This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Evilone

Pages: [1]
1
Hacking and Security / Re: Most common vulnerabilities encountered in a business environment
« on: May 16, 2013, 05:06:03 PM »
Make sure to reference the OWASP Top 10 http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf . A major problem is Patch Management but I don't have any sources to cite that but maybe some googling will lead you in the right direction :)




Good luck

2
Hacking and Security / Re: [OFFICIAL] Hash Cracking Thread
« on: May 14, 2013, 01:49:07 AM »
Quote from: DeXtreme on May 14, 2013, 01:15:23 AM
Mind cracking this for me ;D .It should be simple.
$6$N2mQgBWq$EGlPadq96DVBmnh7n4jsUxw4lAmcqp2UZKS901kws8tm4VpOcdlx7esVxyOGUEwJndm7GIYi9viaCiKWm2s0Z.


I've got yours cracking but it'll take a while since it's a newer, slower, linux hashing algorithm

3
Hacking and Security / Re: [OFFICIAL] Hash Cracking Thread
« on: May 13, 2013, 10:50:13 PM »
Quote from: Kulverstukas on May 13, 2013, 10:19:55 PM
So you have a bad-ass GPU based server rack dedicated for hash cracking? I'd like to see one.


4 AMD 6990s, so yes...


Quote from: relax on May 13, 2013, 10:21:00 PM
here show us that this thread is something to have and your skills





