User Controls

Navigation

Niggas in Space > Users > SBTlauien > Posts
  3. 1
  4. 2
  5. 3
  6. ...
  7. 123
  8. 124
  9. 125
  10. 126
  11. 127
  12. 128
  13. ...
  14. 155
  15. 156
  16. 157
  17. 158

Posts by SBTlauien

  1. 2016-10-17 at 5:53 AM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    It seems to me that you are vulnerable to some type of open redirect. See teh link below, where you would obviously change the username and password to yours. it lands me on the index. Or maybe that's what's supposed to happen. I don't know. Just thought it was weird i could manipulate the URL like that and get a valid page.

    http://jlp4t5i2pvwdvkx3.onion:8080/?...sword=password

    This doesn't seem to work for me. It takes me to the login.

    Ran some basic XSS and SQLi as well. But if you really want me to have a go at it, let me use my fuzzers and intercepting proxies.

    Well I'm not sure how much it can really handle as far as load goes. It'd be interesting to find out though. Not right now though. Let me work on the small bugs.

    Also, here is what one of my security logs looks like...

    !!!Security: Wrong Param
    !!!Requested: {accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, accept-encoding=gzip, deflate, host=jlp4t5i2pvwdvkx3.onion:8080, http-client-ip=127.0.0.1, accept-language=en-US,en;q=0.5, dnt=1, remote-addr=127.0.0.1, user-agent=this is a test ua <img src=x onerror= alert(999999) >, connection=keep-alive}
    !!!Requested: GET / topic=true&section=introductions&topicTitle=1%20-%20clickd%20link%20on%20reddit&username=Sophia&password=REMOVED&=&
    {topicTitle=1 - clickd link on reddit, password=REMOVED, =, topic=true, username=Sophia, section=introductions}
    ..................../..\..................
    ....................\../..................
    .....................\/...................
    !!!Security: Wrong Param
    !!!Requested: {accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, accept-encoding=gzip, deflate, host=jlp4t5i2pvwdvkx3.onion:8080, http-client-ip=127.0.0.1, accept-language=en-US,en;q=0.5, dnt=1, remote-addr=127.0.0.1, user-agent=this is a test ua <img src=x onerror= alert(999999) >, connection=keep-alive}
    !!!Requested: GET / topic=true&section=introductions&topicTitle=1%20-%20clickd%20link%20on%20reddit&username=Sophia&password=REMOVED&=1%20AND%20ASCII(LOWER(SUBSTRING((SELECT%20TOP%201%20name%20FROM%20sysobjects%20WHERE%20xtype=%27U%27),%201,%201)))%20%3E%20116&=INBOX&=CHAT&=SETTINGS&=ABOUT
    {topicTitle=1 - clickd link on reddit, password=REMOVED, =ABOUT, topic=true, username=Sophia, section=introductions}
    ..................../..\..................
    ....................\../..................
    .....................\/...................
    !!!Security: Wrong Param
    !!!Requested: {accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, accept-encoding=gzip, deflate, host=jlp4t5i2pvwdvkx3.onion:8080, http-client-ip=127.0.0.1, accept-language=en-US,en;q=0.5, dnt=1, remote-addr=127.0.0.1, user-agent=this is a test ua <img src=x onerror= alert(999999) >, connection=keep-alive}
    !!!Requested: GET / topic=true&section=introductions&topicTitle=1%20-%20clickd%20link%20on%20reddit&username=Sophia&password=REMOVED&=&
    {topicTitle=1 - clickd link on reddit, password=REMOVED, =, topic=true, username=Sophia, section=introductions}
    ..................../..\..................
    ....................\../..................
    .....................\/...................
    !!!Security: Wrong Param
    !!!Requested: {accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, accept-encoding=gzip, deflate, host=jlp4t5i2pvwdvkx3.onion:8080, http-client-ip=127.0.0.1, accept-language=en-US,en;q=0.5, dnt=1, remote-addr=127.0.0.1, user-agent=this is a test ua <img src=x onerror= alert(999999) >, connection=keep-alive}
    !!!Requested: GET / topic=true&section=introductions&topicTitle=1%20-%20clickd%20link%20on%20reddit&username=Sophia&password=REMOVED&=1%27%20AND%201=(SELECT%20COUNT(*)%20FROM%20tablenames);%20--&=INBOX&=CHAT&=SETTINGS&=ABOUT
    {topicTitle=1 - clickd link on reddit, password=REMOVED, =ABOUT, topic=true, username=Sophia, section=introductions}
    ..................../..\..................
    ....................\../..................
    .....................\/...................

