₦airaland Forum

Welcome, Guest: RegisterLoginWith GoogleTrendingRecentNew

Stats: 3,330,984 members, 8,448,095 topics. Date: Sunday, 19 July 2026 at 06:31 PM

Toggle theme

Slyr0x's Posts

Nairaland ForumSlyr0x's ProfileSlyr0x's Posts

1 2 3 4 5 6 7 8 9 10 11 (of 81 pages)

ProgrammingRe: Ethical Hackers by Slyr0x: 4:40pm On Nov 12, 2013
Tolustar: Boss for seminar, you did that thing..........you dey vex ooooo smiley ...God saved you they didn't catch you
Lol. .It was organised in celebration of the Open source day. .Doubt if anything would ve happened if they found out :-)

BTW, Sorry I didn't reply your email. .Being soooo busy lately
ProgrammingRe: Ethical Hackers by Slyr0x: 4:04pm On Nov 12, 2013
djdroydakkount: Good day folks.Ŧђɑ̤̥̈̊п̥̥̲̣̣̣kƨ to d op for starting dis thread aπϑ to all oda. Contributors in here. Really learnt a lot. Pls I need help with finding books on web application pentesting. I already downloaded some vunerable apps like DVMA aπϑ Bodgeit.war but don't know how to go about using them to learn. Abeg, bosses in here should help me. So far, how to use nmap is all I know. Ŧђɑ̤̥̈̊п̥̥̲̣̣̣kƨ.
Errm. .Depending on the response, I could start a thread on Hands-on Web app testing. .
ProgrammingRe: Ethical Hackers by Slyr0x: 4:02pm On Nov 12, 2013
BackTrack6: You guys rock. @Tolustar, weldone for ur Kali installation but note that installation is nonsense without u using it. For me, I hv been lazy with my BT5 sef and e dey pain me oo gaga.
For MITM attack I think I will prefer Cain & Abel. Since I run BT5 in a virtual machine, I hv not really enjoyed Subterfuge. I don't know if it has anything to do with my network adapter in my virtual machine (I used VMWare). I have actually not settled to understudy whether it is better the adapter is on NAT or Bridged, to enable me enjoy some features of BT5. Dons in the house over to una.
My VMWare settings for Kali is NAT . .This basically shares my host PC IP address. .Works for LAN & WLAN.

I use Ettercap for all my MITM attacks. .It sniffs, intercepts, logs. .and can even inject packets (using arp poisoning).

There was this IT Seminar I went with a friend some years back (during one of 'em blackhat days cheesy), so we decided to play a little prank.

For this seminar, everyone in the hall was connected to this wireless AP. .So we started our Ettercap, started sniffing/sieving through all packets. .saw lots of juicy infos. .passwords and the likes (especially for social networking sites). .

We then looked for one of those scary "You have been hacked" image from google. .Saved this on our PC. .Activated Ettercap's arp poisoning module. .targeted the whole network and then ran an Ettercap filter on 'em.

Funny thing about this prank was; the guy facilitating was taking us through something on the internet. .and just when he clicked on a page, poof! All images on the website was replaced with our "You have been hacked" image. . .Not just the facilitator, but the WHOLE attendees had "You have been hacked" on their screens. .LOL. .You don't want to imagine the look they all had on their faces cheesy grin

These things are fun BUT we should always know when not to cross the ethical line wink
WebmastersRe: Who Can Take Down These Scam Websites? by Slyr0x: 11:27am On Nov 03, 2013
Dual Core: I don't think you got the point of Slyr0x's question.

Its like a crackhead going to the police to report he got ripped off by a weed seller. He paid for the weed but it wasn't delivered.

Not bothered about those sites because its only those who are up to a scam themselves that will need the services of such sites so why should I be bothered over a scammer and his scam when the scammee is also a scammer?
Exactly my point. .

I know how all these scams work. .

