- Apocalipsa dupa Nemessis
- Cand dorinta de afirmare depaseste granitele bunului simt – PaxNwo un leecher ordinar
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac?
- Experiment social II – andimoisescu.ro
- Pentru posteritate
- In curand…
- “Hot” de id-uri messenger
- Chiar ca sunteti retardati
- Ce nu se invata la scoala – Vendetta (6)
- Apocalipsa dupa Nemessis in (81 Visits)
- Ce servicii de mail folositi? in (27 Visits)
- This is the end in (22 Visits)
- Hackersblog.org is now blog.rstcenter.com in (17 Visits)
- La multi ani România, la multi ani românilor in (15 Visits)
- Short news in (15 Visits)
- Inca o pierdere de timp in (10 Visits)
- Azi este ziua userilor hackersblog.org in (10 Visits)
- Raportare vulnerabilitati in (8 Visits)
- Update in (7 Visits)
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (227 Visits)
- Hi5.com coders read this in (28 Visits)
- SMS scam (1) in (21 Visits)
- Phishing Bancpost in (7 Visits)
- Dezinformare sau proasta informare? in (7 Visits)
- Si tentativele de phishing pot fi amuzante in (5 Visits)
- Phishing Raiffeisen cu atasament html in (4 Visits)
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (75 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (41 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (30 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (29 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (24 Visits)
- Virusi in clipuri video [how to] in (22 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (20 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (17 Visits)
- Yahoo! redirects - a big issue (with video) in (10 Visits)
- Ca musca in... in (8 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (123 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (72 Visits)
- Yahoo! epic fail - permanent xss unleashed in (69 Visits)
- Telegraph.co.uk hacked, sql injection in (52 Visits)
- RedTube.com ... The Free Sex Video Community in (41 Visits)
- Kaspersky Thailand hacked by TinKode in (37 Visits)
- Conquiztador Hacked Again in (32 Visits)
- Telegraph.co.uk hacked - when will they learn? in (29 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (27 Visits)
- Ziua userilor - sinu.utcluj.ro in (26 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (24 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (20 Visits)
- Digital Photocopiers Loaded With Secrets in (15 Visits)
- Hacker Uses XSS and Google Street View Data to Determine Physical Location in (12 Visits)
- OWASP Phishing demo in (7 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (7 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (6 Visits)
- Christopher "moot" Poole: The case for anonymity online in (6 Visits)
- Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (5 Visits)
- [Video] The History Of Hacking in (5 Visits)
- Se poate sparge parola de Yahoo? in (254 Visits)
- phpBB.ro hacked in (81 Visits)
- Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (47 Visits)
- Experiment social in (46 Visits)
- Oare cum e pana la urma? in (39 Visits)
- "Hot" de id-uri messenger in (38 Visits)
- Experiment social II - andimoisescu.ro in (37 Visits)
- Ce nu se invata la scoala – Vendetta (6) in (37 Visits)
- Concurs fara premii in (36 Visits)
- Forumul Andreei Balan spart in (32 Visits)
Archive for the ‘English News’ Category
Posted on June 5th, 2010
Posted on May 29th, 2010
In 2009 I started to invest some time in adult affiliate programs and my needs for traffic increased day after day. After few days of researching I found some traffic sources to test my ideas, but one of the most important websites used last year by me and my friends was Tagged.com.
When everything started, javascript and iframes in “left wall” and “right wall” boxes were permitted. At that time using this method we were able to redirect about 400 users in about 5 minutes (tested). Anyway, now all active content is banned or limited but this is not the essence of the story.
HOW WE MADE 400 PEOPLE TO VISIT OUR PROFILES IN 5 MINUTES
Untill we started to play with tagged system many things were permitted and the most loved tool offered by this social network for us was the “Meet me” button. At that time, for us it was something simple like “go to Meet me page, press YES one time, take a piece of paper and use it to keep Enter button pressed untill you reach the limit”. In this way we redirected in a matter of minutes hundreds of visitors to our pages and money came in a very easy way for us at that time.
