EvilZone

I think that's only possible when they associate the robot itself with self-learning. Maybe connect to some database where the robot can download the new subject, study it and replicate it as a human, and after many tests, they will keep upgrading its abilities to see where they can go. I like to imagine this kind of stuff too, but i imagined what will be like when a robot can have the body of an humanoid, and an almost unlimited storage space in it's "brain" function. Connected to the World Wide Web, free to download any subject. I think that's when the shit hits the fan, when he is so advanced that he can learn about any subject and upgraded. Maybe with so much knowledge, he can start to see some kind of flaw in the Human itself, making algorithms after algorithms to solve it. Maybe the solution is just fuck shit up starting to replicate new robots of himself with the methodology that he learned while trying to solve the problem, a perfect time for some hidden malware to benefit some country, organization or maybe a single person. Anyway, extend too much here, but its a very interesting topic to discuss about!

Btw -> Imagine walking on the forest and saw the Atlas just walking and shit? I honestly don't know what i would do. Lol

sorryforbadgrammar

EDIT: This is just a basic insight into some webapplication vulnerabilities that exist, you must research them yourselves if interested.

Hello people of Evil Zone,

I am here to teach people who are interested in Web-Application Pentesting and don't know how or where to start. In this post I will be teaching you how to setup XAMPP and DVWA (Damn Vulnerable Web Application) - Sandbox webapps that have been built to be exploited. They contain most of the most popular exploits of this generation such as the following:

* SQL Injection
* Blind SQL Injection
* XSS Exploits (Stored)
* XXS Exploits (Refective)
* Brute Force Exploits
* And more!

This will truly improve your skills as a webpentester, okay well LET'S BEGIN!

                            STEP 1: Installing and setting up DVWA

Step 1: Download an old version of XAMPP (Due to DVWA only supporting an old version of php)
Link: http://www.oldapps.com/xampp.php?old_xampp=12532

Step 2: Download latest version of DVWA (Version 1.9)
Link: http://www.dvwa.co.uk/ (Scroll down to the bottom, locate the "Download" button)

Step 3: Once you've downloaded both of these packages install XAMPP and locate where you installed the files (Program Files) then go to the "htdocs" folder and extract the DVWA folder in there, make sure that there isn't a folder inside the DVWA-1.9 folder it should look like   htdocs - DVWA-1.9 - Files

Step 4: Rename the DVWA-1.9 folder to "DVWA" - Without the quotes.

Step 5: Fire up XAMPP and start the MySQL & Apache services

Step 6: Open up your favored browser (I use chrome due to firefox's leakage of webrtc requests and IE's security problems) - Head over to "localhost/DVWA" it should redirect to the setup page but incase it doesn't then go to "localhost/DVWA/setup.php" scroll down tell you see "Setup Database"

  Its going to give you some gay error, idk why it does that but here's how to fix it, simply go to your DVWA folder in your XAMPP folder and go to the "Config Folder" and then open up the the only file in there with notepad/notepad++ and change this part.

To this

Then go back to the  site and click create/reset database and it should say "Created blah blah" no errors.
If it doesn't redirect you go to localhost/DVWA/login.php - The login is:

Username: Admin
Password: password or Password

Gratz now you've successfully setup DVWA on XAMPP -- Now, what do we do? Start pentesting the crap out of it's many modules as I stated above. I'm also going to be covering this in the near future (Today, tomorrow) going through every individual module and security type.

Thanks for reading, I will be adding to this with tutorials so "stay tuned" 
 
                                            EDIT #1: XSS Vulnerabilities (Stored/Reflective)
As I promised I shall add tutorials on how to use DVWA's modules, in this edit I'll be talking about XSS exploits, how they work, how to exploit them, and why they're a VERY serious threat.

There are 3 types of XSS exploits, stored, reflective and DOM based xss exploits. However I will not be covering DOM based XSS exploits due to its rarity. Difference between em is that the XSS stored saves the malicious JScript on the server so it gets automatically executed, where as reflective the reflective XSS one has the malicious JScript in the URL not on the server: some social engineering will be required in-order to use it, I'll talk more about it at the end of this.