1. Mr A visits alboraaq to buy Western Union. .
2. Alboraaq admin T3es promises to transfer $1500 to Mr A for just $100
3. Meaning, Mr A will send $100 through Perfectmoney or Webmoney to Alboraaq admin T3es
4. In return, Mr A expects $1500 WU transfer
5. Mr A pays $100 to Alboraaq's webmoney account
6. On confirmation of payment, Alboraaq logs into his Database, changes Mr A's password and locks account
7. Alboraaq then logs in to Mr A's account and posts "I just concluded the deal with Alboraaq, they delivered in quality time. I recommend".
8. Mr A (now unable to login), registers another username and visits the forum.
9. To his surprise, he finds out his account was used to post. .
10. His IP gets banned the moment he screams "SCAM!"
11. Mr A then looks for how to take down Alboraaq site
12. So he visits nairaland.com hoping some l33t hacker can take down the site
13. Repeat from step 1

One thing I always tell people is this: You cannot get scammed if you don't have a vulnerability waiting to be exploited by the Scammer.

Someone promises to send you $1500 if you send $100 to him. .Is he a Magician? Does he grow money on trees? Does he have the Midas touch? People's desperation these days makes it hard for them to reason well. It's like saying "Send me a Gold3 and I will send you Land Rover LR3". .
WebmastersRe: Who Can Take Down These Scam Websites? by Slyr0x: 8:59pm On Nov 02, 2013
jerrymania: But the Alboraaq is a cordinated scam artist, a friend fell for $1000 there! The owner is in isreal. who can take these sites down?
Do you mind sharing with us how your friend got scammed on a site that stolen credit cards are sold and all sorts of cyber fraud are being perpetuated?
ProgrammingRe: Ethical Hackers by Slyr0x: 2:57pm On Nov 01, 2013
BackTrack6: Nice one. I just read through your approach to catching the flag and I can indeed say you're good. We dey follow you, boss.
Thanks bro. .Na only God we dey follow ooo. .Did you watch the video?
ProgrammingRe: Ethical Hackers by Slyr0x: 10:08am On Nov 01, 2013
As promised, here is the video of NotSoSecure's Capture The Flag Competition Walk-through


https://www.youtube.com/watch?v=-NqdjghqGI8&feature=youtu.be

Full Blogpost & Commands here : http://rotimiakinyele.com/video-notsosecure-capture-the-flag-competiton-walk-through.jsp
ProgrammingRe: Ethical Hackers by Slyr0x: 9:56am On Oct 30, 2013
hadel: нєℓℓσ gυуѕ, ρℓєαѕє ι ωσυℓɗ вє νєʀу gʀαтєƒυℓ ιƒ ѕσмєσηє нєℓρ мє ωιтн ιηѕтαℓℓιηg νιʀтυαℓ вσχ ℓιηυχ αɗɗιтισηѕ ση кαℓι. ċσυℓɗη'т υηɗєʀѕтαηɗ тнє σηєѕ ι ѕαω ση σтнєʀ ωєвѕιтєѕ. αвєg.
Where exactly did you get stuck?
ProgrammingRe: Ethical Hackers by Slyr0x: 9:55am On Oct 30, 2013
BackTrack6: @slyr0x were u able to participate in the notsosecure capture the flag competition? I wasn't able to.

Phew! my rainbow table is almost done...94%
Yeah. .I did. .Got only the First flag before the competition ended. .I plan to release the video before friday.

BackTrack6: @slyr0x, do u hv ur Kali Linux in virtual machine or as a host? I intend changing my BT5 from being in a VM to being a host.
In a virtual Machine. .
WebmastersRe: What Is Required? by Slyr0x: 7:09pm On Oct 29, 2013
Thing is, every artiste want their songs out there on ALL blogs, so they won't mind as long as it ain't some LEAKED unfinished song OR RIPPED from the entire album.

Also, talking about partnership, some of these artistes' record label/management have an existing deal with some of these popular blogs like NJO, TooX, 360Nobs. .and they ALWAYS make sure they send a copy ONLY to this blog.

