Angel

Members
  • Content count

    137
  • Joined

  • Last visited

  • Days Won

    1

Angel last won the day on February 18 2014

Angel had the most liked content!

Community Reputation

1 Neutral

About Angel

  • Rank
    mad 1337
  • Birthday 09/14/674

Profile Information

  • Gender
    Male

Recent Profile Visitors

2,009 profile views
  1. Not to bring this old thread back from the grave, but I thought it funny that this flaw still exists in the current IP Board software -- as hinted at four years ago, this vulnerability effects client-side controls used across the software suite, and as such it allows behaviour a little more serious than things like making your age a cool number ... not sure what that says about giving big 'evil' corporations a chance. ^_-. -ArchAngel
  2. I wonder if this is related? Although the article seemed to indicate that the person involved just called the main whitehaus switchboard, which is pretty easy to get ahold of (http://www.whitehouse.gov/contact/ lists the number as 202-456-1414 ) . http://news.yahoo.com/s/nm/20071212/od_nm/...c&printer=1 -ArchAngel
  3. If the problem is only that he needs to get into the system again, you may have better luck just replacing the hash with a new one with something like this boot disk: http://home.eunet.no/~pnordahl/ntpasswd/ I've not tried it on Vista yet, but would be interested in hearing if you have had any success with it. -ArchAngel
  4. Not to sound like I'm encouraging some sort of black-hattery, but it should be said that there are ways to spoof your PC Name and MAC Address pretty easily. In modern Windoze systems, you can edit some registry keys - it'll be one of the GUIDs under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\" with a key named "NetworkAddress" that matches your MAC - and renaming your computer is generally as easy as right-clicking "My Computer", choosing "Properties", and then clicking the "Change" button at the bottom of the "Computer Name" tab. No special tools or .exe's required. -ArchAngel
  5. That's probably the way I'd do it, given that this was a windoze environment. You could do something 1337-er in your language of choice, but this is the two-cent beginning-coder solution that'll work in your flavour of windoze. You'll need two files. The first is a batch file; for the purposes of this explanation we'll call it "asdf.bat". The batch file will use a CALL statement to execute the vbscript portion of your code. The vbscript is stored in the second file - we'll call it "asdf.vbs". The vbscript's job is to pop up a message box with a Yes/No question to answer. If the user clicks "Yes", the vbscript will pass a "1" to the batch file; if the user clicks "No" or closes out of the box, etc, it'll pass "0". Hopefully that makes some sense; here's the code part: ASDF.BAT CALL asdf.vbs Echo %errorlevel% Pretty simple, but we're not doing anything with the output once we have it. You might want to look into "IF" and conditional statements in batch files if you're planning on having your batch file do different things depending on what the user's clicked; let me know via PM if you run into any problems. And here's what each line in the batch file does - in the hopes that it'll help somebody, even if it's pretty clear to you. - "CALL asdf.vbs" makes your batch file look in the same directory it's running in for a file named "asdf.vbs". It executes that file and pipes any return code the file might quit with to an Environment Variable called "errorlevel". More on that in a moment. - "Echo %errorlevel%" just prints the contents of the environment variable named "errorlevel" to the screen. In DOS and Batch Files, wrapping percent signs around a word tells the script to look through the environment variables until it finds one with the name between the percent signs. In very basic terms - environment variables are programming settings that your operating system keeps track of. So: CALL tells the batch file to execute our VBScript, and then ECHO prints whatever the script quit with to the screen. Easy day! ASDF.VBS Dim ReturnVal ReturnVal=Msgbox("Is This A Yes/No Question?",VBYesNo,"EnterSomeTitleTextHere") If (ReturnVal=6) Then WScript.Quit 1 Else WScript.Quit 0 End If This is a bit trickier, but really not any harder to understand. Again, send me a PM if you need more data on something in here, or help modifying it to your specific needs. And let's go line-by-line to describe what's happening, just in case some poor n00b finds this post off of google: - "Dim ReturnVal" declares a new variable named "ReturnVal". This is what we'll use to store whether or not the user clicked "Yes" or "No". - "ReturnVal = MsgBox(...)" is a long and potentially intimidating line, but pretty self-explanatory once it's broken down. In this line, our trusty variable "ReturnVal" is going to take whatever the user clicks in VB's built-in Pop-Up-MessageBox and store it there. "MsgBox()" is a function that's built into VBScript; it tells windows to open a pop-up window. But a plain pop-up window with an "OK" button in it won't really help us for what you're trying to do, so we feed the function three parameters, separated by commas. The first one reads "Is This A Yes/No Question?" - it's the text that appears inside the pop-up window, right above the buttons. The second one reads "VBYesNo" - this tells the window what buttons to put on the pop-up window. (You can find a full list of types here). The