tag:blogger.com,1999:blog-80947368398441359112024-03-06T00:26:20.994-08:00Curt KobainFeeding you HacksAnonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.comBlogger163125tag:blogger.com,1999:blog-8094736839844135911.post-15260203273611430232013-08-15T23:31:00.003-07:002013-08-15T23:31:46.722-07:00PHP: Why does html entities function not properly work?
Why does html entities function not properly work?
I tried the htmlentities() function with PHP 5 with this code:
<?php
$string="Einstürzende Neubauten"; echo htmlentities($string);
?>
And it only displays two whitespaces (i.e. " "). Why is that? I
tried Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-73699039216078779802013-08-15T23:29:00.000-07:002013-08-15T23:29:09.999-07:00Positioning a div within a div
Qusetion
I have the following div table:
<div style="display:table">
<div style="display:table-row">
<div style="display:table-cell">
<div id="innerDiv"></div>
</div>
</div>
</div>
Inside the cell is a div with the id "innerDiv". Is there a way to
position this div such Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-28982313074123654582013-07-25T01:55:00.000-07:002013-07-25T01:55:00.042-07:00Fuzzing vs Reversing – Round #2 (Reversing) After a few days of fuzzing, I noticed that I covered a large part of the format (at least the part I found interesting) so I then began reverse engineering the format more thoroughly. I started by mapping out the tag-types and reviewing functions that parse them.After I spent a few hours just poking around and getting a stable list of function names and addresses, I noticed something strange; Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-26207765354751991692013-07-25T01:37:00.000-07:002013-08-16T01:39:09.453-07:00vbSEO – From XSS to Reverse PHP Shell
XSS is not a big deal, or is it? On many occasions, I’ve seen this vulnerability being classified as useless, not serious, and being a low threat. What I’ve always had in mind is that it’s only the capabilities of the browser, and the hackers mind which sets the limit for a XSS attack.
It may seem impossible to do anything else other than stealing sessions, cookies and performing phishing, Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-65146366019390023312013-07-25T01:19:00.000-07:002013-07-25T01:19:00.017-07:00Foxit Reader Stack Overflow Exploit – Egghunter Edition Some time ago, when Adobe Reader 0days were dropping left, right, and centre, Foxit Reader was frequently mentioned as a safer alternative to using Adobe. While it may be true that there are not as many exploits available for Foxit, that does not mean that it is invincible.With this in mind, I decided to do some fuzzing using the Microsoft SDL MiniFuzz program. I fed the fuzzer a larger number Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-88819992235664886572013-07-25T00:51:00.000-07:002013-07-25T00:51:00.052-07:00WordPress TimThumb Exploitation WordPress is one of the worlds biggest blogging platforms and can be easily extended with vulnerable add-ons to support a variety of functions – from CMS’s to stores and pretty much anything in between. Within some web applications, themes may contain variables that refer to dynamic elements while in others, like WordPress, insecure PHP files used for caching and resizing images are surprisinglyAnonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-45803999825250076982013-07-25T00:38:00.000-07:002013-07-25T00:38:00.127-07:00Google Hacking Database Reborn The incredible amount of information continuously leaked onto the Internet, and therefore accessible by Google, is of great use to penetration testers around the world. Johnny Long of Hackers for Charity started the Google Hacking Database (GHDB) to serve as a repository for search terms, called Google-Dorks, that expose sensitive information, vulnerabilities, passwords, and much more.As JohnnyAnonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-60275243777038952172013-07-25T00:25:00.000-07:002013-07-25T00:25:00.675-07:00Owned and Exposed There’s nothing like having your butt kicked Christmas morning, which is exactly what happened to us today. We were owned and exposed, in true fashion. Initially, the inj3ct0r team took “creds” for the hack, which quickly proved false as the original ezine showed up – and now inj3ct0r (their new site) is no longer online. As a wise Chinese man once said: “do not anger one who has shell on your Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-46981312873230287092013-07-25T00:09:00.000-07:002013-07-25T00:09:00.379-07:00Bypassing UAC with User Privilege under Windows Vista/7 – Mirror I would like to present an exploit of an ambiguous parameter in Windows kernel API that leads to