Chat "Room" v3
Wario, without the "o" part.
Last edited by TurretBot on 03 Sep 2014, 23:21, edited 1 time in total.
WaryLouka wrote:Look, by exploit, it's not "destroy the servers thing". It's RCE. Aka "Remote Command Execution".
The only thing I did is a quick ls command to get the directory content. The only anonymous-accessible directory is essentially the /lost+found directory, which only included temporary files (should they go in /tmp?)
I couldn't do wget as I got an error in written.
I don't care if it's Debian.
The issue is not huge. If it didn't was patched already, I don't know.
The exploit I used is essentially a live HTTP header attack.
Basically:
1. Login with invalid shit in the login screen. I used xdxd as username and pass. Can you check up the logs? (if it's possible)
2. I get the live HTTP headers
3. I open the Replay manager, and modify the values that get executed (it was a username and password server command) to the command I wish. Since ls was one of the working command, I used it.
4. I replay the data.
5. I get redirected to the index page (idk why) with the information on the top of the screen.
I'll take a screenshot. Wait a sec.
I broke spoiler. Whatever. Taste them yourself.
http://www.youtube.com/watch?v=-WHpQVMZbjo
http://www.youtube.com/watch?v=-yGVY-xVaSQ
http://www.youtube.com/watch?v=uhLdTcWkL54
http://www.youtube.com/watch?v=Ajidl1wWHtM
http://www.youtube.com/watch?v=YZOo8FIUKQs
http://www.youtube.com/watch?v=ZUnCBAnx8lc
http://www.youtube.com/watch?v=kuZzrkB9pfE
http://www.youtube.com/watch?v=CaV6ThTpZzU
http://www.youtube.com/watch?v=gPn-qFYEYuQ
http://www.youtube.com/watch?v=gQO2nbD56hc
http://sourceforge.net/projects/lhhreplay/Sašo wrote:-long page stretcher, clearly spammy-
and
andGNU Wget (or just Wget, formerly Geturl) is a computer program that retrieves content from web servers, and is part of the GNU Project. Its name is derived from World Wide Web and get. It supports downloading via HTTP, HTTPS, and FTP protocols.
and (warning big image)In computing, ls is a command to list files in Unix and Unix-like operating systems. ls is specified by POSIX and the Single UNIX Specification.
PHP is the Unixiest operating system ever made. Haven't you heard, Maurice?
Anyway, that's definitely Terminal/Shell Remote Command Execution not injection of PHP code. That /would/ be worse if you could manage sudo, but even if that's legit, it's definitely not superuser.
That being said, assuming this is legitimate, and that you managed to inject a terminal command to the server without knowing the difference between PHP the Hypertext Preprocessor and Unix/Unix-based Terminal, I'm presuming you copypasta'd this, you skid.
Anyway, that's definitely Terminal/Shell Remote Command Execution not injection of PHP code. That /would/ be worse if you could manage sudo, but even if that's legit, it's definitely not superuser.
That being said, assuming this is legitimate, and that you managed to inject a terminal command to the server without knowing the difference between PHP the Hypertext Preprocessor and Unix/Unix-based Terminal, I'm presuming you copypasta'd this, you skid.
Since you seem to be completely oblivious, let me explain in detail why what you did is complete bullshit from start to finish:WaryLouka wrote:http://sourceforge.net/projects/lhhreplay/Sašo wrote:-long page stretcher, clearly spammy-
and
andGNU Wget (or just Wget, formerly Geturl) is a computer program that retrieves content from web servers, and is part of the GNU Project. Its name is derived from World Wide Web and get. It supports downloading via HTTP, HTTPS, and FTP protocols.
and (warning big image)In computing, ls is a command to list files in Unix and Unix-like operating systems. ls is specified by POSIX and the Single UNIX Specification.
1) You cannot just execute console commands over HTTP, not to mention expect a reply for that. That is already completely ridiculous and it's been baffling me from the start.
2) You cannot externally contact the PHP FastCGI server. Also, you can't just send HTTP data to a CGI server.
3) Kernel exploit and then PHP server and all that command bullshit which barely has any fucking connection
4) The text you wrote on the screenshot does not exist in the replayer (which actually looks fairly useful for testing, but not for hacking).
