Unknown column 'settings_name' in 'where clause'
Notice: Undefined variable: data in /home/override/public_html/mobile/wap-maincore.php on line 284
SecurityOverride

SecurityOverride

Home Forum Articles Login

Latest Forum Posts
[ Privilege Escalation Hacking Challenges ]
Trouble in privilege escalation1
jungle - 31/08/2015 21:23
My advice is to contact the administrator, because even I use the real password for level(after passing the challenge you will get the real password) and I still can't login....
[ Privilege Escalation Hacking Challenges ]
Trouble in privilege escalation1
captain - 30/08/2015 19:18
Hi guys,

I have been trapped in passing privilege escalation 1 for few days. I hope someone could give me some hints about this.
I think I found the right exploit by google, the "Solaris TTYPROMPT Security Vulnerability". Below is what I have tried to bypass the authentication.

level1 c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c c\n

However, the password request still shows up, even after I typed "var userip = '8.8.8.8'" in console.

Is there anything wrong with this exploit?
[ Realistic Hacking Challenges ]
real 5
kenpachi - 30/08/2015 05:02
Hey guys, I've been stuck on this challenge for many hours now. Can you please guide me in the right direction?

I've tried injecting in the value of the enc parameter as well as the parameter name itself using index.php, enc.php, messages.php, blog.php.

Tried incjecting in the login.php page and even tried using a randomly added parameter to the end of the urls all with no luck.

Also tried injecting in the "admin" hoping it's a REST Style URL parameter

I've gone through the requests and responses and I really haven't found any more parameters used in the challenge (enc, field1, field2) am I right?

These fields seem to be non-injectible no mather which php file I ask in the url. I am not getting any error messages and the responses always come the same, unless I get a 404 error when asking for stuff which simply is not there.

What am I missing? Please help, I'm going mad :|
[ Network Security ]
Mobile Prank Hacktool 3.8
privateloader - 29/08/2015 09:29
New release and more sites to send sms and call pranks...

Mobile Prank Hacktool is a tool for mobiles. Currently it can call or send sms to any number.

Features:
Send calls to any number as a prank.
Send sms to any number as a prank.
Send anonymous sms for free
Send anonymous sms to voice messages
Divert calls to enomerous call centers

How to use:
From the menu pick a service (sms/call).
Once a page has loaded, enter the mobile number.

Note:
In some cases to send a sms or call requires navigation on the site.

Download:
http://ge.tt/api/1/files/2VQ8E2N2/0/blob?download

Virustotal Analysis:
https://www.virustotal.com/en/file/726156b9b26c8a859fa075c0f2f92fd56d4c325096616022d12afd734adefcec/analysis/1440854567/
[ General Security ]
CVE-2015-5949 Checker - VLC media player 2.2.1 exploit
privateloader - 27/08/2015 19:34
Vulnerability details:
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.

More Info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5949

What is on the archive:
A VLC media player 2.2.1 or lower instalation check.

Download:
http://nitroflare.com/view/1806913D8009C9D/CVE-2015-5949_Checker.rar