PDA

View Full Version : Hei Mike



Hacxx
05-12-2006, 12:23 PM
Can you supply any online exploit websites?


----
Hacxx
http://second-search.co.nr

Ezekiel
05-12-2006, 12:46 PM
Can you supply any online exploit websites?


----
Hacxx
http://second-search.co.nr

http://www.packetstormsecurity.org/
http://evuln.com/
http://secunia.com/advisories/
http://www.securityfocus.com/archive/*
http://www.insecure.org/
http://www.securiteam.com/
http://www.milw0rm.com/
http://www.securityfocus.com

Btw, are you fabioejp from a few months ago? Why were you banned?

Hacxx
05-13-2006, 05:15 AM
Because of you and the syntax****** decided to change the rules about advertising in the time i was banned.

Nevertheless thanks for the info provided.
The publication of the img has anything to do with me in any particular case?

Ezekiel
05-14-2006, 04:06 AM
Because of you and the syntax****** decided to change the rules about advertising in the time i was banned.

Nevertheless thanks for the info provided.


I may hate spam, but syntax****** is the only one here with banning priveleges. I am just a regular user like you.


The publication of the img has anything to do with me in any particular case?

What image?

Hacxx
05-14-2006, 02:00 PM
http://img*6*.imageshack.us/img*6*/5**4/fullanim*4ut.gif
Or is it your signature?

Also do you know how some people encode their url?
For example *2*455678* that will actually lead to their website.

My ideia is to encode via several methods, one of them is the google.com url which keeps the actual url encoded in hex and this hex will lead to the above url "codification".

Ezekiel
05-14-2006, 04:23 PM
Or is it your signature?


Yes, that is my signature, it's just some userbars that I made into a GIF.



Also do you know how some people encode their url?
For example *2*455678* that will actually lead to their website.

My ideia is to encode via several methods, one of them is the google.com url which keeps the actual url encoded in hex and this hex will lead to the above url "codification".

URLs can be encoded in many ways, read this (http://en.wikipedia.org/wiki/IPv4) page to learn about them. The decimal number URL you mentioned is formed by converting each octet of an IP number into it's hex equivalent, then concatenating these hex values into one long hex number. Then, this hex number is converted directly into decimal. It's hard to explain, but you can use this (http://www.allredroster.com/iptodec.htm) tool to convert IP numbers into many other forms that work in a browser:

Also, a normal URL such as www.google.com can be converted into another browser compatible form of URL. This is done by taking each character of the URL (such as w w w . g o o g l e . c o m) and replacing them with the hex equivalent of the ascii value, then separating them with a %. So www.google.com would be:

http://%77%77%77%2e%67%6f%6f%67%6c%65%2e%6*%6f%6d (http://%77%77%77%2e%67%6f%6f%67%6c%65%2e%6*%6f%6d/)

Try clicking that link, and it will take you to google. If you know hex, you will understand what I just said, if you don't, then you will not. I can explain more if you don't understand.

Hacxx
05-14-2006, 07:43 PM
Also, a normal URL such as www.google.com can be converted into another browser compatible form of URL. This is done by taking each character of the URL (such as w w w . g o o g l e . c o m) and replacing them with the hex equivalent of the ascii value, then separating them with a %. So www.google.com would be:

http://%77%77%77%2e%67%6f%6f%67%6c%65%2e%6*%6f%6d (http://%77%77%77%2e%67%6f%6f%67%6c%65%2e%6*%6f%6d/)

The hex entry that you post does not mask the actual url in the status bar so here is the encoding that i was saying "google + url".

http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%*A%2F%2F%77%77%77%2E%6*%6C%6C%2D%6E%65%74%74%6F%6F%6C%7*%2E%6*%6F%6D

This will redirect to www.all-nettools.com and the status bar points to a page inside google since google is considered by most users as a trusted website you can spoof a link easily. The decimal encoding that was discussed is to avoid using / showing the direct IP or domain name after.

After some reading and testing i think that this decimal scheme may not work out as i tested a few free webhosting companies and they all fail in pointing to the right page. Well it work out only with my NO-IP account.

Do you have any ideas?


If you know hex, you will understand what I just said, if you don't, then you will not. I can explain more if you don't understand.

I happen to be a OllyDBG fan and a HEX Editing addicted.

Ezekiel
05-15-2006, 11:44 AM
The hex entry that you post does not mask the actual url in the status bar so here is the encoding that i was saying "google + url".

http://google.com/url?sa=p&pref=ig&pval=2&q=%68%74%74%70%*A%2F%2F%77%77%77%2E%6*%6C%6C%2D%6E%65%74%74%6F%6F%6C%7*%2E%6*%6F%6D

This will redirect to www.all-nettools.com and the status bar points to a page inside google since google is considered by most users as a trusted website you can spoof a link easily.

I never knew google had this functionality, but when redirecting someone through a google link, the hex encoding will still appear decoded in the status bar; www.google.com will be at the start, but the real website will still be easy to see for users. But I suppose it's still better than having a normal hex encoded URL.



The decimal encoding that was discussed is to avoid using / showing the direct IP or domain name after.

After some reading and testing i think that this decimal scheme may not work out as i tested a few free webhosting companies and they all fail in pointing to the right page. Well it work out only with my NO-IP account.

Do you have any ideas?

Yes, this is because a lot of web hosts use virtual hosting, a way of hosting many websites/host names from one IP address. This is useful to have when they provide service to a lot of users, but it relies on the domain name to redirect to the correct page; each website can only be accessed by typing in the correct domain name of the site, and not through entering an IP number. This means that any type of IP number you enter will not redirect to the correct page, whether it is decimal, dotted decimal, or hex. This is a limitation of virtual hosting, which makes hosting anything other than a website very difficult. The reason you could enter a decimal IP to access your no-ip dynamic dns host name is because that points directly to your IP, and not a server using virtual hosting.




I happen to be a OllyDBG fan and a HEX Editing addicted.

It's good to finally have some more intelligent users. I don't think syntax****** should have banned you, a warning probably would have been enough, but whatever, you know the rules now.

Hacxx
05-15-2006, 08:24 PM
I never knew google had this functionality, but when redirecting someone through a google link, the hex encoding will still appear decoded in the status bar; www.google.com will be at the start, but the real website will still be easy to see for users. But I suppose it's still better than having a normal hex encoded URL.

A side note:
There seem to have diferent effects in diferent browsers for example in IE and Firefox it shows the actual address after "q=" as you were saying, but in Opera the encoded URL stay the same. (value in hex)