Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Moistfish

Pages: [1]

Beginner's Corner / Other ways to Access Cookies

« on: February 14, 2015, 12:18:39 PM »

Hi, question for the wise

htmlspecialchars($_COOKIE["name"]) - PHP
$_COOKIE["name"] - PHP
document.cookie - Javascript

Currently i have these commands to grab the cookie. However, the victim has javascript disabled and PHP is currently being sanitised with the addition of comment tags between < and ?, so output is .
I am attempting to XSS a forum, where the victim posts his own cookie, using HTML as the XSS (this may be the wrong way but its an attempt i am trying in the name of learning and education ^^)

My current code (if it helps with context) is:

<form action="comment.py" method="POST">
<input type="hidden" name="comment" value="$_COOKIE['auth']"/>
<input type="submit" value=" "/>
</form>

This successfully posts $_COOKIE['auth'] to the forum, when clicked. (i know the PHP tags are missing but they are just commented out.

My Question: Is there any other languages that i could use within HTML value field to grab the value of a cookie?

P.S. this is part of a CTF game =)

General discussion / Re: What do you eat?

« on: February 10, 2015, 04:33:01 PM »

Eat everything, but eat healthily. As a student, meat is expensive in comparison to veggie foods. Main difference is that i eat dinner at lunch time, and lunch at dinner time.

Todays food log:

Breakfast:
Cornflakes with Soya Milk
Handful of grapes
Banana

"Lunch Time":
Mushroom Stir fry with added peppers, onion and tomato's
Pure Orange Juice

"Dinner Time":
Apple + Some biscuits
Chicken and lettuce Sandwich

Snack on dry (unsalted) crackers and gingernut biscuits
And drink a good bit of water each day.

Every now and then i have another bowl of corn flakes as supper, depending on how i feel. I am in love with cereal.

Apparently the Japanese have the best metabolism's (and i assume from that, best diets)

General discussion / Re: Help with hacking/security courses in China

« on: February 03, 2015, 09:21:37 PM »

It is research orientated but you have 3 years of not working, and time off too teach yourself everything you need to know/partake in CTF games etc etc... while doing the research. It will also help you specialise which will be good for industry (whenever you plan to get a job ^^). Rather than doing a course, getting a job and maxing out your time working, and learning for your job etc. (Also, some places will pay you to study there!).

I meant that you should go for 3 months for fun then study somewhere in Europe. I would recommend somewhere they they speak and teach in your natural language. (At my university, those foreign students are getting low marks due to poor English and native speakers are getting high marks.... just remember this. In China, i am going to assume they will be teaching you in Chinese).

I agree that doing a technology course will get you the more saught after practical knowledge, however, can you tell me you are prepared to sit down and read books on Os architecture and Kernals, MMU.... Network protocols, attacks, etc etc... to cover the theory? Its soo much easy to learn code and technology because its interactive and similar to a game, so long as you have time. (however i am putting slightly more emphasis on theory than needs to be, its important but not *that* important.)

Not to worry =) always good to have someone who is going through something similar to lend a hand.

General discussion / Re: Help with hacking/security courses in China

« on: February 01, 2015, 12:20:40 AM »

None of them will look bad on a CV, just Masters degrees will pull more weight than other ones, especially ones that are just degrees from universities, rather than actual certificates from recognizable bodies, CREST, CEH, CISSP etc etc...

And since you are already understaking a Masters degree, i would guide you towards a PDH or gathering a few certificates in terms of progressing your education. However, this most likely wont come with the holiday.

From the sounds of things, would you not prefer to do a summer break 2/3 months in China as a holiday (you stated that money was of little concern) and then follow one of the above options for your education? PHD will give you 3 years to decide, specialise and you get a nice DR. before your name.

I know that the above has not, even remotely, came close to answering your question but i wanted to add my thoughts. =)

From your current knowledge of security, i would steer you towards an information security course, so you can learn about networking protocols, secure channel establishment, OS architecture and memory, all forms of crypto etc, so you know what your attacking and whats going on. It should be noted that a lot (if not most) of this would be theoretical. if its anything based off my course.

I, *PERSONALLY*, just feel that learning "technology" courses is a small step above script kiddie activity. Press X to port scan, press Y to show which services are active on reported ports. Push Z to list all possible known exploits. (even though all of this is a fundamental part =P)

In the mean time, email the universities and lecturers to get a clearer picture of what is taught.

General discussion / Re: Help with hacking/security courses in China

« on: January 31, 2015, 10:59:28 AM »

What are you wanting to do with said courses, find a job? out of interest?

Knowing your outcome will help us, help you.

A degree or course that gives you an Master Degree will look better, in my opinion, on your CV. I cannot tell what the first two options give you.

Also Information Security, in my experience of being on an MSc Information Security course, is that it is a lot more theoretical and centres around the protection of information, rather than purely hacking. So, learning cryptography, security management etc...

Also, the top two that mention hacking technologies. Hard to tell from here but i would again assume that this is training using the tools to hack (could be open source tools....) and i would be cautious as it may not include much theory/understanding of the protocols you are playing with.