Code: [Select]
+-----+---------+----------+-------+--------------------------------------+--------+----------------------------------+--------------------------------+-------------+-----------------+
| uid | from_id | other_id | money | email                                | status | passwd                           | username                       | create_time | last_login_time |
+-----+---------+----------+-------+--------------------------------------+--------+----------------------------------+--------------------------------+-------------+-----------------+
| 2   | 0       | 0        | 100   | a@b.c                                | 1      | BQ6/bVU4PYiysrMikFMzfw==         | a                              | 0           | 1250240852      |
| 3   | 0       | 0        | 100   | wei@china.com                        | 1      | ML3p6VuNcuIvMzWqSfqOjA==         | wei                            | 0           | 0               |
| 4   | 0       | 0        | 100   | emck.do@gmail.com                    | 1      | mlI+O/uhRdztqZAeLoAmog==         | adminmappn                     | 0           | 1246291747      |
| 1   | 0       | 0        | 100   | catorwei@gmail.com                   | 1      | <blank>                          | cator                          | 0           | 1317307711      |
| 7   | 0       | 0        | 0     | harry@mappn.com                      | 1      | pTaZknvK6EPyvlSr7dz6sQsS7InqfZz5 | harry                          | 1247245446  | 1247734545      |
| 6   | 0       | 0        | 0     | luma@mappn.com                       | 1      | aA3Ao6Nk7mcwa4rRpiF/Kg==         | luma@mappn.com                 | 1247238760  | 0               |
| 5   | 0       | 0        | 100   | catorw@gmail.com                     | 1      | P57//TlP5Bg5UKDoi2+ObQ==         | anonymous                      | 0           | 0               |
| 8   | 0       | 0        | 0     | luma@m.com                           | 1      | <blank>                          | luma@m.com                     | 1247585943  | 1250480953      |
| 10  | 0       | 0        | 0     | emck@mappn.com                       | 1      | UyRMiDZ3gVZmqcpaOvYZBQ==         | emck@mappn.com                 | 1247992133  | 1250330406      |
| 9   | 0       | 0        | 0     | linhui@mappn.com                     | 1      | zcz/djy8HDt7cESD0ArfAwRMVld+6KeQ | linhui                         | 1247992024  | 0               |
| 11  | 0       | 0        | 0     | terry@mappn.com                      | 1      | 2Rkvl/8kPLIvHKQxXFE0YA==         | terry@mappn.com                | 1248053526  | 0               |
| 12  | 0       | 0        | 0     | amy@mappn.com                        | 1      | rbF6CHcyBbkHwAOCUDyluA==         | amy@mappn.com                  | 1248055883  | 0               |
| 13  | 0       | 0        | 0     | wtm@mappn.com                        | 1      | UpN0QsHI71yUulEprCdKuhMF0dCn/hg6 | wtm@mappn.com                  | 1248061410  | 0               |
| 14  | 0       | 0        | 0     | luma@a.b                             | 1      | P8mFR6sYYjmVZmgEATH/+A==         | luma@a.b                       | 1248097564  | 0               |
| 15  | 0       | 0        | 0     | autumncool@gmail.com                 | 1      | 2WnlQK/ai5FOqGSR8R/gSg==         | autumncool@gmail.com           | 1248125450  | 0               |
| 16  | 0       | 0        | 0     | mpalmer7@gmail.com                   | 1      | 8N7QA383taeji6at8zMHsYwjSFBNzrmP | mpalmer7@gmail.com             | 1248140357  | 0               |
| 17  | 0       | 0        | 0     | Tedd@ggg.com                         | 1      | /WLO58qfgZpZ/DC7+O8TuA==         | Tedd@ggg.com                   | 1248157880  | 0               |
| 19  | 0       | 0        | 0     | a@ad.bb                              | 1      | LTa/deVALFgOUmGxgSB7Og==         | a@ad.bb                        | 1248186926  | 0               |
| 18  | 0       | 0        | 0     | a@b.cj                               | 1      | <blank>                          | a@b.cj                         | 1248186619  | 0               |
| 20  | 0       | 0        | 0     | luma@mappn.c                         | 1      | dTshyjYpudkBNpy4c+GdHA==         | luma@mappn.c                   | 1248187451  | 0               |
| 21  | 0       | 0        | 0     | danny@mappn.com                      | 1      | g87AkDE7Tp1vmDr12WEBuK0NFdtuencc | danny@mappn.com                | 1248247548  | 0               |
| 23  | 0       | 0        | 0     | troy.junkmail@gmail.com              | 1      | Xw1TQ9AaEZnhPafYq5yRGZKSBGisNmEt | troy.junkmail@gmail.com        | 1248380976  | 0               |
| 22  | 0       | 0        | 0     | Nathaniel.meyr@t-mobile.com          | 1      | bug2QZCSlkLN8wvHCtRjDQ==         | Nathaniel.meyr@t-mobile.com    | 1248290398  | 0               |
