• Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by Angel

  1. Q:Is this really general hacking? A:Of course! But feel free to move this if you think otherwise, mods. Q:So you edited your profile to say you were 'leet'? Isn't that kind of sophomoric? A:Yar, probably. But I couldn't think of any better number off the top of my head, and "666" seemed dumb. Q:Ok, so I assume there's a flaw in the website? A:Well, many; nothing is a hundred percent secure. Stank and crew do a good job of locking things down, this isn't like a dig at the staff or nothin'. Q:Would you like to tell us? A:Sure thing! I'll give you a hint and then put the actual code in spoiler tags so you guys can script-kiddy out your own profiles. The hint is: what user input does the forum take to calculate your age? As an aside - I'm attaching the image above to this post since as it's hosted at Images Hack dot us it will, in time, wither and die, confusing future graverobbers who may then attempt to ressurect this thread with dumb questions. Have phun, -ArchAngel
  2. Not to bring this old thread back from the grave, but I thought it funny that this flaw still exists in the current IP Board software -- as hinted at four years ago, this vulnerability effects client-side controls used across the software suite, and as such it allows behaviour a little more serious than things like making your age a cool number ... not sure what that says about giving big 'evil' corporations a chance. ^_-. -ArchAngel
  3. As we all know, links go down, so here's the text from the article: Seems like an awfully loose definition of "hacking" if you ask me ... I can neither confirm nor deny any special knowledge of the specifics of this case, but experience says that 52-year-olds generally have their passwords securely taped to their monitors. It's a crime, sure - just not sure I'd call the alleged perpetrator a "Hacker". :-/ -ArchAngel
  4. I wonder if this is related? Although the article seemed to indicate that the person involved just called the main whitehaus switchboard, which is pretty easy to get ahold of ( lists the number as 202-456-1414 ) . -ArchAngel
  5. Looks like it defaults to "Interlace" - then as you add places it steals a few letters from each in order to build a name. So if you want your shirt to read "Internets" you have to fill out one part in each block - "IN" "TER" and "NETS" worked for me. At the end ... you get redirected to where you can buy the shirt/sticker/whatever. Yay? So why the data mining, big corporation? -ArchAngel
  6. If the problem is only that he needs to get into the system again, you may have better luck just replacing the hash with a new one with something like this boot disk: I've not tried it on Vista yet, but would be interested in hearing if you have had any success with it. -ArchAngel
  7. Not to sound like I'm encouraging some sort of black-hattery, but it should be said that there are ways to spoof your PC Name and MAC Address pretty easily. In modern Windoze systems, you can edit some registry keys - it'll be one of the GUIDs under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\" with a key named "NetworkAddress" that matches your MAC - and renaming your computer is generally as easy as right-clicking "My Computer", choosing "Properties", and then clicking the "Change" button at the bottom of the "Computer Name" tab. No special tools or .exe's required. -ArchAngel
  8. That's probably the way I'd do it, given that this was a windoze environment. You could do something 1337-er in your language of choice, but this is the two-cent beginning-coder solution that'll work in your flavour of windoze. You'll need two files. The first is a batch file; for the purposes of this explanation we'll call it "asdf.bat". The batch file will use a CALL statement to execute the vbscript portion of your code. The vbscript is stored in the second file - we'll call it "asdf.vbs". The vbscript's job is to pop up a message box with a Yes/No question to answer. If the user clicks "Yes", the vbscript will pass a "1" to the batch file; if the user clicks "No" or closes out of the box, etc, it'll pass "0". Hopefully that makes some sense; here's the code part: ASDF.BAT CALL asdf.vbs Echo %errorlevel% Pretty simple, but we're not doing anything with the output once we have it. You might want to look into "IF" and conditional statements in batch files if you're planning on having your batch file do different things depending on what the user's clicked; let me know via PM if you run into any problems. And here's what each line in the batch file does - in the hopes that it'll help