Chat "Room" v3

If it doesn't fit elsewhere, it should go here
Maurice
Stabyourself.net
Posts: 2143
Joined: 01 Feb 2012, 20:19

Post » 03 Sep 2014, 23:12

man I wish I was a cool hacker like wari

User avatar
Wary
Posts: 597
Joined: 03 Jun 2012, 14:30

Post » 03 Sep 2014, 23:14

Maurice wrote:man I wish I was a cool hacker script kiddie like wari
"wari"
How does that pronounce?

User avatar
TurretBot
Posts: 4399
Joined: 15 Mar 2012, 23:18

Post » 03 Sep 2014, 23:21

Wario, without the "o" part.
Last edited by TurretBot on 03 Sep 2014, 23:21, edited 1 time in total.

Maurice
Stabyourself.net
Posts: 2143
Joined: 01 Feb 2012, 20:19

Post » 03 Sep 2014, 23:21

so where's that screenshot
clearly you should be able to tell us our folder structure if you have access to PHP and its mysterious ls command that nobody knows of.

User avatar
Sašo
Stabyourself.net
Posts: 1425
Joined: 06 Jan 2012, 12:07

Post » 03 Sep 2014, 23:27

WaryLouka wrote:Look, by exploit, it's not "destroy the servers thing". It's RCE. Aka "Remote Command Execution".
The only thing I did is a quick ls command to get the directory content. The only anonymous-accessible directory is essentially the /lost+found directory, which only included temporary files (should they go in /tmp?)

I couldn't do wget as I got an error in written.
I don't care if it's Debian.
The issue is not huge. If it didn't was patched already, I don't know.

The exploit I used is essentially a live HTTP header attack.
Basically:

1. Login with invalid shit in the login screen. I used xdxd as username and pass. Can you check up the logs? (if it's possible)
2. I get the live HTTP headers
3. I open the Replay manager, and modify the values that get executed (it was a username and password server command) to the command I wish. Since ls was one of the working command, I used it.
4. I replay the data.
5. I get redirected to the index page (idk why) with the information on the top of the screen.

I'll take a screenshot. Wait a sec.

I broke spoiler. Whatever. Taste them yourself.
http://www.youtube.com/watch?v=-WHpQVMZbjo
http://www.youtube.com/watch?v=-yGVY-xVaSQ
http://www.youtube.com/watch?v=uhLdTcWkL54
http://www.youtube.com/watch?v=Ajidl1wWHtM
http://www.youtube.com/watch?v=YZOo8FIUKQs
http://www.youtube.com/watch?v=ZUnCBAnx8lc
http://www.youtube.com/watch?v=kuZzrkB9pfE
http://www.youtube.com/watch?v=CaV6ThTpZzU
http://www.youtube.com/watch?v=gPn-qFYEYuQ
http://www.youtube.com/watch?v=gQO2nbD56hc

User avatar
Wary
Posts: 597
Joined: 03 Jun 2012, 14:30

Post » 03 Sep 2014, 23:43

Sašo wrote:-long page stretcher, clearly spammy-
http://sourceforge.net/projects/lhhreplay/

and
GNU Wget (or just Wget, formerly Geturl) is a computer program that retrieves content from web servers, and is part of the GNU Project. Its name is derived from World Wide Web and get. It supports downloading via HTTP, HTTPS, and FTP protocols.
and
In computing, ls is a command to list files in Unix and Unix-like operating systems. ls is specified by POSIX and the Single UNIX Specification.
and (warning big image)
Image

User avatar
Kexaihami
Posts: 348
Joined: 10 Jun 2013, 10:09

Post » 04 Sep 2014, 00:22

PHP is the Unixiest operating system ever made. Haven't you heard, Maurice?

Anyway, that's definitely Terminal/Shell Remote Command Execution not injection of PHP code. That /would/ be worse if you could manage sudo, but even if that's legit, it's definitely not superuser.

That being said, assuming this is legitimate, and that you managed to inject a terminal command to the server without knowing the difference between PHP the Hypertext Preprocessor and Unix/Unix-based Terminal, I'm presuming you copypasta'd this, you skid.

