Archive for July, 2006

You are now browsing the archive for July in 2006.

Supposedly Divine

You
A chosen
Promised serenity

You
A victim
Sacrificed to void

Ancient hypocrisies
Linger and remain
Who can kill a God?

Posted July 26, 2006 in Poetry.
No comments yet. You be the first!

Semblance of Ardor

Deceptive lure and blithe facade
Streams argentine
On cheeks sanguine

Reveal thyne clandestines
Bait to condemn
Provoke to forsake

Vilify those untold words
And let angels shed
Their crimson tears

have markets unions all money credit credit three all scores no american check credit express account credit colorado merchant accept card credit one union american accredited programs homeschool http bad url add credit remortgage employees credit union alaska airlines Maploans day payday 30 no 1 faxing hour loans bank physician america loan loan $3000 credit bad with acs loan education with personal credit a loan bad 1003 application loan sloan 712 Map

Posted July 26, 2006 in Poetry.
No comments yet. You be the first!

HTS Basic Web 6: Decrypt the Password

The fifth basic web mission is very different from the prior missions (except maybe in one way the second mission) in that it requires an extensive use of logic. Actually this mission doesn’t have anything to do with hacking, but it teaches a very valuable lesson, which we will come to later.

By looking at the source code, we can only see the two forms. Nothing interesting. The next step is to try out the password encryption form. Type anything, and you can see that it does work. It shows you the encrypted string. Logically, the task is simply to construct a string that is encrypted to the code you were given. I got dg7847>l. First, try with something simple:

a -> a

a gives a. Seems simple, doesn’t it?

aaaaaaaa -> abcdefgh
bbbbbbbb -> bcdefghi

This is interesting. The same character is converted to different characters depending on what position in the string it has. If we think about it, though, it isn’t complex at all: In place 0 (the first), the letter is moved 0 steps in the alphabet. In place 1, it is moved 1 step, and so on. The password, though, contained a character other than a-z, >. How can we get it? Let’s check what happens if the alphabet isn’t enough:

wwwwwwww -> wxyz{|}~

That gives it all away: everyone should know about the ASCII table. After x, y, z comes — that’s right — {, |, } and ~. Now, we only have to find the correct characters. Every character should be counted backwards a number of steps equal to its position in the encrypted string. Start with the first character. dg7847>l:

d -> d
f -> g
5 -> 7
5 -> 8
0 -> 4
2 -> 7
8 -> >
e -> l

The decrypted string is therefore df55028e. Check it first to check if you have to adjust it, and then use it to continue to the next mission. As I said before, this mission teaches a very valuable lesson: never, ever use a simple encryption algorithm. The best would be to use an irreversible algorithm, such as MD5 or SHA-1. It is even better if you manage to hide the algorithm, although security through obscurity should never be recommended. Of course, the best is to never let the encrybted password leak out.movie porn anime masterbation free movies glory the movie nudes movie movies free bbw porn sex full length movies movies of stripping girls sex from scenes movies Map

Posted July 25, 2006 in Guides » Hack This Site.
143 comments

HTS Basic Web 5: Javascript Injection

This is the fifth basic web mission, and Network Security Sam apparently “secured” his email script. After a quick look at the source code, we see that the code visible to us is exactly the same as in the last mission. However, if we try the same hack as in the fourth mission, writing a form of our own, we can see that Sam’s new script checks the referer, i.e. the page that you came from. If it is not equal to the page that you are supposed to come from, you get an error.

This leaves an interesting option. Remember that hidden field that we changed?

We can still change the value of to, but it will require a more sophisticated method: Javascript injection. Did you know that you can execute arbitrary Javascript code on any page? Since Javascript is always executed client-side, this does not often create vulnerabilities. It can, however, throw arrogant network administrators such as Sam off. To execute Javascript code on a page, type this in the location bar (the input field where the URL shows):

javascript:code

Replace code with any Javascript code. In this mission, we want to alter the value of an element’s attribute. This is where the HTML DOM comes in handy. By using the document object in Javascript, we can access every single element in the document.

A form is accessed by document.forms[n], where n is the number of the form. If you count the forms in the source code, you can see that the form we want is the second. Number one, that is — remember that you always start counting on zero. We want to access the to element’s attribute value, so we’ll simply write document.forms[0].to.value. Let’s check if it works by putting the value in an alert box. Type:

javascript:alert(document.forms[0].to.value)

An alert box with the text “webmaster@hulla-balloo.com” (the value of to) should popup. If not, check so that you haven’t disabled Javascript. Instead of merely reading the value of to, let’s alter it:

javascript:alert( document.forms[0].to.value = “webmaster@example.org” )

The alert() is there to show the new value, in case anything would go wrong. Now the value has been changed, so you can just push the Submit button, and the mission is complete!personal loans 24502c000 loan calculator sag aftra alex godoy loanex reader adobe downloan action loan 2 tax loans day loans hme about va loan acceptance Map

Posted July 24, 2006 in Guides » Hack This Site.
159 comments

WordPress Plugin: Hot-or-Not Admin Panel

“Hot-or-Not Admin Panel” is my second WordPress plugin. Its purpose is to encourage administration of your blog by displaying a picture of a random girl from Hot or Not in the upper right corner of the administration panel. Gender, age and rating are configurable.

Example

Hot or Not Admin Panel screenshot

Download and Install

The current version of Hot-or-Not Admin Panel is 1.7. Download the zipped file here: hotadminpanel.zip. To install the plugin, just unzip it, upload it to the wp-content/plugins/ folder and activate it through the plugin tab in the administration panel.

Hot or Not Admin Panel works perfectly well on both WordPress 1.5 (Strayhorn) and 2.0, although it does not work in WordPress 1.2. Note that you will need either allow_url_fopen set to TRUE in your php.ini, or CURL support.

Changelog

2006-07-28, version 1.7:
- Replaced the admin_notices hook with admin_footer. Same effect, except admin_notices didn’t exist before WP 2.0.2.
- Custom wp_remote_fopen() in WP 1.5. (1.5 is now supported.)
- Added HTML debug comments
2006-07-28, version 1.6.1:
- Replaced the fopen/CURL option and switch with wp_remote_fopen(). Thanks, “Midwestern City Boy”.
2006-07-27, version 1.6:
- Added CURL alternative for fopen. Thanks, Mark
2006-07-26, version 1.5:
- Changelog added
- Options page added (dude, this quadrupled the file size)
- Options for gender, age and rating added
2006-07-22, version 1.0:
- Initial release

000-loan-guaranteed/nl>loan $15,000 guaranteed 000-unsecured-no-fee-loans/nl>loans no 30,000 fee unsecured loan 1035 with exchange loan albuquerque car used student loans all approved alaska alternative loans vocational student holland arms revolution american loans building 1st home loan time Map

Posted July 22, 2006 in Plugins » WordPress.
51 comments

Wordpress Plugin: ChessNotator

“ChessNotator” is a plugin that I wrote for WordPress. I don’t see why it wouldn’t work in WP 1.5, but I’ve only tested it in 2.0. The plugin allows you to paste a pure PGN text file between <chess> tags, and creates a nicely formatted table with the players’ names and the moves. Here is an example:

Example

vs

1.	e4	c5
2.	Nf3	d6
3.	Bb5+	Bd7
4.	Bxd7+	Qxd7
5.	c4	Nc6
6.	Nc3	Nf6
7.	O-O	g6
8.	d4	cxd4
9.	Nxd4	Bg7
10.	Nde2	Qe6
11.	Nd₅	Qxe4
12.	Nc7+	Kd7
13.	Nxa8	Qxc4
14.	Nb₆+	axb6
15.	Nc3	Ra
16.	a4	Ne
17.	Nxe4	Qxe4
18.	Qb3	f5
19.	Bg5	Qb4
20.	Qf7	Be
21.	h3	Rxa4
22.	Rxa4	Qxa4
23.	Qxh7	Bxb2
24.	Qxg6	Qe4
25.	Qf7	Bd4
26.	Qb3	f4
27.	Qf7	Be
28.	h4	b5
29.	h5	Qc4
30.	Qf5+	Qe6
31.	Qxe6+	Kxe6
32.	g3	fxg3
33.	fxg3	b4
34.	Bf4	Bd4+
35.	Kh1	b3
36.	g4	Kd5
37.	g5	e6
38.	h6	Ne
39.	Rd1	e5
40.	Be₃	Kc4
41.	Bxd4	exd4
42.	Kg2	b2
43.	Kf3	Kc3
44.	h7	Ng6
45.	Ke4	Kc2
46.	Rh₁	d3
47.	Kf5	b1=Q
48.	Rxb1	Kxb1
49.	Kxg6	d2
50.	h8=Q	d1=Q
51.	Qh7	b5
52.	Kf6+	Kb2
53.	Qh2+	Ka1
54.	Qf4	b4
55.	Qxb4	Qf3
56.	Kg7	d5
57.	Qd4+	Kb1
58.	g6	Qe4
59.	Qg1+	Kb2
60.	Qf2+	Kc1
61.	Kf6	d4
62.	g7	1-0

