Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - TheWormKill

Pages: [1] 2 3 ... 14
1
News and Announcements / Re: New Global Mod and Some News
« on: February 29, 2016, 06:30:03 pm »
Quote from: r4kk00n on February 29, 2016, 06:26:34 pm
It is odd to me  that when I asked if there is a check on admin power in any way, people got angry.
If you read my posts in this thread, you will notice that I never accused any individual mod, or the mods on here in general of silencing anyone, or of abusing their mod power.
I never stated that I felt like I was silenced myself, or in any way targeted or treated unfairly.

This thread is about some changes to policy in regards to censorship, and extension of moderation power (I understand mods could always remove posts, this thread is talking about increasing mod censorship) and whenever something like that comes up in a forum, or any community it is always prudent to discuss ways to protect all forum or community members (even countries have constitutions or other documents that lay out methods to try to ensure fair use of leadership powers).

Why  the hostility here? Why turn to insults?
It is sentiments like this that make me concerned that mod abuse of power could potentially be a problem.
Apparently some mods are not secure enough to handle a lowly member of community  questioning their ideas. Lack of being open to criticism is a pretty sever flaw for leaders to have.
Again, I want to point out that nowhere in my previous posts on this thread did I insult anyone, or make any accusations. So those kind of insulting, heavy handed replies are pretty unnecessary,
Your questions were repetitive and iT got annoyed after some iterations. Given the size of the staff, power abuse is unlikely and I don't know of any cases so far (you can always ask someone else if you feel treated in an unfair manner). To stop this discussion now, I close the thread, it's derailed anyway:

2
News and Announcements / Re: New Global Mod and Some News
« on: February 27, 2016, 10:33:32 am »
Quote from: sonNe on February 27, 2016, 08:02:13 am
I'm sorry for double posting, i will remove this post after you or somebody else answer me, but about the new restrictions of null users, you guys think about take off the book restrictions of -20 post members? I may be talking trash, but since i comeback i didn't see the wiki of the forum, just a post talking that the administration took it off, but i suppose the E-Books Section still in the air, only available once you reach 20 post. A great part of the shitty topics/posts in the forum isn't about new members trying to get previleges? If i may give an idea, and you guys don't want to take of the restrictions, won't be a more intuitive way instead of blocking the restriction for posts, to change it to topics? Because that way, to get the previleges, the user will have to come up with good content, not only spam posts. I already see inumerals users here just spamming to get the access.
But if you guys did indeed take the E-books and software(if i remember well there was a software part), i apologize, and feel free to remove this post, or notify me to do it. It was just a suggestion to help the moderation in someway.
The main problem is that we get a lot of thank-you-nice-find posts, as well as topics that are just useless.
So lifting the restriction on one of those categrories wouln't be of help. It would also make the job harder because you can't filter posts proactively, and they contribute to the overall bad quality of the forums before they are removed. Making posting for new members approval-only is IMO a good step towards senseful moderation.

As for the eBooks: Well, they are there, and available after 20 posts. Given the reasons above, as well as the extensive discussion in the News and Announcements thread, I think I don't need to reiterate why ;).
The wiki, however, is down and was suppposed to be replaced, but that didn't happen yet.

3
Beginner's Corner / Re: Creating cheat sheets
« on: February 25, 2016, 11:38:48 am »
I personally don't see a problem here, but apparently you do, and as this is one of the less idiotic threads, I'll answer:

You don't have to know everything. Common stuff gets into your head pretty fast if you use it often. The rest... well use it more often and it will fall into category 1. For instance, read a bit about DNS and get to know the internals of your box by experimenting etc. (a VM might be a good idea here as well).

As of notekeeping... I use plaintext files written in markdown (look it up) and some custom tools to work with them, but any setup with plain text works fine (develop one yourself maybe?).

Hope that clears up the situation.

4
Hacking and Security / Re: GDB not copying desired string (For buffer overflow)
« on: February 25, 2016, 12:49:17 am »
Hm. I'm lost here, and I currently don't have time to try it myself. So I will enumerate some options you have:
1. investigate the source code of that particular version of strcpy(), and, if necessary, step through it in your debugger to find out what happens.
2. there is also a possible workaround: if there are nop's before the function you try to jump to, you might be able to decrease the address and jump before the function, alhough this would require fairly much space before the function in question, as we aren't talking of the LSB here, but a byte with higher significance.

So, Option 1 is your best bet. If you can't figure it out, I'll look into it myself tomorrow.

