June 28, 2008 10:20AM


Options: ReplyQuote
Pages: 12Next
Current Page: 1 of 2


Sorry, only registered users may post in this forum.