How do they work ey? A basic answer would be they execute user-submitted java-script to other users, you're probably wondering what the purpose of this would be? Who cares its only Javascript, wrong. You can use Javascript and other techniques to COMPLETELY own a computer/server by stealing cookies, redirecting to malicious websites, stealing history and much much more. - (Research about the BeeF framework if you're interested)
 
Okay before we begin here's a very important piece of information, modern browser have XSS protection integrated into the browsers (BUT THEY CAN BE BYPASSED) but to keep this tutorial simplistic I'm going to manually disable security protection on chrome you can do that by doing:
Creating a shortcut (right click, create shortcut)
 
Paste this in there ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --args --disable-web-security) okay now when ever you want to practice XSS pentesting you can just fire that open, I recommend you call the shortcut "Vulnerable Browser" or something like that so you don't get confused. OKAY LETS START XSS PENTESTING NOW!
                                                                STORED XSS:
1. Fire up your apache/mysql services using XAMPP and go to localhost/DVWA - as we previously setup - and login

2. Head over to 'Security Settings" and set the security down to low.

now go to the XSS(Stored) tab. This is an example of what you might come across in the real world (I personally have encountered this many times) as you can see it stores the value so that anyone who hits this page sees the inputs or in our case, malicious JScript 

3. Due to this being a not-so complicated tutorial I'm going to skip over any sanitation a webapp would have and just input the most basic jscript (LOW Settings)- this is not always the case in the real world.
Anyhoo, input this code into the form under the name section:


lo and behold, the jscript has been executed, "now what, that's it" as I stated above with a little bit of creativity and ingenuity you can do anything such as this (<script>alert(document.cookie)</script>):

this is the cookie session id, if we add a little bit of code we could receive other users cookies and hijack their sessions and use their accounts, this would give us complete access to the forum if we got an admin to do this. If you think this is all hypothetical/far-fetched do some research and see how many big companies such as Apache that have had their websites compromised by this type of attack. Moving on to reflective attacks.
                           
                                                          Reflective XSS Attacks
This kind of attack is more popular then the stored one, however it is harder attack large amount of people due to you having to sending the malicious link to other users: but it is very possible.

1. Head over to the reflective xss tab

2. We need to find the vulnerable parameter, simply insert some random name into the box and submit. You'll see that it gives you your name back. Look at the url and remove the name you inserted and replace it with some malicious java script:

Example: <script>alert('Wormy takes too long to approve my threads')</script>
it should execute the script, yay.

Extra Notes:
Just because you could do this doesn't mean shit, this is super basic stuff. Up the protection level to medium and try the same thing: it won't work due to the application now including some sort of sanitation to your input before showing it back to the user, this renders your jscript useless (YES YOU CAN BYPASS THIS TOO, VERY SIMPLY) - Stay tuned for more tutorials, and please, if I wrote anything incorrect/inaccurate please notify me!

Post below if you have any questions or want to say thanks, stay tuned for next time 

 

 

Hello EZ,

Today we will study about a data structure called Stack. But before proceeding with the tutorial I would like you to read the following note.

Reader's Note :

• You must not be a novice at programming.
• You have read this thread : A Brief Introduction to Data Structures.
  
• Have patience and read till the end of this paper.
• Finally, this topic I posted on another forum (you will understand which forum.) quite sometime back. I am posting it here without much modification. If you find any error reply to this topic and I will correct it.

Let's Begin.

---

Stack : A stack is a particular kind of abstract data type or collection in which the principal (or only) operations on the collection are the addition of an entity to the collection. The operations that are performed on the the stack are push which means to insert an element at the top of the stack and pop which means to remove the top element from the stack.

Stack follows LIFO (Last In First Out) Principle, that is the element which is inserted into a collection last is taken out first from the collection as well.

The concept of stack data structure is from from development point of view and it has found numerous applications, include system level design and making efficient processes.

Applications of Stack

1. Data Parsing
2. Compiler Designing.
3. Recursion
4. Solving numerous Classical problems like Tower of Hanoi.
5. System Memory Management.
6. Reversing String.
7. Mathematical Expression evaluation. (Converting them from infix to postfix and then manipulating evaluating them)
8. Backtracking.
etc...

Stack as an Abstract datatype

StackADT {
push(item) : insert the item into the stack
pop() : removes the top element.
size() : Returns the size of the stack.
isEmpty() : checks whether the stack is empty or not.
isFull() : checks whether the stack is full or not.
}

Now let us understand the concept of stack better by taking an example :-

Suppose we consider an array of the following elements :-

5 <--- Top element
6
7
8
9

Now we push another number onto the stack, say 34, then our stack has the following structure :-

34 <--- Top element.
5
6
7
8
9

So it is evident that the most recently inserted items are push onto the top of the stack following the LIFO principle. Again we push another number into the stack, say 2, just following the above concept we have the following :-

2 <--- Top element.
34
5
6
7
8
9

We have understood the push operation and so lets see how does pop works. Lets pop once from the above array and the array becomes :-

34 <--- Top element.
5
6
7
8
9

As you can see the top element was poped from the stack and the next element that is 34 becomes the top element. Okay so lets pop two more elements and then the stack has the following structure :-

6 <--- Top element.
7
8
9

What happens above ?

