Slyr0x's Posts
Nairaland Forum › Slyr0x's Profile › Slyr0x's Posts
1 2 3 4 5 6 7 8 9 10 11 (of 81 pages)
Tolustar: Boss for seminar, you did that thing..........you dey vex oooooLol. .It was organised in celebration of the Open source day. .Doubt if anything would ve happened if they found out :-) BTW, Sorry I didn't reply your email. .Being soooo busy lately |
djdroydakkount: Good day folks.Ŧђɑ̤̥̈̊п̥̥̲̣̣̣kƨ to d op for starting dis thread aπϑ to all oda. Contributors in here. Really learnt a lot. Pls I need help with finding books on web application pentesting. I already downloaded some vunerable apps like DVMA aπϑ Bodgeit.war but don't know how to go about using them to learn. Abeg, bosses in here should help me. So far, how to use nmap is all I know. Ŧђɑ̤̥̈̊п̥̥̲̣̣̣kƨ.Errm. .Depending on the response, I could start a thread on Hands-on Web app testing. . |
BackTrack6: You guys rock. @Tolustar, weldone for ur Kali installation but note that installation is nonsense without u using it. For me, I hv been lazy with my BT5 sef and e dey pain me oo gaga.My VMWare settings for Kali is NAT . .This basically shares my host PC IP address. .Works for LAN & WLAN. I use Ettercap for all my MITM attacks. .It sniffs, intercepts, logs. .and can even inject packets (using arp poisoning). There was this IT Seminar I went with a friend some years back (during one of 'em blackhat days ), so we decided to play a little prank.For this seminar, everyone in the hall was connected to this wireless AP. .So we started our Ettercap, started sniffing/sieving through all packets. .saw lots of juicy infos. .passwords and the likes (especially for social networking sites). . We then looked for one of those scary "You have been hacked" image from google. .Saved this on our PC. .Activated Ettercap's arp poisoning module. .targeted the whole network and then ran an Ettercap filter on 'em. Funny thing about this prank was; the guy facilitating was taking us through something on the internet. .and just when he clicked on a page, poof! All images on the website was replaced with our "You have been hacked" image. . .Not just the facilitator, but the WHOLE attendees had "You have been hacked" on their screens. .LOL. .You don't want to imagine the look they all had on their faces ![]() These things are fun BUT we should always know when not to cross the ethical line ![]() |
Dual Core: I don't think you got the point of Slyr0x's question.Exactly my point. . I know how all these scams work. . 1. Mr A visits alboraaq to buy Western Union. . 2. Alboraaq admin T3es promises to transfer $1500 to Mr A for just $100 3. Meaning, Mr A will send $100 through Perfectmoney or Webmoney to Alboraaq admin T3es 4. In return, Mr A expects $1500 WU transfer 5. Mr A pays $100 to Alboraaq's webmoney account 6. On confirmation of payment, Alboraaq logs into his Database, changes Mr A's password and locks account 7. Alboraaq then logs in to Mr A's account and posts "I just concluded the deal with Alboraaq, they delivered in quality time. I recommend". 8. Mr A (now unable to login), registers another username and visits the forum. 9. To his surprise, he finds out his account was used to post. . 10. His IP gets banned the moment he screams "SCAM!" 11. Mr A then looks for how to take down Alboraaq site 12. So he visits nairaland.com hoping some l33t hacker can take down the site 13. Repeat from step 1 One thing I always tell people is this: You cannot get scammed if you don't have a vulnerability waiting to be exploited by the Scammer. Someone promises to send you $1500 if you send $100 to him. .Is he a Magician? Does he grow money on trees? Does he have the Midas touch? People's desperation these days makes it hard for them to reason well. It's like saying "Send me a Gold3 and I will send you Land Rover LR3". . |
jerrymania: But the Alboraaq is a cordinated scam artist, a friend fell for $1000 there! The owner is in isreal. who can take these sites down?Do you mind sharing with us how your friend got scammed on a site that stolen credit cards are sold and all sorts of cyber fraud are being perpetuated? |
BackTrack6: Nice one. I just read through your approach to catching the flag and I can indeed say you're good. We dey follow you, boss.Thanks bro. .Na only God we dey follow ooo. .Did you watch the video? |
