Three Ethical Hackers - All Forums

Avatar shell upload

Sat, 04 Sep 2010 03:05:57 +0000

Comments please =D
(learning purposes only ^_^)
There are many ways to upload a shell to a website, by far the easiest and best way is via avatar image uploading. How to exploit it you might ask, well it's quite simple lets say you have a website that allows you too upload an avatar, the code for verifying the file is an image might look something like this:

PHP Code:

function file_extension($filename)
{
return end(explode(".", $filename));
} 

This will strip everything before the "." and check if the file extension is in fact a image file, of course the code above doesn't check if its an image file, but it's just showing the basic principle of how file extension checks work.
So now to exploit it, we could go about this several ways, the easiest would to add two extension names,

Code:

Example: "lolnotashell.jpg.php"

The code above will only strip the text to the first "." and it will see .jpg.php but it wont check for the .php part which is the real file extension so basically .jpg is a ghost extension name
Another way to exploit an avatar image upload system is to use null meta-characters such as "%00" this will make sure that the system doesn't automatically add a new extension name like .jpg or .gif.

Code:

Example: "lolnotashell..php%00.jpg" either that or "lolnotashell.php%00.jpg" sorry I forget which way it goes, I tired ha.

So I hope this helps you in some sort of way.
~3ethicalhackers.com

Minecraft

Sat, 04 Sep 2010 00:31:20 +0000

One word to put it. Amazing.

http://www.minecraft.net/

The classic version is free, but I paid for the alpha version. Some of you guys should check it out.

Xbox LIVE Prices Increase

Wed, 01 Sep 2010 22:13:18 +0000

The gold memberships for XBLive is going up by 10$. Just another reason to get a ps3...

http://gotgame.com/2010/09/01/price-chan...criptions/

Facetime for IPhone

Wed, 01 Sep 2010 17:55:36 +0000

Hey guys. This new thing...Facetime for the Iphone. Now, correct me if I am wrong. But isn't it essentially a Skype App.? Which you can download free, with blackberry's and Android? Eh, maybe I'm just crazy

Favorite things about linux?

Wed, 01 Sep 2010 14:14:00 +0000

Hey guys. The goal of this thread is to express what your favorite features of linux are.

Mine are:
Its open source;
Its visually appealing;
Hard to get viruses;
And it takes much less battery than windows.

How about you guys?

Photoshop CS3 Extended w/ Crack

Tue, 31 Aug 2010 02:19:55 +0000

I have been using this one for a while. I know it isn't exactly the latest but I like the older ones for simplicity.

http://www.megaupload.com/?d=MGJ18P09

Noobie Questions by Raven XD

Mon, 30 Aug 2010 22:47:40 +0000

So please excuse my inexperience on anything hack related and therefore maybe dumb questions I am about to ask. I made a topic for allot of questions to come because i really do not understand anything and I want to learn.

So say you have a member on your site, and they are giving you problems like hack threats and such. You have their IP address but what can you really do with the info? I have heard people say things like “I got your IP you are fucked now” but I guess I have not read enough to understand the possibilities.

Posts

Mon, 30 Aug 2010 05:23:02 +0000

Noticed a few things in the three weeks i've been not coming here

1.) post quality lacking
2.) Member boldness growing
3.) Lack of doing anything hacking related.

This dog wont hunt.

IRC This week and Happenings

Mon, 30 Aug 2010 05:19:54 +0000

I'll be on IRC this week...vacationing from work ect. point is imma have free time again to get on IRC for a bit.

You may have noticed a diminished web presence and a lul at nullworks. I'm debating keeping the server around but may continue it just in case it comes in handy.

Nullworks may go down for an image this week. who knows.

I might build some email into nullworks for my personal/professional usage and also start constructing a live-fire wargame. again. who knows.

I gotta image stuff but the live fire game seems probable in the near future.

Lemme know about keeping the server. Mason your money got returned to you from paypal -- I never accepted the charges b/c I was unsure of stuff. Still seeking donations from ppl but w/e.

