| Author |
RE: What lessons do you want? |
superpimp
Member
Posts: 113
Location: Belgium
Joined: 17.12.05
Rank: Monster |
|
|
If it's possible, it would be better if HBH hosted the lessons themselves... |
  
|
| Author |
RE: What lessons do you want? |
scankyfrank
Member
Posts: 416
Location: scotland
Joined: 01.12.04
Rank: Uber Elite |
|
|
superpimp wrote:
If it's possible, it would be better if HBH hosted the lessons themselves...
we cant afford the bandwidth  .
If you don't eat your meat you can't have any pudding.
How can you have any pudding if you don't eat your meat?
|
|
|
| Author |
RE: What lessons do you want? |
Kalkran
Member
Posts: 55
Location: B-hind u!
Joined: 30.08.05
Rank: God |
|
Host them on an 'orgfree.com' domain thing.. You get like one gig monthly bandwidth!
Thats what I usually do with my hacking vid's...
|
|
|
| Author |
RE: What lessons do you want? |
SwiftNomad
Member
Posts: 423
Location: Hemosillo, SON, Mexico
Joined: 19.12.05
Rank: HBH Guru |
|
Hmm, I will host them for you guys.
or you can buy the same hosting I have.. (PM ME FOR LINK)
I have unlimited bandwidth and desk space.
|
|
| Author |
RE: What lessons do you want? |
superpimp
Member
Posts: 113
Location: Belgium
Joined: 17.12.05
Rank: Monster |
|
|
Kalkran wrote:
Host them on an 'orgfree.com' domain thing.. You get like one gig monthly bandwidth!
Thats what I usually do with my hacking vid's...
euhm, one gig is nothing for a huge site like this... |
|
|
| Author |
RE: What lessons do you want? |
DotHacker0
Member
Posts: 133
Location: I have no fuckin clue
Joined: 04.08.06
Rank: Wiseman |
|
I agree.
 |
|
|
| Author |
RE: What lessons do you want? |
Jegoviciusss
Member
Posts: 47
Location:
Joined: 07.11.09
Rank: Active User |
|
|
Well, XSS is useful, but in a little more advanced than cookie stealing... |
|
|
| Author |
RE: What lessons do you want? |
stranac
Member
Posts: 85
Location: At a place near the thing and stuff...
Joined: 15.11.08
Rank: God |
|
|
Where the hell did you dig this from? Its five years old stuff. |
|
|
| Author |
RE: What lessons do you want? |
Compromise
Member
Posts: 224
Location:
Joined: 11.11.09
Rank: Moderate
Warn Level: 30
|
|
|
Jegoviciusss wrote:
Well, XSS is useful, but in a little more advanced than cookie stealing...
Visit sla.ckers.org, read -everything-.
CrazySpai |
|
|
| Author |
RE: What lessons do you want? |
Jegoviciusss
Member
Posts: 47
Location:
Joined: 07.11.09
Rank: Active User |
|
Someone should teach them an xss injection like this:
Send a message containing javascblockedript that reads the source on the admins view message page finds all the links, follows the links and reads the source there. (This is quite useful, you can use another javascblockedript after that to post something through the admins account) of course he has to open the message |
|
|
| Author |
RE: What lessons do you want? |
define
Member
Posts: 196
Location:
Joined: 13.12.08
Rank: Moderate
Warn Level: 1
|
|
|
Jegoviciusss wrote:
Someone should teach them an xss injection like this:
Send a message containing javascblockedript that reads the source on the admins view message page finds all the links, follows the links and reads the source there. (This is quite useful, you can use another javascblockedript after that to post something through the admins account) of course he has to open the message
This is going to be off-topic... but, when seeing this post and the thread you currently have going, I've come to the conclusion that you might misunderstand a bit what Javascblockedript is generally used and not used for.
Javascblockedript is a client-side scblockedripting language that runs in the user's browser. It is capable of manipulating elements on the page on which it exists, and it is capable of making asynchronous (i.e., no page refresh) requests to other pages on the same server. Beyond that, w3schools and tizag (as I linked in your thread) are good resources for learning more about Javascblockedript.
For a spidering application, you're probably going to want to go with a different language. I always recommend Python, since it's ridiculously simple to learn. Whichever language you choose, Google "<language> web spider", where <language> is your programming language. There are plenty of examples to get you started.
Oh, I almost forgot... If you're determined to learn Javascblockedript (no matter how wrong it may be for what you're intending), then I highly recommend PMing Mouzi, since he is quite knowledgeable in Javascblockedript.
On-Topic Portion
Sadly, the only on-topic contribution I have to this thread is that HBH doesn't need any more lessons. People just need to start learning the things that are already here (when you get back to content from around '06 or '07).
Yeah.
Edited by define on 23-02-10 13:32 |
|
|
| Author |
RE: What lessons do you want? |
Jegoviciusss
Member
Posts: 47
Location:
Joined: 07.11.09
Rank: Active User |
|
define wrote:
Jegoviciusss wrote:
Someone should teach them an xss injection like this:
Send a message containing javascblockedript that reads the source on the admins view message page finds all the links, follows the links and reads the source there. (This is quite useful, you can use another javascblockedript after that to post something through the admins account) of course he has to open the message
This is going to be off-topic... but, when seeing this post and the thread you currently have going, I've come to the conclusion that you might misunderstand a bit what Javasc blockedript is generally used and not used for.