The following code was used to generate the table:

<chess>
[Event "Kasparov vs the World"]
[Site "Internet"]
[Date "1999.10.22"]
[EventDate "?"]
[Round "?"]
[Result "1-0"]
[White "Kasparov"]
[Black "The World"]
[ECO "B₅₂"]
[WhiteElo "?"]
[BlackElo "?"]
[PlyCount "124"]

1. e4 c5 2. Nf3 d6 3. Bb5+ Bd7 4. Bxd7+ Qxd7 5. c4 Nc6
6. Nc3 Nf6 7. O-O g6 8. d4 cxd4 9. Nxd4 Bg7 10. Nde2 Qe6
11. Nd₅ Qxe4 12. Nc7+ Kd7 13. Nxa8 Qxc4 14. Nb₆+ axb6
15. Nc3 Ra₈ 16. a4 Ne₄ 17. Nxe4 Qxe4 18. Qb3 f5
19. Bg5 Qb4 20. Qf7 Be₅ 21. h3 Rxa4 22. Rxa4 Qxa4
23. Qxh7 Bxb2 24. Qxg6 Qe4 25. Qf7 Bd4 26. Qb3 f4
27. Qf7 Be₅ 28. h4 b5 29. h5 Qc4 30. Qf5+ Qe6
31. Qxe6+ Kxe6 32. g3 fxg3 33. fxg3 b4 34. Bf4 Bd4+
35. Kh1 b3 36. g4 Kd5 37. g5 e6 38. h6 Ne₇ 39. Rd1 e5
40. Be₃ Kc4 41. Bxd4 exd4 42. Kg2 b2 43. Kf3 Kc3 44. h7 Ng6
45. Ke4 Kc2 46. Rh₁ d3 47. Kf5 b1=Q 48. Rxb1 Kxb1 49. Kxg6 d2
50. h8=Q d1=Q 51. Qh7 b5 52. Kf6+ Kb2 53. Qh2+ Ka1
54. Qf4 b4 55. Qxb4 Qf3 56. Kg7 d5 57. Qd4+ Kb1
58. g6 Qe4 59. Qg1+ Kb2 60. Qf2+ Kc1 61. Kf6 d4 62. g7 1-0
</chess>

Download

You can download the current version of ChessNotator (1.0) here. It is zipped, so you will need to unzip it.

Installation

Move the file chessnotator.php to the plugin folder, wp-content/plugins.
Go to the Plugins tab in the administration panel and activate the plugin.
Post a PGN file!

Posted July 21, 2006 in Plugins » WordPress.
16 comments

Never Trust the User: Client-Side Security

I was recently given the link to a Memory game by a friend, challenging me to the highscore. Needless to say, I resigned after my first attempt. The fact that the page did not reload with every click, though, interested me. I took a look at the source code, and there it was:

<script language="Javascript" src="mem2.php"></script>

Javascript, the bane of security. Since Javascript lets the client do the work, the user can do some nasty things when he is trusted too much. Do you know what causes those maphacks ruining every RPG? Trust. The producers assume that the clients won’t mess with their data before sending it back to the servers. This is a position just like that. Looking through mem2.php, I found the following line:

location.href = "highscore.php?cntrl=22283&moves=" + moves;

Obviously, this is the part that redirects the user to the highscore chart. The GET variables are interesting: cntrl was a control variable designed to prevent just what I was doing, and it changed to another random integer with every page refresh. moves was the time taken to finish the puzzle in tenths of a second.

By just going to the URL highscore.php?cntrl=22283&moves=4 i got 0.4 seconds on the highscore. There are very many games vulnerable to this kind of exploits, and if you find one — email the webmaster and Don’t Be Evil ™.

