shizzle

Members
  • Content count

    112
  • Joined

  • Last visited

Community Reputation

0 Neutral

About shizzle

  • Rank
    elite

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    USA

Recent Profile Visitors

1,077 profile views
  1. yes correct, I was only trying to be 'simple' to show the guy a custom HTTP request is easy to do with many available scripting options. or he can go with wget I was only trying to drive him a little more. Sorry? :-P <3
  2. I've always wanted to go to defcon, for like 10 years now I think... Maybe now that I am older and have money and such I will go to my fist hacking con! =) I bet it would be so much fun, are people chill there or is it alot of BS? I hear theres tons of feds there, not that it matters if they see me or anything.... <3
  3. LOL. When I was about 14, more then 10 years ago I started doing this, I would use windows clipboard and copy my request from notepad, telnet to port 80 and paste. And it worked just fine. I did this to exploit the old /cgi-bin/phf bug in apache back then. If you logged your traffic, you could "save" the cat of /etc/passwd without a hassle into > dnsname.date.log Then I started the curl or pipe to netcat like the great Ohm stated, but here is my 2 cents. Why not learn perl or php or some other program/script lang? To code up a HTTP request is very easy and simple with perl or php and you could even google the code to do it and just fill in a couple of blanks. You will learn more man, if you write the code and do it yourself. Command line tools are helpful for tasks or even to be called in scripts. But ./hacking away with someone elses code does not teach you that much :-) Good Luck! <? //connect to web server, send a GET request. $socket = fsockopen("www.blah.com", 80); fwrite($socket, "GET / HTTP/1.0\r\nHost: www.blah.com\r\n\r\n"); // put the while() loop and fgets() here... .... ?> Look into fgets() at while() php.net/manual/ and see if you can figure out how to read the reply from the web server to the request sent above :-)
  4. Yes for years. Thats what I mean when I say maybe they finally get it. I mean, a bea will let you have its honey right? Just don't strike its nest. 'Hackers' have been trying to show the gov for years just now insecure and faulty there networks are right? Now they finally get it... and they also get what they need to do to make things tighter. And I dont think mcafee is on the list ;-) hahaha.
  5. Maybe they finally get it? http://my.att.net/s/editorial.dll?bfromind...p;ck=&ch=ne
  6. I bet Ohm did it. :monk:
  7. one of my laptops a uh.... HP4300 does s-video nicely wasnt that costly either.
  8. 5) The address you've put in 3) should point to your shellcode in 4), and that's one of the hard parts of writing an exploit: it is quite hard to determine where it ends up in memory. Yeh but cant you just make your exploit/script do a loop and hammer away at offsets until you guess the lucky one? <3
  9. First, we spoofed a IP address. Then we spoofed a CID. One day we shall spoof a transmission from some distant, remote space station to not pay the $29.99 per minute to 'phone home'. Give my love to the 'law makers' :-P
  10. They could sit outside your house, and use nmap or some type of home brew script to say, port scan, brute force/crawl ftp, web scan for bugs and stuff like that.... Basic reconnaissance before attempting to compromise a computers security. You might say, well hey buddy thats not so bad, that all can be dealt with. But the worst case scenario? They do this on *.nasa.gov or the NSA machines that are on the net. What stops even DoD? Then there gonna be on your ass so bad you will wish that you never had been born. Ever hear of ARP Poisoning? They could use a script to tell your router, that they have your IP on the subnet. Then tell your computer, that they are the router.. What does this do? Allow them to fully control and route your outgoing connection. Sniffing your passwords or defeating SSL and sniffing your online banking information would not be hard for a hacker worth his salt, or even a novice computer enthusiast. As there are tools ready and available for download to do these nasty tricks on the web. Secure your networks! Regards.
  11. Keep smoking that shit.
  12. IronGeek..... Are you married?
  13. Okay, over the last 10 or more years, I really have seen some sick and weird stuff on the internet. But a bloody meatcave? That filthy moron got what he deserved. Anyway, I've tryed this out before, spidering robots.txt to see if I could find anything interesting. Never really have found much.
  14. You keep scanning web servers by hand, I'll be glad to use automated tools to quickly find well known bugs I already understand how to exploit. If you are being honest about being a security professional, as well as scanning web servers by hand? You and the man that pays your salary has my pity. Thanks to all that actually gave me something useful
  15. This is mainly to professional pentesters out there. Whats your fav web scanner? I've favored nikto for some time now. But doing a pentest the other day it really ticked me off that after the mutation of dir searching and the regular guessing of nikto, I didnt find /manager/ ... But I did with just guessing myself at dirs looking for a foot hold / target. <3 BinRev