First 34 is pop'd and then 5 becomes the top element and then another element i.e. 5 is pop'd and 6 becomes the top element.

I hope you have understood the concept of stack. Since we have understood the concept of stack and so lets write some code now. I will use Java to write the code.

We create an interface to understand the concept of our ADT.

StackInterface.java

package com.psychocoder.stack;

/**
 *
 * @author Psycho_Coder
 */
public interface StackInterface {
   
    /**
     *
     * @param item Inserts an element into the stack.
     */
    public abstract void push(int item);
   
    /**
     *
     * @return Returns the element removed from the stack
     */
    public abstract int pop();
   
   
    /**'
     *
     * @return Returns true is the stack is empty
     */
    public abstract boolean isEmpty();
   
    /**
     *
     * @return Returns true if the stack is full
     */
    public abstract boolean isFull();
   
    /**
     *
     * @return Returns the top element of the array
     */
    public abstract int peek();
   
    /**
     *
     * @return Returns the size of the array
     */
    public abstract int size();
   
}


JStack.java

package com.psychocoder.stack;

import java.util.Scanner;

/**
 *
 * @author Psycho_Coder
 */
public class JStack implements StackInterface {

    private final static int DEFAULT_SIZE = 5;
    private final int[] stack;
    private int top;
    private final int SIZE;
    private static JStack st;
    private static int NO_OF_ELEMENTS;
    public JStack() {
        SIZE = DEFAULT_SIZE;
        stack = new int[SIZE];
        top = -1;
        NO_OF_ELEMENTS = 0;
    }

    public JStack(int SIZE) {
        this.SIZE = SIZE;
        stack = new int[SIZE];
        top=-1;
        NO_OF_ELEMENTS = 0;
    }

    @Override
    public void push(int item) {
        if (!isFull()) {
            stack[++top] = item;
            ++NO_OF_ELEMENTS;
        } else {
            out("Stack Overflow! Please remove some elements from stack.");
        }
    }

    @Override
    public int pop() {
        int k = -1;
        if (!isEmpty()) {
            k = stack[top];
            --top;
            --NO_OF_ELEMENTS;
        }
        return k;
    }

    @Override
    public boolean isEmpty() {
        return top == -1;
    }

    @Override
    public boolean isFull() {
        return top == SIZE;
    }

    @Override
    public int size() {
        return stack.length;
    }

    @Override
    public int peek() {
        return stack[top];
    }

    private void display() {
        out("The elements in the stack are : ");
        for (int i = NO_OF_ELEMENTS-1; i >= 0; i--) {
            System.out.print(stack[i] + " ");
        }
        out("\n");
    }

    public static void out(String data) {
        System.out.println(data);
    }

    public static void main(String[] args) {
        int item, choice;
        boolean conti = true;
        Scanner sc = new Scanner(System.in);
        if (args.length == 1) {
            st = new JStack(Integer.parseInt(args[0]));
        } else {
            st = new JStack();
        }

        while (conti) {
            out("\nMenu");
            out("1. Push");
            out("2. Pop");
            out("3. Peek");
            out("4. Size");
            out("5. Display");
            out("6. Exit");
            out("Enter your choice : ");
            choice = sc.nextInt();

            switch (choice) {
                case 1:
                    out("Enter the item :");
                    item = sc.nextInt();
                    st.push(item);
                    break;
                case 2:
                    int k = st.pop();
                    out(k == -1 ? "Stack Underflow! Please insert some elements into stack." : ("Element Poped" + k));
                    break;
                case 3:
                    out("Top element :" + st.peek());
                    break;
                case 4:
                    out("Size of the Stack : " + st.size());
                    break;
                case 5:
                    st.display();
                    break;
                case 6:
                    conti = false;
                    break;
                default:
                    out("Wrong Choice. Please try agian!");
            }
        }
    }
}


---

Okay so now you have understood what do you mean by stack. What if you can see it for yourself visually. For your personal better understanding I have already created an applet showing the working of a stack.

Visual Stack

This applet is very simple and shows the working of a stack.