User avatar
Sašo
Stabyourself.net
Posts: 1425
Joined: 06 Jan 2012, 12:07

Post » 04 Sep 2014, 00:46

WaryLouka wrote:
Sašo wrote:-long page stretcher, clearly spammy-
http://sourceforge.net/projects/lhhreplay/

and
GNU Wget (or just Wget, formerly Geturl) is a computer program that retrieves content from web servers, and is part of the GNU Project. Its name is derived from World Wide Web and get. It supports downloading via HTTP, HTTPS, and FTP protocols.
and
In computing, ls is a command to list files in Unix and Unix-like operating systems. ls is specified by POSIX and the Single UNIX Specification.
and (warning big image)
Image
Since you seem to be completely oblivious, let me explain in detail why what you did is complete bullshit from start to finish:

1) You cannot just execute console commands over HTTP, not to mention expect a reply for that. That is already completely ridiculous and it's been baffling me from the start.
2) You cannot externally contact the PHP FastCGI server. Also, you can't just send HTTP data to a CGI server.
3) Kernel exploit and then PHP server and all that command bullshit which barely has any fucking connection
4) The text you wrote on the screenshot does not exist in the replayer (which actually looks fairly useful for testing, but not for hacking).


Why are you doing this, you're just making an ass of yourself

User avatar
Wary
Posts: 597
Joined: 03 Jun 2012, 14:30

Post » 04 Sep 2014, 03:10

Sašo wrote:
WaryLouka wrote:
Sašo wrote:-long page stretcher, clearly spammy-
http://sourceforge.net/projects/lhhreplay/

and
GNU Wget (or just Wget, formerly Geturl) is a computer program that retrieves content from web servers, and is part of the GNU Project. Its name is derived from World Wide Web and get. It supports downloading via HTTP, HTTPS, and FTP protocols.
and
In computing, ls is a command to list files in Unix and Unix-like operating systems. ls is specified by POSIX and the Single UNIX Specification.


and (warning big image)
Image
Since you seem to be completely oblivious, let me explain in detail why what you did is complete bullshit from start to finish:

1) You cannot just execute console commands over HTTP, not to mention expect a reply for that. That is already completely ridiculous and it's been baffling me from the start.
2) You cannot externally contact the PHP FastCGI server. Also, you can't just send HTTP data to a CGI server.
3) Kernel exploit and then PHP server and all that command bullshit which barely has any fucking connection
4) The text you wrote on the screenshot does not exist in the replayer (which actually looks fairly useful for testing, but not for hacking).


Why are you doing this, you're just making an ass of yourself
I'll just stop.
I'm just telling what I did. That's all.
Due that I'm not the creator of the exploit (anon on a trending paste from pastebin) I cannot explain everything perfectly.
This conversation is completely useless. I didn't bragged about it, I just said what I done and that's all. Foreign code execution. I didn't made this ''bullshit'' up, I just... tried to explain it that's all.

User avatar
Kexaihami
Posts: 348
Joined: 10 Jun 2013, 10:09

Post » 04 Sep 2014, 05:58

wow warylouka is so leet girls everywhere want him to scan their port 69 and infiltrate it with his trojan

one day there will be an organisation out there called warylouka fangirls anonymous

User avatar
Pact
Posts: 58
Joined: 03 Aug 2014, 19:29

Post » 04 Sep 2014, 08:26

WaryLouka wrote:I'll just stop.
I'm just telling what I did. That's all.
Due that I'm not the creator of the exploit (anon on a trending paste from pastebin) I cannot explain everything perfectly.
This conversation is completely useless. I didn't bragged about it, I just said what I done and that's all. Foreign code execution. I didn't made this ''bullshit'' up, I just... tried to explain it that's all.
Okay, then record video of this "exploit" using Open Broadcaster Software (so you won't have to report yourself for pirating Fraps)
Kexaihami wrote:wow warylouka is so leet girls everywhere want him to scan their port 69 and infiltrate it with his trojan

one day there will be an organisation out there called warylouka fangirls anonymous
it'll grow bigger than any fandom ever