Javasc blockedript is a client-side sc blockedripting language that runs in the user's browser. It is capable of manipulating elements on the page on which it exists, and it is capable of making asynchronous (i.e., no page refresh) requests to other pages on the same server. Beyond that, w3schools and tizag (as I linked in your thread) are good resources for learning more about Javasc blockedript.
For a spidering application, you're probably going to want to go with a different language. I always recommend Python, since it's ridiculously simple to learn. Whichever language you choose, Google "<language> web spider", where <language> is your programming language. There are plenty of examples to get you started.
Oh, I almost forgot... If you're determined to learn Javasc blockedript (no matter how wrong it may be for what you're intending), then I highly recommend PMing Mouzi, since he is quite knowledgeable in Javasc blockedript.
On-Topic Portion
Sadly, the only on-topic contribution I have to this thread is that HBH doesn't need any more lessons. People just need to start learning the things that are already here (when you get back to content from around '06 or '07).
It is possible to read the source of a webpage with javascblockedript. It is also possible to follow links and then read the source code of the desired pages.
So lets say admin is logged on and reead your message.
Your scblockedript finds the page edit_forum.php an reads its source.
Then you know how the edit_forum.php works approximately...
You write a new javascblockedript that uses edit_forum.php to fill out the form and edit the forum. Send the message containing javascblockedript to the admin, he opens the message and edits the forum... (you can also add a scblockedript that deletes yor message from his inbox afterwards)
Its possible and very useful...  |
|
|
| Author |
RE: What lessons do you want? |
NotMyFault
Member
Posts: 66
Location: Ireland
Joined: 23.12.09
Rank: Hacker Level 2 |
|
Rooting tutorial. I'm just pulling this out of the sky. If it's hacking through the command prompt (like I think...) I'd love to learn it as I don't know anything about it!
A blind SQL injection tutorial. The only one I can find on this site (apart from Mozzer's article which is very good) only deals with some program...
I'm with the posts above about XSS. The site can only benefit from having more lessons, especially on the basics.
I know that to make lessons that you need people experienced and willing to make a decent effort at making good lessons and that there aren't too many of them around. I've looked at the lessons in the lessons section and I found the first 2 good. If HBH could have more lessons, articles or tutorials of a high calibre the newbies on this site (like me  ) would learn a lot faster and be less likely to resort to skiddie programs.
Also, a lesson on php shells?
|
|
|
| Author |
RE: What lessons do you want? |
MoshBat
I am awesome
Posts: 4361
Location: Somewhere that I hope you think is witty.
Joined: 13.08.06
Rank: Newbie
Warn Level: 100
|
|
|
NotMyFault wrote:would learn a lot faster and be less likely to resort to skiddie programs.
The information is freely available, lack of motivation/intelligence/time/all-of-above leads to use of prebuilt programs.
   |
|
|
| Author |
RE: What lessons do you want? |
define
Member
Posts: 196
Location:
Joined: 13.12.08
Rank: Moderate
Warn Level: 1
|
|
|
NotMyFault wrote:
A blind SQL injection tutorial. The only one I can find on this site (apart from Mozzer's article which is very good) only deals with some program...
There are great tuts on this elsewhere online... Maybe you should read some of them, learn the topic well, then write one for here. 
NotMyFault wrote:
Also, a lesson on php shells?
Lesson: Google "php shell" and read the code. It's just file functions and system functions.
---
define wrote:
After seeing this post and the thread you currently have going, I've come to the conclusion that you might misunderstand a bit what Javascblockedript is generally used and not used for.
Jegoviciusss wrote:
It is possible to read the source of a webpage with javascblockedript. It is also possible to follow links and then read the source code of the desired pages.
Yes, I know it is possible to read the source of a web page with Javascblockedript and request remote pages with it. I was one of the ones helping with advice for you to do so in another thread, remember?
If you need any proof of what I can do with Javascblockedript, just check the Code Bank for the two Greasemonkey scblockedripts that I posted in there. 
That being said... I did not say that Javascblockedript could not do it. I said that Javascblockedript is generally not used to do it. While there are some that do seem to code mostly (if not entirely) in Javascblockedript, it is ill-suited for or cannot perform a lot of tasks. Running a spidering or bot application in Javascblockedript relies on the memory available to the browser... which can pretty easily be exceeded on large applications. Even the Greasemonkey scblockedript referenced above (the most recent one) locks up the browser after a period of time because it leaks memory like crazy. A desktop scblockedripting language is more suited for these tasks as it only has to worry about the memory it consumes, and scblockedripting languages have better garbage collection. Also, scblockedripting languages are capable of file access and other things that Javascblockedript is not capable of.
What can Javascblockedript do better than desktop scblockedripting languages? Web scblockedripting on behalf of a web site. That's what it is there for, and that's what it does best. Greasemonkey scblockedripts are a fine-lined exception that impose functionality that a web site either should have or won't have but someone finds useful.
Jegoviciusss wrote:
So lets say admin is logged on and reead your message.
Your scblockedript finds the page edit_forum.php an reads its source.
Then you know how the edit_forum.php works approximately...
You write a new javascblockedript that uses edit_forum.php to fill out the form and edit the forum. Send the message containing javascblockedript to the admin, he opens the message and edits the forum... (you can also add a scblockedript that deletes yor message from his inbox afterwards)
You can do this same thing with a scblockedripting language using a cURL or similar remote request library (urllib2 for Python, maybe LWP for Perl). Just because your crafted message will contain Javascblockedript in the form of an XSS or otherwise injected code doesn't mean that the whole app need be written in JS.
Yeah. |
|
|
Main:
