Posts by 0Death

1. 2017-02-10 at 5:26 AM UTC in List some clearnet/deepweb OffSec forums.
   

   0Death Yung Blood

   Originally posted by addict I will check out https://criminal.cat too, I heard it was good on other forums.

   
   I've been lurking on there for a while now and honestly it's not that good of a forum. If you're just after databases, then I would recommend the newly launched: https://forums.money.team
2. 2017-02-10 at 5:14 AM UTC in Recommend me an animu.
   

   0Death Yung Blood
   Gosick: Action, mystery and loli. It's the perfect combo. Pretty awesome mystery anime, definitely among my favorites.
   Baccano: One of the best Action comedy anime series I've seen. It's a very funny mystery anime with focus on comedy.
   Durarara: This is really great if supernatural/mystery is what you're looking for. Gang wars in tokyo with supernatural phenomenons in the mix.
   Gurren Lagann: Pretty awesome heroic/epic style anime similar to Kill La Kill in a way. From the same studio. I can recommend it.
   Parasyte: You will like this if you liked Tokyo Ghoul. They are both very similar.
   Re:Zero: I would say this is like a cross-over between no game no life and steins;gate except you cut out the comedy and instead make it a psychological action/romance anime.
   
3. 2017-02-10 at 4:47 AM UTC in Your IRL SPECIAL stats
   

   0Death Yung Blood
   Probably something like that.
   
   Strength - 5
   Perception - 9
   Endurance - 7
   Charisma - 1
   Intelligence - 7
   Agility - 9
   Luck - 2
4. 2017-02-10 at 4:03 AM UTC in If i were to look for web-app related files on a server that might contain cleartext credentials...
   

   0Death Yung Blood
   Don't mind my long post, just posting cool suggestions!
   Maybe you could add a wildcard to the end of "php" as well, so it becomes "*.php*" since there's always the possibility of them using older versions. I've seen sites myself that use extensions like ".php3" and ".php5". Other cool extensions other interesting extensions might be: ".shtml" (server side html), cfm (coldfusion) and yeah like you said maybe perl, ruby or other scripting languages.
   
   You could make some sort of array with extensions like that and look for files with names like: (conf, config, global, db, database).extension in the webserver root directories such as /var/www and /home/user/public_html.
   
   For more fulltext search after database credentials in php, you could maybe try to search for php PDO instances through regex or something. For example: "${variable} = new PDO (${variables here}...);".
   
   Also if the user have automated backups via cronjobs or something and doesn't want to store his password directly in the .sh file, there might be a possibility that he has stored the mysql credentials in his my.cnf file in any of these locations (Might be worth looking into).
   
   If they have MySQL safemode enabled there might be a possibility that the credentials is stored in the php.ini file instead of in the php source code of the application. Like this: http://webmasters.stackexchange.com/a/72124 .
5. 2017-02-10 at 3:31 AM UTC in mmmmm Question for you, emm queue
   

   0Death Yung Blood
   Usually I listen to everything I find good, but I am especially fond of post-rock and symphonic metal.
6. 2017-02-10 at 3:26 AM UTC in Site not secure?
   

   0Death Yung Blood
   SSL would be appreciated, way safer to use SSL if you're browsing over Tor. Then it's harder for the exit nodes to sniff around, https would help prevent it.
7. 2017-01-11 at 12:03 AM UTC in Processing javascript with Python & Mechanize?
   

   0Death Yung Blood
   Maybe you can try to use Selenium python library to automize actual browser to process it? Something like this or this looks interesting.
   
   Edit: I realize the first link only applies to Java but same concept, there are many other interesting example snippets for python in the documentation.
   
   Post last edited by 0Death at 2017-01-11T00:05:45.956375+00:00
8. 2017-01-10 at 10:13 PM UTC in What are some indicators that drug deal is an undercover/set up?
   

   0Death Yung Blood
   How about making the deal less personal by ordering your stash from the darknet to some dropsite. If that isn't paranoid enough you can always hire a courier to pick up the package from the dropsite. Or apply other opsec.
   
   [1] https://www.deepdotweb.com/2013/11/26/point-for-safe-shipping/
   [2] https://www.deepdotweb.com/2015/12/30/buy-drugs-online-from-darknetmarkets/
   [3] https://www.deepdotweb.com/2015/03/23/drops-for-beginners-why-you-may-or-may-not-want-to-use-one/
   
   Lots of more interesting info around that site.
9. 2017-01-10 at 10:03 PM UTC in Zoklet archive
   

   0Death Yung Blood
   I was never really on totser or zoklet. But I have a totse archive torrent on my disk, I can upload it if anyone wants it.
10. 2017-01-10 at 9:56 PM UTC in making a forum
    

    0Death Yung Blood
    Nice work! I am working on a forum software myself, only really hobbyist purpose though. For the purpose of getting up my php and sql knowledge more. But here's some suggestions.
    
    Would be cool to have:
    

    • Username above avatar, instead of under it. Keep admin/mod/member status under it instead
    • Display some userstats in a box under the avatar.
    • Show the subforums in a list/table/flexbox instead of current "dropdown" menu.
    • No google recaptcha, use something else (… that doesn't belong to google, frankly I don't trust google.) like GraphComp 3d captcha.
    • Formatting options such as bbcode or markdown.

    
    But if we are talking about some even cooler features, I think it could be cool to have:
    

    • Bcrypt algorithms for password.
    • Thank feature or anonymous reputation points which can be given and taken from users (see evilzone forums).
    • Some kind of smaller post feed with the last x posts displayed.

    
    Well I probably have even more ideas, but it is best to get the basics down first.
11. 2017-01-09 at 5:23 AM UTC in List some clearnet/deepweb OffSec forums.
    

    0Death Yung Blood
    Hell forums reloaded got shutdown a while ago, they got hacked. You can find the dump circulating around private communities. I doubt the current page is even legitimate, probably a scammer is my guess. But yes I can agree with you on that, pay to join is bad.
    
    Can't say if they are good or not, but saw some forums being mentioned around /baphomet/ being mentioned the other day, maybe worth checking out.
    
    criminal.cat
    dumpbase.org
    
12. 2017-01-09 at 5:11 AM UTC in Smart lightbulbs not so smart. Vulnerable to persistent XSS.
    

    0Death Yung Blood
    Hah, imagine a botnet of lightbulbs. Quite a bright idea, don't you think?
    ...
    Jokes aside, this is just crazy stupid how bad IoT security is. Sometimes I don't get why these developers always get it so wrong with the security. What's so special with IoT that always makes the software so insecure anyway?
    
    Nice find, interesting read.
    
    Post last edited by 0Death at 2017-01-09T05:31:47.653048+00:00