User avatar
Pact
Posts: 58
Joined: 03 Aug 2014, 19:29

Post » 04 Sep 2014, 09:16

Apparently you can no longer download CraftBukkit because this guy filed a DMCA Complaint or whatever.

http://dl.bukkit.org/latest-rb/craftbukkit.jar

User avatar
Sašo
Stabyourself.net
Posts: 1425
Joined: 06 Jan 2012, 12:07

Post » 04 Sep 2014, 10:39

WaryLouka wrote:I'll just stop.
I'm just telling what I did. That's all.
Due that I'm not the creator of the exploit (anon on a trending paste from pastebin) I cannot explain everything perfectly.
This conversation is completely useless. I didn't bragged about it, I just said what I done and that's all. Foreign code execution. I didn't made this ''bullshit'' up, I just... tried to explain it that's all.
You could've just linked the video instead of trying to be a smartass explaining ls



For that to work you need a very specifically flawed application.

User avatar
Danny
Posts: 207
Joined: 26 Oct 2013, 05:22

Post » 04 Sep 2014, 21:49

Maurice wrote:man I wish I was a cool hacker like wari
me to, once i get my hacking badge my boy scout sash will finally be complete!




(nazi paraphernalia)
Image

User avatar
Kexaihami
Posts: 348
Joined: 10 Jun 2013, 10:09

Post » 05 Sep 2014, 02:11

waryloukan reich paraphernalia
Image
Also once I heard him playing "Ya Zainab" just about * immediately branded him as a cyberterrorist. Gosh darn arabs are learning to splode our compooter now

User avatar
HansAgain
Posts: 1103
Joined: 03 Feb 2012, 18:51

Post » 05 Sep 2014, 02:22

Please, stop shitting on Wary, it's not like he doesn't deserve it (neither like he does), but this thread shouldn't just fill up with insulting post.

B-Man99
Posts: 1868
Joined: 02 Jul 2012, 00:32

Post » 05 Sep 2014, 02:55

Last time I checked no one really insulted him. Sašo pointed out why what Wary was doing is stupid and fairly annoying, but that was necessary and accurately factual; everyone else was just poking fun.
We've all messed up before and as far as I'm concerned making a few jokes is a hell of a lot better than shunning / not accepting him.

Besides, I can't possibly imagine someone taking this (Danny's image) seriously enough to be insulted.

And Wary, we know you by now. With what Sašo said I think you get the point. This doesn't effect my personal opinion of you in any way.

...
In other news, has everyone heard about Super Meat Boy: Forever? I'm quite excited. There may not be a lot of information yet, but I'm confident that with Ed and Tommy's abilities it'll turn out great. Shame they delayed Mewgenics, but that's only natural.

User avatar
HansAgain
Posts: 1103
Joined: 03 Feb 2012, 18:51

Post » 05 Sep 2014, 03:09

Still, wasting post like that is not a good thing.

Anyways, yeah, i've heard about SMB:Forever (lol i mean SMB:Forever, not SMB:Forever, really :P), another game i won't be able to buy because of my lack of money.

User avatar
Kexaihami
Posts: 348
Joined: 10 Jun 2013, 10:09

Post » 05 Sep 2014, 03:21

Wow, the funny thing is, the vast majority of it was [satiric] praise like something out of Uncyclopaedia.

B-Man99
Posts: 1868
Joined: 02 Jul 2012, 00:32

Post » 05 Sep 2014, 03:38

Hans1998 wrote:Still, wasting post like that is not a good thing.
If making people laugh is a waste then what could possibly not be

(Sorry if I sound argumentative I just really don't think the humorous praise is worth criticizing)
Kexaihami wrote:the vast majority of it was [satiric] praise like something out of Uncyclopaedia.
Agreed!

User avatar
HansAgain
Posts: 1103
Joined: 03 Feb 2012, 18:51

Post » 05 Sep 2014, 03:58

Well, think about those posts weren't funny to everyone.
I don't think making people laugh is a waste, but don't you think that keep laughing at wary would make him worse?
I don't think there is an only person in the world who likes being a living joke (like people laugh of him without their consent)
And IMO, overdoing jokes is not a good idea (sorry if i was the only one who thought about it).
But anyways, this topic should have ended a long while ago so keep talking about SMB:Forever.