Finally, my check as you may be required to sit exams/classes to prove you know chinese in order to live there. Those from Asia at my university are required to have an acceptable level of english before they are allowed to stay/study

General discussion / Re: Confused between choices of courses offered by universities

« on: July 23, 2014, 02:34:25 PM »

My thoughts as well:

I would recommend a generalise degree then specialise after that, which is what most people have stated here already =)

Doing something like IT/Computer Science will give you a broad scope of the IT Industry and will allow you to move into almost any position after that. Though, arnt university degrees Bachelors?

If you specialise now and then change your mind later on, it will be harder and require more work in order to retrain your skills. Take my example, i have a Bachelors with honours in Computer Games Design (art side) and during the final year (4th year into the degree) i decided i didn't want to have anything to do with that industry.

I've since enrolled on a Info Sec Masters degree and shall be starting that soon. But the last year has seen me working my ass off in order to be prepared for the degree, working full time and studying at any time around that. It hasn't been easy but i see it being worth it.

It would have been soooo much easier had i joined a normal, general IT degree as like you, i had no idea what i wanted to do/be "when i grew up".

Java / Re: Learning Java

« on: June 09, 2014, 09:11:13 PM »

Quote from: Matriplex on June 08, 2014, 11:48:02 PM

Honestly, there's a million tutorials online for Java. Just use Google and you'll find all the information that you'll need.

My problem with Online Tutorials is that to and from work each day, i tend to spend roughly an hour doing nothing with no internet connection. So previously i downloaded Python eBooks to read during these times. This is the reason for the book request rather than an online tutorial =)

Also, from my Python experience i read 1 mediocre book and 1 crap book before being informed about a very good book (can't remember the title). This prompted me to ask peoples opinions here before i got stuck in and not optimally use the time i have.

My reasons for choosing Java as well, is for the course i am starting in September. While i am comfortable with Python, i believe some material is in Java and i felt an understanding of Java would go along way in terms of preparation (and the more i know couldn't help i guess.)

Guys, thank you for the links! Tomorrow night i shall get stuck into those links!

Java / Learning Java

« on: June 08, 2014, 10:29:37 PM »

Hi Guys,

Back to rattle your brains for your opinions.

I'm looking to get stuck into learning Java and was wondering if those who have gone down the route of learning via reading material could recommend a book, preferably from the eBooks section as i seem to have little luck in finding PDF's during my search for other reading material.

I have learnt and have an understanding with Python, if that helps.

Done a quick search and found Soul saber's "class" on Java which is a start, but didn't find much on actual text books.

Thanks guys!

Scripting Languages / Re: Where can I fined good videos on learning Python 3.3.1

« on: March 23, 2014, 03:59:27 PM »

Quote from: lucid on March 22, 2014, 09:01:30 PM

I think the most important thing is the fact that the OP asked this about 9 months ago and has since deleted his account.

We are wasting our breaths.

I necro'd it with a side question.

Guys, the advice and help here has been FANTASTIC! I would like to thank you all for taking the time to reply with your knowledge and direction. I wouldn't have have known to chase projects and learn libraries, as i had the understanding that books would teach me most of what i needed to know. **never have i been so wrong** =P

Scripting Languages / Re: Where can I fined good videos on learning Python 3.3.1

« on: March 22, 2014, 03:22:58 AM »

Quote from: Phage on March 21, 2014, 09:03:09 PM

Give a man a fish and he will be satiated for a day, teach him to fish and he'll be satiated for the rest of his life.

Thanks Kenjoe, good to hear your approach after being in my situation. I shall look into some projects then =)

While teaching him to fish is valid, its nothing without providing him the knowledge of where to fish. I cant remember the last time i caught a fish while fishing in a puddle out the back of my house =)

basically all i asked is that if anyone knew an intermediate book bridging the basics and libraries, based of their experience. Wasn't exactly asking "HOW DO I PYTHON PLX IN 3 DAYS?!?!"...

Scripting Languages / Re: Where can I fined good videos on learning Python 3.3.1

« on: March 21, 2014, 12:47:36 AM »

Quote from: Phage on June 15, 2013, 09:21:50 PM

This is probably the last time someone is doing YOUR work for you, so enjoy it.

Thread Necro!

I'm a wee bit meh with this comment. While you maybe answer similar questions day in and out, people come here for help. Take pride in helping people without the tongue lashing every member seems to give new people.

On the other hand, i myself am in a similar position to the OP, wondering about what eBooks to read but then asking will bring 10 hate posts and 1 helpful... (Wonderful Site?) For example, i have read "Starting out with Python" cover to cover, as well as 3/4 others. Now i could tell someone which is best and which to avoid due to my experience, and thats generally what i (and potentially others) are after rather than "go google it newb" (which could potentially return on to this very site??)

Anyways, rant over and to the reason for the Necro:

As stated above, i have read "Starting out with Python" cover to cover and now understand the "basics" (i presume... lists, dictionaries, sets etc...). I tried moving onto other books, but they seem to jump a gap when they say "we expect you to know something about python. Like"Programming in Python 3" may as well be in french to me, even after having completed "Starting out with Python". Similarly i attempted "Foundations of Python Network Programming", to which again, while not french, brought in Socket commands like they were free sweets.

