Jump to content

Xqtftqx

Active Members
  • Posts

    198
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by Xqtftqx

  1. I've been on the name/password page. I disagree with that going anywhere as an vector.

    I looked at the binary code on the site you linked. Using Hex-Editor, I was able to open the file. The text, when viewed in UTF-16, is Chinese. For me, that's tough...I tried the google translate terms for "password", "key", "unlock", "shell." No luck.

    I wonder if putting a different ROM on there would get me in the driver's seat...

    Would you mind posting the hexdump? in ascii that is. UTF-16 is kinda a pain to use on linux, and id like to take a look at it.

  2. This little guy caught my eye as well and i decided id share what i have learned about it...

    First of all, its running off the AirStash software. The previous versions of this software have had success running commands by exec in server side includes. This is not the case with the sandisk drive :(

    There is a firmware file available on the website here:

    http://kb.sandisk.com/app/answers/detail/a_id/12713

    placed on the root of the drive, the drive will flash the firmware. Ive ran the file through binrev with no success, maybe some weird compression i dont know too much about.

    A port scan of the device shows only httpd, the device also has webdav support.

    The device has the ability to connect to your own wifi, if you set it up via the app so that you can transfer files without loosing internet connection.

    When connected to the drive on the computer, on the root of the server is a status.xml file which basically provides all the information available to the app. (Wifi status, card status, etc)

    On the web interface there is also a settings page that allows you to change the name/set a password. This is probably the best attack vector.

    Thats all i got

  3. Ooh, that seems interesting, and it being written in PHP makes it all the better. :) I'll try to intergrate it later, if you haven't already

    Ive got to go to bed soon, so i really cant tonight, if you haven't started ill look at it sometime during the week

  4. They recently changed from a flash-based interface, to html based, with flash used for streaming, if that works, could you commit that to svn?

    I havent gone as far as to start an actual stream, but looks like im getting a token. Ill commit.

  5. Yep, the rest I have a different api, I just use that for the streaming

    Have any idea why its not working?

    Edit: After some editing i now get this message:

    HTTP/1.1 200 OK Server: nginx Date: Sun, 27 Mar 2011 00:20:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Set-Cookie: PHPSESSID=03e5fbce00b4f8647193efc63fbf16c7; expires=Sun, 03-Apr-2011 00:20:40 GMT; path=/; domain=.grooveshark.com Vary: Accept-Encoding X-Hostname: rhl082 Content-Length: 75 {"header":{"session":""},"fault":{"code":1024,"message":" invalid client"}}

    changing the client to htmlshark, i get:

    HTTP/1.1 200 OK Server: nginx Date: Sun, 27 Mar 2011 00:23:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Set-Cookie: PHPSESSID=9cb28022a1ab4292fffc4e407a3536b8; expires=Sun, 03-Apr-2011 00:23:11 GMT; path=/; domain=.grooveshark.com Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding X-Hostname: rhl082 Content-Length: 133 {"header":{"session":"9cb28022a1ab4292fffc4e407a3536b8","serviceVersion":"20100903","prefetchEnabled":true},"result":"4d8e836f02176"}

    :)

  6. More specifically, I couldn't get the token generation working

    Just about to ask you :)

    {"header":{"session":"f3cbc523d2005404181b080809fb9284"},"fault":{"code":256,"message":"invalid token"}}

    same error your getting?

  7. Brandon, delboy

    Can you forward me the api key as well?

    Email (In Base64):


    eHF0ZnRxeEBnbWFpbC5jb20K

    To decrypt:
    echo eHF0ZnRxeEBnbWFpbC5jb20K | base64 -d
    [/CODE]

    Delboy you can also email me and ill forward it to brandon if youd like.

    Thanks

  8. I read about this a while ago, i could not find the original article. But heres the basic concept, If youve ever made the mistake of putting your email adress in plain text on a webpage, youll understand the amount of spam you receive (depending on how popular the site is).