buffer overflows under nearly every version of Microsoft Windows, especially one that can be used as a backdoor to Windows user privilege system as well as User Access Control.The starring API would be RtlQueryRegistryValues, it meant to be used to query multiple registry values by a query table, Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-32522116536377662932013-07-24T23:54:00.000-07:002013-07-24T23:54:01.060-07:00Fuzzing vs Reversing – Round #1 (Fuzzing) I have recently been doing some fuzzing on the Adobe Flash Player. I started by implementing a simple format fuzzer for Flash based on a homegrown framework that I have been developing for awhile. I implemented and executed tests and progressively covered more and more of the format. After a few days, I noticed one of the SWF files causing strange crashes, the “Just in time” debugger gets Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-15445713790678570792013-07-24T23:37:00.001-07:002013-07-24T23:37:50.079-07:00Google Hacking Database Updates Since we took up the torch of the Google Hacking Database from Johnny Long, we have introduced some changes that we feel provides a great deal of added value to our database of dorks. To make it easier for our visitors to identify changes in the database, there is a ‘New’ graphic that will appear next to a category name where new entries have been added.In addition, and most useful, is the Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-77257748790070362502013-07-22T21:48:00.000-07:002013-07-22T21:48:42.696-07:00[MASSIVE] 15GB WORDLIST FOR BRUTFORCE [MASSIVE]
Yes, this wordlist is massive, 1,500,000,000 words. no joke.
From the web page:
The list contains every wordlist,
dictionary, and password database leak that I could find on the internet
(and I spent a LOT of time looking). It also contains every word in the
Wikipedia databases (pages-articles, retrieved 2010, all languages) as
well as lots of books from Project Gutenberg. It also includesAnonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-50326609179565065772013-07-22T21:28:00.000-07:002013-08-16T01:40:27.859-07:00 [TUTORIAL] ColdFusion Exploit - Hack Big Sites With Ease! - High Detail [TUTORIAL]
This tutorial gives you a basic understanding of the ColdFusion exploit.
There's very many government and military websites that use this
software, but only about 15% are vulnerable. I was nearly into ca.gov
last night, but my friend who got into it before me, shelled the server
and then patched it so only he has it. (I was extremely mad at this
point - haha). Well, let's get started!
Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-9500058465815668742013-07-11T03:43:00.000-07:002013-07-11T03:43:00.259-07:00Google Hacking Database Updates Since we took up the torch of the Google Hacking Database from Johnny Long, we have introduced some changes that we feel provides a great deal of added value to our database of dorks. To make it easier for our visitors to identify changes in the database, there is a ‘New’ graphic that will appear next to a category name where new entries have been added.In addition, and most useful, is the Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-27407927140218210022013-07-10T23:18:00.000-07:002013-07-10T23:18:00.939-07:00WordPress TimThumb operation WordPress is one of the worlds biggest blogging platforms and can be easily extended with vulnerable add-ons to support a variety of functions – from CMS’s to stores and pretty much anything in between. Within some web applications, themes may contain variables that refer to dynamic elements while in others, like WordPress, insecure PHP files used for caching and resizing images are surprisinglyAnonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-76067865175423378972013-07-10T18:40:00.000-07:002013-07-10T18:40:00.128-07:00Google Hacking Database Reborn The incredible amount of information continuously leaked onto the Internet, and therefore accessible by Google, is of great use to penetration testers around the world. Johnny Long of Hackers for Charity started the Google Hacking Database (GHDB) to serve as a repository for search terms, called Google-Dorks, that expose sensitive information, vulnerabilities, passwords, and much more.As JohnnyAnonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-64989124981866565812013-07-10T14:08:00.000-07:002013-08-16T01:37:50.797-07:00vbSEO – From XSS to Reverse PHP Shell
XSS is not a big deal, or is it? On many occasions, I’ve seen this vulnerability being classified as useless, not serious, and being a low threat. What I’ve always had in mind is that it’s only the capabilities of the browser, and the hackers mind which sets the limit for a XSS attack.