Why are you doing this, you're just making an ass of yourself
I'll just stop.Sašo wrote:Since you seem to be completely oblivious, let me explain in detail why what you did is complete bullshit from start to finish:WaryLouka wrote:http://sourceforge.net/projects/lhhreplay/Sašo wrote:-long page stretcher, clearly spammy-
and
andGNU Wget (or just Wget, formerly Geturl) is a computer program that retrieves content from web servers, and is part of the GNU Project. Its name is derived from World Wide Web and get. It supports downloading via HTTP, HTTPS, and FTP protocols.
In computing, ls is a command to list files in Unix and Unix-like operating systems. ls is specified by POSIX and the Single UNIX Specification.
and (warning big image)
1) You cannot just execute console commands over HTTP, not to mention expect a reply for that. That is already completely ridiculous and it's been baffling me from the start.
2) You cannot externally contact the PHP FastCGI server. Also, you can't just send HTTP data to a CGI server.
3) Kernel exploit and then PHP server and all that command bullshit which barely has any fucking connection
4) The text you wrote on the screenshot does not exist in the replayer (which actually looks fairly useful for testing, but not for hacking).
Why are you doing this, you're just making an ass of yourself
I'm just telling what I did. That's all.
Due that I'm not the creator of the exploit (anon on a trending paste from pastebin) I cannot explain everything perfectly.
This conversation is completely useless. I didn't bragged about it, I just said what I done and that's all. Foreign code execution. I didn't made this ''bullshit'' up, I just... tried to explain it that's all.
Okay, then record video of this "exploit" using Open Broadcaster Software (so you won't have to report yourself for pirating Fraps)WaryLouka wrote:I'll just stop.
I'm just telling what I did. That's all.
Due that I'm not the creator of the exploit (anon on a trending paste from pastebin) I cannot explain everything perfectly.
This conversation is completely useless. I didn't bragged about it, I just said what I done and that's all. Foreign code execution. I didn't made this ''bullshit'' up, I just... tried to explain it that's all.
it'll grow bigger than any fandom everKexaihami wrote:wow warylouka is so leet girls everywhere want him to scan their port 69 and infiltrate it with his trojan
one day there will be an organisation out there called warylouka fangirls anonymous
Apparently you can no longer download CraftBukkit because this guy filed a DMCA Complaint or whatever.
http://dl.bukkit.org/latest-rb/craftbukkit.jar
http://dl.bukkit.org/latest-rb/craftbukkit.jar
You could've just linked the video instead of trying to be a smartass explaining lsWaryLouka wrote:I'll just stop.
I'm just telling what I did. That's all.
Due that I'm not the creator of the exploit (anon on a trending paste from pastebin) I cannot explain everything perfectly.
This conversation is completely useless. I didn't bragged about it, I just said what I done and that's all. Foreign code execution. I didn't made this ''bullshit'' up, I just... tried to explain it that's all.
For that to work you need a very specifically flawed application.
Please, stop shitting on Wary, it's not like he doesn't deserve it (neither like he does), but this thread shouldn't just fill up with insulting post.
Last time I checked no one really insulted him. Sašo pointed out why what Wary was doing is stupid and fairly annoying, but that was necessary and accurately factual; everyone else was just poking fun.
We've all messed up before and as far as I'm concerned making a few jokes is a hell of a lot better than shunning / not accepting him.
Besides, I can't possibly imagine someone taking this (Danny's image) seriously enough to be insulted.
And Wary, we know you by now. With what Sašo said I think you get the point. This doesn't effect my personal opinion of you in any way.
...
In other news, has everyone heard about Super Meat Boy: Forever? I'm quite excited. There may not be a lot of information yet, but I'm confident that with Ed and Tommy's abilities it'll turn out great. Shame they delayed Mewgenics, but that's only natural.
We've all messed up before and as far as I'm concerned making a few jokes is a hell of a lot better than shunning / not accepting him.
Besides, I can't possibly imagine someone taking this (Danny's image) seriously enough to be insulted.
And Wary, we know you by now. With what Sašo said I think you get the point. This doesn't effect my personal opinion of you in any way.
...
In other news, has everyone heard about Super Meat Boy: Forever? I'm quite excited. There may not be a lot of information yet, but I'm confident that with Ed and Tommy's abilities it'll turn out great. Shame they delayed Mewgenics, but that's only natural.
Still, wasting post like that is not a good thing.
Anyways, yeah, i've heard about SMB:Forever (lol i mean SMB:Forever, not SMB:Forever, really :P), another game i won't be able to buy because of my lack of money.
