First  Prev  1  2  3  4  5  6  7  Next  Last
Hackers&Hacking
693 cr points
Send Message: Send PM GB Post
39 / M
Offline
Posted 11/12/08 , edited 11/12/08

Allhailodin wrote:


Theres no way shinji would be that stupid to use an xml file, xml files are human readable

example of how it would look to store user info

<user>
<username>Allhailodin</username>
<password>Password here</password>
<crpoints>some number</crpoints>
<headline>You are all entilted to my opinion.</headline>
<age>19</age>
and so on with all info
</user>

no person in there right mind would use an xml file to store user info. any random idiot could edit it to there hearts content, even delete a user from the system if they felt like it.


Nobody uses XML in servers. Sites are usually programed in PHP and use database to store all user data.
There is no way to access that data without knowing server password or finding some software hole in PHP code.

10513 cr points
Send Message: Send PM GB Post
27 / M / In your room stea...
Offline
Posted 11/12/08 , edited 11/12/08

Digix wrote:


Allhailodin wrote:


Theres no way shinji would be that stupid to use an xml file, xml files are human readable

example of how it would look to store user info

<user>
<username>Allhailodin</username>
<password>Password here</password>
<crpoints>some number</crpoints>
<headline>You are all entilted to my opinion.</headline>
<age>19</age>
and so on with all info
</user>

no person in there right mind would use an xml file to store user info. any random idiot could edit it to there hearts content, even delete a user from the system if they felt like it.


nobody uses XML in servers, they usually program in PHP and use database to store all user data.
and there is no way to access that data without knowing server password or finding some software hole in PHP code.


PHP is a scripting language, its designed to create dynamic web pages, ive never heard of it being used to store actual data.

most of the stuff entered on a webpage is taken by a tag on the web page <form action = url here"> usually data is taken from a <input>, <textarea> or a <select> tag, to get set to the server to be processed,<form> uses, <action>, to specify the url of a CGI script which processes the form and sends back feedback. There are two ways to send data from a form to a server. <get> will send the form input in a url, while <post> sends it in the body of the submission. <post> means you can send more data, and that the url of the form results wont reveal the encoded form.

From what I know PHP is a scripting language, i've never heard of it being used to store data as a .php file on a server.

Edit, if they use databases to store there data then they would most likely use a hash function.

Edit # 2, there are many many ways to access data on a server without needing a password. one way would be to have to server execute code you send it which would get the data that way.
693 cr points
Send Message: Send PM GB Post
39 / M
Offline
Posted 11/12/08 , edited 11/12/08

Allhailodin wrote:



PHP is a scripting language, its designed to create dynamic web pages, ive never heard of it being used to store actual data.

most of the stuff entered on a webpage is taken by a tag on the web page <form action = url here"> usually data is taken from a <input>, <textarea> or a <select> tag, to get set to the server to be processed,<form> uses, <action>, to specify the url of a CGI script which processes the form and sends back feedback. There are two ways to send data from a form to a server. <get> will send the form input in a url, while <post> sends it in the body of the submission. <post> means you can send more data, and that the url of the form results wont reveal the encoded form.

From what I know PHP is a scripting language, i've never heard of it being used to store data as a .php file on a server.

you are mostly right, but all this has no relation to this case at all.
PHP does not care how do you store data, since you just use commands to store and read it from some abstract database.
you do not send data directly to database from you browser, you send it to appropriate CGI script, which must deal with it somehow.
and job of hacker is mostly to find a way to force that script to perform something that site creator did not expected.
If you are lucky you can feed it some data which gives you back some password, or sometimes you may even get complete control over all server.

as about hashes then they are usually breakable in about few days of brute forcing
10513 cr points
Send Message: Send PM GB Post
27 / M / In your room stea...
Offline
Posted 11/12/08 , edited 11/12/08

Digix wrote:


Allhailodin wrote:



PHP is a scripting language, its designed to create dynamic web pages, ive never heard of it being used to store actual data.

most of the stuff entered on a webpage is taken by a tag on the web page <form action = url here"> usually data is taken from a <input>, <textarea> or a <select> tag, to get set to the server to be processed,<form> uses, <action>, to specify the url of a CGI script which processes the form and sends back feedback. There are two ways to send data from a form to a server. <get> will send the form input in a url, while <post> sends it in the body of the submission. <post> means you can send more data, and that the url of the form results wont reveal the encoded form.