5
Hacking and Security / Re: GDB not copying desired string (For buffer overflow)
« on: February 25, 2016, 12:26:40 am »
This is indeed very interesting. What I initially thought of is that your address contains null-bytes that make strcpy() break from the loop, but this doesn't seem the case. your program's source might be useful here, as it maybe contains some other details that interfere with this?

Also:
Quote from: yasgur99 on February 24, 2016, 11:55:48 pm
For example, I am able to make the address 0x00400788 but it cant be 0x00400788.
Those two are the same two addresses.

So, please post the source, look for typos in your adresses and maybe I will find sth and explain the issue to you (or you'll find it yourself :)).

6
Operating System / Re: OS Advice?
« on: February 23, 2016, 09:24:12 pm »
Quote from: codder_227 on February 23, 2016, 07:34:07 pm
I just found this distro: http://distrowatch.com/lxle

I like it, seems perfect for old computers/ Laptops.
Anyone who tested this one? Would you recommend this one?

Edit: I like the simplicity.
It drags along the entire cruft from debian and Lubuntu. This means that you have tons of shit no one really needs yet is used by many people. If that's what you want... feel free. I'd rather run arch/slackware/void linux on older hardware (or any hardware really), because those are light, fast, customizable and two of them don't bring in systemd.

7
Anonymity and Privacy / Re: How do you fully truncate logs?
« on: February 17, 2016, 05:42:21 pm »
An important thing to add is that systemd uses a custom binary log format for some reason, so you should look into that, as Debian uses systemd as it's init system (not so Devuan).

8
General discussion / Re: What happened to the wiki mods?
« on: January 30, 2016, 05:18:54 pm »
It is down due to a vulnereability in it's source and the plans to move to IPS which should replace it, thus rendering the work of updating it etc. pretty useless. The IPS move is, however, delayed.

9
Beginner's Corner / Re: buffer overflow -opcode is saved as ascii text instead of address to be executed
« on: January 30, 2016, 12:52:53 pm »
Well, you need to add raw bytes to your input, not just a string, that's obvious, isn't it? How you do that should be equally obvious and depends on your way of input.

10
Hacking and Security / Re: Need Help Writing/Fixing Buffer Overflow Exploit
« on: January 23, 2016, 06:56:03 pm »
Quote from: yasgur99 on January 23, 2016, 05:43:16 pm
Also, what to you mean by an environment that is targeted by the book? I dont mind researching that I just dont understand what you are aksing
An old distro basically (as in "a distro from the time the book was written at").

11
Hacking and Security / Re: Need Help Writing/Fixing Buffer Overflow Exploit
« on: January 23, 2016, 11:13:54 am »
Did you compile the program being attacked with an executable stack and other exploit mitigation technologies turned off? If not, you now know why it keeps segfaulting, which is caused by attempting to execute memory flagged as non-executable (look up N^X). That's the main thing you need to know to understand what the issue is. So, most likely, you are in fact returning to your NOP sled, but since it is on the stack, you cannot execute it on any decently modern linux flavor. You could now try multiple things:
  • compile with exploit mitigations turned off (homework for you)
  • run and compile in an environment that is targeted by the book (more homework)
  • try a wargame especially designed for learning exploitation in a "classical" setting, some include IO and the overthewire wargames.

12
General discussion / Re: Dream Car?
« on: January 21, 2016, 11:26:42 am »
I am a party-pooper here:

13
Found it on the Webs / Re: Ebooks Links
« on: January 17, 2016, 02:30:12 pm »
As the moderator of the eBooks board, I approve of this message. If someone complains and can't help himself, he is in the wrong place. Now it would be ironic if someone moved this to the eBook board :P

14
Scripting Languages / Re: Python Code Help
« on: January 16, 2016, 09:02:46 pm »
Given the nature of your questions, I strongly suggest that you check syntax and semantics of the python language. You seem to lack basic understanding of string literals, concepts of command line interfaces etc.
That's nothing to be ashamed of, as everyone starts somewhere, but you should educate yourself in the first place.

15
Scripting Languages / Re: Python Code Help
« on: January 16, 2016, 12:24:21 pm »
I won't tell you what you did wrong because you obv. didn't do any basic debugging of your script.
However, I recommend that you print the stuff you pass to the os.system() call. If you are done with that, come back here and post your working code, as I see it will have some room for improvements.

Pages: [1] 2 3 ... 14