| 24  | 0       | 0        | 0     | johnsanchez4@gmail.com               | 1      | 813VOYWLc898jG4LfoItSs7Gb84y9BSz | johnsanchez4@gmail.com         | 1248452108  | 0               |
| 25  | 0       | 0        | 0     | rashan.deamus@gmail.com              | 1      | Hi9gR+ojxyfdr56V/b+P6giI/iNP0ZKR | rashan.deamus@gmail.com        | 1248458610  | 0               |
| 26  | 0       | 0        | 0     | lakelandmytouch2@gmail.com           | 1      | F9tJ6rboKRDd7YxfImh5J2lvUnmWAOVr | lakelandmytouch2@gmail.com     | 1248459090  | 0               |
| 27  | 0       | 0        | 0     | spedteacher1975@gmail.com            | 1      | gfQSWggsYzUk9n0XLr/Wh9zcttwevvmV | spedteacher1975@gmail.com      | 1248481304  | 0               |
| 28  | 0       | 0        | 0     | wtm-01@163.com                       | 1      | zqziaMtqVk81gCrj7OFmTweFPy3GWYYw | wtm-01@163.com                 | 1248492491  | 0               |
| 29  | 0       | 0        | 0     | tiffany.heimann@gmail.com            | 1      | PKJxOwvbZ6bXfliM5vYN6JVGidJqzd+4 | tiffany.heimann@gmail.com      | 1248629843  | 0               |
| 30  | 0       | 0        | 0     | chaz.plumley@tmobile.com             | 1      | ipPF85HuX+0OfjaiM+wnF4BmvLG6i27E | chaz.plumley@tmobile.com       | 1248649102  | 0               |
| 31  | 0       | 0        | 0     | chazzy_m_05@yahoo.com                | 1      | ClhaD+SGJ3dOSdaxfVhLj+BTbVFoG+DH | chazzy_m_05@yahoo.com          | 1248717136  | 0               |
| 32  | 0       | 0        | 0     | laihuijie0928@163.com                | 1      | H6jd+HcCUwsnWKTrhPDMTw==         | laihuijie0928@163.com          | 1248745627  | 0               |
| 33  | 0       | 0        | 0     | lizoe@126.com                        | 1      | TodHC/H99MF45oJzXWrASnFpePu7/iDK | lizoe@126.com                  | 1248750739  | 0               |
| 35  | 0       | 0        | 0     | adamsilfven@gmail.com                | 1      | KbTxWJxJ+dgihMkk6Hz9R4B1EyZYWS61 | adamsilfven@gmail.com          | 1248855608  | 0               |
| 34  | 0       | 0        | 0     | mutethemath@gmail.com                | 1      | GGP8rNBPnM+WDjIL8AMVvthCUjRQPxty | mutethemath@gmail.com          | 1248855037  | 0               |
| 36  | 0       | 0        | 0     | andde615@gmail.com                   | 1      | OwlUQlwvOs5+Seslvb4n7iHt2JfkMPvq | andde615@gmail.com             | 1248855764  | 0               |
| 37  | 0       | 0        | 0     | hhhf@fyhjc.ghh                       | 1      | R+Fnn4Uz+ApZpjb+Mm/nsIs0Q6VxgqeG | hhhf@fyhjc.ghh                 | 1248856177  | 0               |
| 38  | 0       | 0        | 0     | iknowthat8864@gmail.com              | 1      | JABXg9Bo1AowRtwn9sxLO/mdqXkr7gQS | iknowthat8864@gmail.com        | 1248856278  | 0               |
| 39  | 0       | 0        | 0     | bravocompany217@gmail.com            | 1      | mJ7OqCDNf0rO+UrQ6F76ug==         | bravocompany217@gmail.com      | 1248856363  | 0               |
| 40  | 0       | 0        | 0     | bakashma@googlemail.com              | 1      | PuPhO77fHlom6fGUiFDiNo+gn4bnfuYQ | bakashma@googlemail.com        | 1248856373  | 0               |
| 41  | 0       | 0        | 0     | keulspamaccount@gmail.com            | 1      | bdz3TDQQv3GU7jZSyNNTzNlCfdiGvX2R | keulspamaccount@gmail.com      | 1248856375  | 0               |
| 42  | 0       | 0        | 0     | hmd.sidd@gmail.com                   | 1      | MmXYe3wW/IS7fIVN051sYBt30vsR1IlH | hmd.sidd@gmail.com             | 1248856676  | 0               |
| 43  | 0       | 0        | 0     | thecoolkid173@gmail.com              | 1      | dd//kTWnSWFjjchkaWRrsI6uC++SnIk6 | thecoolkid173@gmail.com        | 1248856796  | 0               |
| 44  | 0       | 0        | 0     | aristodee00@gmail.com                | 1      | ZzHV5oICk6zy8Lc0IQwjHHq37p5+EAJ8 | aristodee00@gmail.com          | 1248856806  | 0               |
| 45  | 0       | 0        | 0     | yan.liu123@gmail.com                 | 1      | QSy+R57SzMRDZyopZOBVbQ==         | yan.liu123@gmail.com           | 1248857250  | 0               |
| 46  | 0       | 0        | 0     | levibingham@gmail.com                | 1      | pAPPc512ZmCchxyJcnzVsULyILqzj0gO | levibingham@gmail.com          | 1248857300  | 0               |
| 47  | 0       | 0        | 0     | dano_j@hotmail.Com                   | 1      | 86lYDG88z+aO84b6rgXOfiyGd5g8yGx6 | dano_j@hotmail.Com             | 1248857407  | 0               |
| 48  | 0       | 0        | 0     | pocockrob@gmail.com                  | 1      | EaCZdNb/TbJ3SpI9feNafw==         | pocockrob@gmail.com            | 1248857525  | 0               |
| 49  | 0       | 0        | 0     | gregory@siwhine.net                  | 1      | AaFU+PJzdzLpI4OPJZghb+n5hZapyNVF | gregory@siwhine.net            | 1248857554  | 0               |
| 50  | 0       | 0        | 0     | sandra.davis78@gmail.com             | 1      | 1kZ+DMwB9HhZklMdOLecwQJY3HwIofxz | sandra.davis78@gmail.com       | 1248857747  | 0               |