From what I know PHP is a scripting language, i've never heard of it being used to store data as a .php file on a server.

you are mostly right, but all this has no relation to this case at all.
PHP does not care how do you store data, since you just use commands to store and read it from some abstract database.
you do not send data directly to database from you browser, you send it to appropriate CGI script, which must deal with it somehow.
and job of hacker is mostly to find a way to force that script to perform something that site creator did not expected.
If you are lucky you can feed it some data which gives you back some password, or sometimes you may even get complete control over all server.

as about hashes then they are usually breakable in about few days of brute forcing


Yea i know, i didn't see the "PHP and use database", so i typed all that before i caught the "and use" but i didnt feel like deleting all that.

The easiest way would be to just overflow the buffer and excute your own code. have your code retrieve all the data you want.
693 cr points
Send Message: Send PM GB Post
39 / M
Offline
Posted 11/12/08 , edited 11/12/08

Allhailodin wrote:

The easiest way would be to just overflow the buffer and excute your own code. have your code retrieve all the data you want.

, you think so? it is not that simple, buffer overflows exploits don't last long, since script kiddies trash all servers, that have them, almost instantly and ruin everything. And you must be real good hacker to find such overflow, also it requires lots of work to actually use it.

basically hacking is a war between software programmers and hackers, and you know programmers are not trained monkeys, they no worse than hackers.
you may overlook something insignificant, but if someone finds buffer overflow in you software you will be pissed of enough to fix that in the same day.
10513 cr points
Send Message: Send PM GB Post
27 / M / In your room stea...
Offline
Posted 11/12/08 , edited 11/12/08

Digix wrote:

, you think so? it is not that simple, buffer overflows exploits don't last long since script kiddies trash all servers, that have them, almost instantly. and you must be real good hacker to find such overflow, and also it requires lots of work to actually use it.

basically hacking is a war between software programmers and hackers, and you know programmers are not trained monkeys, they no worse than hackers.
you may overlook something insignificant, but if someone finds buffer overflow in you software you will be pissed of enough to fix that in the same day.


If you actually look and put some time into it, there are tons of things you can do to hack a server. Overflow the buffer. ive even heard of people using custom packets to hack servers.

But i think it would be totaly fun to crash a server. just for the hell of it.

Nah its not much work to exploit a buffer, if its for example a 30 byte buffer, then i believe you would send something 29 bytes or 31 bytes large i forget at the moment, then send your own code and the server excutes it.
693 cr points
Send Message: Send PM GB Post
39 / M
Offline
Posted 11/12/08 , edited 11/12/08

Allhailodin wrote:


Digix wrote:

, you think so? it is not that simple, buffer overflows exploits don't last long since script kiddies trash all servers, that have them, almost instantly. and you must be real good hacker to find such overflow, and also it requires lots of work to actually use it.

basically hacking is a war between software programmers and hackers, and you know programmers are not trained monkeys, they no worse than hackers.
you may overlook something insignificant, but if someone finds buffer overflow in you software you will be pissed of enough to fix that in the same day.


If you actually look and put some time into it, there are tons of things you can do to hack a server. Overflow the buffer. ive even heard of people using custom packets to hack servers.

But i think it would be totaly fun to crash a server. just for the hell of it.


