Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 

Current Page: 1 of 1
Results 1 - 16 of 16
6 years ago
humble
I'm working on a biometric security project. We're developing a new technology called mammory identifiaction. Users walk up to the scanner, who's backlit LCD screen reads "show us your tits".
Forum: OMG Ponies
6 years ago
humble
"Access is Denied" because Cross Domain policy ... If the victim site is not a virtual server, why not set up a subdomain of the calling site to resolve to their IP address? Then the 2 different servers will be in the same "domain" as far as script is concerned...
Forum: XSS Info
6 years ago
humble
Here's an idea: *loads* of sites use traffic monitoring - stuff like <script src="http://somemonitorplace.com/monitor.js">, and looking at the script, it usually cobbles together as much info about you as it can manage (eg: the referrer string, your browser info, cookies, etc), and writes it back out into the document as an <img src="http://somemonitorplace.com/log.cgi?.
Forum: XSS Info
6 years ago
humble
Crap!! I only posted this a few days ago, and it's already the 5th top result in google on this topic! Man - sla.ckers.org's got some *cred* !! I've done a lot of hunting, and cannot find the answer yet. I'm thinking of writing a script to try a bunch of stuff, run it, not the results, then switch prot-mode off, run it again, and hope that some results are different, so this can then be use
Forum: Projects
6 years ago
humble
Attacking the attackers attacking the attackers... I sincerely apologize for this - no malice was intended, and I did not persue anything, but, one or more people who may or may not have posted on this topic who beleive they might be "filtering anything" are not actually filtering as much anything as they think. PM for full disclosure.
Forum: SQL and Code Injection
6 years ago
humble
Wikipedia have permanent bans on most Tor IPs. If you're on a static IP and running Tor, it's probably a fast way to get your IP blacklisted indefinitely.
Forum: Privacy
6 years ago
humble
Some more ... I found about 1400 apps that can be detected, but I got bored half-way though the A's... PM if you want the list. I noticed the that res:// protocol wont load images directly, but it will if the image is in an iframe. Maybe there's a way the outer doc can ask for the dates of images inside its child iframes - I dunno - this is probably a local XSS thing that might have been remov
Forum: Privacy
6 years ago
humble
I'd guess that more then 50% of all web sites log HTTP "Referrer:" strings, browser user agents, IPs, and hostnames (using commercial web stats packages, or homebrew files or SQL stuff) - and I'd hazard a guess that more of these people don't do "input validation" on these things, than are already not doing it on <FORM> variables. In fact - for those with access to rever
Forum: SQL and Code Injection
6 years ago
humble
Damn - sorry to keep posting to this thread over-and-over!! The Googlepack ( http://pack.google.com/intl/en-gb/pack_installer.html?hl=en-gb&gl=au ) web page seems to detect upto 10 things, and un-checks the boxes so you don't download things you've already got. That code might give clues...
Forum: Projects
6 years ago
humble
I went to HIP97 a decade ago (I gave a talk explaining how to crack PGP), and pretty much got my mind blown out. It was the singlemost humbling experience of my life - there I was, with a miniscule talent at a tiny aspect of security, and the place was jam-packed with thousands upon thousands of megahackers and gurus each with their own mindboggling grasp on the black or grey usage of technology.
Forum: Intro
6 years ago
humble
With the right MIME type, a .MHT file happens to display properly in IE6/IE7 (.MHT is like an email format - lots of MIME-Encoded base64 files concatentated into one file). This (or another technique) might be able to trick IE into changing it's security restrictions to a *higher* level, thus blocking the popups that we don't want to see? Anyhow - the .MHT format would allow one file to serve hu
Forum: Projects
6 years ago
humble
1. You don't need multi-threading - just use non-blocking sockets. 2. perlapp form activestate lets you distribute your linux code to windows users as a freestanding .EXE 3. perl can do commandline easily, and perl can also be used to drive embedded browsers, like IE on windows, KHTML on Linux/Mac 4. If your perl code used a browser for it's GUI, not only do you get an easy-to-write cross
Forum: Projects
6 years ago
humble
This might be fun too add to your list too: Step 1, (on as many different windows PCs as you can find) regedit -he C:\fred.reg Step 2, (on linux) cat fred.reg | perl -n -e 'while ($_=~/\{([^\-]+\-[^\}]+)\}(.*)/) { print "$1\n"; $_=$2; }' | uniq | sort | uniq >allclsids FYI - I just ran all my registries and the BHO list through the clientcaps "getComponentVersion"
Forum: Projects
6 years ago
humble
Well - laterally-thinking - maybe you don't have to? What are you trying to do? Perhaps this might work - assuming it takes classIDs, or assuming you can get the ProgID for the classID you're looking at <script language="VBScript"> Dim o,s s="DRM.GetLicense" Set o = CreateObject(s) if isObject(o) then msgbox "Yes " + s else msgbox "No &
Forum: Projects
6 years ago
humble
I want to embed a PDF in a web page, so I can perform some AcroScript tricks - all works fine, except, I would prefer to avoid doing this if the browser is going to pop up a warning (eg: http://www.wvsom.edu/ComputerServices/Docs/Plugins/protected_mode.png ) Is there a way to tell in advance if IE7 is going to show this dialoge for a given object? (like - to check if protected-mode is off, and
Forum: Projects
6 years ago
humble
I need to send an email to someone who uses IE7 and gmail.com to read their mail, and I need to know their IP address when they open the email. it must work, even if they don't choose the gmail "display images" option. self-opening attachments are OK, but recipient won't open anything else.
Forum: Jobs
Current Page: 1 of 1