Jump to content

DingleBerries

Dedicated Members
  • Posts

    1,291
  • Joined

  • Last visited

Everything posted by DingleBerries

  1. Seriously. Nice website, ok videos, ok content... but dont spam the forums for shameless bumps. Shit is not cool. Forums/Hak5 is not your blog.
  2. Drop != Boxxxy. Drop is a underage boy, Boxxy is jail bait. Troll 4chan more and you will learn.
  3. Bit of an update: http://profile.ak.facebook.com/profile[1:9]/nUSERID_4DIGITNUMBER.jpg so directories are linked. All that other stuff doesnt really matter. I am going to start a dump on a famous person and see if it work. If it does ill post pics and try to write some thing to exploit this... or just download wget and try yourself :D
  4. http://www.vmware.com/products/vi/esx/
  5. have you tried turning it off and on again?
  6. lol exactly. I am use crawling the site would get you there as well but who knows. I saw this some where else and thought it would be a nice share.
  7. One i did today. What people should be doing and ARE doing are usually two different things... However this is good information. By decompiling the swf you do not have to monitor headers to see what data is being sent and how. Just depends on what you want to do really.
  8. That didnt work... Yeah bummer but if you digg deep into the bowels of facebook theres some interesting stuff going on. What i did find though is that they did get smarter. Servers are split many ways in order to hide pictures.. Im looking over what source I have to kind of weasel my way around, but as of yet its not working. http://photos-[a:z].ak.fbcdn.net/photos-ak-snc1/v23[10:99]/[1:99]/[1:99]/RANDOM/ I dont have enough to go off of for the random part. I think it has to do with the users sid/uid. I did find out how to get the sid though facebook.com/ajax/search_profile.php?id=UID will print out a bunch of stuff.. interesting part is the sid. There are a few other mechanisms in place but I just started :P. Also. http://photos-h.ak.fbcdn.net/photos-ak-sf2...398215_2606.jpg Good part is the last directory is our user id. 726967925/n726967925_398215_2606.jpg And the second part is the album id /n726967925_398215_2606.jpg Its just finding out what the stuff in the begining means that matters.
  9. SORRY ABOUT THE SPELLING. Use this "exploit" to get started: Now grab the Firefox addon "Download Them All". Open Download them all manager and click "Add URL(s)" Paste your targets URL string. EX: http://photos-c.ak.fbcdn.net/n210132_UID_[1:9999].jpg There you have it.. get at some famous people and try to sell the photo(bad i know but works). I have Lindsey Lohan and a few others....BTW facebook doesnt delete your photos when you cancel ;). UPDATE: point your downloads to http://photos-c.ak.fbcdn.net/photos-ak-sf2...32_UID_XXXX.jpg either took it down or are blocking my request!
  10. 1. this is from 2006 2. reverse shells are bad; a. they give away your ip b. easy to detect 3. google is your friend
  11. Edit: Sorry, going to do a tutorial on/about this subject.
  12. why not turn all that into a string and that way you dont have to use nircmd to hide the cmd box? but to answer your question, there is a bat that scans the drive and looks to a special file. Look at the slurper payload and how that is executed and that should get you where you need to go. Its almost at the bare min... I just didnt code an exe for the iso part.
  13. First, I do not take responsibility for the stupid shit you might do with this. If you "own" a website be prepared to accept any consequences that may lay hereinafter. Just beacuse you can doesnt mean you should. This is an education tutorial to show you why you shouldnt use this type of validation/login on your websites. With that being said here we go. Setup: Web Browser - FireFox, Download Them All, Lots of Proxies Software - Flash Decompiler Google dork - allinurl:login filetype:swf VM - No interenet access while we work on the .swf(paranoia) Step 1. Make sure your shits secured. Tor alone isnt enough, there are ways to grab your real ip. I reccomend disabling cookies, reffers, JS, Java, and Flash. Use download them all and filter your downloads with other urls and different methods(will not go into that). Step 2. Grab that .swf. Dont go to any .gov site and try to hack it, can you say V A N? So start to with a free one some where for pratice. Step 3. Decompile is and look for the pass(in script section)... That easy Other things you can do? Does is send commands to another script? Maybe some sql injection? An open dir? You be the judge. There are alot of things that these little files can do. BTW this is old news and most sites have it fixed or use come other type of verification(of which you can see when decompiled)...
  14. If you have a master passwords set && password exporter installed does it still ask for the master pass? I do not save passwords and do not want to install the addon but might be something to check out. Read his code and find out how he is doing it, if there are PT and implement something.
