Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


pr00f last won the day on October 14 2017

pr00f had the most liked content!

Community Reputation

288 Excellent

About pr00f

  • Rank
    Registered user

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. pr00f


    din vremurile apuse ale 2013 (2013-09-29-135522_670x827_scrot.png)
  2. pr00f


    Ba, io am gasit doar cele de mai jos. Dupa blocat apar popup-uri dar se inchid singure si e relativ ok. Merge filmul sa mearga on-click, dupa cateva refresh-uri, pe langa asteptat cele 60 secunde pentru "update VLC". Iti recomand calduros un s-o fut pe ma-ta, daca tu crezi ca cineva o sa se uite pe bune la filme pe site-ul tau de cacat.
  3. pr00f


    Folosesc eu ProtonMail Plus pentru custom domain. Este rapid, simplu, are de toate, aplicatia pe telefon e super, si recent au introdus si plugin pentru Thunderbird. Sunt ok.
  4. pr00f

    Weather via the command line.

    Step aside python \o/. Meanwhile, curl wttr.in/Tokyo
  5. pr00f

    DefCamp 2017

    O sa fie ceva de baut/mancat in cadrul ballroom-ului (inafara de restaurant, banuiesc), sau trebuie sa dam fuga prin alte parti? Avem voie cu bautura/mancare, pe langa restul de "echipament"? "strice"
  6. pr00f

    ZyXEL PK5001Z Modem - Backdoor Account

    https://www.shodan.io/search?query=PK5001Z+port%3A23 ¯\_(ツ)_/¯
  7. pr00f

    DefCamp 2017

    Scapati de sumo pls.
  8. LEARN TO TAME OPENBSD QUICKLY. http://www.openbsdjumpstart.org/#/
  9. https://imgur.com/a/hjZa3 Luate dintr-un avion Ryanair. Daca nu-s ok, sterg.
  10. As I am now an adult, I sometimes need to look at taxes. The longstanding tradition of adults dictates that I must look at my taxes and say to my fellow adults “wow, I wish I had that money which is spent on single payer universal healthcare, infrastructure and education so I could spend it on video games, hardware I never use and thousands of tiny 3D printed statues of myself.”. Regardless, I didn’t expect my micro-sojourn into responsibility to result in a somewhat bad security issue followed by the ability to arbitrarily modify people’s tax details after making them click a link, followed by a 2 month journey to getting confirmed fixes. Welcome to my 3 step guide to hacking the uk tax system, I guess. The UK tax system login process is neat, and well thought out. One goes through an interstitial login web form which requests an identification number, a password, and a code texted to your cellular mobile device. On the technical side of things, this is achieved by the common redirect forwarding pattern in which the page that required login hands off to the login page with a note in parameter form saying where to send the user back to when the login process is successfully completed and you’re ready to dive into taxes and such. Source: https://medium.com/@Zemnmez/how-to-hack-the-uk-tax-system-i-guess-3e84b70f8b
  11. gophirc A simple IRC bot framework written from scratch, in Go. Description Event based IRC framework. Warning The API might break anytime. Framework managed events Manages server PING requests (not CTCP PING) Registers on first NOTICE * Identifies on RPL_WELCOME (event 001) Joins the received invites & sends a greeting to the channel Logs if the bot gets kicked from a channel Features Capability to connect to multiple servers Multiple per event callbacks State & general logging Graceful exit handled either by a SIGINT (Ctrl-C) Parses a user from an IRC formatted nick!user@host to a User{} Config implements a basic checking on values Already implemented basic commands - JOIN, PART, PRIVMSG, NOTICE, KICK, INVITE, MODE, CTCP commands Many (?) more More: https://github.com/vlad-s/gophirc Bonus, IRC bot using gophirc - gophircbot: https://github.com/vlad-s/gophircbot
  12. pr00f

    Old ezines collection

    Lista mai mare pe http://web.textfiles.com/ezines/, probabil sa fie si mirrors. Iar aici altele cached https://web.archive.org/web/20120426235852/http://www.gonullyourself.org:80/ezines/
  13. hcpxread is an interactive tool made to view, parse, and export .hccapx files. You can learn more about the HCCAPX format from the official docs. Long story short, Features Interactive menu Reads and outputs AP data Shows summary of the loaded access points Usage $ go get github.com/vlad-s/hcpxread $ hcpxread _ _ | |__ ___ _ ____ ___ __ ___ __ _ __| | | '_ \ / __| '_ \ \/ / '__/ _ \/ _` |/ _` | | | | | (__| |_) > <| | | __/ (_| | (_| | |_| |_|\___| .__/_/\_\_| \___|\__,_|\__,_| |_| Usage of hcpxread: -capture file The HCCAPX file to read -debug Show additional, debugging info Note: debugging will disable clearing the screen after an action. Example $ hcpxread -capture wpa.hccapx INFO[0000] Opened file for reading name=wpa.hccapx size="6.5 KB" INFO[0000] Searching for HCPX headers... INFO[0000] Finished searching for headers indexes=17 INFO[0000] Summary: 17 networks, 0 WPA/17 WPA2, 16 unique APs 1. [WPA2] XXX B0:48:7A:BF:07:A4 2. [WPA2] XXXXX 08:10:77:5B:AC:ED ... 17. [WPA2] XXXXXXXXXX 64:70:02:9E:4D:1A 99. Export 0. Exit network > 1 Key Version |ESSID |ESSID length |BSSID |Client MAC WPA2 |XXX |3 |B0:48:7A:BF:07:A4 |88:9F:FA:89:10:2E Handshake messages |EAPOL Source |AP message |STA message |Replay counter match M1 + M2 |M2 |M1 |M2 |true ... Asciicast https://asciinema.org/a/H4pUedh9z9sLHH5iZuWouxeZU Github https://github.com/vlad-s/hcpxread
  14. pr00f

    IT Security Catalog

    https://www.it-sec-catalog.info/ Available from https://it-sec-catalog.info/ and https://www.gitbook.com/book/arthurgerkis/it-sec-catalog. About this project This is a catalog of links to articles on computer security — software and hardware analysis and vulnerability exploitation, shellcode development and security mitigations, including computer security research, and malware stuff. Slides are not included (there is other project for that). Advisories without much details are also not included. All articles are only in English. Project is running since 2010. Author and contributors Author of this project: Arthur (ax330d) Gerkis, contributors: Nitay Artenstein, Joe (j0echip) Chip. Thanks to everyone who helped with the project.
  15. Last week I wrote about Passwords Evolved: Authentication Guidance for the Modern Era with the aim of helping those building services which require authentication to move into the modern era of how we think about protecting accounts. In that post, I talked about NIST's Digital Identity Guidelines which were recently released. Of particular interest to me was the section advising organisations to block subscribers from using passwords that have previously appeared in a data breach. Here's the full excerpt from the authentication & lifecycle management doc (CSP is "Credential Service Provider"): NIST isn't mincing words here, in fact they're quite clearly saying that you shouldn't be allowing people to use a password that's been breached before, among other types of passwords they shouldn't be using. The reasons for this should be obvious but just in case you're not fully aware of the risks, have a read of my recent post on password reuse, credential stuffing and another billion records in Have I been pwned (HIBP). As I read NIST's guidance, I realised I was in a unique position to help do something about the problem they're trying to address due to the volume of data I've obtained in running HIBP. https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/ https://haveibeenpwned.com/Passwords