Bottom line: Never trust the user.

Posted July 20, 2006 in Miscellaneous.
One comment

HTS Basic Web 4: Alter the Hidden Fields

In the fourth basic web mission, Network Security Sam apparently hasn’t learnt anything from his prior mistake. In the third basic web mission, we extracted information from hidden form fields and thereby found out the name of a password file. The procedure is essentially the same in this mission. As usually, check the source code first. These snipets have been formated for easier reading:

As you can see, this level contains two forms. The upper one is the “Send password to Sam” button, and the lower one is the password field. You should already have noticed the highly suspicious hidden field in the upper form. Its purpose is obvious: it supplies the email address that the password will be emailed to. From merely knowing this address, you cannot achieve anything (except if you managed to hack the hulla-balloo.com server). Therefore, you should alter the field to contain your email address instead of Sam’s.

In order to enter your own information in to, the hidden field, you can create a local copy of the form. In your modified version, you can either change webmaster@hulla-balloo.com to your own email address, or change the type="hidden" to type="text". The prior changes the email address automatically, while the latter allows you to enter another address.

If you are pedantic and want your local version to validate, use the following code.

Remember to change the URL from local to absolute (http://hackthissite.org/missions/basic/4/level4.php instead of /missions/basic/4/level4.php). Save the file as e.g. hackthissite.htm, then open it in your web browser.article credit protection aarp abd psychology transfer credits century credits fox 20th accounts control credit receivable specialist day credit 30 fix duty active campaign months service credit absenteeism credit risk monitoring credit evaporation 1440 program Map

Posted July 19, 2006 in Guides » Hack This Site.
105 comments

Perl Poetry: A Code Haiku Collection

Everyone has seen the Perl ASCII art and obfuscation competitions that are everywhere. I’ll make my own attempt, with a Perl haiku collection. These four haikus form a syntactically correct script that prints all prime numbers lower than 100.

my @primes = (2);
my $limit = 100;
my $i = 2;
 
my $b = 0;
while ($i < $limit) {
$i += 1;
 
foreach $_ (@primes) {
unless (!($i % $_)) { }
else { $b = 1; } }
 
if ($b == 0)
{ push @primes, $i; } $b = 0; }
print "@primes \\n";

Pronounce the code like this:

My primes equals two
My limit equals hundred
My i equals two

My b equals o
While i is less than limit
I plus equals one

For each under primes
Unless not i mod under
Else b equals one

if b equals o
Push primes i, b equals o
Print primes backslash n

It works perfectly, too.

Posted July 18, 2006 in Haiku » Perl » Poetry » Programming.
2 comments

HTS Basic Web 3: Hidden Fields are Not That Hidden

Ok, so in the third basic web mission, our old friend Network Security Sam remembered to upload the password file. As usually, though, he forgot something essential. Let’s look at the source:

Ooh, he’s got a hidden field in there. Those are always exciting, mainly because of a common misconception. Many uneducated (or learning) webmasters seem to believe that hidden fields are impossible to find. This is certainly not the case. They are just that — hidden. Anyone could find them (and possibly change them), if they just took some time. A form’s hidden fields are revealed in the source code. Here is a field that Naive Network Security Sam hoped to remain hidden:

Anyone can figure out what this field is for. Yep, that’’s right: the password file. Now we’ll just check the content of the password file, and after that, we’ll have the password. Thus, you must only go to www.hackthissite.org/missions/basic/3/password.txt and copy the content. Just enter that password, and you shall be granted access to the fourth mission.

Now you might ask, how could Sam prevent this? There are three simple ways:

Hide the content of password.php. Password.php could assign the password to a variable, and then be require()ed from the main password-checking script.
Hard-code the filename. This way, the user cannot intervene.
Hard-code the password. This is, though less managable, perhaps even better, since there otherwise could be problems if the password file could not be read for some reason.

2007 auto loan rate officer loan a donwloand ad aware free home 401k loan loan abc chance loan 2nd loan hr 1 payday online loan 1000 payday Mapporn pale chubby porn chubby gallery free porn chubby videos porn chubby chubby porno free sites porn chubby pussy porn chubby woman xxx porn chubby sites Map

Posted July 18, 2006 in Guides » Hack This Site.
70 comments

« Later Posts — Earlier Posts »