User Controls
Posts by LiquidIce
-
2016-01-29 at 1:27 AM UTC in Would everyone here be interested in a Bill Krozbylet.net?
Why thank you, that is awfully nice of you. Any reason in particular you maybe trust me?
You seem curious. Genuinely curious. This is human. Humans I can trust. -
2016-01-29 at 1:25 AM UTC in Help a brother create a script/program
You can also use a spoon to cut shit, but unless I'm in prison I prefer to use things for what there made for.
AT is used to schedule a task once, cron schedules a time for something to run in perpetuity. Use the right tools for the job, learn to see things like that, and become a better programmer.
I'm not tryin to be an ass, I just am one. Nigger shit. Do things the right way. Nigger shit.
Do it the right way, become a better programmer. Fail, suck at it, makes you a better coder. But learn the right way.
Nigger shit right here. Nigger shit.
Cron schedules things things at absolute offsets ie. 3:45am erry monday. At can schedule things relatively ie. now + 23 minutes. If you don't know the exact time an event will happen (ie. mac change = captive portal log on), cron gives you an inefficient strategy. This is a very similar scenario to polling vs. long-polling - long-polling is always more efficient.I want to see what the full request looks like so I know what kind of request to send(specifically a possible cookie in the headers). Viewing the source wont show me the headers.
I've been using Burp Suite to get the POST/GET requests on a lot of different projects, and it's worked well.
Please let me know how I could recreate the request by viewing just the HTML..
Yeah, it's possible - you check out the html to find the form and gather the info from there - the "action" attribute will tell you the url that the is submitted to, the method will tell you the method (surprise!) and the html inputs fields will tell you the key value pairs to send. The method attribute of the form tag will also tell you whether the key value pairs should be appended to the url as in a get request or in the request body as in the post request. But, as you say, this won't give you the headers, so if you need the cookie - you're fucked. Add to that the prevalence of javascript and you might also be missing out on other headers/modifications that are happening that are not reflected in the html document.
-
2016-01-28 at 2:21 PM UTC in Numerous Ruby on Rails vulns discovered!
Not sure, seems like a pretty specific thing to fuzz for i think it's a combination of both. Kind of like how bug bounty hunters go about their testing, in part reverse engineering, in part fuzzing on the basis of what you found while dissecting the code.
Ok, I got a book on the HTTP protocol and also a book about TCP. I know the basics, but so far I've found out a lot more about the internals (ie. state machines, standards, errors) so maybe I'll mess around with this until I'm employed again. -
2016-01-28 at 2:19 PM UTC in Would everyone here be interested in a Bill Krozbylet.net?I trust Lanny, I dunno if I trust anyone else from here (maybe Sophie).
-
2016-01-28 at 2:14 PM UTC in Pimp my networkI really like the honeypot/ids idea. I wanted to do something similar with my raspberry pi, but right now I only use it for a git + mpd + backup server.
Btw, everytime you use a ssl site (ie. everytime you google something) your traffic is encrypted and unless your ISP is monitoring at least ports, they wouldnt be able to discern ssl traffic from tor from vpn traffic. Apart from ports and dpi, are the any other ways?
I'm also interested in the topic of free vpns. I wanted to use one, not for anything illegal, just to enjoy a bit more privacy. -
2016-01-28 at 2:12 PM UTC in Ok guise lets commandeer this network for keks.Hm, I'll try to look into it soon. There's gotta be some way to read the tables :/ I mean cisco IOS has all these tools to manually edit this info, so I cant believe juniper os doesnt have the same capabilities... but maybe it is. I've got like 1h of internet time a day, I'll try to get back to you.
Did you make any progress? -
2016-01-28 at 2:10 PM UTC in Help a brother create a script/program
You don't know how to use cron jobs.
He could also just use the "at" command and have the script call the "at" command after every run ie.
#!/bin/bash
<change my mac>
at now + 55m /home/sbt/script.sh
and run this script the first time with "at now + 55m /home/sbt/script.sh" and it'll just call itself at the right time intervals infinitely. -
2016-01-28 at 10:09 AM UTC in Help a brother create a script/programifconfig has been on the "deprecated" list since like 2010? Nice post notreal
-
2016-01-28 at 9:35 AM UTC in Router Hacking (OpenWRT n stuff)
How are you going to power them though? Battery?
Yep, one of those 5-10$ rechargeable usb batteries. These use <100ma, so each battery should be good for 4-8 hours. The 703Ns last for 4 hours on a 1200mah battery.Been thinking about some sort of network of routers which act as libraries and communication centers (i.e.you can upload a message for another to retrieve or download information on various topics).