An example is Sauce Kid, every song he releases gets released first on NJO. .

Every time you see a song tagged as "Exclusive", it means they own exclusive right to uploading the song FIRST. .

^^^The bolded sums it up.
ProgrammingRe: Ethical Hackers by Slyr0x: 12:11pm On Oct 29, 2013
^^

In addition to what Backtrack6 said, the best thing you can do is to upgrade to a 4GB RAM atleast. .and dedicate at least 1GB to kali for optimum performance (even though 512MB was stated as the minimum in its official doc).

Imagine you have to run some password cracking scripts with a HUGE dictionary wordlist or you need to dump a huge Database. .Also, another mistake you should NOT make is allocate small HDD space to kali. I initially gave Kali 12GB HDD but after installation, I was getting the "memory low error". I tried expanding it but it became a HUGE problem as there was no possible way of expanding after installation (judging from all the searches I did). . Also, remember with time, you will have to update the frameworks. .Metasploit framework on its own could take about 300MB per update. .

All in all, for optimum performance, atleast 1GB RAM & 20GB HDD.
Webmasters12-year-old Boy Admits To Hacking Police And Government Sites For Anonymous by Slyr0x(op): 8:51pm On Oct 26, 2013
A 12-year-old Canadian boy has pleaded guilty to hacking government and police websites during the 2012 student uprising in Quebec under affiliation with the Anonymous brand of hacktivists.

According to the Toronto Sun, the fifth grader, who lives in the Montreal suburb of Notre-Dame-de-Grâce, appeared in youth court on Thursday, accompanied by his father.

The boy pleaded guilty to three charges related to hacking websites that included those of Montreal police, the Quebec Institute of Public Health, the Chilean government and some non-public sites.

The attacks took some of the sites offline for up to two days, at what police estimated as a cost of $60,000 in damages. A more detailed report will be handed over next month when the boy is sentenced, according to the Toronto Sun.

The student uprising of spring 2012, which lasted into that fall, was sparked by outrage at a proposed tuition hike and spiraled into a have v. have-nots version of Occupy Wall Street, marked by the use of Molotov cocktails on one occasion, police use of rubber bullets and tear gas, and serious injuries to both police and protesters.

Be that as it may, the boy's lawyer told the court that the 12-year-old's actions in hacking the sites weren't politically motivated:

He saw it as a challenge, he was only 12 years old. … There was no political purpose.

The paper reports that the young hacker has been involved with computers since he was 9.

The court was told that the targeted sites suffered three types of attack:

Distributed denial of service (DDoS) attack: An attack wherein the aggressors bombard a target with requests designed to consume so much of its resources that it becomes unusable.
Defacement of pages. See Pastebin for a message posted on the Montreal police's website in French and English.
Exploiting security holes in order to access database servers.

Others have reportedly been arrested for the attacks, but it was the boy who opened the door to enable them, the court was told.

The young hacker reportedly managed to get at personal information belonging to the sites' users and administrators.

According to the Toronto Sun, he traded the pirated information to Anonymous in exchange for video games.

He also taught others how to hack, police experts told the court, though he reportedly warned them against going overboard, lest they get caught.

The Toronto Sun says that the court heard testimony from somebody who said that the tween put it this way:

It's easy to hack but do not go there too much, they will track you down.

I guess he went there too much, because they certainly did track him down.

Is he the youngest hacker ever to be caught?

http://nakedsecurity.sophos.com/2013/10/26/12-year-old-canadian-boy-admits-to-hacking-police-and-government-sites-for-anonymous/
WebmastersPhp.net Compromised, Used To Attack Visitors by Slyr0x(op): 7:55am On Oct 26, 2013
Visitors to the official website for the PHP programming language over the past couple of days might have had their computers infected with malware.

Hackers managed to inject malicious JavaScript code into a file on the php.net site called userprefs.js. The code made requests to a third-party website that scanned visitors' browsers for vulnerable plug-ins and executed exploits that, if successful, installed a piece of malware, said Daniel Peck, a research scientist at Barracuda Networks.