I don't see any fun of crashing server for someone you don't know, and you will not even see results.
server will just be back on line after some time with that security hole fixed and all you will, have a week or more of hard work wasted.
it is basically like you break windows for completely unknown people.
If you take control of some server it is much more valuable for virtual wars, you can use it to attack someone, or if you are really evil then you can inject viruses and take control over bunch of computers, then steal their data or do even more evil things(since you usually wont find anything useful anyway to steal).
for example I once used my ISP server to kick out users from IRC to advance faster in order to download.
Of course there are many ways to hack, but it is rare that at least one of them will work on something you target.


Nah its not much work to exploit a buffer, if its for example a 30 byte buffer, then i believe you would send something 29 bytes or 31 bytes large i forget at the moment, then send your own code and the server excutes it.

just try it and you will not talk so anymore.
it does not work in that way at all. most of software is well protected from overflows in these days
new CPUs even have hardware protection
Posted 11/12/08
i used to have an online friend who knew how to hack... i got kind of scared.
10513 cr points
Send Message: Send PM GB Post
27 / M / In your room stea...
Offline
Posted 11/12/08

Digix wrote:


Allhailodin wrote:


Digix wrote:

, you think so? it is not that simple, buffer overflows exploits don't last long since script kiddies trash all servers, that have them, almost instantly. and you must be real good hacker to find such overflow, and also it requires lots of work to actually use it.

basically hacking is a war between software programmers and hackers, and you know programmers are not trained monkeys, they no worse than hackers.
you may overlook something insignificant, but if someone finds buffer overflow in you software you will be pissed of enough to fix that in the same day.


If you actually look and put some time into it, there are tons of things you can do to hack a server. Overflow the buffer. ive even heard of people using custom packets to hack servers.

But i think it would be totaly fun to crash a server. just for the hell of it.


I don't see any fun of crashing server for someone you don't know, and you will not even see results.
server will just be back on line after some time with that security hole fixed and all you will, have a week or more of hard work wasted.
it is basically like you break windows for completely unknown people.
If you take control of some server it is much more valuable for virtual wars, you can use it to attack someone, or if you are really evil then you can inject viruses and take control over bunch of computers, then steal their data or do even more evil things(since you usually wont find anything useful anyway to steal).
for example I once used my ISP server to kick out users from IRC to advance faster in order to download.
Of course there are many ways to hack, but it is rare that at least one of them will work on something you target.


Nah its not much work to exploit a buffer, if its for example a 30 byte buffer, then i believe you would send something 29 bytes or 31 bytes large i forget at the moment, then send your own code and the server excutes it.

just try it and you will not talk so anymore.
it does not work in that way at all.


Eh, I'm really lazy, so hacking anything, is too much work, if I want something hacked, I'll get someone to do it for me.
Posted 11/13/08

wingz74 wrote:


CrimelabS wrote:

The aim is just as the same as studying and learning stuff that your curious about...(reverse engineering)

and like altering stuff say we alter a circuit (circuit bending) which has its usual function to something that could be usefull in another application or function.

and if your talkin about the movie "Wargames: The Dead Code" its kinda imposible and the idea of US intelligence using an online game to detect profile any global and local terrorist is far fetched..for me it was the worst hacking muvee ive seen...Die Hard 4 is much much better.



...you sound like you could be a hacker or just a computer junkie


im just curious of how tech stuff works.
4698 cr points
Send Message: Send PM GB Post
26 / all around the wo...
Offline
Posted 11/13/08

Allhailodin wrote:


Digix wrote:


Allhailodin wrote:


Digix wrote:

, you think so? it is not that simple, buffer overflows exploits don't last long since script kiddies trash all servers, that have them, almost instantly. and you must be real good hacker to find such overflow, and also it requires lots of work to actually use it.

basically hacking is a war between software programmers and hackers, and you know programmers are not trained monkeys, they no worse than hackers.
you may overlook something insignificant, but if someone finds buffer overflow in you software you will be pissed of enough to fix that in the same day.


If you actually look and put some time into it, there are tons of things you can do to hack a server. Overflow the buffer. ive even heard of people using custom packets to hack servers.