As promised, here is the video of NotSoSecure's Capture The Flag Competition Walk-through https://www.youtube.com/watch?v=-NqdjghqGI8&feature=youtu.be Full Blogpost & Commands here : http://rotimiakinyele.com/video-notsosecure-capture-the-flag-competiton-walk-through.jsp |
hadel: нєℓℓσ gυуѕ, ρℓєαѕє ι ωσυℓɗ вє νєʀу gʀαтєƒυℓ ιƒ ѕσмєσηє нєℓρ мє ωιтн ιηѕтαℓℓιηg νιʀтυαℓ вσχ ℓιηυχ αɗɗιтισηѕ ση кαℓι. ċσυℓɗη'т υηɗєʀѕтαηɗ тнє σηєѕ ι ѕαω ση σтнєʀ ωєвѕιтєѕ. αвєg.Where exactly did you get stuck? |
BackTrack6: @slyr0x were u able to participate in the notsosecure capture the flag competition? I wasn't able to.Yeah. .I did. .Got only the First flag before the competition ended. .I plan to release the video before friday. BackTrack6: @slyr0x, do u hv ur Kali Linux in virtual machine or as a host? I intend changing my BT5 from being in a VM to being a host.In a virtual Machine. . |
Thing is, every artiste want their songs out there on ALL blogs, so they won't mind as long as it ain't some LEAKED unfinished song OR RIPPED from the entire album. Also, talking about partnership, some of these artistes' record label/management have an existing deal with some of these popular blogs like NJO, TooX, 360Nobs. .and they ALWAYS make sure they send a copy ONLY to this blog. An example is Sauce Kid, every song he releases gets released first on NJO. . Every time you see a song tagged as "Exclusive", it means they own exclusive right to uploading the song FIRST. . ^^^The bolded sums it up. |
^^ In addition to what Backtrack6 said, the best thing you can do is to upgrade to a 4GB RAM atleast. .and dedicate at least 1GB to kali for optimum performance (even though 512MB was stated as the minimum in its official doc). Imagine you have to run some password cracking scripts with a HUGE dictionary wordlist or you need to dump a huge Database. .Also, another mistake you should NOT make is allocate small HDD space to kali. I initially gave Kali 12GB HDD but after installation, I was getting the "memory low error". I tried expanding it but it became a HUGE problem as there was no possible way of expanding after installation (judging from all the searches I did). . Also, remember with time, you will have to update the frameworks. .Metasploit framework on its own could take about 300MB per update. . All in all, for optimum performance, atleast 1GB RAM & 20GB HDD. |
A 12-year-old Canadian boy has pleaded guilty to hacking government and police websites during the 2012 student uprising in Quebec under affiliation with the Anonymous brand of hacktivists. According to the Toronto Sun, the fifth grader, who lives in the Montreal suburb of Notre-Dame-de-Grâce, appeared in youth court on Thursday, accompanied by his father. The boy pleaded guilty to three charges related to hacking websites that included those of Montreal police, the Quebec Institute of Public Health, the Chilean government and some non-public sites. The attacks took some of the sites offline for up to two days, at what police estimated as a cost of $60,000 in damages. A more detailed report will be handed over next month when the boy is sentenced, according to the Toronto Sun. The student uprising of spring 2012, which lasted into that fall, was sparked by outrage at a proposed tuition hike and spiraled into a have v. have-nots version of Occupy Wall Street, marked by the use of Molotov cocktails on one occasion, police use of rubber bullets and tear gas, and serious injuries to both police and protesters. Be that as it may, the boy's lawyer told the court that the 12-year-old's actions in hacking the sites weren't politically motivated: He saw it as a challenge, he was only 12 years old. … There was no political purpose. The paper reports that the young hacker has been involved with computers since he was 9. The court was told that the targeted sites suffered three types of attack: Distributed denial of service (DDoS) attack: An attack wherein the aggressors bombard a target with requests designed to consume so much of its resources that it becomes unusable. Defacement of pages. See Pastebin for a message posted on the Montreal police's website in French and English. Exploiting security holes in order to access database servers. Others have reportedly been arrested for the attacks, but it was the boy who opened the door to enable them, the court was told. The young hacker reportedly managed to get at personal information belonging to the sites' users and administrators. According