Dont know how id go about it. Im pretty sure if I get the right type of router id be able to just install a linux kernal which supports its hardware and has some sort of ftp server configured on it. Power em by car battery or fashion it into the grid some how with reasonable stealth.
OpenWRT is exactly what you're looking for - it uses busybox to give you "the linux experience", along with actually supporting the weird router hardware. It works for most routers out there, since it require 4mb of storage space (most have like 8 or 16 now) and like I said, usually, it's easy to install - select software upgrade on the router, upload the OpenWRT zip, the router restarts and bam, you got yourself a tiny linux box humming along.
-
2016-01-26 at 4:31 PM UTC in here's a new forum for you spuds
Lol, I was on NirvanaNet back when that shit was a dial in BBS. Acting like I" just had to of been there" is laughable.
And no, it wasn't the first time or only time people did this. Even in the mid 2000s there were better groups than Totse (like thefreeinformationsociety) but they weren't as popular - which served their purpose because it wasn't filled with shitposting, people fucking burritos, and all the other stuff that obscures this lofty notion of what you guys seem to think Totse is or was. I'm not saying you can't have fun, but some of you guys act seriously are making Totse out to be a religion.
It was a great community and we had some good times, but by the mid 2000s there was nothing spectacular about it, which is why it got closed.
You need to put down the Kool Aid man.
Holy shit, that brings back memories. I wasn't active in that community at all, but I was one of those daily lurkers and I spent weeks exploring their archives. Man, remember warweed's site? How about Quentinz? Or The Militia? If only I had the willpower then that I have now - I couldve learnt everything and built everything.
You're right about the religion part tho.
Risir, I dunno, I don't have a lot of contact with younger people. I just theorize that because theyre growing up in a more colorful world, it's harder for them to discern between certain things, between trash and knowledge, n stuff.This probably just sounds like old-geezer talk though.
-
2016-01-26 at 3:43 PM UTC in Router Hacking (OpenWRT n stuff)Have any of you toyed around with putting OpenWRT on routers?
I got my home router running OpenWRT and I feel a bit safer already. Can't trust that ISP provided one, probably full of backdoors and holes, not to mention the absolutely horrible signal range (shitty antenna most likely).
I also have a pair of TL-703Ns lying around until I figure something cool to do with them. They run off battery power easily so I thought of turning one into a travel router and another into a pirate library box kind of thing. Or maybe I could use these to track wifi-beacons in my area? Track the coming an going of people n stuff. These things are tiny, easily fit in the palm of your hand, even if you add an external battery. They cost about 20$ a pop.
I'm making this thread because I just saw this in my newsfeed: https://wiki.hackerspace.pl/projects...fi-card-reader (attached pic)
It's a wifi-enabled sd card reader and some poles managed to get OpenWRT running on it, which means this is a thumb-sized router/hotspot/mitm device. They cost 10$ a pop from ebay so you buy a dozen an just drop them in a few spots around the hood and let them do whatever you want them to do. I'm tempted to get like 6 and create a simple mesh network or try to do some outdoorsy stuff with them.
These devices are pretty limited (think 16mb storage + 32/64mb ram), but it's enough to run bash/C/lua. Maybe even erlang. It's shit easy to get OpenWRT running on them usually and OpenWRT gives you essentially a linux environment.
Anyone got any experiences? Or ideas?
-
2016-01-26 at 3:22 PM UTC in Would everyone here be interested in a Bill Krozbylet.net?
So you don't trust oplus? :p
Do we have a userbase to support this?
I dunno, he's an acquaintance from "the old days", but I've never had any close interaction with him. I guess we never posted in the same sections or something.
Yeah, I think we definitely have a userbase to support this. There's a few of us here the hangout everyday. I was toying with the idea of an IRC channel and some other fun-but-useless stuff like ftp/gopher whatevs.This forum is dying, and I appreciate what lanny has done for us, but I'd like something a lil bit more substantial in the near future.
Ok. Why do you think this forum is dying? Sophie just made a pretty fucking good thread in technophiliacs. I try to be active in my free time, although I'm not posting as much informative threads as I'd like to (I wanna post stuff about exercise and about linux, I'll write it out when Im bumming it out from airport to airport the next few days).
I see your point about drugs, pizza, and skateboards, but I just steer clear of those sections there and stick to the normal stuff. I would hate for that stuff to endanger the discussions in technophiliacs though. -
2016-01-26 at 3:19 PM UTC in Numerous Ruby on Rails vulns discovered!
