• Content count

  • Joined

  • Last visited

Everything posted by prick

  1. I miss the 95 viruses, I could appreciate it when my cd-rom drive opened and burped at random intervals, I feel cheated nowadays with just getting my card number stolen, I'm getting nothing in return.
  2. Try <span class="postcolor">poll.php?id[]=1</span> for kicking errors. The mysql might not be world facing and wouldn't be that uncommon if it doesn't even have a pw. Try using load_file to locate the apache httpd.conf, find the document root, then try outfile again. A few Apache conf locations to try
  3. They don't serve strongbow, therefore, they are not a pub
  4. pr0jekt m4yhem iz succ3ss
  5. Or network testing More info
  6. Please post 4 lolcats, 1 picture must include a tree.
  8. /index.[Learn this] or just start with PHP
  9. Hit space.
  10. Two files that have been floating in my dns folder, haven't filtered for dupes, can't remember where they came from either. hostsa.txt hostsb.txt
  11. RFI - SQL - google MSSQL injection, theres to much to write here. If you can use xp_cmdshell you've got loads of options.
  12. I meant "a vulnerabilty" singular, as in spawning from the same variable. The point I was making with the command shell comments was, if you can use them, the server will be of MS breed, and as Cpanel is not yet released for ze MS, chances of logging in through an uninstalled/unwritten package is pretty low. You can learn however you want, although documents and not leaving your ip in logs everywhere usually helps you learn more/not be a skid. Pissed off as in, getting a link indexed by google which increases binrev's skid magnet power.
  13. You shouldn't ever find a vulnerabilty which gives the possibility of sql injection and remote file inclusion. Unless the developer actually smokes crack/it's a ho-ho-ho-honeypottttt. Probably going to piss a few people off abit with a live rfi on google indexed site aswell. If you used xp_cmdshell commands, and could log into cpanel it would be pretty damn cool considering it hasn't been released for windows platforms officially yet. Sure its even a MS server? and its not running MySql?
  14. cd /etc/rc.d nano rc.local modprobe ipw3945 /sbin/ipw3945d
  15. magic_quotes_gpc = On
  16. Did I win?
  17. nmap -sL for.the.lul/zz
  18. User-agent will probably contain information about the OS, browser, capabilities. Navigate to a php page with <?php print 'User Agent: '.$_SERVER['HTTP_USER_AGENT'].'</br>IP:'.$_SERVER['REMOTE_ADDR']; ?> The attempts are likely just a bot blind scanning for rfi's, the .txts probably would have contained a string that could be pregmatched to confirm an rfi/some basic system info. edit: 2nd place.
  20. C:\WINDOWS\system32\drivers\etc append HOSTS file with
  21. I love it when you fill up my "View New Posts" with 50 slightly differently worded questions.
  22. No it really is a program. I'm hedging a bet that is your gateway's ip address and not the computer you were using to scan with, so != localhost.
  23. Check out milw0rm, then go grab the vuln versions from
  24. Just be careful which ones you choose, try to set up one yourself or just don't send anything private/don't want shared through them. Public Proxies™ Officially endorsed by tcpdump
  25. Everyone else pretty much summed what I meant up. You need to 'learn to learn' before you're going to get anywhere, otherwise you're just constantly going to have to ask questions. Like it or not, if you really want to get anywhere you're going to have to start reading/learning tons and lots of it in dead-exciting rfc/tech manual style writing, you're just not going to find concise tutorials on most material.