My Mod App

Sun, 29 Aug 2010 22:35:41 +0000

Name/Alias: Michael/Steeldog29
Time Joined: When The Site Was Green
Time Spent Online: 1 Day, 2 Hours, 13 Minutes, 55 Seconds
Three threads started by you:
http://www.3ethicalhackers.com/showthread.php?tid=362
http://www.3ethicalhackers.com/showthrea...91#pid1091
http://www.3ethicalhackers.com/showthread.php?tid=368

Five helpful posts:
http://www.3ethicalhackers.com/showthrea...91#pid1091 (helped Null.)
http://www.3ethicalhackers.com/showthread.php?tid=328
http://www.3ethicalhackers.com/showthread.php?tid=97 (Explained how to use 1.4 themes on 1.6)
http://www.3ethicalhackers.com/showthread.php?tid=60 (Sent A Deface Page)
http://www.3ethicalhackers.com/showthread.php?tid=64

Reason you want to be mod: I have been on this site a long time, and I think it would be time I applied for a moderator position. I am on this site ALOT and think I could help out alot too by keeping the forum, fixing spelling/grammar errors, updating things people got wrong, and much more. I am also getting better at learning different types of code, I currently know HTML and a little bit of VB.
Prior Mod experience: Admin of http://www.gamesharingforums.com/

Saving flash games to your HDD/ playing them

Sun, 29 Aug 2010 18:25:55 +0000

Not hacking, but it is a tutorial...

First you need a program that will read and run .swf files. I use FlashFetcher.

Next you need to go to a game you like. For example: http://armorgames.com/play/1443/the-last-stand-2

Then you copy that link, and go to: File2HD.com, and where it prompts to input a URL, you do so, also check the box that says you agree to their terms.

After that scroll through the files and look for the .swf for the game, in the example of The Last Stand 2 it was: http://armorgames.com/files/games/the-la...2-1443.swf

Right click the .swf location and choose 'Save link as.' Name it what you would like.

Then, go to where you saved the .swf, and open it with the .swf player [FlashFetcher]

ENJOY (: !!!!

collision detection vb2008

Sun, 29 Aug 2010 13:28:12 +0000

collision detection vb2008

Code:

Public Function Collision(ByVal obj1 As Object, ByVal obj2 As Object)

        Dim ret As Boolean = False

        If obj1.Bounds.IntersectsWith(obj2.Bounds) = True Then

            Return True

        Else

            Return False

        End If

End Function

[tut] IP logger

Sun, 29 Aug 2010 11:04:58 +0000

here I will tell you how to log ip's with an invisible image
*STEP1
Get a php host like 000webhost

*STEP2
make a directory call it "img"

*STEP3
make a new php file call it "scr.php"

Code:

header('Content-type: image/jpeg');

readfile('im.gif');

$filen = "ips.txt";

   $logstring = "Connection from:".$_SERVER['REMOTE_ADDR']." at ".date("r",time())."\n";

   if ($handle = fopen($filen, 'a')) {

           fwrite($handle, $logstring);

           fclose($handle);

   }

?>

*STEP4
and make a ips.txt file and chmod it to 777

*STEP5
add a img im.gif

Fame

Sun, 29 Aug 2010 01:13:42 +0000

We need to get more members. Alot more members. We need to advertise. But we don't want stupid noobs that can't do anything at all, we need real hackers/programmers. We need some people who can contribute to the site. I think we should start advertising around.

BruteForcers

Sun, 29 Aug 2010 01:04:51 +0000

Anyone have a good brute forcer or password list? I am trying to find a brute forcer that will work on facebook, AIM, AOL, MSN. Plus misc online games.

General Chat

Sat, 28 Aug 2010 22:07:14 +0000

Sup people, this is just a topic for us all to get together and talk about anything and everything that you could ever think about. I guess you can say its a Chat Room. Anyways I have seen this on other site, and have this topic on my own, and its always fun so I thought I would bring it here.

so whats up? how is life? What should we talk about first?

Sig using this?

Sat, 28 Aug 2010 20:31:54 +0000

Can someone make me a sig using this or a similar image of ghost from CoD?

Demonoid Invites

Sat, 28 Aug 2010 18:50:15 +0000

Demonoid's finally letting me give out invite codes, not sure how many I've got (you can only generate one at a time as far as I know)

anyway, if you want one, comment, I'll send you it in a pm.

also, thanks Dion for inviting me earlier this year ^_^

Shoutbox

Fri, 27 Aug 2010 16:18:00 +0000

I know this is how the Turkish hackers got in, but remember the shoutbox we had when the site theme was green? We should get that back. That was hilarious, and that's why we should use it.

Linkbucks/adf.ly Loop Tutorial

Fri, 27 Aug 2010 15:45:35 +0000

Basically what this does is it creates a loop of ads, and each ad that shows gives you your money. If you make a long enough loop then you can give it to people to leave it running, or use a proxy.

Step 1: Rename a website using whatever site you use, I use linkbucks.

Step 2: Enter your new generated link into http://www.dot.tk/

Step 3: Rename the webpage whatever you want, fill the captcha and click the first option.

Step 4: Put the .tk link you just created into linkbucks And generate a new link.

Repeat steps 2-4 with your new link. Send it to people to click, such as me. I will be happy to click it :D