Category Archives: hacking

Format string $20 challenge

At the last meeting I showed everyone how to use a format string vulnerability in a password storage app to bypass the master password and pull data out of memory. That is just one way to exploit this type of … Continue reading

Posted in contest, DIY, exploit, group news, hacking, meetings, security, software | Leave a comment

Telmanik CMS Press 1.01 SQLi 0day

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [x] Type: SQL Injection [x] Vendor: www.telmanik.com [x] Script Name: Telmanik CMS Press [x] Script Version: 1.01b [x] Script DL: http://www.telmanik.com/download/Telmanik_CMS_Press/1.01_beta/telmanik_cms_press_v1.01_beta.zip [x] Author: Anarchy Angel [x] Mail : anarchy[at]dc414[dot]org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Exploit: http://site.org/themes/pages.php?page_name=[SQLi] you have to formate you injection like … Continue reading

Posted in CONS, exploit, hacking, release, security | Leave a comment

July meeting recap

Let me start by saying many thanks to Milwaukee Makerspace for hosting our meeting and to Klaiviel for hooking us up. Ulic got us rolling and gave a awesome presentation on PRISM and other government spying programs. dw5304 was up … Continue reading

Posted in group news, hacking, meetings, security | Leave a comment

Upload your own XSS

A few meetings ago i gave a demo on uploading a flash file to file hosting sites that contains a evil XSS payload. Here is my write up on it. A while back I was doing a penetration test on … Continue reading

Posted in exploit, hacking, javascript, misc, security, software | Leave a comment

June Meeting Recap

Thanks to all that attended the June meeting. ┬áLot’s of interesting discussion and demos as usual. Some highlights were Klaiviel giving an in-depth look at the state of 3D printing with a focus on weapons and some of the issues … Continue reading

Posted in freedom, hacking, hardware, meetings, misc, privacy, projects, security, software | Leave a comment

Getting IP addresses from contacts on Skype as told by Noize.

Skype is an extremely popular, proprietary, cross-platform, peer-to-peer Voice-over-IP software client written by Skype Communications SARL, which is now owned by Microsoft Corporation. Due to its peer-to-peer always-on nature it is possible for a researcher to determine characteristics about a … Continue reading

Posted in hacking, misc, privacy, security | 3 Comments

May meeting recap

The May meeting was another great one. Both Ngharo and my self were late because of traffic and junk so darkwind got things started with his popular demo of sniffing pager messages from the air. I Showed up at the … Continue reading

Posted in exploit, hacking, hardware, javascript, meetings, projects, security, XSS | Leave a comment

Cisco DDR2200 ADSL2 Residential Gateway Router Vulnerabilities

I have discovered two Vulnerabilities in the Cisco DDR2200 ADSL2 Residential Gateway Router. The first vulnerability is that this device responds to UPNP multicast packets and UPNP SOAP requests out side of its local area network. Allowing attackers to forward … Continue reading

Posted in exploit, hacking, hardware, security | Leave a comment

Upnp Exploiter

dc414 and I are proud to introduce Upnp Exploiter! A Upnp scanner and exploit tool. This tool comes with two main scanning functions and exploit functions. The first scanning functions is the target scan. Here you can pick a single … Continue reading

Posted in exploit, hacking, hardware, python, release, security, software | 14 Comments

April meeting recap

Aprils meeting was awesome! Ngharo started us off with room introductions, which was helpful considering all the new faces at this meeting. Next I gave a quick demo of my new tool Upnp Exploiter. Which lead to me disclosing two … Continue reading

Posted in exploit, hacking, hardware, meetings, projects, python, security, software | Leave a comment