  15. Registry Autostart Locations 1. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ Run \ All values in this key are executed. All values in this key are executed. 2. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ RunOnce \ All values in this key are executed, and then their autostart reference is deleted. All values in this key are executed, and then their autostart reference is deleted. 3. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ RunServices \ All values in this key are executed as services. All values in this key are executed as services. 4. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServicesOnce\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ RunServicesOnce \ All values in this key are executed as services, and then their autostart reference is deleted. All values in this key are executed as services, and then their autostart reference is deleted. 5. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currie ntVersion \ Run \ All values in this key are executed. All values in this key are executed. 6. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\ HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currie ntVersion \ RunOnce \ All values in this key are executed, and then their autostart reference is deleted. All values in this key are executed, and then their autostart reference is deleted. 7. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\Setup\ HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currie ntVersion \ RunOnce \ Setup \ Used only by Setup. Used only by Setup. Displays a progress dialog box as the keys are run one at a time. Displays a progress dialog box as the keys are run one at a time. 8. HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\Run\ HKEY_USERS \. Default \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run \ Similar to the Run key from HKEY_CURRENT_USER. Similar to the Run key from HKEY_CURRENT_USER. 9. HKEY_USERS\.Default\Software\Microsoft\Windows\Cur rentVersion\RunOnce\ HKEY_USERS \. Default \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce \ Similar to the RunOnce key from HKEY_CURRENT_USER. Similar to the RunOnce key from HKEY_CURRENT_USER. 10. 10. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon The "Shell" value is monitored. The "Shell" value is monitored. This value is executed after you log in. This value is executed after you login. 11. HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \ All subkeys are monitored, with special attention paid to the "StubPath" value in each subkey. All subkeys are monitored, with particular attention paid to the "StubPath" value in each subkey. 12. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\VxD\ HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Service es \ VxD \ All subkeys are monitored, with special attention paid to the "StaticVXD" value in each subkey. All subkeys are monitored, with particular attention paid to the "StaticVXD value in each subkey. 13. HKEY_CURRENT_USER\Control Panel\Desktop HKEY_CURRENT_USER \ Control Panel \ Desktop The "SCRNSAVE.EXE" value is monitored. The "SCRNSAVE.EXE" value is monitored. This value is launched when your screen saver activates. This value is launched when your screen saver activates. 14. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Contro l \ Session Manager The "BootExecute" value is monitored. The "BootExecute value is monitored. Files listed here are Native Applications that are executed before Windows starts. Files listed here are Native Applications that are executed before Windows starts. 15. HKEY_CLASSES_ROOT\vbsfile\shell\open\command\ HKEY_CLASSES_ROOT \ vbsfile \ shell \ open \ command \ Executed whenever a .VBS file (Visual Basic Script) is run. Executed whenever a. VBS file (Visual Basic Script) is run. 16. HKEY_CLASSES_ROOT\vbefile\shell\open\command\ HKEY_CLASSES_ROOT \ vbefile \ shell \ open \ command \ Executed whenever a .VBE file (Encoded Visual Basic Script) is run. Executed whenever a. Vbe file (encoded Visual Basic Script) is run. 17. HKEY_CLASSES_ROOT\jsfile\shell\open\command\ HKEY_CLASSES_ROOT \ jsfile \ shell \ open \ command \ Executed whenever a .JS file (Javascript) is run. Executed whenever a. JS file (JavaScript) is run. 18. HKEY_CLASSES_ROOT\jsefile\shell\open\command\ HKEY_CLASSES_ROOT \ jsefile \ shell \ open \ command \ Executed whenever a .JSE file (Encoded Javascript) is run. Executed whenever a. JSE file (encoded Javascript) is run. 19. HKEY_CLASSES_ROOT\wshfile\shell\open\command\ HKEY_CLASSES_ROOT \ wshfile \ shell \ open \ command \ Executed whenever a .WSH file (Windows Scripting Host) is run. Executed whenever a. File WSH (Windows Scripting Host) is run. 20. HKEY_CLASSES_ROOT\wsffile\shell\open\command\ HKEY_CLASSES_ROOT \ wsffile \ shell \ open \ command \ Executed whenever a .WSF file (Windows Scripting File) is run. Executed whenever a. WSF file (Windows Scripting File) is run. 21. HKEY_CLASSES_ROOT\exefile\shell\open\command\ HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command \ Executed whenever a .EXE file (Executable) is run. Executed whenever a. EXE file (Executable) is run. 22. HKEY_CLASSES_ROOT\comfile\shell\open\command\ HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command \ Executed whenever a .COM file (Command) is run. Executed whenever a. COM file (Command) is run. 23. HKEY_CLASSES_ROOT\batfile\shell\open\command\ HKEY_CLASSES_ROOT \ batfile \ shell \ open \ command \ Executed whenever a .BAT file (Batch Command) is run. Executed whenever a. BAT file (Batch Command) is run. 24. HKEY_CLASSES_ROOT\scrfile\shell\open\command\ HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command \ Executed whenever a .SCR file (Screen Saver) is run. Executed whenever a. SCR file (Screen Saver) is run. 25. HKEY_CLASSES_ROOT\piffile\shell\open\command\ HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command \ Executed whenever a .PIF file (Portable Interchange Format) is run. Executed whenever a. PIF file (Portable Interchange Format) is run. 26. