User Controls
Posts by SBTlauien
-
2017-03-08 at 2:22 AM UTC in lockpicking
Originally posted by ACE Make your own from steak knives and a dremel/cutting wheel. Anything like that should be disposable anyway. Trying to pick a lock is aggravating as fuck though…then again anything like that is. I wonder about these though:
I've never actually made one of these and personally wouldn't want one, but you could make one from an electric toothbrush(see the video below). I hear they are loud and usually used by the skillless.
https://www.youtube.com/watch?v=OipPU2la6Tk -
2017-03-08 at 2:19 AM UTC in lockpicking
Originally posted by Totse 2001 Problem is in post 9/11 (thanks to Bush) this sets off alarms. anything goes down in your neighborhood and you suddenly get a visit. but that might be amusing.
If they can't prove to a jury that you're guilty beyond a reasonable doubt, let alone collect enough evidence, then they really can't do much aside from harass you and detain you. They could illegally frame you, and/or illegally beat you, but legally they can't do to much. Unless it's illegal to pocess lockpicks where you live or you're on probabation/parole. -
2017-03-08 at 1:24 AM UTC in BREAKING: CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand, including via Windows update
Originally posted by Lanny So are PoC or technical descriptions part of the exploits part of the leak or do it just have documents suggesting such things exist?
I only see documents showing names of exploits. Although I did find a couple PDF books that look like nice reads.
Edit: And a lot of redacted documents. -
2017-03-08 at 12:57 AM UTC in BREAKING: CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand, including via Windows updateThe thing I find the most retarded about this, are the people that seem to be surprised that this can all happen. I mean, it's been known for a very long time that government agencies practice digital spying by using any electronic devices available.
It's always good practice to know your devices and physically disable things you won't need(camera, mic, Bluetooth, wifi, NFC, even speakers). Most people don't need to worry though, they are nobody's, and don't exist in the eyes of these government agencies. But some need to know certain rules... -
2017-03-08 at 12:47 AM UTC in Is there any proof that Russia was behind the email hacking?What I read is that a certain cyber security firm that would only benefit greatly by saying that this particular hack by Russia happened, said that it happened but wasn't able to provide any proof what-so-ever.
I think it would have exploded by now if it did actually happen. -
2017-03-07 at 12 AM UTC in super glue on toilet seat
-
2017-03-06 at 11:57 PM UTC in Slow as ShitIs it just me or is this site running slow. I know it's not my connection as other sites are loading fine, it's this one.
-
2017-03-06 at 6:37 PM UTC in Linux Kernel 4.4.0(Generic) Privilege Escalation exploits.
-
2017-03-06 at 6:35 PM UTC in Help me niggas in space, you're my only hope!
-
2017-03-06 at 6:23 PM UTC in lockpicking
Originally posted by SCronaldo_J_Trump Damn $60 for a hobby I wish, I can spend a few hundred $$ just buying the basics for mine
I started off by just using paper clips and raking locks open. I was able to open a handful of locks, took the locks out, took back to my place, took apart, inspected the pins, made my own key, put the lock back together, went back to where the lock was originally, put the lock back in, and my projects turned out really well. Got out of that stuff though... -
2017-03-06 at 6:19 PM UTC in Had you ever quit a job on the spot/walked off?
Originally posted by Bill Krozby man it happens dude, i've been accused of rape at least 10 times by girls and never actually raped any of them, just acted like a dick.
I was even once taken to a svu detective unit by the pigs one night because a girl accused me of "mouth rape"
I'd be really careful of that shit. Just be nice and slowly cut them off like a gentleman. -
2017-03-06 at 10:02 AM UTC in Had you ever quit a job on the spot/walked off?
-
2017-03-06 at 9:57 AM UTC in lockpicking
-
2017-03-06 at 9:55 AM UTC in Help me niggas in space, you're my only hope!
-
2017-03-06 at 9:50 AM UTC in Web apps and shit.
Originally posted by Lanny Oh, I see what you're saying. Hmm, I guess yeah, if you load the image by punching it into your address bar and the server responds with an html content type then yeah, maybe the browser will interpret it as a document, and maybe the parser will find some way to discard the binary slop. But it won't work if you embed it in another page. Content type is largely ignored when loading images from an img tag in some other page. Once you load it on a separate page then the page takes on that domain as its origin, so you can't like inject a malicious script to make posts on niggasin.space because that's now a cross-domain request.