    The idea is to make long lists of fake email accounts and let the spam bots crawl them, sending large amounts of spam to places that don't exist. The success of this depends on how many of these pages we can get up, and how many sites link to each of them.

    I wrote some php code to automatically make a large list of email addresses using random characters, TLDs. You can view it here: http://xkid.biz/lolspam.php

    Ive called this piece of code LOLSpam, the source code is as follows

    #!/usr/bin/php
    <?php
    //LOL Spam - xkid.biz
    
    //Config Variables
    $base_domain="";
    $email_prefix="lolspam_";
    $max_length="12";
    $max_gen="1000";
    
    //Do Not Change These
    $abc= array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z");
    $tld= array(".ac",".ad",".ae",".aero",".af",".ag",".ai",".al",".am",".an",".ao",".aq",".as",".asia",".at",".aw",".ax",".az",".ba",".bb",".be",".bf",".bg",".bh",".bi",".biz",".bj",".bm",".bo",".br",".bs",".bw",".by",".bz",".ca",".cat",".cc",".cd",".cf",".cg",".ch",".ci",".cl",".cm",".cn",".co",".com",".coop",".cr",".cu",".cv",".cx",".cz",".de",".dj",".dk",".dm",".dz",".ec",".edu",".ee",".es",".eu",".fi",".fm",".fo",".fr",".ga",".gd",".ge",".gf",".gg",".gh",".gi",".gl",".gm",".gov",".gp",".gq",".gr",".gs",".gw",".gy",".hk",".hm",".hn",".hr",".ht",".hu",".id",".ie",".im",".in",".info",".int",".io",".iq",".ir",".is",".it",".je",".jo",".jobs",".jp",".kg",".ki",".km",".kn",".kr",".ky",".kz",".la",".lc",".li",".lk",".local",".ls",".lt",".lu",".lv",".ly",".ma",".mc",".md",".me",".mg",".mh",".mil",".mk",".ml",".mn",".mo",".mobi",".mp",".mq",".mr",".ms",".mu",".museum",".mv",".mw",".mx",".my",".na",".name",".nc",".ne",".net",".nf",".nl",".no",".nr",".nu",".org",".pa",".pe",".pf",".ph",".pk",".pl",".pn",".pr",".pro",".ps",".pt",".pw",".re",".ro",".rs",".ru",".rw",".sa",".sb",".sc",".sd",".se",".sg",".sh",".si",".sk",".sl",".sm",".sn",".so",".sr",".st",".su",".sy",".sz",".tc",".td",".tel",".tf",".tg",".th",".tj",".tk",".tl",".tm",".tn",".to",".travel",".tt",".tv",".tw",".ua",".ug",".us",".uz",".va",".vc",".vg",".vi",".vn",".vu",".ws",); 
    $count="0";
    $foo=$max_length;
    
    function get_rand($ar,$no_max = ""){
        global $max_length;
        global $foo;
    
        if ("$no_max" == "1") {
            $max_length="1"; }
    
        $rand="";
        $i="0";
        $cc=count($ar) -1;
        while( $i < $max_length) {
            $rand=$rand.$ar[rand(0,$cc)]; 
            $i++; }
        $max_length=$foo;
        return $rand; }
    
    function get_base() {
        global $base_domain;
        global $abc;
        global $tld;
        if (empty($base_domain)) {
            return get_rand($abc).get_rand($tld,"1"); }
        else {
            return $base_domain; }
    }
    
    while( $count < $max_gen) {
        echo "$email_prefix".get_rand($abc)."@".get_base()." ";    
        $count++;
    }
    
    ?>

    Its dirty, but it works. I encourage you to put this piece of code on your website, and link to it, to help fight spam. I also encourage you to add on to my POC code, i planned on adding support for logging IPs/Useragents/Time of any bot that crawls the page.

  9. Should probably provide a patch... and link to original script. Thats kinda what GPL is about.

    Also, isnt having a streaming player like that sorta redundant? i thought the script was about downloading songs...

    Edit: I guess you can download, pretty nice actually. You have to click on the song name

×
×
  • Create New...