Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 

Pages: 12345...LastNext
Current Page: 1 of 15
Results 1 - 30 of 445
2 years ago
thornmaker
welcome to sla.ckers
Forum: Intro
3 years ago
thornmaker
nice work hafif :)
Forum: Projects
3 years ago
thornmaker
The web server response code has nothing to do with the attack; a web server doesn't even need to be involved. The distinguishing factor (as I recall) is being able to determine when you have an error due to a faulty decryption and an error due to incorrect padding. If you can distinguish between those two cases (via any means), you're in luck.
Forum: OMG Ponies
3 years ago
thornmaker
your demo video was nice. interception would be cool too. keep us posted :)
Forum: OMG Ponies
3 years ago
thornmaker
So here the rules state "just by typing into the URL bar" but at http://tr3w.net/misc/challenges/ch2rules.txt you say "only by typing directly into the GET parameter"... So which is it?
Forum: Obfuscation
3 years ago
thornmaker
define "good"...
Forum: Vendor Talk
3 years ago
thornmaker
IMHO, a single canary is never sufficient. We already know there exists 100% disjoint sets of characters that can be used for XSS, depending on the context. So the canary, to be useful, would need to cover a wide array of potential characters. Any single character in the canary can result in the whole string being blocked. None of this however takes into account other restrictions such as maxi
Forum: XSS Info
3 years ago
thornmaker
If you give them clear directions and ask nicely.
Forum: XSS Info
3 years ago
thornmaker
yeah, good thing you didn't join 3 months ago... you would have had to rejoin :P anyhow, welcome to sla.ckers :)
Forum: Intro
3 years ago
thornmaker
http://sla.ckers.org/forum/list.php?24 of if you want to be more specific... http://sla.ckers.org/forum/read.php?24,35645#msg-35684
Forum: XSS Info
3 years ago
thornmaker
what might work depends on context
Forum: XSS Info
3 years ago
thornmaker
HacktheSlack Wrote: ------------------------------------------------------- > Is there any way to bypass encoding? Yes.
Forum: XSS Info
3 years ago
thornmaker
@theharmonguy huh? why wouldn't it qualify as XSS? @hc0de is correct - if the forward slash wasn't escaped, this could be turned into a valid injection, regardless of how quotes are handled : </script><script>alert(0)</script>
Forum: XSS Info
3 years ago
thornmaker
as to what the actual obfuscation is.... the code has a long string of hex values stored as variable x. it loops through this string, 2 characters at a time, puts a % at the beginning of each group of 2 so you get something like %22. This is now a valid URL encoded character which gets automagically decoded when the code does the document.write(). So %22 would become " when it's writt
Forum: Obfuscation
3 years ago
thornmaker
Each of the forums has it's own RSS feed (according to the Firefox RSS icon up there in the corner of my browser). I've never tried it out though.
Forum: Intro
3 years ago
thornmaker
there is an irc channel: #slackers at irc.freenode.net (iirc)
Forum: Intro
3 years ago
thornmaker
theharmonyguy... hmmmm.... where have i heard that name before........ ?!? :) no seriously, nice to see you here!
Forum: Intro
4 years ago
thornmaker
maybe you just haven't met the right robot for you
Forum: Intro
4 years ago
thornmaker
Hey Jonas! It was great to meet you finally and thanks for showing us around Stockholm a bit. I had a great time at the conference too. John Wilander and the other organizers did a fantastic job. We'll definitely have to meet up again soon! :)
Forum: OMG Ponies
4 years ago
thornmaker
Actually, I don't think either of these are true palindromes since they get the brackets/parenthesis backwards. Here's a "true" one, though not as clever/pretty: '//)0(trela;';alert(0)//'
Forum: Obfuscation
4 years ago
thornmaker
-1||(alert)(trela)||1-
Forum: Obfuscation
4 years ago
thornmaker
/facepalm
Forum: XSS Info
4 years ago
thornmaker
<script>eval(location.hash.slice(1))</script> and append #alert('real payload goes after the hash symbol') to the URL. why use third-party site when you can have all-in-one :) you can use just http://0x.lv for a third party script which will alert your cookies or, if you have a hash, it will execute whatever follows the hash in your URL
Forum: XSS Info
4 years ago
thornmaker
I ran across http://0x.lv/mole.cfm somewhere on the nets; sadly, I don't remember where now. You may also want to check out http://laudanum.inguardians.com/
Forum: SQL and Code Injection
4 years ago
thornmaker
http://www.skyphire.nl/x <--- :)
Forum: News and Links
4 years ago
thornmaker
@LeverOne nice one! except... s/;//g
Forum: Projects
4 years ago
thornmaker
I'm looking for a good JS Tidy utility. Does anyone know of one? Or perhaps an IDE that will tidy JS nicely?
Forum: OMG Ponies
4 years ago
thornmaker
archives are wonderful thing: http://sla.ckers.org/forum/read.php?2,28
Forum: SQL and Code Injection
4 years ago
thornmaker
huh?
Forum: XSS Info
4 years ago
thornmaker
There are obviously plenty of other ways, but this method described by Krebs seems rather popular at the moment (or at least it is getting a lot of media attention). The setup for it all seems rather complex which makes me think it would be hard to do as a lone person. However, the criminals seem to go through great measures to cut off paper trails by "hiring"/conning money mules and s
Forum: OMG Ponies
Pages: 12345...LastNext
Current Page: 1 of 15