Thus my stand point, i am considering reading over other "non programming"/"basic" programming tutorials with the hope one has added something the other book missed, which is most likely wasting my time and why i need help.

Does anyone know of an intermediate python book, introducing these modules or whatever intermediate level code ones needs to know before progressing onto the walls of french text in "Programming in Python 3" for example. I require ebooks as i do this on the train to and from work mainly, rather than interactive tutorials.

Currently i have a few websites to interactive materials for learning python and have almost completed Waterloo Uni's CCS Circle Python Tutorial but the books i am finding are not what "Starting out with Python" was. In the mean time i will be reading over "Byte of Python".

Final Thought - how does everyone know all these import commands of stuff and shiney things that do extra stuff and where doth they learn such wizardry???

Fish

Scripting Languages / Re: Question: Help my understanding of my code

« on: January 11, 2014, 07:24:29 PM »

Quote from: s3my0n on January 11, 2014, 04:26:45 PM

It's not "writeFile.close", it is "writeFile.close()" since it is a function.

Yea thanks, typo when repeating the code. Originally wrote the program on my laptop, wrote this post on my main PC.

Thanks guys =) i shall go and check out scoping in python

Scripting Languages / Question: Help my understanding of my code

« on: January 11, 2014, 03:54:15 PM »

Hello, learning python atm and came across this below. Wanted to know if anyone knew why this happened

This one didn't write anything to the test.txt file

Code: [Select]

writeFile = open(r'C:/Documents and Settings/MyComp/Desktop/Python/test.txt', 'w')

def main():
   
   name1 = "Joe"
   name2 = "James"
   name3 = "Johnny"

   writeFile.write(name1)
   writeFile.write(name2)
   writeFile.write(name3)

   writeFile.close

main()

and this one did

Code: [Select]

def main():
   
   writeFile = open(r'C:/Documents and Settings/MyComp/Desktop/Python/test.txt', 'w')

   name1 = "Joe"
   name2 = "James"
   name3 = "Johnny"

   writeFile.write(name1)
   writeFile.write(name2)
   writeFile.write(name3)

   writeFile.close

main()

I obviously fixed it, but the question is more for my understanding why it works and writes to the test file when the open command is called within the function, rather than outside it.

Thanks for the help =)

General discussion / Giving Guidance

« on: October 01, 2013, 12:23:16 AM »

Hello all,

Thought i would pre-warn those who only read into a wall of text, that this is a "ask for help" kind of post.

So to begin, i have previously mentioned in an introductory post that i am a graduate games designer. Although this has not sat well with me as recently during the final year of my studies, i noticed that i no longer wished to pursue a career within the industry as well as there being little jobs. in the particular areas i was good at. So, after researching and looking around at computing degrees and specializations, Cyber Security seemed to fit quite well and i enjoyed the idea of what the job entails. Coming from a degree and background in design and moving over to an area of more technical expertise, i have given myself a year to prepare for the Masters Degree in Cyber Security and Digital Forensics, and it is here i am asking for some help with information and guidance.

Just to throw it out there, while hacking is interesting and i wouldn't put the idea off the table, it is not my main goal. Achieving a suitable level of background knowledge for my course is my main goal while specializing wherever i can in the short time frame that i have.

Any information that anyone has, whoever is reading this, i would be greatful for you to share from your experience/knowledge/friends etc in this field. Like any information would be great. So far i have been researching jobs to find what skills and knowledge is most sought after and have came up with this list for making it into Security Consultant roles.

1. Programming Languages:
- C and Java (Most Sought After)
- .Net
- C ++

1a. Scripting Languages
- Python (Most Sought After)
- SQL

1b. Web Based Languages
- HTTP (Most Sought After)
- SSL

2. Operating Systems
- Unix (Most Sought After)
- Linux + Windows

3. Accreditations and Cetificates (Courses)
- CISSP (Most Sought After)
- CCNA
- COMP TIA

4. Security Technologies
- Websense (Most Sought After)
- Fortigate and Nessus

5. 'Best Practice' Methodologies
- ISO 27001 (Most Sought After)
- ICS / SCADA

This is a list, which is by no means the be all and end all, its just what appeared most of all on application forms and what not when looking at roles. This is my list of whats, sort of, important for the role. What i am asking is that people look over it and comment on it in terms of what they think is important and all from their experience.

Currently i am teaching myself Python as i have never learnt programming before (having heard its one of the easier ones to learn and get into). i currently use Python Tutorial to teach myself and i think it is working rather well, however that's my opinion. After this, assuming my list is correct, i plan to try and chase Java and an understanding into that.

Also, i have enrolled on the CCNA course and am running the two year course in one, to fast track myself through the course before my Masters begins.

The rest of the stuff will be bed time reading throughout the year.

Thanks very much guys in advance =)

P.S. i saw a number of new "help" posts, where other articles have been linked. I have a load of them saved and read through most however i feel a personal touch, specific to my situation requires more input than just a link.

Pages: [1]