to the Toronto Sun, he traded the pirated information to Anonymous in exchange for video games. He also taught others how to hack, police experts told the court, though he reportedly warned them against going overboard, lest they get caught. The Toronto Sun says that the court heard testimony from somebody who said that the tween put it this way: It's easy to hack but do not go there too much, they will track you down. I guess he went there too much, because they certainly did track him down. Is he the youngest hacker ever to be caught? http://nakedsecurity.sophos.com/2013/10/26/12-year-old-canadian-boy-admits-to-hacking-police-and-government-sites-for-anonymous/ |
Visitors to the official website for the PHP programming language over the past couple of days might have had their computers infected with malware. Hackers managed to inject malicious JavaScript code into a file on the php.net site called userprefs.js. The code made requests to a third-party website that scanned visitors' browsers for vulnerable plug-ins and executed exploits that, if successful, installed a piece of malware, said Daniel Peck, a research scientist at Barracuda Networks. One of Barracuda's research tools detected and captured attack traffic from php.net late Tuesday evening, according to Peck. The exploits served during the attack came in the form of malicious SWF files, so they most likely targeted vulnerabilities in Adobe Flash Player. However, Barracuda's researchers are still conducting their analysis and haven't identified yet exactly which vulnerabilities were targeted, Peck said. It's also not clear what the program installed by the exploits does or if it's part of a known malware family. The only thing Peck could say about it is that it tries to connect to around three dozen different command-and-control servers around the world and successfully establishes communication with four of them. The php.net site was blacklisted early Tuesday by Google Safe Browsing, a service used by Google Search, Google Chrome and Mozilla Firefox to prevent users from visiting malicious websites. As a result, Chrome and Firefox users who tried to access php.net over the course of several hours Thursday were warned that the site contained malware. The PHP Group, which maintains the php.net website and the PHP distribution packages, initially thought the warning was the result of a Google Safe Browsing detection error. "It appears Google has found a false positive and marked all of http://php.net as suspicious," Rasmus Lerdorf, the creator of PHP, said on Twitter. But a more in-depth investigation revealed that the userprefs.js file had been modified repeatedly as a result of an intrusion, the PHP Group said in a message on php.net. "We are still investigating how someone caused that file to be changed, but in the meantime we have migrated www/static to new clean servers," the group said, adding that there's no evidence of the compromise extending to the PHP distribution files. http://www.computerworld.com/s/article/9243524/PHP.net_compromised_used_to_attack_visitors |
Signed |
Hi Guys, There is ongoing hacking challenge by Security Tube. Kindly find below and try your hands on them. Cheers Dear Participant, The CTF is now on. Before you start, let us just remind you of some rules: 1. Strictly No Brute-forcing. We want you to have fun and let others have fun too. 2. Queries/questions: best way is to ask on twitter (@notsosecure); only if its sensitive mail to questions-at-notsosecure.com. 3. There are 2 Flags to grab. Email flags when you get them to ctf@notsosecure with your twitter handle. 4. We may reset the box from time to time. 5. If you get stuck and need hints, try twitter. Finally, the URL for CTF is: http://ctf.notsosecure.com/71367217217126217712/ |
fr3do: I don't get itInstall charles on your laptop The only thing you are installing on your phone is the Certificate => http://charlesproxy.com/charles.crt |
I have been building websites from my mother's womb. . Beat that! ![]() |
Seun: I could not download it from the Google Play store. Apparently its not available in my country.Download the .apk here http://www.4shared.com/mobile/9DNxnvfx/BBM_100701.html |
Seun: I could not download it from the Google Play store. Apparently its not available in my country.Gimme some minutes lemme upload it for you |
