Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Everything posted by CrashandDie

  1. Not tested, obviously, but it should point you into the right direction: <?php // INIT CURL $ch = curl_init(); // SET URL FOR THE POST FORM LOGIN curl_setopt($ch, CURLOPT_URL, 'http://store.domaincentral.com'); // ENABLE HTTP POST curl_setopt ($ch, CURLOPT_POST, 1); // SET POST PARAMETERS : FORM VALUES FOR EACH FIELD $data = array('pid' => 74747, 'currenturl' => 'http://store.domaincentral.com', 'username' => 'myusername', 'password' => 'mypass'); curl_setopt ($ch, CURLOPT_POSTFIELDS, $data); // IMITATE CLASSIC BROWSER'S BEHAVIOUR : HANDLE COOKIES curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); # Setting CURLOPT_RETURNTRANSFER variable to 1 will force cURL # not to print out the results of its query. # Instead, it will return the results as a string return value # from curl_exec() instead of the usual true/false. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); // Various options which will enable multi-page sessions. curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookiefile"); curl_setopt($ch, CURLOPT_COOKIEJAR, "cookiefile"); curl_setopt($ch, CURLOPT_COOKIE, session_name() . '=' . session_id()); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // EXECUTE 1st REQUEST (FORM LOGIN) $store = curl_exec ($ch); // SET FILE TO DOWNLOAD curl_setopt($ch, CURLOPT_URL, 'http://store.domaincentral.com/servlet/WebsiteServlet?formaction=List&searchflag=false'); // You probably need to cleanse the POST data here or something. // EXECUTE 2nd REQUEST (FILE DOWNLOAD) $content = curl_exec ($ch); // CLOSE CURL curl_close ($ch); echo $content; ?>
  2. Thank you, again, for this superb sentence that doesn't make any sense ;) University: Been there, done that. And please, for a second, re-read my post, I didn't say "omg the interwebz are all u need", I just said, that books can contain as much as crap as websites, but they have an added danger, that people (just like you I might add) do not doubt their contents. Books are extremely dangerous, when written by, or placed into, the wrong hands. But considering how easily you misinterpret a simple forum post, I doubt you've come across that many books, have you? ;)
  3. Don't tell me you're really that naïve... I mean, for crying out loud... Read "Mein Kampf", read Nietsche, don't tell people to read books when you have absolutely no fucking idea what you're talking about. There are more published books out there talking about negationnism (that's holocaust denial for you) than you could fucking imagine. And what's the first thing you're gonna do before answering? Google. That's right, no open a book. Google. Don't beat to death the horse you're riding.
  4. I always love it when people tell other people off, and especially when they insult the intelligence, but fail at spelling when doing so. Go for it. If you try, and succeed, what's the worst that can happen? You're going to get detention? A letter to your mum & dad? Have fun, that's the only thing I'll say. If you manage to get through it, and the IT guy notices, good for him, but he should've created a better network, if they really want a "secure internet" (which doesn't exist, btw). Oh, and btw, port 22 (SSH) will probably be blocked. Try putting the SSH server on port 80, maybe it'll manage to go through there. The HTTP-Proxy-over-SSH is what I would consider too. I've been using it for a few years at school/work/unknown wifi networks, and never had a problem with it. Just install apache, with mod_proxy, on a home server, make mod_proxy only accept request from on the server, and make sure port 22 is accessible from the outside. When connecting, use the command "ssh user@server.foobar.org -L 8080:localhost:80" This will create a new connection, and forward port 8080 on the machine you are sitting at, to port 80 on your server. Beautiful.
  5. How about we try to find a coding challenge that is not tied to a given Operating System?
  6. Challanage? Challange? I think you'll find that's "challenge". On a second note, I don't see how "someone posts something, and then someone else, and then someone else" is a challenge. There's no challenge there, mate. Stop organising the challenges, just create one. If you have spare time, write a set of rules, and just make it happen. Be it a crackme, or coding contest. You don't have to say "someone does this, and then someone does that", because that's just bollocks. Nothing is going to come from that. The last part, is that crackme's are boring like fuck. I think nearly everyone has done crackme's, and developing them is even more boring that trying to crack them. That's going to die out soon. A good old fashioned coding contest would be perfect, but one thing that would make it interesting, is having everyone's "signature language" (my signature language is C++) in your profile, and then have *everyone* use another language than their signature language. Just to though things up a bit.