Anyways, yeah, i've heard about SMB:Forever (lol i mean SMB:Forever, not SMB:Forever, really :P), another game i won't be able to buy because of my lack of money.
If making people laugh is a waste then what could possibly not beHans1998 wrote:Still, wasting post like that is not a good thing.
(Sorry if I sound argumentative I just really don't think the humorous praise is worth criticizing)
Agreed!Kexaihami wrote:the vast majority of it was [satiric] praise like something out of Uncyclopaedia.
Well, think about those posts weren't funny to everyone.
I don't think making people laugh is a waste, but don't you think that keep laughing at wary would make him worse?
I don't think there is an only person in the world who likes being a living joke (like people laugh of him without their consent)
And IMO, overdoing jokes is not a good idea (sorry if i was the only one who thought about it).
But anyways, this topic should have ended a long while ago so keep talking about SMB:Forever.
I don't think making people laugh is a waste, but don't you think that keep laughing at wary would make him worse?
I don't think there is an only person in the world who likes being a living joke (like people laugh of him without their consent)
And IMO, overdoing jokes is not a good idea (sorry if i was the only one who thought about it).
But anyways, this topic should have ended a long while ago so keep talking about SMB:Forever.
Hans1998 wrote:Please, stop shitting on Wary, it's not like he doesn't deserve it (neither like he does), but this thread shouldn't just fill up with insulting post.
im honestly just pokeing fun like b-man said, i just thought it would be funny to make a pic of wary as hitler
ooo Moutain Dew
I just tried that stuff like a week ago
Why the hell did it take me so long to try such a typical brand of soda
I really like it though
...
I just tried that stuff like a week ago
Why the hell did it take me so long to try such a typical brand of soda
I really like it though
...
10/10 Wary is 2pro!!!!!!!!!!!!!!!!!!!!!oneHAX0RZ
Was this the Mountain Dew speaking up for itselfMaurice wrote:"Oh man this thread isn't completely about me anymore? Better fix that, can't have that."
That was fairly obvious, at least to me.WaryLouka wrote:I just login-ed and seen this, so I made a proper reply to all the stuff that happened.
(imo your response was fine; I laughed) we could use a new fad around here anyway
Besides, this is the super elite Wary acknowledging our existence!!!!!!!!!!!!!!!!!!!!!!!2 I said this just for the exclamation point joke
PS. "login-ed" would probably be "logged in" if we were speaking like normal people :P
- jwright159
- Posts: 442
- Joined: 20 Nov 2013, 22:26
I got my braces off!
Who else can taste the difference between Coke and Pepsi?
Who else can taste the difference between Coke and Pepsi?
I can't taste the difference between Coke and Pepsi because only one of those is legal
Also I don't like the flavoring in most sodas, including Cola. More of a tea person myself.
Especially snapple.
Jugs and jugs of Snapple.
As endless as breadsticks.
Also I don't like the flavoring in most sodas, including Cola. More of a tea person myself.
Especially snapple.
Jugs and jugs of Snapple.
As endless as breadsticks.
- MagicPillow
- Posts: 1108
- Joined: 20 Jul 2013, 04:59
- Contact:
I don't dink soda.
Leeeeeemonadeeeeeee
Leeeeeemonadeeeeeee
I like to drink
...
...
...
...
KETCHUP.
...
...
...
...
KETCHUP.
Oh my god Turret does that mean you eat banana chips too?!
Does anyone know this reference
Does anyone know this reference
ARE YOU SERIOUSLY EATING BANANA CHIPS AND FUCKING KETCHUP!
and I can tell the difference too... I'm more of a coke guy but it doesn't matter anyways.
orange soda yo.
and I can tell the difference too... I'm more of a coke guy but it doesn't matter anyways.
orange soda yo.
I NEVER SAID I EAT BANANA CHIPS OR FUCK KETCHUP CALM DOWnMM102 wrote:ARE YOU SERIOUSLY EATING BANANA CHIPS AND FUCKING KETCHUP!
DRINK THE FUCK OUT OF ITTurretBot wrote:I NEVER SAID I EAT BANANA CHIPS OR FUCK KETCHUP CALM DOWNMM102 wrote:ARE YOU SERIOUSLY EATING BANANA CHIPS AND FUCKING KETCHUP!
Oh wow more people knew the reference than I thought
MrBlaze147 will always live on in our hearts
MrBlaze147 will always live on in our hearts
It's hard write on Xbox 360! :D