One of Barracuda's research tools detected and captured attack traffic from php.net late Tuesday evening, according to Peck.

The exploits served during the attack came in the form of malicious SWF files, so they most likely targeted vulnerabilities in Adobe Flash Player. However, Barracuda's researchers are still conducting their analysis and haven't identified yet exactly which vulnerabilities were targeted, Peck said.

It's also not clear what the program installed by the exploits does or if it's part of a known malware family. The only thing Peck could say about it is that it tries to connect to around three dozen different command-and-control servers around the world and successfully establishes communication with four of them.

The php.net site was blacklisted early Tuesday by Google Safe Browsing, a service used by Google Search, Google Chrome and Mozilla Firefox to prevent users from visiting malicious websites. As a result, Chrome and Firefox users who tried to access php.net over the course of several hours Thursday were warned that the site contained malware.

The PHP Group, which maintains the php.net website and the PHP distribution packages, initially thought the warning was the result of a Google Safe Browsing detection error. "It appears Google has found a false positive and marked all of http://php.net as suspicious," Rasmus Lerdorf, the creator of PHP, said on Twitter.

But a more in-depth investigation revealed that the userprefs.js file had been modified repeatedly as a result of an intrusion, the PHP Group said in a message on php.net. "We are still investigating how someone caused that file to be changed, but in the meantime we have migrated www/static to new clean servers," the group said, adding that there's no evidence of the compromise extending to the PHP distribution files.

http://www.computerworld.com/s/article/9243524/PHP.net_compromised_used_to_attack_visitors
PoliticsRe: Petition: Make Senator Cruz Apologize For His Offensive Remarks by Slyr0x: 6:11am On Oct 26, 2013
Signed
ProgrammingRe: Ethical Hackers by Slyr0x: 5:01pm On Oct 25, 2013
Hi Guys,

There is ongoing hacking challenge by Security Tube. Kindly find below and try your hands on them. Cheers

Dear Participant,

The CTF is now on. Before you start, let us just remind you of some rules:

1. Strictly No Brute-forcing. We want you to have fun and let others have fun too.
2. Queries/questions: best way is to ask on twitter (@notsosecure); only if its sensitive mail to questions-at-notsosecure.com.
3. There are 2 Flags to grab. Email flags when you get them to ctf@notsosecure with your twitter handle.
4. We may reset the box from time to time.
5. If you get stuck and need hints, try twitter.


Finally, the URL for CTF is:
http://ctf.notsosecure.com/71367217217126217712/
PhonesRe: [Android] A Step-By-Step Tutorial To Bypass BBM Waiting Line by Slyr0x(op): 5:09pm On Oct 24, 2013
fr3do: I don't get it
Is charles supposed to be installed cos there is no version for android on the site.
Install charles on your laptop

The only thing you are installing on your phone is the Certificate => http://charlesproxy.com/charles.crt
WebmastersRe: Meet The One Of The Youngest Webmaster/designer In Nigeria by Slyr0x: 12:09pm On Oct 24, 2013
I have been building websites from my mother's womb. . Beat that! cheesy wink
PhonesRe: [Android] A Step-By-Step Tutorial To Bypass BBM Waiting Line by Slyr0x(op): 10:31am On Oct 24, 2013
Seun: I could not download it from the Google Play store. Apparently its not available in my country.
Download the .apk here http://www.4shared.com/mobile/9DNxnvfx/BBM_100701.html
PhonesRe: [Android] A Step-By-Step Tutorial To Bypass BBM Waiting Line by Slyr0x(op):
Seun: I could not download it from the Google Play store. Apparently its not available in my country.
Gimme some minutes lemme upload it for you
Phones[Android] A Step-By-Step Tutorial To Bypass BBM Waiting Line by Slyr0x(op):
Hi Guys,

For those of you that cannot download the app from the Google play, download here http://www.4shared.com/mobile/9DNxnvfx/BBM_100701.html

I downloaded the BBM for Android on Google play but every time I try connecting, I get this message below

https://i44.tinypic.com/2nuokch.png

During one of my web crawling sessions, I came across a tutorial created by DjMightyMike on twitter, I used it and it worked like charm.

