Index of /Unfiltered

It’s far from over my firend.

Tuesday, September 20th, 2011

A friend of my is “retiring” and moving out from the scene. During a conversation he told me that Web bases exploration is soon over. And i said to him that i think the are more opportunities now then ever before and i think the future still looks bright.

If we look how the websites started out we see a lot of static pages with information. Not that many sites were making money and the functions of a website were limited. As the year passed we see a difference in how websites are created. Before there where people just wanting to put out something for the public to see. Now people wanting to put out something while earning money and with money comes competition over visitors and users. Just take gmail or hotmail for example how much high-tech aren’t they today compare to a few years ago. Another example if we look at a pron site from 2000-2002 we see a website with static HTML pages and if your lucky they where running some bad coded PERL script witch you could exploit. But likely the only option was to attack a service running on the server like FTP or the web server it self. If we now take a look at a pron site 2011. We see a sites that has dynamic code and likely has code running from a few different coders. The site has a function to bookmark your favorite videos or search for your pornstar and so on. Its a trend that will continue and the last few years we have seen a explosion in “handheld” (mobile) websites and i have noticed a lot of them are bad coded because who hacks from a mobile phone right? While the size and complexity grows in a website the error for mistakes and logic flaws grows as well. I think our time if far from over and if i am allowed to quote Sun Tzu: “Opportunities multiply as they are seized”.

Posted in Unfiltered | No Comments »

h4x

Monday, November 30th, 2009

I often get requests to hack that user or that site. Often those people are inexperienced and don’t understand the time and will that goes in to some projects. To spend hours and hours to mapping and getting an overview of the server you need will and motivation. And then you get a request you often don’t feel that motivate to attack the target in question. But there are different kinds of motivation. The biggest and the one I use is my own curiosity or urge to have a site. Second best is to gain a favor from a friend or collage. Third is money, everyone needs that. So next time you ask a random hacker to do something think about dose three reasons and ask yourself if your request meets any of the criteria. I don’t get angry if my friends send me a request, but people I hardly know should even bother.
Even worse than that are people that think everything is easy to hack or that I have some kind of “super one click program” that I can use to get access to everything. They don’t understand that not everyone can do anything. Your need a set of skills and knowledge and that it takes time and effort to enquire them. From now on when people ask me to teach them to hack ill answer: “If you know how to Google and some PHP/*SQL/Perl(CGI)/ASP. Etc, and Unix, know some things about Apache/IIS and basic TCP. Then I’ll show you the way of the force”.

Tags:
Posted in Unfiltered | No Comments »

locating the httpd.conf file.

Monday, November 30th, 2009

I rarely deal with local file inclusion, but when I do I always run into the same problem of finding the httpd.conf file. I need to read this file for several reasons. One is to know where I am (www-root). The second one is to find the path to the log files. Third is to find out if there are any other virtual hosts on the server I don’t know about. So the httpd.conf file is the first I thing I look for, but it can be a pain in the ass to find. Although I have a lot of default paths written down I still have problem finding it sometimes. Even if you find it/them there can still be obstacle in the way. One of them is the damn asterisk (*) sign, Ex: /etc/apache/conf.v/*conf
This tells apache to include every file in the /conf.v/ that ends with a “.conf”, the files can be named anything so it’s just the long an almost impossible task of guessing what the webmaster named them. Anyway what iam getting at is that reading the httpd.conf files is a big step in achieving your goal. I’ll post my list of default paths I have found over the years. Hopefully someone will post a comment with paths I don’t have. Hope this can be to help for someone.

Enjoy!

/www/apache/conf/httpd.conf
/etc/httpd/conf/httpd.conf
/usr/local/apache/conf/httpd.conf
/etc/apache/conf/httpd.conf
/www/httpd/conf/httpd.conf
/etc/www/conf/httpd.conf
/home/www/conf/httpd.conf
/home/apache/conf/httpd.conf
/etc/apache2/httpd.conf
/etc/apache2/vhosts.d/vhost.conf
/home/www/httpd/conf/httpd.conf
/usr/local/etc/apache/httpd.conf
/usr/local/etc/apache/httpd.conf
/var/www/conf/httpd.com
/var/apache2/conf/httpd.conf
/usr/local/etc/apache22/httpd.conf
/usr/local/etc/apache2/httpd.conf
/etc/apache22/conf/httpd.conf

Tags: ,
Posted in Unfiltered | 2 Comments »