    I set it up so that any parameters that aren't part of the application will trigger an error response(or not;) and so that I understand(hopefully) what's going on. Error reports are the same.
  2. 2016-10-16 at 10:23 PM UTC in Anyone want to help me write some less terrible forum software?
    SBTlauien African Astronaut
    I'm running my forum from an Android app that is less than 2mb in size. You guys should come pounce on it and see how well it holds up. I have a little IDS so I can see when someone is trying something suspicious. The layout still sucks though.
  3. 2016-10-15 at 6:41 AM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    Come take a look now. It even runs at a decent speed. But I'm still concerned about what happens if I spam out the URL and more people start signing up.
  4. 2016-10-14 at 5:08 AM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    No more javascript.
  5. 2016-10-14 at 4:43 AM UTC in Anyone want to help me write some less terrible forum software?
    SBTlauien African Astronaut
    I've only used Python once(still haven't finished that), but how is the performance of Django compared to just reinventing the wheel and starting from scratch?
  6. 2016-10-14 at 3:37 AM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    I put in a private messaging system, user profiles, post counter, and changed up the theme a little.

    I think I'll work on taking out ALL javascript and putting in some CSS to make the theme look like traditional forums. Maybe a thanks system or something.
  7. 2016-10-14 at 3:32 AM UTC in Anyone want to help me write some less terrible forum software?
    SBTlauien African Astronaut
    Can you provide a link to the repo?
  8. 2016-10-12 at 9:14 PM UTC in Email
    SBTlauien African Astronaut
    [email]Sophie@gmail.com[/email]
  9. 2016-10-11 at 3:02 AM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    Where is Sophie? I want Sophie to pen test my site. Only lightly though. No malware and no DOS. No automations either. Just basic prodding.
  10. 2016-10-10 at 5:12 PM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    make a DNM ill go there.

    Possibly.
  11. 2016-10-10 at 5:11 PM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    I think I'm going to remove all javascript from thr site, set up a messaging system, use CSS to make it look better, post count for users and maybe a thanks system. Obviously fix all of the XSS vuns.
  12. 2016-10-10 at 2:40 PM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    I see potential for some injection. I want someone to pen. test this server for me and help me secure it. I would also like to know hiw much traffic it can handle, so maybe a small DOS attack. I would like to know before hand though.
  13. 2016-10-10 at 2:59 AM UTC in Anyone want to help me write some less terrible forum software?
    SBTlauien African Astronaut
    Let's see it.
  14. 2016-10-09 at 11:32 PM UTC in Anyone want to help me write some less terrible forum software?
    SBTlauien African Astronaut
    What do you think about my ghetto forum?

    jlp4t5i2pvwdvkx3.onion:8080
  15. 2016-10-09 at 9:40 PM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    Maybe avatars and post counts for users.
  16. 2016-10-09 at 9:13 PM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    Customizing user profiles with music and background could be done.
  17. 2016-10-09 at 8:59 PM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    You must be 'Weed'.
  18. 2016-10-09 at 7:36 PM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    Type in any username and password and it will be created if it is not taken. Click 'index' to get to the main index of the board. From there you can click on sub-sections.
  19. 2016-10-09 at 6:34 PM UTC in Come mess with my hidden service
    SBTlauien African Astronaut
    http://jlp4t5i2pvwdvkx3.onion:8080

    It's a working message board but a bit ghetto. If anyone is interested in penetration testing it let me know in the 'Security Test' thread.
  20. 2016-10-07 at 3:50 AM UTC in man creates army of amazon bots to inflate ebook rankings
    SBTlauien African Astronaut
    Get them to pay you extra and build it on company time when you'd be otherwise doing shit work. Something that would work well for this is selenium, it's something I've been meaning to learn.

    The general manager just does it from time to time. I don't know if a bot would fit this small company, it'd be a bit overkill. Bots are interesting.
  3. 1
  4. 2
  5. 3
  6. ...
  7. 123
  8. 124
  9. 125
  10. 126
  11. 127
  12. 128
  13. ...
  14. 155
  15. 156
  16. 157
  17. 158
Jump to Top