It may seem impossible to do anything else other than stealing sessions, cookies and performing phishing, Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-92134671782434612432013-07-10T11:07:00.000-07:002013-07-10T11:07:00.733-07:00Foxit Reader Stack Overflow Exploit – Egghunter EditionTranslate Request has too much dataParameter name: request Some time ago, when Adobe Reader 0days were dropping left, right, and centre, Foxit Reader was frequently mentioned as a safer alternative to using Adobe. While it may be true that there are not as many exploits available for Foxit, that does not mean that it is invincible.With this in mind, I decided to do some fuzzing using the Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-57480629654078946872013-07-10T06:34:00.000-07:002013-07-10T06:34:00.645-07:00Fuzzing vs Reversing – Round #1 (Fuzzing) I have recently been doing some fuzzing on the Adobe Flash Player. I started by implementing a simple format fuzzer for Flash based on a homegrown framework that I have been developing for awhile. I implemented and executed tests and progressively covered more and more of the format. After a few days, I noticed one of the SWF files causing strange crashes, the “Just in time” debugger gets Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-57651914612829643572013-07-10T02:58:00.000-07:002013-07-10T02:58:00.842-07:00Fuzzing vs Reversing – Round #2 (Reversing) After a few days of fuzzing, I noticed that I covered a large part of the format (at least the part I found interesting) so I then began reverse engineering the format more thoroughly. I started by mapping out the tag-types and reviewing functions that parse them.After I spent a few hours just poking around and getting a stable list of function names and addresses, I noticed something strange; Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-2994767119471954492013-07-09T23:23:00.000-07:002013-07-09T23:23:00.405-07:00Bypassing UAC with User Privilege under Windows Vista/7 – MirrorError in deserializing body of reply message for operation 'Translate'. The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 1, position 9521. I would like to present an exploit of an ambiguous parameter in Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-37307706681983576992013-07-09T19:13:00.000-07:002013-07-09T19:13:00.383-07:00Owned and Exposed There’s nothing like having your butt kicked Christmas morning, which is exactly what happened to us today. We were owned and exposed, in true fashion. Initially, the inj3ct0r team took “creds” for the hack, which quickly proved false as the original ezine showed up – and now inj3ct0r (their new site) is no longer online. As a wise Chinese man once said: “do not anger one who has shell on your Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-14115101384892512422013-07-09T15:09:00.000-07:002013-07-09T15:09:00.189-07:00PentesterLab.com – Excercises To Learn Penetration Testing PentesterLab is an easy and straight forwards way to learn the basics of penetration testing. It provides vulnerable systems in a virtual image, and accompanying exercises that can be used to test and understand vulnerabilities.Just decide what course you want to follow, download the course and start learning. You can easily run the course using VMware, no Internet access is required.What will Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-4532381617131790742013-07-09T10:59:00.000-07:002013-07-09T10:59:00.064-07:00SSLyze v0.6 Available For Download – SSL Server Configuration Scanning Tool SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.FeaturesSSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibilityPerformance testing: session resumption and TLS tickets supportSecurity testing: weak cipher suites, Anonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0tag:blogger.com,1999:blog-8094736839844135911.post-44720959142468392592013-07-09T06:55:00.000-07:002013-07-09T06:55:00.785-07:00HoneyDrive Desktop v0.2 Released – Honeypot LiveCD HoneyDrive is a virtual appliance (OVA) with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot, Glastopf web honeypot along with Wordpot, Thug honeyclient and more. Additionally it includes useful pre-configured scripts and utilities to analyze, visualize and processAnonymoushttp://www.blogger.com/profile/03836278424564108231noreply@blogger.com0