User avatar
Kexaihami
Posts: 348
Joined: 10 Jun 2013, 10:09

Post » 05 Sep 2014, 04:31

If nobody liked to be the butt of everyone's jokes then nobody would ever play the viola.

User avatar
Cake
Posts: 1401
Joined: 06 Mar 2012, 03:29

Post » 05 Sep 2014, 05:06

I've been waiting quite a few pages for a valid topic I can contribute to.
Please make it happen Sakauri guys.

Maurice
Stabyourself.net
Posts: 2143
Joined: 01 Feb 2012, 20:19

Post » 05 Sep 2014, 12:17

I just passed my bachelor exam.
So it'd be great if you all started saying "B.Sc. Maurice".

User avatar
Costinteo
Posts: 705
Joined: 09 Mar 2013, 17:49

Post » 05 Sep 2014, 12:47

Woooo! Go Maurice. When are we having the party?

Maurice
Stabyourself.net
Posts: 2143
Joined: 01 Feb 2012, 20:19

Post » 05 Sep 2014, 14:39

Costinteo wrote:Woooo! Go B.Sc. Maurice. When are we having the party?
Once you get better at counter strike.

User avatar
BobTheLawyer
Posts: 2232
Joined: 01 May 2012, 21:00

Post » 05 Sep 2014, 18:46

Great job B.Sc. Maurice!

User avatar
Sašo
Stabyourself.net
Posts: 1425
Joined: 06 Jan 2012, 12:07

Post » 05 Sep 2014, 18:54

Yeah well I am a Wood Technician and I've been for 4 years so sike on that. Feel free to add "Furniture" at the end to specify the field.

User avatar
BobTheLawyer
Posts: 2232
Joined: 01 May 2012, 21:00

Post » 05 Sep 2014, 19:43

Congrats on 4 years, Sašo Furniture!

User avatar
Danny
Posts: 207
Joined: 26 Oct 2013, 05:22

Post » 05 Sep 2014, 21:01

Hans1998 wrote:Please, stop shitting on Wary, it's not like he doesn't deserve it (neither like he does), but this thread shouldn't just fill up with insulting post.

im honestly just pokeing fun like b-man said, i just thought it would be funny to make a pic of wary as hitler

User avatar
Wary
Posts: 597
Joined: 03 Jun 2012, 14:30

Post » 05 Sep 2014, 23:05

wary as hitler fad
I hope not

Danny's image in HD
Image

Does it need to be put in a spoiler?

B-Man99
Posts: 1868
Joined: 02 Jul 2012, 00:32

Post » 05 Sep 2014, 23:07

ooo Moutain Dew
I just tried that stuff like a week ago
Why the hell did it take me so long to try such a typical brand of soda
I really like it though

...
HAX0RZ
10/10 Wary is 2pro!!!!!!!!!!!!!!!!!!!!!one

Maurice
Stabyourself.net
Posts: 2143
Joined: 01 Feb 2012, 20:19

Post » 06 Sep 2014, 00:19

"Oh man this thread isn't completely about me anymore? Better fix that, can't have that."

User avatar
Wary
Posts: 597
Joined: 03 Jun 2012, 14:30

Post » 06 Sep 2014, 00:50

Maurice wrote:"Oh man this thread isn't completely about me anymore? Better fix that, can't have that."
No.
I just login-ed and seen this, so I made a proper reply to all the stuff that happened.

B-Man99
Posts: 1868
Joined: 02 Jul 2012, 00:32

Post » 06 Sep 2014, 01:00

Maurice wrote:"Oh man this thread isn't completely about me anymore? Better fix that, can't have that."
Was this the Mountain Dew speaking up for itself
WaryLouka wrote:I just login-ed and seen this, so I made a proper reply to all the stuff that happened.
That was fairly obvious, at least to me.
(imo your response was fine; I laughed) we could use a new fad around here anyway

Besides, this is the super elite Wary acknowledging our existence!!!!!!!!!!!!!!!!!!!!!!!2 I said this just for the exclamation point joke

PS. "login-ed" would probably be "logged in" if we were speaking like normal people :P

User avatar
jwright159
Posts: 442
Joined: 20 Nov 2013, 22:26

Post » 06 Sep 2014, 01:03

I got my braces off!
Who else can taste the difference between Coke and Pepsi?

