-EDIT- IM DONE Long time no update. What have I been working on? Lots. For starters, I am coding my own HTTP fuzzer in my favorite web lang – php. Here, take a look: http://gironsec.com/code/fuzzy.html Want to see the back end code? Now that I’m done, here it is: http://gironsec.com/code/myfuz.php I’m calling it ‘Joe’s Hot […]
GAHHH! The epitome of shitty design, aka baby’s first program also known as the wordpress plugin. There area SHITLOAD of these floating around the internet. Most of which promise the same shit – increased ad revenue, dumbing down an already easy to do process (such as auto-tweeting your lame posts), posting a bunch of […]
I can never EVER find one when i need one, so I just made one. This came in handy for a pen test I was working on for a company I can’t disclose. This one is password protected, allows for downloading, uploading, copying, viewing and deleting of files as well as emulating the ‘dir’ command. […]
Shit happens. In my case, I was injured in a motorcycle wreck. Been out of commission since the 31st of October. I’m doing a lot better now and am going to finish my reversing sessions when I get home from my parent’s house in AZ. In the mean time however, I did manage to […]
I plan to release 2 blog posts this week on more interesting stuff such as keygenning 101 and how to exploit wordpress plugins. The second one takes some time since I have to find the right plugins to exploit.
The other day I was watching some stuff on a video stream site. It was a knockoff of the all popular youtube, but this one took extra steps to make sure you could not download their videos. The easiest method for me to download videos from sites like this is to just check the temp […]
Someone make me one of these for hacking. How did you get into my facebook account? Hacked in. How? Its hacking, I ain’t gotta explain shit.
Below is a proof of concept I wrote that that implements several techniques that makes cracking a pain in the ass. I use the classic isdebuggerpresent api as well as use the assembly implementation of it (that I grabbed by stepping through it in a debugger). I use loadlibrary, check for the trap flag, and […]
Another day wasted crackalacking away at the codes. This one is confusing as hell. It uses the volume serial number to generate a unique serial number for evaluations, has the classic 30 day timer and other crap. It shows me my serial number on a web page built into the app, so it was ‘fun’ […]
Microsoft gives out way too much info with its web services. simply dorking for ‘asmx’ files gives plenty of web service test pages. My favorite ones are the ones that don’t even bother to make sure you’re on localhost to return info: http://mapserv.utah.gov/WSUTSGID_FeatureAttributes/default.asmx?op=GetFeatureAttributes_wsdlTest It reminds me of the mail server I was reversing looking for […]