Is there a use case for this? XSS is out and if you have some exploit that requires JS execution you already have the user on the page, so you can just serve a regular document. Is the idea that it's easier to get a user to click an image than lure them to a shady webpage?
I see. So it wouldn't work if it were cross domain, unless the user for some odd reason had that enabled. I was thinking that when my browser loads the page that your server serves, and it comes across that specific tag(<img src="http://i.imgur.com/Uht7g2R.png">), that it does a full request of the image's URL from that server. -
2017-03-06 at 9 AM UTC in Linux Kernel 4.4.0(Generic) Privilege Escalation exploits.I was really hoping that it'd work. What are the reasons a 0day would work on one OS and not on another, asides from 32/64, amd/intel, and version? Could it be because I'm running an AMD processor?
-
2017-03-06 at 7:24 AM UTC in Web apps and shit.
Originally posted by Lanny If it works as described then yes, but that couldn't be, every site that allows user embedded images would be exposed, if you can load JS then you can take arbitrary user actions, the whole browser security model is built around the assumption that only the host, client, and trusted parties can execute client scripts.
http://niggasin.space/thread/8183
So when the op in the above thread posted his giant image, the tag is...
<img src="http://i.imgur.com/Uht7g2R.png">
Doesn't this tag request that particular image from that server(i.imgur.com)? And wouldn't that mean that that server(if it were malicious) could serve that image as text/javascript?
Right now on my server, if you request the image below, I have it set up to serve the image as "text/html". The URL shows it as a .png image, but when served from my server, the css shows a little box moving around and when it's clicked on, it displays "SBTlauien". You can see the css code within the image, I didn't hide it.
http://www.angelfire.com/un/sbt/images/hat.png
On AngleFire it obviously wont work because I can't choose to serve it as "text/html".
Would you be willing to host this image so that I could try to display it on my AngleFire site to see if the css script works? -
2017-03-06 at 5:18 AM UTC in Linux Kernel 4.4.0(Generic) Privilege Escalation exploits.
Originally posted by Sophie Honestly if you can only work as a non-sudoer i think you need to look for a different exploit, are permissions lax on any other components to do with the kernel?. But, and i assume you are testing this against a VM, just for kicks, try to see what happens if you do indeed set the permissions so that the exploit can open the proper sockets.
Again, like i said, i am just some random person on the internet i really am no expert on kernel exploits.
lol, duh, found out what it was duh. I needed to set the file as executable =). After doing that it ran, but the exploit didn't work. It said "something went wrong =(" and then said "don't kill the exploit binary, the kernal will crash". So I tried killing it and it wont go away. Nothing crashed though. -
2017-03-06 at 4:49 AM UTC in super glue on toilet seatI currently work in retail and I had some kid call the store once saying that he was in the bathroom and there was no toilet paper. I told him I was one my way, and went back slacking.
-
2017-03-06 at 4:45 AM UTC in lockpicking
Originally posted by Totse 2001 Be careful.. the laws aren't clear. I wanted to take on this trade after my going no wear job had to have a lock replaced out next to my desk. I watched the locksmith.. he was showing me how he files keys down.. the pins rub against the blanks.
Sounds like impressioning. https://mylockpickingworld.com/impressioning-3/ (I actually haven't read this page, it was the first thing that "Impressioning" showed via a Google search)
It's basically putting a key blank into the lock(keyway has to match), turning it so that the pins bind, then forcefully pulling the key upwards so that the most bound pin will make a mark on the edge of the key blank. This is done in both directions. Then a file is used to slightly file off a bit of the key blank exactly where the marks were made. The process is repeated and you're suppose to end up with a working key. I've actually never successfully pulled it off though but also have never actually tried to finish the process.
As far as books for a beginner goes, I would suggest, hands down, these two books...
https://www.amazon.com/Practical-Lock-Picking-Second-Penetration/dp/1597499897
https://www.amazon.com/Keys-Kingdom-Impressioning-Privilege-Escalation/dp/1597499838
Both are written by Deviant Ollam and are actually enjoyable reads.
You'll learn in the first book that you really are only going to need basic lock picks, but tension tools are what you'll usually want a lot of. Get a cheap, small, toolset. Don't get one of the "Master Locksmiths" kits that folds out like a binder.