  7. There aren't any tools that can detect an essid unless the AP broadcasts it, or unless one of the clients probes and connects. You can't get that kind of information out of thin air. And anyway, no clients == no cracking under 5 minutes, so usually no point in trying. Oh, and using multiple laptops will not boost results in any way possible.
  8. $ gcc bomb.c -o bomb -Wall bomb.c: In function ‘main’: bomb.c:7: error: ‘sleepfor’ undeclared (first use in this function) bomb.c:7: error: (Each undeclared identifier is reported only once bomb.c:7: error: for each function it appears in.) bomb.c:7: warning: implicit declaration of function ‘getenv’ bomb.c:9: warning: implicit declaration of function ‘prompt’ bomb.c:10: warning: implicit declaration of function ‘gets’ bomb.c:11: warning: implicit declaration of function ‘strcmp’ bomb.c:11: error: ‘P1’ undeclared (first use in this function) bomb.c:12: warning: implicit declaration of function ‘click’ bomb.c:14: warning: implicit declaration of function ‘kaboom’ bomb.c:20: error: ‘P2’ undeclared (first use in this function) bomb.c:23: warning: implicit declaration of function ‘strlen’ bomb.c:23: warning: incompatible implicit declaration of built-in function ‘strlen’ bomb.c:31: error: ‘P3’ undeclared (first use in this function) bomb.c:38: warning: implicit declaration of function ‘fopen’ bomb.c:39: warning: implicit declaration of function ‘fizzle’ That's what your code gives... "c", and "v", as you call them, are the argument count, and the argument value. argc and argv in short. If you launch it by executing ./bomb, argc (c for you) will be = 1. If you launch it by executing "./bomb is da shit", argc will be = 4. The "v", or usually called "argv", is a pointer which points to an array of arrays of characters. In other words, it's an array of C-type strings. You can access each string by using something like: printf("%s\n", argv[0]); // in general printf("%s\n", v[0]); // for you The value of "v" is thus just an address of a memory strip. Nothing to worry about. You're not using the arguments, so you can just leave both of those out by using int main (void). Try this: #define INPUT_BUFFER 10 #include <stdio.h> #include <string.h> int main (void) { char * passwordList[] = {"first", "second", "third", "fourth"}; int i = 0; char answer[INPUT_BUFFER]; for (i = 0; i < 4; i++) { printf("Password?\n"); if (fgets(answer, INPUT_BUFFER, stdin) == NULL) printf ("Oh shit, something went wrong\n"); answer[strlen(answer) - 1] = 0; if (strcmp(passwordList[i], answer) != 0) { printf ("KABOOM !\n"); return 0; } } printf("You won!\n"); return 0; }
  9. Here's another idea: how about you make something a bit more sophisticated? Creating yet another wget clone doesn't motivate anyone. There's nothing as "quality" in downloading, either you get the bits right, or you don't. If you want to motivate people, get them to do something that will challenge their intellect. Not just send an HTTP request.
  10. You will sometimes see ”<length: ?>” as the SSID on the airodump-ng display. This means the SSID is hidden. The ”?” is normally the length of the SSID. For example, if the SSID was “test123” then it would show up as ”<length: 7>” where 7 is the number of characters. When the length is 0 or 1, it means the AP does not reveal the actual length and the real length could be any value. To obtain the hidden SSID there are a few options: Wait for a wireless client to associate with the AP. When this happens, airodump-ng will capture and display the SSID. Deauthenticate an existing wireless client to force it to associate again. The point above will apply. Use a tool like mdk3 to bruteforce the SSID. You can use Wireshark combined with one or more of these filters to review data capture files. The SSID is included within these packets for the AP. http://www.aircrack-ng.org/doku.php?id=air...en_ssids_length @ret: I think you have the more understanding of the actual problem than anyone else. @Steve8x: There's another world with other stuff than just the things you have seen.
  11. Do you want fries with that?
  12. Another question: Why the fuck would you want to roll out your own distro? I mean, you hardly understand anything about packaging, you don't know anything about Linux as a whole, and I'm guessing your kernel skills aren't very polished either. The whole point of a distribution, is to have a set of tools, utilities, kernel patches, and software, that will give that distribution a unique flavour. There are so many different distributions out there, that you are bound to find one that fits you. If you want a name for it though: YASFUD Yet Another Shitty Fucking Useless Distribution
  13. Thank you for this line which means absolutely nothing. Please do not use terms prior to understanding them ;) And for the OP, get your act together, give us real info.