Not sure, seems like a pretty specific thing to fuzz for i think it's a combination of both. Kind of like how bug bounty hunters go about their testing, in part reverse engineering, in part fuzzing on the basis of what you found while dissecting the code.
Good point. That always made me wonder.
If I was into hacking I'd try to set up a script to autoscan all the known rails sites or figure out a way how a rails site advertises that it's a rails site - I think it'd be easy with how rails processes assets (ie. "styles_<hash>.css") so ID'ing would be easy. Part of me wants to try similar things with Django sites, I mean, see how Django parses HTTP headers and maybe try to figure something out there. -
2016-01-26 at 2:06 PM UTC in Would everyone here be interested in a Bill Krozbylet.net?
Run by lanny, oplus, and I ? But we actually appeal to a crowd that goes beyond are usual topics? Trannies, bundy, and hebephilism would be low on the topic charts?
Instead we would focus on education, social matters, drugs of course ,and art/indie music.
How would you keep out the shitposting? I'd only trust this if Lanny backed it. -
2016-01-26 at 2:03 PM UTC in here's a new forum for you spudsI just remembered about rorta. I wonder if it still exists? It was a small town compared to totse, but very similar in ideology.
I just checked. Well. That place is more dead than a the norse gods. -
2016-01-26 at 1:58 PM UTC in Ok guise lets commandeer this network for keks.inb4 honeypot
Nice job, SWIY.
A word of caution though:
SSH may also log your public key fingerprints fingerprints even if you're using a password (I think it first tries pubkey auth, then password auth), so it might be wise to make sure you're not offering your pubkey fingerprint.
As far as what to do next:
You have access to the router. That's pretty fucking awesome. It's easier to explore the network if you're sitting on the router. You've got the arp table, routing table, dhcp entires. I've only worked with Cisco hardware, but I assume Juniper stuff has to include the same functionality, so you should be able to check out these files. One thing that comes to mind is to link entries from the arp table with the dhcp table and then find out the mfg of connected devices from their mac addresses. If you can access the NAT table, you can also deduce what services are connecting outside of the router (if NAT is even used) and get an idea of what kinda traffic is going in and out. This is all completely passive - you're not interacting with the network in any way so you shouldnt set off any IDS or anything.
As far as active recon, I don't have any ideas right now.
-
2016-01-26 at 1:02 PM UTC in here's a new forum for you spuds
I've been on dozens of different forums for about 15 years now(low-life lol), and I've learned that people usually eventually move on to other things in life(getting married and having kids, getting busy with school and making new friends, etc). It's not always that they move onto another forum/community. And then of course there are those that get incarcerated, die, or whatever. It does seem like lot of people post a lot while in school(middle - college) and then stop once they find a job.
Long term internet people are those that are more into technology. You'll see these people around longer and when they do disappear, they are usually not to far.
True, I can see that happening. But what about fresh blood? Don't tell me "kids these days aint curious no more" cause I won't believe that.
-
2016-01-26 at 8:32 AM UTC in here's a new forum for you spuds
Bottom line is, it all boils down to the userbase. "Build it and they will come" didn't work for RDFRN. I don't think a single new user joined that site. The Admin dude really hoped for an academic userbase but I told him back then that people who publish relevant stuff for free do not exist. Not in this day and age. Not on a niche website with junkies and pedophiles. I for one only and exlusively shitpost because it is a hobby that distracts me from my life. The e-dick stroking I get from people liking my posts/talking about and sharing my ideas isn't worth my time anymore because in the end it doesn't pay the bills. Also, my ideas are mostly shit but fuck you, ok?
A lot of things don't pay the bills. Did it pay the bills to run a BBS? Back when a BBS setup cost upwards of 5000+$ 1985's dollars (worth 11013.80$ of today's dollars). Do you think the userbase became washed out? Or did those people move onto other things like hackerspaces or something else? -
2016-01-26 at 8:24 AM UTC in Starting a new forums (lanny et al)
I have to figure it out myself first, lol.
The base of my argument is pure speculation at this point.
Do we do anything apart from speculating in these parts? -
2016-01-26 at 7 AM UTC in Numerous Ruby on Rails vulns discovered!https://groups.google.com/forum/#!forum/rubyonrails-security
Ah, Rails, never fails to surprise me like this! I used to do Rails professionally but I moved on due to the community.
Smugness aside, I'm reading through these and trying to think up ways how these were discovered and how they can be exploited. Like, how do you discover something like this:A carefully crafted accept header can cause a global cache of mime types to
grow indefinitely which can lead to a possible denial of service attack in
Action Pack.
Is this fuzzing? Is it reading the code so intensively that you suddenly figure out the bug in it?