Find below

First thing is to fire up Charles on your machine and configure recording and proxy settings;
here's a detailed link on how to set it up:

http://www.charlesproxy.com/documentation/configuration/.

If things are set up correctly, you should start seeing web traffic in charles as you browse the web on your machine.

Next thing is configure your phone to use an http proxy. This can be configured via wifi settings if you're on ioS7. here's a link that explains how to set this up; http://www.charlesproxy.com/documentation/faqs/using-charles-from-an-iphone/ . If you do this correctly, you should see web traffic from your phone in charles.

Here's where things get a bit more tricky; The BBM server communicates with the phone via HTTPS, and so the network data will be encrypted as we'd expect. Charles is able to see https traffic, but there's an extra step to set this up. basically you have to enable ssl proxy in charles and tell it to use a trusted certificate;

here's how to set up ssl proxying in charles; http://www.charlesproxy.com/documentation/proxying/ssl-proxying/ .

here's how to install a trusted ssl certificate: http://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

A certificate will also need to be installed on the phone, download the certificate from http://charlesproxy.com/charles.crt and install it.

If everyting is set up correctly, you should now be able to view secure (https) traffic.

If you've gotten this far, i have good news, you've just finished the hard part and now the fun begins.

Kill the BBM app and start it back up, enter an email and hit next.

Now filter charles traffic by typing ".blackberry.com" (without the quotes) in the filter field. At this point you should only see traffic between your phone and blackberry server. click on the line with host name "dai.blackberry.com", then click on response to view the response body, you should see a json payload that looks something like the following:
jsonCallback({"status":"success","message":"","result":{"email":"<yourEmail>","count":-1}});

looking at the server response sent to the phone, we see the email we used in the signup screen, as well as a count value set to minus 1. seems like the count value is what decides whether we stay in waiting line or advance to activation screen. we have to modify the response and change the value of count to "1" before the response gets to the phone. Enable the rewrite tool in charles and add a rewrite rule.

Go to tools -> rewrite, check the "enable rewrite" checkbox and add a new rule, using dai.blackberry.com as location.
in the rule section, you have to select "body" as type and enable the "response" checkbox.
In the match section, Select "match whole value".
in the replace section, paste the following into the value field:
jsonCallback({"status":"success","message":"","result":{"email":"YOUREMAIL","count":1}});
replace "YOUREMAIL" with the email address you used earlier. click OK to save settings.

Now whenever charles gets a response from dai.blackberry.com, it will replace it with our value with count equals 1.
kill the bbm app, start it back up and enter your email address again, then click next. The app should bypass the waiting line screen and just like that, you should be able to activate the app.[/quote]I used this same technique and it worked like charm.

https://i39.tinypic.com/eknq4n.png

https://i41.tinypic.com/2pt2tfl.png

I can now login on my Android and start pinging pinging all those babes cheesy

Let me know if you have issues using this and I'll be ready to help you with it.

Cheers
AutosRe: Nairaland's Auto Section Profiled In SuccessDigest by Slyr0x: 1:58pm On Oct 23, 2013
What is Successdigest??
WebmastersRe: Web Designers/developers Stop Charging Below 50k For Any Project. by Slyr0x: 12:04pm On Oct 23, 2013
Dual Core: Leave money alone and let passion be your driving force, it will take you where the thought of money alone can't. Love what you do.
Words on Marble
WebmastersRe: Faceboook Is Hacked And Password Could Be Retrieved. by Slyr0x: 2:53am On Oct 22, 2013
As an infosec enthusiast, I don't see why I should click that link. .as clicking the link itself might just initiate some cookie/session jacking process undecided

1 2 3 4 5 6 7 8 9 10 11 (of 81 pages)