somebody, even if it's pretty clear to you. - "CALL asdf.vbs" makes your batch file look in the same directory it's running in for a file named "asdf.vbs". It executes that file and pipes any return code the file might quit with to an Environment Variable called "errorlevel". More on that in a moment. - "Echo %errorlevel%" just prints the contents of the environment variable named "errorlevel" to the screen. In DOS and Batch Files, wrapping percent signs around a word tells the script to look through the environment variables until it finds one with the name between the percent signs. In very basic terms - environment variables are programming settings that your operating system keeps track of. So: CALL tells the batch file to execute our VBScript, and then ECHO prints whatever the script quit with to the screen. Easy day! ASDF.VBS Dim ReturnVal ReturnVal=Msgbox("Is This A Yes/No Question?",VBYesNo,"EnterSomeTitleTextHere") If (ReturnVal=6) Then WScript.Quit 1 Else WScript.Quit 0 End If This is a bit trickier, but really not any harder to understand. Again, send me a PM if you need more data on something in here, or help modifying it to your specific needs. And let's go line-by-line to describe what's happening, just in case some poor n00b finds this post off of google: - "Dim ReturnVal" declares a new variable named "ReturnVal". This is what we'll use to store whether or not the user clicked "Yes" or "No". - "ReturnVal = MsgBox(...)" is a long and potentially intimidating line, but pretty self-explanatory once it's broken down. In this line, our trusty variable "ReturnVal" is going to take whatever the user clicks in VB's built-in Pop-Up-MessageBox and store it there. "MsgBox()" is a function that's built into VBScript; it tells windows to open a pop-up window. But a plain pop-up window with an "OK" button in it won't really help us for what you're trying to do, so we feed the function three parameters, separated by commas. The first one reads "Is This A Yes/No Question?" - it's the text that appears inside the pop-up window, right above the buttons. The second one reads "VBYesNo" - this tells the window what buttons to put on the pop-up window. (You can find a full list of types here). The third one reads "EnterSomeTitleTextHere" - this is the text that appears in the title bar of the pop-up window - the bar at the top, to the left of the minimize, maximize, and close buttons. - "If ReturnVal=6" is a Conditional Statement that checks to see if our "ReturnVal" variable is the number "6" - which means the user clicked the "Yes" button. (If they clicked the "No" button, "ReturnVal" would be the number "7" - I'm not sure why either). If so, the script executes the line immediately below it (WScript.Quit 1) - otherwise, it executes the line under the line that reads "Else" (WScript.Quit 0). - "WScript.Quit 1" tells the script that it should quit, and set the %errorlevel% environment variable to "1". Pretty straight-forward! I'll skip the "Else" and the second "WScript.Quit" to avoid being redundant, which brings us to: - "End If" - VBScript needs this to know where the Conditional Statement ends. Pretty boring. :-/. So - that's the exhaustive post on how to do what ArpaNet was talking about; sorry for the length - and let me know if you run into any problems with the code. -ArchAngel
  9. Hm, if the flat rainbow tables and reverse-lookup sites didn't help, chances are that the password has been "salted" in some way before being encrypted. Here's a wikipedia article on the topic of Salting when it refers to a cryptographic technique. Do you have any more information for us on where you retrieved the hash? Don't disclose anything that will get you into trouble - remember these are public boards - but it might help to know what kind of system you're trying to get into. There are a lot of experienced people on the boards, so maybe one of them knows where salts are generated for your target OS/Program. -ArchAngel
  10. Incidentally, rainbow tables are sometimes a good solution if your target hash hasn't been salted with any other data. In short, a rainbow table is a list of precomputed hashes and the words that match up with each hash - this means that you can input a hash and retrieve the word(s) that match it. Naturally, smaller lists of hashes are available in various places online - For MD5 and SHA1, you may have some luck with sites like this one: <a href="" target="_blank"></a> Again, assuming that your hash is pretty simple - you may find this is slightly quicker than running a dictionary attack. -ArchAngel edit:forgot to include the quote at the top.