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\ HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Service es \ Services marked to startup automatically are executed before user login. Services marked to startup automatically are executed before user login. 27. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Winsock2\Parameters\Protocol_Catalog\Catalog_En tries\ HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Service es \ Winsock2 \ Parameters \ Protocol_Catalog \ Catalog_En tries \ Layered Service Providers, executed before user login. Layered Service Providers, executed before user login. 28. HKEY_LOCAL_MACHINE\System\Control\WOW\cmdline HKEY_LOCAL_MACHINE \ System \ Control \ WOW \ cmdline Executed when a 16-bit Windows executable is executed. Executed when a 16-bit Windows executable is executed. 29. HKEY_LOCAL_MACHINE\System\Control\WOW\wowcmdline HKEY_LOCAL_MACHINE \ System \ Control \ WOW \ wowcmdline Executed when a 16-bit DOS application is executed. Executed when a 16-bit DOS application is executed. 30. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Userinit Executed when a user logs in. Executed when a user logs in. 31. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ ShellServiceObjectDelayLoad \ Executed by explorer.exe as soon as it has loaded. Executed by explorer.exe as soon as it has loaded. 32. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\run HKEY_CURRENT_USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ run Executed when the user logs in. Executed when the user logs in. 33. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load HKEY_CURRENT_USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows \ load Executed when the user logs in. Executed when the user logs in. 34. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\run\ HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Currie ntVersion \ Policies \ Explorer \ run \ Subvalues are executed when Explorer initialises. Subvalues are executed when Explorer initialises. 35. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\run\ HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Currie entVersion \ Policies \ Explorer \ run \ Subvalues are executed when Explorer initialises. Subvalues are executed when Explorer initialises. Folder Autostart Locations Folder Autostart Locations 1. windir\Start Menu\Programs\Startup\ windir \ Start Menu \ Programs \ Startup \ 2. User\Startup\ User \ Startup \ 3. All Users\Startup\ All Users \ Startup \ 4. windir\system\iosubsys\ windir \ system \ iosubsys \ 5. windir\system\vmm32\ windir \ system \ vmm32 \ 6. windir\Tasks\ windir \ Tasks \ File Autostart Locations Autostart File Locations 1. c:\explorer.exe c: \ explorer.exe 2. c:\autoexec.bat c: \ autoexec.bat 3. c:\config.sys c: \ Config.sys 4. windir\wininit.ini windir \ wininit.ini 5. windir\winstart.bat windir \ winstart.bat 6. windir\win.ini - [windows] "load" windir \ win.ini - [windows] "load" 7. windir\win.ini - [windows] "run" windir \ win.ini - [windows] run " 8. windir\system.ini - [boot] "shell" windir \ SYSTEM.INI - [boot] "shell" 9. windir\system.ini - [boot] "scrnsave.exe" windir \ SYSTEM.INI - [boot] "scrnsave.exe" 10. windir\dosstart.bat windir \ dosstart.bat 11. windir\system\autoexec.nt windir \ system \ Autoexec.nt 12. windir\system\config.nt windir \ system \ config.nt
  16. your virii protection is shit then.
  17. Thank you for this man. I have wanted to, but never found the motivation, to start doing some steg detecting. Just crawl for images and at a later time run them threw steg detect. Once again thanks for the tut.
  18. It would be a lot easier to write a script to check for updates. cURL or wget along with md5check. Have it download the latest version, compare it to the old version. If they are different then install... This is pretty dangerous, you should always make sure you are installing important system software your self. Modified version(url change) Author: netytan #!/usr/bin/env python import urllib, md5 page = urllib.urlopen('http://www.nvidia.com/object/linux_display_ia32_180.29.html').read() checksum = md5.new(page).digest() if open('md5.txt', 'r').read().strip() != checksum: print 'Page has been changed\n' open('md5.txt', 'w').write(checksum) else: print 'Page has not been changed\n'
  19. What are you auditing? Id start with a whole network topography then look at exit points and then systems. Depending on what you want to audit you are going to generally critic your methodology. So with a unix server I am not going to go about it the same way i would with a windows server. There is alot of work involved and if you are in a high risk company then i would suggest employing a professional. One any note you shouldn't test on production server. Always test on images or at least have full backups on hand in case you accidental the whole network.
  20. can you post a code snippet, from the begining of the program? That will help in determining the language.
  21. inpage:"XP Firewire Login Bypass" AND "Ipod"
×
×
  • Create New...