I'm gonna need to know which CMS was used to generate these hashes as they are not strictly base64 and without knowing the algorithm used to generate it attempting to crack the hashes is futile

4
Hacking and Security / Hash Cracking Thread
« on: May 13, 2013, 09:58:02 PM »
Feel free to post your hashes to be cracked here. When responding to a request please quote the person and respond in hash:plaintext format.

5
Anonymity and Privacy / Re: d0x's Proof
« on: May 11, 2013, 10:37:18 PM »
If you don't have a name, people can't dox you. Don't "namefag" and use the same name everywhere and it's pretty easy to become a ghost unless you fuck up your own OPSEC (Operational Security)

6
Anonymity and Privacy / Re: Idea for "Super secure" P2P chat.
« on: May 11, 2013, 10:34:54 PM »
it's easier to just implement an AES-256 based chat protocol which uses Diffie-Helman for key exchanages. This way you can share public keys and chat with each other and no outside party could read the chat transcripts

7
Tutorials / Re: Extreme DOXing (not your standard shit ;) )
« on: May 11, 2013, 10:04:56 PM »
Sorry to necro but this post is completely useless.


How to dox:


Pay 2 bucks to get someone's entire dox on sites such as intellius.... doxing isn't hard, it's for noobs.

8
Tutorials / Re: [tutorial] upload shell with sql injection
« on: May 11, 2013, 09:59:35 PM »
Mind you that this technique requires that the current MySQL user has permissions to run the INTO OUTFILE query and that the Apache user has access to the directory in question to write the file.


Moreover, this is _ONLY_ for MySQL based SQL Injection as this specific technique _will not_ work on OracleDB, MSSQL, or MS Access

9
Hacking and Security / Re: Searching bulk URL's for specific content
« on: May 11, 2013, 09:48:46 PM »
Forget Python, take the time to learn Linux and BASH. You could code this up in a simple BASH one-liner and learn about regular expressions and Linux commands all in one swoop

10
Tutorials / Re: Full SQL Injection Tutorial
« on: May 11, 2013, 09:28:41 PM »
This is far from "Full" but it's a pretty decent guide. This doesn't cover uploading a shell through SQLi or grabbing the users and sql hashes for the sql server or SQLi in MSSQL, OracleDB, or MS Access.


Please don't call something a "full" tutorial on SQL injection if you are only covering MySQL based SQL Injection.

11
Hacking and Security / Re: bypass router authentication
« on: May 11, 2013, 09:21:12 PM »
This is called HTTP BASIC Authentication. I doubt it will work on most routers but another attack to bypass these sorts of prompts is to do HTTP Verb Tampering and changing your GET request to another type of request (not POST) which will sometimes bypass the authentication if it is only attempting to force authentication for HTTP GET and HTTP POST

12
General discussion / Re: Reset logins?
« on: May 09, 2013, 07:33:58 PM »
This is a known bug within the SMF codebase which allows for session fixation issues. The biggest thing I recommend is not ever having it keep you logged in to avoid potential session hijacking attacks.

13
Anonymity and Privacy / Re: Darknets, good or bad?
« on: May 09, 2013, 07:31:35 PM »
All in all, darknets are a simple concept. They are a closed network which are (typically) invite only and exist to provide some sort of content/service. An example of this is the child pornography ring which used usenet mailing groups and GPG keys to talk about, and distribute CP. Everything was encrypted and only members of the darknet knew how to get the CP. Another example is the more popular stuff such as Tor onion sites. They aren't indexed, often no one even knows they exist.


The basic idea behind a darknet is that everyone is anonymized into a cloud nebulous of data and because the group is kept small and everyone is vetted before being able to join, it makes it very difficult for people to infiltrate the group or take it down.

14
Hacking and Security / Re: John taking forever
« on: May 09, 2013, 07:24:45 PM »
JtR also supports GPU cracking. If you share the hash with me I can try to crack it on my rig.

15
Tutorials / Re: [tut] Sqlmap
« on: May 09, 2013, 07:22:06 PM »
Please also use --random-agent as it will mask the default user agent which shows up in the apache logs as "SQLmap"; if you don't do this it's pretty trivial to get flagged by WAF/IDS/IPS and it's easy for a sysadmin to see how the attack went down.

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.