Rebwisited...

I just revisted the WebAPP site. They've patched the flaws that were present last time. Although they missed a XSS hole. Basically registered users can put something like this " <img src="http://www.web-app.org/images/forum/smilies/grin.gif" onload='alert("Rebarz99 got your cookies"+document.cookie)'> " as their signature in their profile. When they post a comment in any of the forums, anyone who views the comments will have their cookies pop up. Webapp filters <script> tags but this kind of filtering can be bypassed. I haven't examined the latest version they've put out. Some vulnerabilities may still be left. :P

Misc: http://www.dilg.gov.ph/index.cfm?fuseaction=<script>alert('Eat_my_fucking_shorts!')</script>

http://www.ncc.gov.ph/announcements.php?seq=235'<iframe%20width="100%"%20height=100%"%20src=http://rebarz99.blogspot.com/>

untitled

yomama sofat

Gotta get drunk...

Weird. When I don't feel like it, somebody's always inviting me to go drinking. Now that I want to get drunk, there's nobody to get drunk with. Heh. Sometimes I wish it was like in the States where you could just go to a bar alone and get drunk. Here, if you get seen drinking alone, they assume you have an "unbearable problem". Heh.

Warriors

Warriors don't go into battle because they wish to die. Rather it's because they recognize what they are and accept their fate.

untitled

Hmm, shops are closed. Weird vibe on the streets, people w/ nothing to do or places to go to.

untitled

*edited out* (Wrong send, hehehe)

untitled

Good morning to all. Here in the ofc, already on my 2nd cup of coffee :)Gotta work on dis LISP thang

untitled

Malupa... I bring a sense of earthiness. Not a yuppie. Balls, brains, ethics, hunger. Gutter Hacker.

untitled

NBI site got hacked. Went thru ptt.net.ph/forum/ hosted on same servr. :) on d bus and bloggng. geek!

untitled

Hehe, this is cool, blogging w/ my cellfone. :) All the BS aside, this s why I hack. I luv the tech.

Haxomeni...

Hehehe, my sms blog entry got published. No messing with with wap or gprs.Although I think it's time to have my imei changed. I have it changed regularly. There's a limited amount of characters when blogging through sms, although that way I can be more spontaneous with my entries.


Been busy this past few days(weeks?). Actually, I got suspended from work for several days due to tardiness and too many AWOL's. I blame it on the late nights spent studying :) . Trouble was my work piled up during the times I wasn't at work so I had a lot of pending stuff. When my supervisor warned me I might get suspended I said "Ok, you can suspend me but I'll work without pay just to clear my pending activities." And that's what happened. My officemates were laughing saying when I'm supposed to go to work, I don't, but when I'm not supposed to be at work, I show up at the office anyways. I still find it quite funny though that the infraction of not showing up for work carries the penalty of being forced not to show up at work at all. It's like, if I get caught for hacking, my punishment would be to do more hacking. :)

Our company hired an IT guy, a fresh grad from AMA. Doesn't know linux, of course :). He's doing the company network. Talked to him, he said that he preferred using a router instead of just a hub in our lan. Turns out he was after the DHCP capabilities of the router because he doesn't know how to set ip addresses manually. Decision's still up in the air, but word is we might get an internet connection in our office. woohoo! I plan on downloading all the iso's I want :) and p0rn... Lolz

Been updating this blog's layout. Added some scripts, links, etc. I wanted a news feed from inq7 but they don't seem to offer any on their site. So I made a script which will parse their site and spit out blog-friendly links. Except that it is so fucking screwed, too dependent on what inq7 puts on their site, that a simple formatting error will screw it up. I've been having trouble with new lines :( The script is hosted at http://www.pilnet.com/ which was "kind" enough to volunteer their site. Lolz.

I was going to replace the grub splash image of my pc at home. I decided it would be cool to have a BSD logo alongside the RH logo so I decided to look for BSD-ish images in my BSD partition. Except that I can't fucking mount it. About a month ago i thoroughlly hosed my linux system playing around with a binary injecting prog, which i was gonna use for the rootkit I was planning to build. My system got screwed so i had to reinstall. I recompiled the kernel because the release I had had only a 2.4 kernel and I wanted to use a 2.6 which is way faster. I used a .config file which I had generated before, which was my "everything stripped down" config file so it didn't have support for BSD file systems. Nyah.

untitled

Blogging w/ my 3310 Hey, I'm taking a shit and blogging at the same time! :)

Vibe Network....

This is the kind of knowledge a hacker wants but what the isp's don't really give out. A network diagram of a working system.

viberb9.ppt

Internal report : A Repost...

This was originally posted on a forum site I set up which briefly existed a while ago...

======================================================

Hacking

Toshi and ELS met with ePLDT’s technical team regarding the hacking incident. Toshi and ELS expressed their disappointment on ePLDT for not replying to their emails.

ePLDT reportedly still uses Telnet rather than the more secure SSL to access the servers.

Toshi also reported that GRIC failure due to the firewall. This resulted to 4 days of GRIC revenue lost.Dennis Villanueva will be handling security for Vitro.

Army websiteArmy website was hacked again. It was agreed that RRC will check if Army’s billing is current. If not, the Army website will be turned off. We then move them to a more secure server once they settle.