  14. There's a lot of existing options. Torrentflux for instance runs atop of apache, web interface, support for rss feeds, stops at a given ratio (say, 180%), automatic queuing of new .torrent files, etc, etc
  15. Could you please define "digital signature" ? Is it a gpg signature? md5 checksum? crc? It's kinda hard to help with so little information...
  16. Do I need to remind this is Hak.5 ? No one is handsome in here, or we wouldn't be here.
  17. Reverse engineering a wifi driver not only is extremely difficult, it's usually "just too much". Meaning that in the end, it just doesn't happen. There's been people working on reverse-engineering the wifi driver for the Nokia n800/n810, and they have never even dented the whole thing. It's only when very recently, Nokia started Open Sourcing the driver that things really kicked off. I don't know what wifi chipset the iPod uses, but it'll be quite some time before anyone gets real access to it. First, you would need to install some kind of Linux flavour on it [1] (this would actually be the easy part), there's a lot of Linux versions for ARM already (debian, deblet, Angstrom) work fine, but the biggest problem would be finding the correct drivers and getting everything to work. Once you achieve this, trying to get the wifi going is going to be hard, but it is plausible. But that's just the first step. Getting it to support packet injection? That's a completely different story. [1]: I have no idea what kind of access developers get to the actual underlying hardware on a Mac/iPhone. This is why I would suggest get Linux on it. If you are able to load/unload drivers freely, installing Linux isn't even needed, just start hacking away at a new driver. But again, this is not an easy task.
  18. You should be able to always translate your code into pseudocode. Being able to model your ideas before coding is very important. Once you understand that, you don't care about the language you're coding in. You should code in a language that is adapted to what you want to do. Don't use PHP+GTK to create standalone applications. Don't use Python to create very intensive math applications. Etc, etc. Each language has its specifics, choose your language based on those.
  19. Actually, far from it. There's more than one AI paradigm, but there is something that skims through every time. What you have to understand, is that AI is no different that any other kind of application. You have input, and you try to get output. The kind of input and output will vary greatly from say, you're average GUI program, but only in the way your data is interpreted. Saying you want to code AI is actually extremely broad. There's AI as in language (a talking bot), or AI as in movement (having a robot move around the room), but again, it's always the same thing. Understanding what you have to do next. The usual structure of a game is: while (running) { while (event = eventsToBeTreated()) onEvent(event); onLoop(); if (needsRendering) onRender(); } And AI is not so different. while (alive) { while (event = eventsToBeTreated()) onEvent(event); onLoop(); if (needsAction) onAction(); } The biggest part after that, is of course to understand what kind of events you're waiting for. How to interpret them. Spending some time designing the event detection is extremely important. The action, in the end, is fairly straightforward, but it only is any good if you've detected your input correctly.
  20. How about you try recapitulate the whole problem, synthesise what you've achieved, and where the real problems are?
  21. Which was my point all along... Even if we were to have an interest into finding exploits on his website, it doesn't work in the first place...
  22. Ok, first of all: WHAT? Please try to write decent questions, it's kinda nice, every once in a while, to have a question you don't have to fill in gaps before you can understand it. Second, I don't understand why you would want to create a video hosting website. Just use a "normal" CMS, and add videos you host on YouTube. You do understand that YouTube is losing millions, and it is by far the leader in this domain. So if Google can't make any profit, or elaborate a healthy business model, what makes you think you can? Third, why Windows? Would you really want to host a website that's going to be hit by potentially hundreds on a Windows box? You're obviously not a hosting expert; I think it's not a risk that's worth it. [off topic] Fourth, I'm getting pissed at all these companies that release so called mature software, always with 3 different licences... "Community Edition", Enterprise and Corporate... I mean... Who the fuck started that, it's just ridiculous... Their documentation is non-existent, the website sucks [language isn't consistent, they still use mailto:, popups are borked], I wouldn't put my trust is them. EVER. [/off topic]
  23. It's a bit hard to do any hacking when you're encountering errors all the time...
  • Create New...