Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 

Current Page: 1 of 1
Results 1 - 10 of 10
4 years ago
gat3way
Actually, microtime(true) returns a float value in seconds and by looking at the cookie expire time and lifetime, you will obtain the integer part only. You need to bruteforce the number after the floating point (10^6 possible ones) and you have 9*10^7 possible mt_rand()-generated values. Bruteforce will take at most 9*10^13 (90 quadrillion) tries which is rather much for a bruteforce attack to be
Forum: Projects
4 years ago
gat3way
Please have a look at that video I made: hxxp://www.youtube.com/watch?v=NMhO00bnRzM It's about abusing PHP's weak builtin PRNG functions like rand() and mt_rand(). Steffan Esser wrote about that back in 2008. I used his idea (keep-alive requests to conduct cross-application attacks) to develop a working PoC against PHP-Nuke and PunBB hosted on a same server (PunBB admin password successfully
Forum: Full Disclosure
5 years ago
gat3way
Well it is possible to conduct a dDoS attack against any target, not only a webserver. You'll just need to exploit a persistent XSS bug on a busy site.
Forum: DoS
5 years ago
gat3way
What do you mean?
Forum: DoS
5 years ago
gat3way
I was thinking about that... http://www.gat3way.eu/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=21&cntnt01returnid=15 Unfortunately it's not in English. And Google translate does not cope well with Bulgarian translations.. Anyway, ddos attacks agains other TCP services are possible (not only HTTP). Theoretically, even against UDP services but that's a bit trickier.
Forum: DoS
5 years ago
gat3way
MD5-crypt,salted.
Forum: SQL and Code Injection
5 years ago
gat3way
Tried it, built some simple .nexe client-side applications. First thing I tried to do was to call syscalls directly, via inline assembly. The browser crashed (wasn't the sandbox supposed to show a warning message or something?). Anyway, if their sandbox can hook all jumps into kernelmode (e.g int 80h) then it would be pretty hard to make it run your own code. Probably there will be some eleg
Forum: OMG Ponies
5 years ago
gat3way
Ahh you again :D
Forum: OMG Ponies
5 years ago
gat3way
Guys, no point of doing that. Actually gat3way.eu and gat3way.eu/hack are two different hosts, the first one acting as an apache reverse proxy towards the second one. So supposedly you even got remote root access on gat3way.eu, you will not be able to do anything beyond eavesdropping http traffic going from/to the hack game. Better concentrate on the vulnerabilities present on the hackgame..
Forum: OMG Ponies
5 years ago
gat3way
Hello, I'd like to introduce you to another little hack challenge I did. It's accessible at: http://www.gat3way.eu/hack/ Basically the aim is to gain remote root access there. Hope you'd like it :)
Forum: OMG Ponies
Current Page: 1 of 1