  11. Have you tried ebay? ? -ArchAngel
  12. test / test works for, too. Mobile sites are sometimes good attack vectors - since developers sometimes don't consider that regular internet users can hit those sites, too. Definitely some fun things to play around with here. -ArchAngel
  13. O_o;; Sometimes a little too friendly. Guess it's a good way to boost those SE skillz ... -ArchAngel
  14. *shrugz* I suppose. You seem to believe more in corporations than I do, my friend. ^_-. I sent a message in via script-injecting their "Report Piracy" form, and e-mailed the technical contact listed in their WHOIS: We'll see if they respond. -ArchAngel (edit:reworded slightly before sending)
  15. *bump* The above post has been edited to include download links - or if your scrolling finger(s) are lazy: Part I Part II Part III You'll have to left-click the links, then on the counter-intuitive "Click here to start download.." on the left side of the file information/digg buttons/etc to begin the download. Enjoy, -ArchAngel
  16. From the locked topic here: I split the whole file into three parts with GoldWave - generally between people talking, so when you start playing Part II it'll be a reply to Stank in Part I. That might get confusing unless you just listened to the previous part, but them's the breaks. After splitting the three parts to .wav in GoldWave, I used DBPowerAmp for conversion to .mp3 - Basically, I set everything up to mirror the source .mp3 except that where it looks like the original was encoded at 24kbps the minimum DBPowerAmp would accept was 32kbps - if you're not an audiophile, you shouldn't notice very much of a difference. So, here's the stats for each part: Part I (download) Size: 33.6 MB Duration: 2:27:09 Bit Rate: 32kbps Channels: 2 (stereo) Audio sample rate: 8kHz Part II (download) Size: 28.0 MB Duration: 2:02:38 Bit Rate: 32kbps Channels: 2 (stereo) Audio sample rate: 8kHz Part III (download) Size: 37.1 MB Duration: 2:42:16 Bit Rate: 32kbps Channels: 2 (stereo) Audio sample rate: 8kHz And the stats of the original for comparison: binrev200.mp3 Size: 74.1 MB Duration: 7:12:02 Bit Rate: 24kbps Channels: 2 (stereo) Audio sample rate: 8kHz I'm uploading to MediaFire as I type - so I'll edit this topic to link to each part as those finish. That being said - if someone wants to host these (I've sent a PM to StankDawg pointing to this topic), it may be easier to download from a dedicated host than the free one I found off of Google - so feel free. ^_-. -ArchAngel
  17. Know you already edited to give up, but have you checked out They primarily store a lot of the earlier-era (BBS) stuff, but Jason Scott archives AOL-era and later stuff too - you can find old episodes of RFA there, for instance. From your brief description, I thought you might be talking about this one: But that might just be because it's (hyper)linked from an old article on Leet and LOLCats by Jason Scott, so I kind of (mentally)linked it in my head to leet: HTH, -ArchAngel
  18. Alaska's pretty big - but also really far away. I'd be interested in hosting a meeting with the kinds of hackers typical to BinRev, either of the 2600 or BinRev sort. Despite its removal from the rest of the US, there is lots of fun tech to play with up here - so surely I'm not the only one chilling out in the land of ice and snow? O_o? -ArchAngel
  19. With the pseudo-random white barcodes and spacing on the spine, it looks like they're slowly spelling out (held vertically, with the covers facing the ceiling) the phrase "SURPRISED?". You heard it here first, folks. ^_-. -ArchAngel
  20. Well - say you're selling a product for $1.00 US - and send out a quick ad to ten million people, and only one out of every thousand people buys it. That's: 10000000 / 1000 = 10000 ('customers') 10000 * 1 = 10000 ($10,000 US) $10k dollars for the one message being propagated - assuming you only make one dollar off of the message, and even with only one in a thousand people being dumb enough to buy your product. So now say with those odds securely in your favor, you accept an ad from the people who are marketing whatever junk product for $5.00 US for (say you're an asshole) a third of whatever they make. Given the same "one in one thousand persons" odds and ten million e-mail addresses: 10000000 / 1000 = 10000 ('customers') 10000 * 5 = 50000 ($50,000 US) 50000 / 3 = 16666.666666666666666666666666667 (Roughly, $17k US) Not a bad haul to click a button and have a few zillion messages flung through open mail relays. So - How many messages do you think you could send out in a day? A month? A year? It's quantity, not quality in these games, hombre. :-/. -ArchAngel (Not a spam-sympathizer)
  21. Hm, don't think this would have had anything to do with this circulating on the 'net recently, would it? O_o? -ArchAngel
  22. ... Just a thought, but wasn't HD-DVD in a format war with BluRay? Any chance the keys were intentionally leaked all over the place (given the length of time between the initial hack and the panic) in order to get people riled up and forget about the rival format? O_o? </conspiracy theory> -ArchAngel
  23. (edit: removed random 'view slideshow' text from article) -ArchAngel
  24. If somehow your search results feel more authentic by getting them from a person ... you could always use ChaCha; I'm considering writing an article on some hacks for this place - but outwardly it's a pretty neat concept - enter your search terms and get the guided search and some n00b will google for you. -ArchAngel
  25. Verizon is actually here: Just in case anyone was looking. *shrugz* -ArchAngel