third one reads "EnterSomeTitleTextHere" - this is the text that appears in the title bar of the pop-up window - the bar at the top, to the left of the minimize, maximize, and close buttons. - "If ReturnVal=6" is a Conditional Statement that checks to see if our "ReturnVal" variable is the number "6" - which means the user clicked the "Yes" button. (If they clicked the "No" button, "ReturnVal" would be the number "7" - I'm not sure why either). If so, the script executes the line immediately below it (WScript.Quit 1) - otherwise, it executes the line under the line that reads "Else" (WScript.Quit 0). - "WScript.Quit 1" tells the script that it should quit, and set the %errorlevel% environment variable to "1". Pretty straight-forward! I'll skip the "Else" and the second "WScript.Quit" to avoid being redundant, which brings us to: - "End If" - VBScript needs this to know where the Conditional Statement ends. Pretty boring. :-/. So - that's the exhaustive post on how to do what ArpaNet was talking about; sorry for the length - and let me know if you run into any problems with the code. -ArchAngel
  6. http://www.adn.com/news/alaska/crime/story...p-9396960c.html As we all know, links go down, so here's the text from the article: Seems like an awfully loose definition of "hacking" if you ask me ... I can neither confirm nor deny any special knowledge of the specifics of this case, but experience says that 52-year-olds generally have their passwords securely taped to their monitors. It's a crime, sure - just not sure I'd call the alleged perpetrator a "Hacker". :-/ -ArchAngel
  7. Hm, if the flat rainbow tables and reverse-lookup sites didn't help, chances are that the password has been "salted" in some way before being encrypted. Here's a wikipedia article on the topic of Salting when it refers to a cryptographic technique. Do you have any more information for us on where you retrieved the hash? Don't disclose anything that will get you into trouble - remember these are public boards - but it might help to know what kind of system you're trying to get into. There are a lot of experienced people on the boards, so maybe one of them knows where salts are generated for your target OS/Program. -ArchAngel
  8. Incidentally, rainbow tables are sometimes a good solution if your target hash hasn't been salted with any other data. In short, a rainbow table is a list of precomputed hashes and the words that match up with each hash - this means that you can input a hash and retrieve the word(s) that match it. Naturally, smaller lists of hashes are available in various places online - For MD5 and SHA1, you may have some luck with sites like this one: <a href="http://md5.rednoize.com/" target="_blank">http://md5.rednoize.com/</a> Again, assuming that your hash is pretty simple - you may find this is slightly quicker than running a dictionary attack. -ArchAngel edit:forgot to include the quote at the top.
  9. http://www.attwheredoyoulive.com/ Looks like it defaults to "Interlace" - then as you add places it steals a few letters from each in order to build a name. So if you want your shirt to read "Internets" you have to fill out one part in each block - "IN" "TER" and "NETS" worked for me. At the end ... you get redirected to http://www.zazzle.com where you can buy the shirt/sticker/whatever. Yay? So why the data mining, big corporation? -ArchAngel
  10. Have you tried ebay? http://search.ebay.com/search/search.dll?s...0&category0= ? -ArchAngel
  11. test / test works for http://www.gasbuddytogo.com, too. Mobile sites are sometimes good attack vectors - since developers sometimes don't consider that regular internet users can hit those sites, too. Definitely some fun things to play around with here. -ArchAngel
  12. O_o;; Sometimes a little too friendly. Guess it's a good way to boost those SE skillz ... -ArchAngel
  13. *shrugz* I suppose. You seem to believe more in corporations than I do, my friend. ^_-. I sent a message in via script-injecting their "Report Piracy" form, and e-mailed the technical contact listed in their WHOIS: We'll see if they respond. -ArchAngel (edit:reworded slightly before sending)
  14. *bump* The above post has been edited to include download links - or if your scrolling finger(s) are lazy: Part I Part II Part III You'll have to left-click the links, then on the counter-intuitive "Click here to start download.." on the left side of the file information/digg buttons/etc to begin the download. Enjoy, -ArchAngel
  15. Q:Is this really general hacking? A:Of course! But feel free to move this if you think otherwise, mods. Q:So you edited your profile to say you were 'leet'? Isn't that kind of sophomoric? A:Yar, probably. But I couldn't think of any better number off the top of my head, and "666" seemed dumb. Q:Ok, so I assume there's a flaw in the website? A:Well, many; nothing is a hundred percent secure. Stank and crew do a good job of locking things down, this isn't like a dig at the staff or nothin'. Q:Would you like to tell us? A:Sure thing! I'll give you a hint and then put the actual code in spoiler tags so you guys can script-kiddy out your own profiles. The hint is: what user input does the forum take to calculate your age? As an aside - I'm attaching the image above to this post since as it's hosted at Images Hack dot us it will, in time, wither and die, confusing future graverobbers who may then attempt to ressurect this thread with dumb questions. Have phun, -ArchAngel