Of course this “Meet me” glitch was patched. Or should I tell “was patched just for noobs”. The best solution in the minds of the developers was to use javascript against the evil Enter button. So now the code looks like this:
<input type=”button” id=”yes” name=”Yes” value=”Yes” onclick=”this.blur(); return game.interest(true);”>
Now really. This looks like a good antispam solution? Seems like not.
HOW TO SCREW THE SHITTIEST ANTISPAM PROTECTION EVER
Open Firefox (Firefox is the best option in this case – do not use Google Chrome).
Go to Tagged.com and log in.
Go to Meet me page.
Open Firebug.
Click the inspect button from Firebug and select YES button from Tagged.
Now you will have in the front of the eyes the code from above.
Just delete this.blur(); from the firebug html console and click any place of the Meet me page.
Now keep pressing Enter button and voila! You can send hundreds of “Meet me” requests in a matter of seconds and your profile page will be visited by thousands of people. This method combined with a profile full with crappy links hidden under some pics or videos could generate some good or shitty traffic, depending of your niche.
(SAD) EPILOGUE
For about 2 or 3 weeks Tagged system is banning profiles that makes too many meet me requests in a short time. Now it’s time to say “bye bye Tagged, here we come ‘other social networks’”.
P.S. - unul dintre prietenii cu care faceam asta si-a ridicat considerabil site-ul in trafic.ro folosindu-se de tagged si redirectionari
Posted on May 28th, 2010
Sometimes making fun of people using xss tricks can be very entertaining. Today I will talk about xlovecam.com, a belgian adult videochat website with huge amount of traffic from France.
Our purpose is to make models believe that their accounts are suspended. For them this means a lot of money and time wasted.
Some real examples:
http://img339.imageshack.us/img339/5881/buahahahaq.png
http://img706.imageshack.us/img706/2575/hihihihiz.png
http://img227.imageshack.us/img227/2604/pwnedd.png
http://img534.imageshack.us/img534/2424/95603479.png
How to do it:
Go to http://www.xlovecam.com and register a new account.
Log in using the new account.
Open http://iphone.xlovecam.com in another browser instance and login there too.
Go in a girl room from the iphone page.
Search the same girl on xlovecam.com front page (check page footer for the entire list of online models) and go in her room to see her reaction after everything is completed.
Now from the iphone page we will use basic html and some javascript to pwn that chatroom. Iphone chat interface is vulnerable to cross site scripting so it will be easy.
First of all I need to use a different font to catch the model attention because in normal circumstances all users type with the same font. So I just type this in her iphone chat room and she will see a text like the one from my screencaps.
How to make this prank more convincing? We use a little code from RSnake xss cheatsheet to freeze her room. No one including the model will be able to write anything in the chat. This little piece of code affects many flash based chatrooms so you can test it in another circumstances too. Btw, you can see on that iphone page what she will try to type, but in normal chat nothing will appear.
So the final version of the code looks like this http://pastebin.com/QtiWnS1s. With a simple copy/paste you can make fun of them when you are bored. Of course you could use that iphone subdomain to redirect visitors from the room (if they are using iphone interface) or steal their cookies but most of the users use the normal site interface not the iphone subdomain.
Other tricks:
In the rooms type html tags like <i><u><b> but don’t close them. You will see by yourself what’s the catch.
Posted on May 19th, 2010
It’s funny to see this type of reaction
<jim shoe> i’m here with my 15 yr old son. interested?
<Corinne29> Hello
<Corinne29> This is Corinne Vartuver from FBI
<Corinne29> Please provide me your name and home address asap
*** jim shoe is now blocking you.
*** jim shoe has gone offline.
Posted on April 21st, 2010
Posted on April 19th, 2010
http://westwood.ro/c1pr1an/pass.txt
L.E. – hackeri -> http://www.laguna.evolink.ro/
Posted on April 15th, 2010
http://wine-and-dine.telegraph.co.uk/site/index.php
http://shortbreaks.telegraph.co.uk/
Source: http://rstcenter.com/forum/21897-telegraph-co-uk-hacked.rst
Author: fLr^ R.N.S – Romanian National Security
Posted on December 22nd, 2009
Posted on December 11th, 2009
Another beautiful intrusion http://tinkode.baywords.com/index.php/2009/12/kaspersky-thailand-full-access/
Posted on December 10th, 2009