But i think it would be totaly fun to crash a server. just for the hell of it.


I don't see any fun of crashing server for someone you don't know, and you will not even see results.
server will just be back on line after some time with that security hole fixed and all you will, have a week or more of hard work wasted.
it is basically like you break windows for completely unknown people.
If you take control of some server it is much more valuable for virtual wars, you can use it to attack someone, or if you are really evil then you can inject viruses and take control over bunch of computers, then steal their data or do even more evil things(since you usually wont find anything useful anyway to steal).
for example I once used my ISP server to kick out users from IRC to advance faster in order to download.
Of course there are many ways to hack, but it is rare that at least one of them will work on something you target.


Nah its not much work to exploit a buffer, if its for example a 30 byte buffer, then i believe you would send something 29 bytes or 31 bytes large i forget at the moment, then send your own code and the server excutes it.

just try it and you will not talk so anymore.
it does not work in that way at all.


Eh, I'm really lazy, so hacking anything, is too much work, if I want something hacked, I'll get someone to do it for me.


Your not alone

10513 cr points
Send Message: Send PM GB Post
27 / M / In your room stea...
Offline
Posted 11/14/08

wingz74 wrote:


Allhailodin wrote:


Digix wrote:


Allhailodin wrote:


Digix wrote:

, you think so? it is not that simple, buffer overflows exploits don't last long since script kiddies trash all servers, that have them, almost instantly. and you must be real good hacker to find such overflow, and also it requires lots of work to actually use it.

basically hacking is a war between software programmers and hackers, and you know programmers are not trained monkeys, they no worse than hackers.
you may overlook something insignificant, but if someone finds buffer overflow in you software you will be pissed of enough to fix that in the same day.


If you actually look and put some time into it, there are tons of things you can do to hack a server. Overflow the buffer. ive even heard of people using custom packets to hack servers.

But i think it would be totaly fun to crash a server. just for the hell of it.


I don't see any fun of crashing server for someone you don't know, and you will not even see results.
server will just be back on line after some time with that security hole fixed and all you will, have a week or more of hard work wasted.
it is basically like you break windows for completely unknown people.
If you take control of some server it is much more valuable for virtual wars, you can use it to attack someone, or if you are really evil then you can inject viruses and take control over bunch of computers, then steal their data or do even more evil things(since you usually wont find anything useful anyway to steal).
for example I once used my ISP server to kick out users from IRC to advance faster in order to download.
Of course there are many ways to hack, but it is rare that at least one of them will work on something you target.


Nah its not much work to exploit a buffer, if its for example a 30 byte buffer, then i believe you would send something 29 bytes or 31 bytes large i forget at the moment, then send your own code and the server excutes it.

just try it and you will not talk so anymore.
it does not work in that way at all.


Eh, I'm really lazy, so hacking anything, is too much work, if I want something hacked, I'll get someone to do it for me.


Your not alone



About being lazy ?
3342 cr points
Send Message: Send PM GB Post
26 / M / Phoenix, Arizona
Offline
Posted 11/14/08
this is a duplicate.
279 cr points
Send Message: Send PM GB Post
27 / M
Offline
Posted 11/14/08
truth be told if I hacked I would probably hack whatever I could just to test my skills but I would not be a prick and like hack someones bank accounts man thats messed up.
17087 cr points
Send Message: Send PM GB Post
26 / M / Within the remnan...
Offline
Posted 11/14/08

girlee wrote:

This is nothing serious,just wanna know about you guys opinion OK?
If you were good at hacking,what you really aiming at?I used to watch a movie about a boy who hacked some of these new game & later found out the new game he hacked is really a real one...i forgot the movie title (If im not mistaken its between Russia&US...LOL!Its old movie i guess..)


thats War Games (1983) >.>

anyway, there are two kind of hackers, some that do good things and some that do bad things, i would be a white hat.
First  Prev  1  2  3  4  5  6  7  Next  Last
You must be logged in to post.