Hi Guys, For those of you that cannot download the app from the Google play, download here http://www.4shared.com/mobile/9DNxnvfx/BBM_100701.html I downloaded the BBM for Android on Google play but every time I try connecting, I get this message below https://i44.tinypic.com/2nuokch.png During one of my web crawling sessions, I came across a tutorial created by DjMightyMike on twitter, I used it and it worked like charm. Find below First thing is to fire up Charles on your machine and configure recording and proxy settings; here's a detailed link on how to set it up: http://www.charlesproxy.com/documentation/configuration/. If things are set up correctly, you should start seeing web traffic in charles as you browse the web on your machine. Next thing is configure your phone to use an http proxy. This can be configured via wifi settings if you're on ioS7. here's a link that explains how to set this up; http://www.charlesproxy.com/documentation/faqs/using-charles-from-an-iphone/ . If you do this correctly, you should see web traffic from your phone in charles. Here's where things get a bit more tricky; The BBM server communicates with the phone via HTTPS, and so the network data will be encrypted as we'd expect. Charles is able to see https traffic, but there's an extra step to set this up. basically you have to enable ssl proxy in charles and tell it to use a trusted certificate; here's how to set up ssl proxying in charles; http://www.charlesproxy.com/documentation/proxying/ssl-proxying/ . here's how to install a trusted ssl certificate: http://www.charlesproxy.com/documentation/using-charles/ssl-certificates/ A certificate will also need to be installed on the phone, download the certificate from http://charlesproxy.com/charles.crt and install it. If everyting is set up correctly, you should now be able to view secure (https) traffic. If you've gotten this far, i have good news, you've just finished the hard part and now the fun begins. Kill the BBM app and start it back up, enter an email and hit next. Now filter charles traffic by typing ".blackberry.com" (without the quotes) in the filter field. At this point you should only see traffic between your phone and blackberry server. click on the line with host name "dai.blackberry.com", then click on response to view the response body, you should see a json payload that looks something like the following: jsonCallback({"status":"success","message":"","result":{"email":"<yourEmail>","count":-1}}); looking at the server response sent to the phone, we see the email we used in the signup screen, as well as a count value set to minus 1. seems like the count value is what decides whether we stay in waiting line or advance to activation screen. we have to modify the response and change the value of count to "1" before the response gets to the phone. Enable the rewrite tool in charles and add a rewrite rule. Go to tools -> rewrite, check the "enable rewrite" checkbox and add a new rule, using dai.blackberry.com as location. in the rule section, you have to select "body" as type and enable the "response" checkbox. In the match section, Select "match whole value". in the replace section, paste the following into the value field: jsonCallback({"status":"success","message":"","result":{"email":"YOUREMAIL","count":1}}); replace "YOUREMAIL" with the email address you used earlier. click OK to save settings. Now whenever charles gets a response from dai.blackberry.com, it will replace it with our value with count equals 1. kill the bbm app, start it back up and enter your email address again, then click next. The app should bypass the waiting line screen and just like that, you should be able to activate the app.[/quote]I used this same technique and it worked like charm. https://i39.tinypic.com/eknq4n.png https://i41.tinypic.com/2pt2tfl.png I can now login on my Android and start pinging pinging all those babes ![]() Let me know if you have issues using this and I'll be ready to help you with it. Cheers |
What is Successdigest?? |
Dual Core: Leave money alone and let passion be your driving force, it will take you where the thought of money alone can't. Love what you do.Words on Marble |
As an infosec enthusiast, I don't see why I should click that link. .as clicking the link itself might just initiate some cookie/session jacking process ![]() |
...God saved you they didn't catch you
), so we decided to play a little prank.