TMG staff will be requested to stay away from hacker sites and avoid releasing any information that may compromise our network’s security.

ELS will provide CBL with a summary of all of our comments and complaints to be forwarded to ePLDT heads.

*ELS = Edwin L. Santos, guy in charge of network security

======================================================

Some other non-hacking related company stuff included in the report...

Leftovers...

Leftover tag pages from a server...

Standard tag page on all of them..

Co-hosting: One hack fits all.

http://e.marikina.gov.ph/marikina.htm
http://www.lra.gov.ph/lra.htm
http://www.netopia.ph/netopia.htm

Hacker Crackdown...

Original artcle posted here.

So, what else is new? There's always a standing order to go after hackers. Several investigations are already underway. They think that a press release like this one will scare off hackers? How naive of them. Reyes, like many others, simply do not know much about the underground hacker culture and how much of the Phil. cyberspace is already Own3d. This is just a lot of B.S. intended to drum up support for the cybercrime law amendments which, when it do get passed, will have no realistic impact on securing the nation's cyberspace whatsoever.


Misc:

D:\INETPUB\WWWROOT\SERVERS\PRODATA\WEB\DILG\

Further Down the Path...

Another decision made...


Because I cannot deny what I am...

Because I cannot ignore my fate...


My right to explore cannot be inhibited by anyone...

My desire to learn overrides laws set by man...


My addiction, my joy, my blackness,
my being, my void, my clarity,

My sacrifice...


I don't have anything to prove anymore...


This time it will be pure...

Leggo My Eggo...

-- Installed hits counter on this blog, I'm curious as to how many people really do visit this blog. I might also add a poll. I'm curious as to how many pepole think....

-- Mountain Dew is addictive? I must have drunk 10 bottles a day sometimes... Drunk 3 straight cups of coffee yesterday at the office. I was bouncing off the freaking walls. I was singing ...

--Linkin Park songs. I was zoning out on them for the past two weeks. Especially "Breaking the Habit". I might post the lyrics on ....

--rb9security.com. I keep wanting to install some type of portal on this domain. Trouble is it might get cancelled at any time, so all my effort to improve the site just might go down the drain. I want to post links on this site regarding...

--Hacking. Oh, and the site on my previous post is just an old tag. I don't really work there. Read the small print. Hehehee

Update:

-- rb9security.com got cancelled. :(
-- installed a second message board since tag-board seems to be always down.
-- registered a new doamin for free. It's http://supersuck.it.tt/ Lolz. Nice name ain't it?

I mean business...

I have a new job!
www.business.gov.ph


Hehehe, nah, just one of my old tag pages.

I Misc. You...

Some misc. stuf...

- Downloaded ubuntu live cd, got home , found the image was corrupted probably during downloading :(

- Somebody gave me a CC on irc. I thought it was one of those invalid ones. I tried registering a domain and just typed in the first thing that came to my head. I didn't even record the CC details. But it worked! So now I'm stuck with http://rb9security.com. I couldn't even add some services I wanted because I get asked for some of the CC details which I don't have. If anybody wants an email add of you@rb9security.com, ask me for it. I have 25 alloted to me, I think. You could probably use it for a week since carded domains usually gets cancelled once the CC owner discover it.

- On a related subject, a lot of hackers look down on carding which is a totally different side of hacking. I don't do it myself except just to try something new once in a while. I have never carded any items in my life. Those who know me can attest to this. But I don't condone it. I've suffered enough from being judged by people who do not understand the reasons behind the hacking stuff that I did, so who am I to pass judgement on the people who do stuff I don't really like doing myself. A lot of my online friends are carders and they're all nice people. I'd like them to stop carding but maybe I just don't fully understand their motivations for carding.

- For some strange reason I keep daydreaming about Baler beach in Aurora and how I'd like to go back there. It's the best beach I've ever been to. Didn't get the chance to surf there. It was COLD in the evening, and it's one of the windiest beach in the country. Travel to and fro there was an adventure in itself. The mayor, which we met, said he sleeps on the floor at night, probably as a "makamasa ako" gimmick. Nice fellow though, got us drunk.

- Went to Luneta just to get some feel of open space, it gets really crowded here in manila. Threw rocks at the pigeons, didn't get to hit any :(

La Salsalista...

http://www.dls-csb.edu.ph/

Unprotected site some local hackers have been playing around with. Went offline during the weekend. Either the admin discovered the flaw or the machine got unplugged for the weekend.

Update:

The admin fixed it. Next time I'm posting screen shots. :) Actually, it was me who hacked it. Just put in some greetz to the PHTEAM members.

Random Telnets...

telnet 203.177.58.33 and hit enter. Type "h" for help. Some kind of modem/router thingy.

Device : LA-110 , RAD Data Communication,Ltd.
Name : LA110
Date : MAR. 06, 2005
Time : 17:46:23
ATM port interface : SHDSL
System clock : Internal
Board revision : LA-111 REV 0.0
Loopback : none
Boot version : 2.31.0.0
Software version : 2.38 SHDSL

Several of these on the subnet.

Hmm, I wonder if this can be classified as hacking?