I've started this forum in hope that some of you will be interested in posting your scripts and techniques related to sneaky dodges with current software, sites, web-progs, servers, etc.

Also, Black-hat stuff is welcome, only Warez/Pirating stuff wasn't permitted in the Rules Sticky.


In Conclusion, All things "hacky in nature"(Exception: Warez) are permitted.


Enjoy this thread as I have enjoyed posting on it.

For my first post I'd like to demonstrate how un-parsed signatures can be used for obtaning IP addresses and other info.

UNPARSED SIGNATURES: Forum sigs that allow links to progs like *.php and *.cgi within the image tag.


Lets move on to the PHP code, first, we'll start out with getting the user info.
$ip = $_SERVER['REMOTE_ADDR']; // declare the IP
$userAgent = $_SERVER['HTTP_USER_AGENT']; // get the user-agent (browser OS, // etc.

then we'll store the info within a text file after creating the input string.
$inputString = "IP: " . $ip . "\n" . "USER AGENT: " . $userAgent . "\n\n";
$fp = fopen( "userInfo/ipList.txt" , "a" ); //opens a file for append
fwrite( $fp, $inputString ); //actualy writes to the file
fclose( $fp ); //closes file.

Now to make the image:
//create the image canvas...
$img_number = imagecreate(300, 80);

Declare colors.
//Create the Color Variables
$white = imagecolorallocate($img_number,255,255,255);
$black = imagecolorallocate($img_number,0,0,0);

Fill the image.
imagefill($img_number,0,0,$black);

Create some strings.
$ipPrint="Your IP is: ";
$line2Print = "I Now have your IP ";
$line3Print = "And your OS/Browser Info.";
$line4Print = "A public service announcement from webgovernor.";

Print the info to the image.
Imagestring($img_number,4,5,5,$ipPrint,$white);
Imagestring($img_number,9,100,5,$ip,$white);
Imagestring($img_number,4,5,35,$line2Print,$white);
Imagestring($img_number,4,5,50,$line3Print,$white);
Imagestring($img_number,2,5,65,$line4Print,$white);

And, finally, we'll display the info.
header("Content-type:image/jpeg"); //output header
imagejpeg($img_number); //print the image to the screen.
?>

To access this image, use the URL to the program, ie:
img src="http://www.yourdomain.com/php/image.php"



There ya have it, that's most of my signature, the rest I don't really care to share.

I've got more fun things like that...

Please share, educating the community can be excellent... heh...

-Web

Ever fucked a flash movie...

heh... well you can, so to speak...


This post covers the basics of breaking down flash movies, connecting to the SWF's sever, and editing variables.

First, get a SWF decompiler, a demo of sothink for you windows users should work.

Second, decompile and edit the taget swf.

Third, recompile the modified version, and begin.


Step ONE:
Get a decompiler (demo at www.sothink.com), once you've installed your SWF decompiler, you're ready for the next step.

Step TWO:
Open the target swf in your decompiler (search the cache), and look for the server URLs and change them to complete urls...
Example: sendAndLoad("./penguin.php", MyVar) should be
sendAndLoad("www.thedomain.com/penguin.php", MyVar);
Aslo, if the SWF happens to be a game, you'll want to look for variables in the
code like "score" or "points", change these to equal whatever you'd like.

Step THREE:
Copy your saved code to a flash compiler (FlashMX, KoolMoves), compile it,
connect to the internet, and run your swf, with your new variables.

NOTE: some sites have found a way to prevent this, but I've found that as of
12/02/2004 most sites don't worry about it.


Good luck, and happy hacking.

Ahh yes, the ping of death, it's been a long time since this has worked.

What you'll need:
-Ping (or something similar) installed.
-A faster internet connection and better processor then your target
-A C/C++ decompiler,
-And a C/C++ compiler.

How it works:
-Decompile the Ping Program (unless you've got the source),
-Edit the maxPacketSize variable to something larger (this one varies, but it's still obvious),
-Recompile and run with a high packet size and a large count.

First, decompile your ping program, and search for "packet" or "packet size".
You'll see a line like "int maxPacketSize=65000;" change the 65000 to 99999999999
or something.

Second, recompile the suker using make or something...

Third run the program with a high count variable (like 11658 or something), and
a high packet size (99999999).
Example: ping -c 11658 -s 9999999 www.targetsite.com (or an ip XXX.XXX.XXX.XX )

Simple, it's outdated as fuck, but it's kinda fun to run against slower PCs within your own lan.

Upon success, you'll cause the comps net connection to timeout,
just nmap or something to see if it's up.

Most of you reading already know of this one, I just posted it cuz I'm bored.

NOTE: dont do this, its bad, and, umm, yeah, its bad.

Enjoy!

I'm soo glad to see all of you posting so much, perhaps I can make my own forum...


Godamn it!

Post something, at least challenge my views or comment on the scripts' integrity!

Bah!

Well, i feel better...

Did you know that the older verifone ATMs have a keyless operator menu?

All you gotta do is:
1) Hit the four corner buttons (usualy 1, 3, 7, and 9)
2) Hold those buttons until the menu pops up.
3) Select IFCONFIG >> MacADDR >> IP >> Settings
4) Write down the IP for later nmap scans.

I'm not gonna go too in depth with this one, but there's a lot of fun to be had with it!

#5 Telnet (23)
#4 smtp (25)
#3 gopher (70)
#2 finger (79)
#1 Back Orifice, my fav!

That's it.

Pretty simple, there are a lot of useful ports out there, but these are my favorites!

http://www.hackthissite.org/

Great site, great community, great resources.

Check it out.

www.hackinthebox.org

lots of tools and tutorials, great site.

www.insecure.org << Home of nmap
www.slashdot.org << creative minds union
www.2600.org << the magazine of legend
www.hackcanada.com << Canadian phreaks group

Fun sites, check um out!

Heh, 2600Hz... I remember that one. That was phreaking, not hacking though. Fun as hell... Pity digital lines no longer really allow for this.

Whoa!

Did somebody besides me post?

Yes!

Thanks!

2600 covers all sorts of info,
not just phreaking (anymore) but stuff like "how to hack an XBox" and
the art of Key Logging.

Yeah, I was supposed to go to the Fifth Hope, but that didn't work out as planned.

Ever tried to get .SWFs to display on a netscape browser and be able to validate your HTML/XHTML?


I've been searching for a god-damn solution for a while,
but all I get is "EMBED," which is depreciated!

OBJECT isn't "supposed" to work....


But here's a hack to get it to display in IE and NETSCAPE,
(I call it a hack because in IE it doesn't "stream").



{object type="application/x-shockwave-flash" data="my_movie.swf"
width="50" height="50"}
{param name="movie" value='my_movie.swf" /}
{/object}

The key attributes there are "DATA" and "PARAM".
Data for the NETSCAPE browsers.


NOTE: Replace the curly braces with less then/ greater thens.
If you post here with less/greater + object between the CODE tags,
it'll cause half of your post to be outside the bracket.



And PARAM for IE4+ Browsers.


I was fucking around with the code in one last desperate attempt to get it working.
When I think I figured it out.

Ha, fuck them!

You can see this in action at my website http://www.gallatinwebdesign.com.


Hopefully this is usefull to the web-developers in here.

Here's the code with the less then greater then.













Blah!

Never mind....

Kinda fucked up, huh?

I still have analog!

Thanks dude, this is a great one.

I love that site,

especialy the demo sites that are up (the ones that are there for the purpose of being "hacked").


Well, i've been too bust to post more hacking scripts, but I'll have some tonight.

I promise!

-The web