User Controls
Posts by Sophie
-
2015-08-31 at 8:33 AM UTC in Somehow i can't reply in my ATTN: Lanny thread.Kek, this thread is fine now. Also, lol at unsanitized super user input. Thanks for the rest of the reply.
-
2015-08-31 at 1:24 AM UTC in ATTN: SplooLets make a puzzle, like a really, super complicated extremely elaborate puzzle along the lines of Cicada 3301 Wouldn't that be cool? We could even make it international, you put clues in the states, i'll put them in Europe.
-
2015-08-30 at 11:40 PM UTC in Time difference sucks.
no, because I believe that total autonomy and freedom is what is best for america and americans, and those policies directly conflict with this.
You're setting yourself up.
Mike: I care what's good for americans
Lan: What if it turns out socialism is best for americans, would you support it?
Mike: Fuck socialism.
If we assume statement one is true, your answer to lanny's question MUST be yes.
What you're effectively saying is even if god forbid socialism actually works you wouldn't support it, thus we can conclude you actually don't want what is good for americans you want the world to run according to your idea of what is right no matter the evidence to it's innefectiveness. That sounds like something an irrational person would say, one could succesfully argue that a belief system based on your personal preference is wholly subjective and thus fundamentally flawed.
You just lost the debate. -
2015-08-30 at 11:24 PM UTC in Somehow i can't reply in my ATTN: Lanny thread.
I'm having the same problem. Oddly the page cuts out the space between lannys last post and the theme chooser.
Lanny broke the internet. Feel free to post your response in this thread in the meantime, Lan Lan can merge them later if he wants. -
2015-08-30 at 11:18 PM UTC in OH MY FUCKING GOD IT'S ALMOST TIME!!![size=7]IT'S THE FINAL COUNTDOWN!!!!!!!!!!!!111!!!!11!!!!!!!!!!!!!!!!!!!! ![/size]
-
2015-08-30 at 11:14 PM UTC in My investment proposal for niggasin.space
sophist has contributed more than all the rest of us put together, so far.
I have the perfect shitpost to content ratio. -
2015-08-30 at 11:11 PM UTC in Someday we may see a woman king, sword in, hand swing at some evilstr8 up gang$ta
-
2015-08-30 at 11:06 PM UTC in Somehow i can't reply in my ATTN: Lanny thread.Anyway.
So the immediate answer is that it was the extension. If you happen to have a copy of vB5 you can see where it errors out in `VB_ROOT/core/includes/class_upload.php`, line 176. But you could just pick a different extension of course, this early error-out is just there to save transferring a large file just to reject it later. The larger security approach here is that only files with appropriate extensions can be uploaded and any file with one of those extensions is flagged to be served as a static (that is directly transmitted to the client, without invoking the PHP interpreter) so even if you get some custom script uploaded it will only be transferred as a literal file without ever running on the server.
Ooo, that's a pretty good security practice. One thing though, i did try to upload my shell with double extensions shell.php.jpg and with null characters and forbidden character inbetween which not seemed to work.Two things I would think a blackhat would need to look out for is a mismatch between the upload whitelist and the "serve as static list". The former is encoded in that file I mentioned before, in the `is_valid_extension` method and the latter in the .htaccess files. A dev could add something to the former but not that latter and that could be a vulnerability.
Good thinking, this is why having sauce code is always good for finding these things out.Alternatively some files like javascript are transferred as statics (the server never executes them) but can still be damaging if a client loads them, it's a possible vector for XSS. You have to weasel as `
Somehow your quote stopped mid-sentecne but yeah, i should probably familiarize myself with a bit of malicious javascript.
-
2015-08-30 at 10:21 PM UTC in My investment proposal for niggasin.space
You people make me sad.
This
Make some cool content then why don't you, i promise to contribute seriously. -
2015-08-30 at 10:09 PM UTC in Someday we may see a woman king, sword in, hand swing at some evil
Obviously you've never heard of cleopatra.. haha
Very true not that i'm saying Cleopatra couldn't be a right bitch at times. -
2015-08-30 at 9:30 PM UTC in My investment proposal for niggasin.space
OH 'EL OH "EL Why on God's green earth would any in their right FUCKING mind stick anything anywhere near the likes of a sniveling SHITPOSTER the likes of your scum filled blow hole when I can have SpectraL's bony ass and Toothless gums at will?