Video Demonstration

After a few secs pause the video and see the instructions written properly. Read further for full reference.

Link: http://www.youtube.com/watch?v=MhA3GLfd7L4



Description

We have a text area and you need to write certain commands for this to work.

We need to know about the stack ADT first. A stack does the following operations :-

1. Push ; Pushes an element to the top.
2. Pop: Removes the top element
3. peek: Returns the top element.
4. size: returns the size of the stack.

We have 5 keywords here, namely - push, pop, top, size, and delay.

push and delay work as the following syntax :- <instruction> <single-space> <data>

push :- Push the data into the stack. Example : push you, push 2, push IAmDull etc
delays : delay the update of the stack and its visualization.

pop, top, size are single instructions.

pop : pops the top element.
top : Shows the top element in logs.
size : Shows the size of the stack in logs.

Code

Project Link: https://github.com/AnimeshShaw/VisualStack

Note: The Code is a old but for demonstration purpose it works. I will update it later.

---

Okay, We are now ready to study some applications of Stack. So lets begin.

Example of an Application of Stack

String Reverse.

A Stack can be used to reverse a list, integer, string etc. Lets Look at the following example to understand the concept better :-

Suppose we have a string variable NAME and a string value of "Firun" assigned to it.

String NAME = "Firun";

Now since Stack follows the LIFO principle so if we insert every character from NAME into the stack then we will have 'n' as the top element. Then we can pop the elements we will have our Strings reversed. Look at the following working :-


1. Insert 'F' into Stack. We have

'F' <--- Top

2. Insert 'i' into Stack. We have

'i' <--- Top

'F'

3. Subsequently we insert the remaining characters as well and we get the following Stack structure.

'n' <--- Top

'u'

'r'

'i'

'F'

Now we pop all the elements from the stack and we have the following sequence :-

 

'u' <--- Top

'r'

'i'

'F'

We get 'n'

'r' <--- Top

'i'

'F'

We get 'u'. Also initially we had 'n' and so now we add 'u' to it and we get "nu". Proceeding in a similar way we get the final string as "nuriF".

I hope you understood the logic. So lets peep at the function code :-

private String reverseString(){
        String m="";
        for(int i=0;i<str.length();i++){
            stack.push(str.charAt(i));
        }
        for(int i=0;i<str.length();i++){
           m=m+stack.pop();
        }
        return m;
    }


Algorithm

PROCEDURE REVERSE_STRING(M) {
     INITIALISE LEN = LENGTH(M)
     FOR I TO LEN:
         STACK.PUSH(M[I])
     FOR I TO LEN:         
         N = N + STACK.POP()
     RETURN N
}

Stacks are very useful and they reduce your workload, but it solely depends on the programmer how efficiently he uses these concepts. If you are able to make it to this end then probably you have read the entire tutorial. I hope you enjoyed it. If you have any questions or doubts then feel free to ask. Feedback would be appreciated.


Thank you,
Sincerely,
Psycho_Coder.

Recently I've thought about releasing UniBot source code into the public, in a hope that some good developer(s) would continue the path, which I'm trying to leave in order to accomplish new things that are in my plan. It's been just over a year ago since I started working on the project, so it's time to move on.
The one of the main reasons why I've decided to do such radical move is that I see no interested VB6 coders which would expand UniBot via its plugin system. On the other side, I can say that I'm so far satisfied with bunch of configs which a few users (brave, I guess) decided to make and did that, and which have reached to about 500 people that registered on the support forum and even came from the others.
So my question is - will there ever be some good guys which are willing to take the job and continue to develop the tool, or even port it to the other platform i.e. programming language (for example to work on Linux without an emulator)? I'm asking this because I want to see if this last try will succeed and if it's worth to do so.

UPDATE: Already did it.

I finally took the time to read through your paper. Thank you for your writeup!

Now I know what you do in your free time. 

Btw, do you have more grammars for Hexinator that are worth a share?

Thanks for finally reading it. I appreciate it. I wish I had more free time hahaha.

Synalize maintains a list of all Hexinator Grammers that people have created. You can find them here: https://www.synalysis.net/formats.xml

There are a few file formats, which are related to browser forensics on which there's no (or scarce) info is available on the web. Currently, I am trying to reverse engineer them. When its done I will release the grammers for those files. For the rest I don't have, I am sorry but if I come across something which might be of use in your line of work/interest I will surely share it with you.

Thanks again for your time, its always inspiring.