B-Man99
Posts: 1868
Joined: 02 Jul 2012, 00:32

Post » 06 Sep 2014, 01:10

I can't taste the difference between Coke and Pepsi because only one of those is legal

Also I don't like the flavoring in most sodas, including Cola. More of a tea person myself.
Especially snapple.
Jugs and jugs of Snapple.
As endless as breadsticks.

User avatar
MagicPillow
Posts: 1107
Joined: 20 Jul 2013, 04:59

Post » 06 Sep 2014, 01:26

I don't dink soda.

Leeeeeemonadeeeeeee

User avatar
TurretBot
Posts: 4399
Joined: 15 Mar 2012, 23:18

Post » 06 Sep 2014, 02:16

I like to drink
...
...
...

...
KETCHUP.

B-Man99
Posts: 1868
Joined: 02 Jul 2012, 00:32

Post » 06 Sep 2014, 03:00

Oh my god Turret does that mean you eat banana chips too?!
Does anyone know this reference

User avatar
Danny
Posts: 207
Joined: 26 Oct 2013, 05:22

Post » 06 Sep 2014, 04:39

B-Man99 wrote:I can't taste the difference between Coke and Pepsi because only one of those is legal

i love coke and its one of my favorite drinks, pepsi however tastes extremely watery

User avatar
MM102
Posts: 970
Joined: 11 May 2012, 06:08

Post » 06 Sep 2014, 04:44

ARE YOU SERIOUSLY EATING BANANA CHIPS AND FUCKING KETCHUP!

and I can tell the difference too... I'm more of a coke guy but it doesn't matter anyways.
orange soda yo.

User avatar
Cake
Posts: 1401
Joined: 06 Mar 2012, 03:29

Post » 06 Sep 2014, 04:45

I hate the colas.

GO GO ORANGE SODA

User avatar
TurretBot
Posts: 4399
Joined: 15 Mar 2012, 23:18

Post » 06 Sep 2014, 05:02

MM102 wrote:ARE YOU SERIOUSLY EATING BANANA CHIPS AND FUCKING KETCHUP!
I NEVER SAID I EAT BANANA CHIPS OR FUCK KETCHUP CALM DOWn

User avatar
MM102
Posts: 970
Joined: 11 May 2012, 06:08

Post » 06 Sep 2014, 05:12

TurretBot wrote:
MM102 wrote:ARE YOU SERIOUSLY EATING BANANA CHIPS AND FUCKING KETCHUP!
I NEVER SAID I EAT BANANA CHIPS OR FUCK KETCHUP CALM DOWN
DRINK THE FUCK OUT OF IT

B-Man99
Posts: 1868
Joined: 02 Jul 2012, 00:32

Post » 06 Sep 2014, 12:17

Oh wow more people knew the reference than I thought
MrBlaze147 will always live on in our hearts

Sergione
Posts: 184
Joined: 07 May 2014, 16:02

Post » 07 Sep 2014, 13:48

It's hard write on Xbox 360! :D

User avatar
Wary
Posts: 597
Joined: 03 Jun 2012, 14:30

Post » 07 Sep 2014, 15:01

Sergione wrote:It's hard write on Xbox 360! :D
Why are you using your Xbox 360 to browse Stabyourself?

get a ps3

User avatar
Vakema123
Posts: 413
Joined: 26 Jan 2014, 21:24

Post » 07 Sep 2014, 15:22

WaryLouka wrote:
Sergione wrote:It's hard write on Xbox 360! :D
Why are you using your Xbox 360 to browse Stabyourself?

get a ps3
get a gaming pc

User avatar
Wary
Posts: 597
Joined: 03 Jun 2012, 14:30

Post » 07 Sep 2014, 15:25

Vakema123 wrote:
WaryLouka wrote:
Sergione wrote:It's hard write on Xbox 360! :D
Why are you using your Xbox 360 to browse Stabyourself?

get a ps3
get a gaming pc
get a mac