Not enough emoticons/10. -
2015-08-30 at 9:30 PM UTC in Most embarrassing moments stories?Lol, i'd be pretty mad.
-
2015-08-30 at 9:04 PM UTC in Ask a recovering gambler/drug addict/ anythingThe Actual FuckiNg Dumpster Slut.
-
2015-08-30 at 8:59 PM UTC in My investment proposal for niggasin.spaceA good investment indeed.
-
2015-08-30 at 8:42 PM UTC in Sophie's Remote Access Trojan, Build 0.71 (Thoughts, ideas, comments & advice?)
Of course it has to be on the PATH, you chronic nit-wit. That was my point
No need to be nasty, i don't seem to remember calling you any names. I was happy you were participating like a normal poster in this thread.I was just making it clear that Lanny insists it's completely unnecessary
I highly doubt that and even if he did it would probably be in relation to a trojan/virus/malware that has some logic to create it's own directories and sub-directories.- that the trojan can find its own files and folders all on its own.
See above, also, my trojan doesn't exactly find anything. I generate the shellcode in such a way that it knows where the main module has to go and since i know where my main module is going i can easily have my registry entry point in the right direction via the downloader. -
2015-08-30 at 8:08 PM UTC in ATTN: LannySo i was kind of bored and when i am i usually default to checking the sec of the website i'm on for the lulz so i wanted to see if i could upload a php shell through your attachements option. Now obviously it enhancements on filetype so i fired up my intercepting proxy to see if i could tamper with the request. Well i did.
Now i'm not a webdev or anything but i thought this might help me out, it did not unfortunately, which is good i suppose.
That's pretty interesting, now since you know webdev i was hoping you could tell me how your website knows i am lying in my request when i say it's an image/jpeg when it's actually a php shell. It's probably pretty obvious to you but not so much to me, teach me the ways of the force lan. -
2015-08-30 at 5:48 PM UTC in Time difference sucks.
Allow to put it another way. I like you and agree to disagree.
Fair enough. -
2015-08-30 at 5:25 PM UTC in The retarded thread: Fuck, §m£ÂgØL made one first edition
thats_the_point.exe
oic.png -
2015-08-30 at 5:04 PM UTC in Attack doses of antipsychotics
People have gone up to 2400mg/day
[FONT=helvetica][SIZE=12px]The dose of quetiapine from 800 to 2400 mg/day by herself. The patient would have withdrawal symptoms of palpitation, anxiety, irritability, and poor sleep if she did not take quetiapine up to 2400 mg per day. Furthermore, she took the high daily dose of quetiapine to have elated mood, less depression, and reduced anxiety, and maintain her social function. Sometimes, she would take higher doses of quetiapine to cover up her zolpidem and clonazepam dependence. After admission we prescribed valproate (1000 mg/day), mirtazapine (60 mg hs), clozapine (150 mg hs), clonazepam (4 mg hs) and midazolam (15 mg hs) to manage her bipolar depression, chronic insomnia, and dependence on quetiapine, zolpidem and clonazepam. Her condition gradually improved and we discharged her 3 weeks later. Nevertheless, she went to other hospitals and clinics to collect quetiapine, zolpidem, and clonazepam immediately after discharge.[/SIZE][/FONT]
That bitch must have been so high her entire time in the hospital. 4mg of clonazepam + 15mg of midazolam + 3 other sedative medications.I bet her breath could narcotize someone. How do you even move your body on 2400mg of seroquel?That's three times the highest dose the FDA recommends giving schizophrenics, and 96 times the regular prescribed dose of 25mg for insomnia. I'd be surprised if she was even able to have thoughts. Or maybe the nootropic effects of antipsychotics turned her into a telepathic supergenius like yours truly. Anyways I took 600mg last night, had some great sleeps and vivid dreams and I feel better today somehow.
Can she say: Neuroleptic malignant syndrome? -
2015-08-30 at 4:54 PM UTC in Time difference sucks.
Sigh… No point in continuing this since you don't seem to understand the basics of International trade that have Ben established for many centuries.
Saying 'basics of trade that have been understood for centuries' is not an argument.
