Network Block WTF
-
My school uses an outdated website blocker. When blocked it does an HTTP REDIRECT to a URL. Well neat, I thought, I can make this do my bidding!
HTTP:// (proxy-IP):81/cgi/block.cgi?URL=[insert-url-here]&IP=[insert-ip-here]&CAT=[insert-category-here]&USER=[insert-username-here]I was able to produce this, among other things with my engineering of the blocker:
I lol'd when they saw their own website blocked under pr0n. as well, the "review" link redirects to an email (mailto:) url of mailto ::admin@company.localdomain&subject=please unblock my site
-
It will be far more fun when they check the server logs, notice your hacking/fraud attempts and expel you under there disciplinary procedures for computer misuse :-)
-
@Mole said:
It will be far more fun when they check the server logs, notice your hacking/fraud attempts and expel you under there disciplinary procedures for computer misuse :-)
If they bothered checking the logs, he would have been expelled years ago for all his attempts to access furry porn.
-
@morbiuswilters said:
They would have to have the initiative to check the logs.@Mole said:
It will be far more fun when they check the server logs, notice your hacking/fraud attempts and expel you under there disciplinary procedures for computer misuse :-)
If they bothered checking the logs
The biggest problem is that they cant tell who would make the request because the username is always "DEFAULT" unless its changed. the IP is the IP of the proxy too.
-
@Indrora said:
@morbiuswilters said:
They would have to have the initiative to check the logs.@Mole said:
It will be far more fun when they check the server logs, notice your hacking/fraud attempts and expel you under there disciplinary procedures for computer misuse :-)
If they bothered checking the logs
The biggest problem is that they cant tell who would make the request because the username is always "DEFAULT" unless its changed. the IP is the IP of the proxy too.When they see furry porn in the logs, who do you think they're going to go for: the star quarterback or the nerd with the Linux t-shirt?
-
@morbiuswilters said:
This makes the assumption that a) they even care and b) there was a football team. My school has 118 students, most of which browse porn during lunch and make honor roll. We have 14 people on NHS, and a fair number of people who make 4.05 through shitloads of AP courses.@Indrora said:
@morbiuswilters said:
They would have to have the initiative to check the logs.@Mole said:
It will be far more fun when they check the server logs, notice your hacking/fraud attempts and expel you under there disciplinary procedures for computer misuse :-)
If they bothered checking the logs
The biggest problem is that they cant tell who would make the request because the username is always "DEFAULT" unless its changed. the IP is the IP of the proxy too.When they see furry porn in the logs, who do you think they're going to go for: the star quarterback or the nerd with the Linux t-shirt?
-
@morbiuswilters said:
When they see furry porn in the logs, who do you think they're going to go for: the star quarterback or the nerd with the Linux t-shirt?
Wearing a clip-on tail?
-
I am not sure that is a tail.
-
TRWTF would probably be that detected hacking attempts are emailed to default_user@default_domain.com. I've seen that happen before.
-
@henke37 said:
I am not sure that is a tail.
Are you suggesting that the guy in the photograph has his knees and elbows on back-to-front?
-
@blakeyrat said:
Fuck the Colts. That is all.
-
-
My high school used that same filter. I also discovered that there's also an epic security hole that lets you do this:
GET / HTTP/1.1
X-Host: domain-of-school.com
Host: your-favorite-porn-site-here.com
... and it would work perfectly, acting on the X-Host: header instead of Host:.
I meant to code a Firefox plugin to do this automatically and sell copies to the more Myspace-obsessed people, but I graduated before I got around to it.
-
@scgtrp said:
My high school used that same filter. I also discovered that there's also an epic security hole that lets you do this:
GET / HTTP/1.1
X-Host: domain-of-school.com
Host: your-favorite-porn-site-here.com
... and it would work perfectly, acting on the X-Host: header instead of Host:.
I meant to code a Firefox plugin to do this automatically and sell copies to the more Myspace-obsessed people, but I graduated before I got around to it.
-
(It was intended for the kinds of people who don't know what HTTP headers are and wouldn't be able to use that.)
-
@scgtrp said:
(It was intended for the kinds of people who don't know what HTTP headers are and wouldn't be able to use that.)
Right, but you could just instruct them on how to use it, or just re-package it with the X-Host header already in place.
-
@morbiuswilters said:
Right, but you could just instruct them on how to use it
You do realize that the majority of the people who would be checking MySpace in class tend to be the same people who say things like "I have a yahoo on my internet", right? ;)
or just re-package it with the X-Host header already in place.
That's a thought. Oh well, I no longer care.
-
@scgtrp said:
@morbiuswilters said:
Right, but you could just instruct them on how to use it
You do realize that the majority of the people who would be checking MySpace in class tend to be the same people who say things like "I have a yahoo on my internet", right? ;)
You were going to get them to install a plugin. How is "install this plugin, click here, type this, click here" all that more complicated?
-
@morbiuswilters said:
When they see furry porn in the logs, who do you think they're going to go for: the star quarterback or the nerd with the Linux t-shirt?
In my experience, it would be the star quarterback. In the meanwhile, the Linux guy is still trying to get X up and running.
-
Depends if you have the technical ability of this kind of kid or not: http://www.youtube.com/watch?v=SXmv8quf_xM
-
@ammoQ said:
@morbiuswilters said:
When they see furry porn in the logs, who do you think they're going to go for: the star quarterback or the nerd with the Linux t-shirt?
In my experience, it would be the star quarterback...
I didn't know you played football in high school.
-
@ammoQ said:
Nah, thats handled by autoconfig scripts now.the Linux guy is still trying to get X up and running.
-
@Indrora said:
Nah, thats handled by autoconfig scripts now.
It's all fun and games until somebody gets an ATI card and wants to install the fglrx drivers for it...
-
@Mole said:
You make me lose faith in humanity. Even on this website.Depends if you have the technical ability of this kind of kid or not: How to view someones IP address and connection speed! – 04:26
— NextGenHacker101
-
@Mole said:
http://www.youtube.com/watch?v=SXmv8quf_xM
Thanks dude! I used this to find out that there were 10 people on my website, which is the same as Google at the time!
My website is as popular as Google!
-
We best watch out. Apparently he ran tracert on this site and now has all of our IP addresses! Gah!
-
@ammoQ said:
In the meanwhile, the Linux guy is still trying to get X up and running.
Oh no, Windows has blue screened again.
-
@Zemm said:
@ammoQ said:
Oh why oh why did he buy that crappy video card made in North Korea?In the meanwhile, the Linux guy is still trying to get X up and running.
Oh no, Windows has blue screened again.
-
OH NO YOU'RE BEHIND 7 PROXIES!!
-
-
@Mole said:
Depends if you have the technical ability of this kind of kid or not: http://www.youtube.com/watch?v=SXmv8quf_xM
Priceless. Straight to my favorites with that one. This fuckwit would fit right in here at my job.
-
@derula said:
@toth said:
OH NO YOU'RE BEHIND 7 PROXIES!!
I would be too, if I was browsing what he is.
-
@Indrora said:
Filed under: This flamewar is the lamest flamewar ever. I'm dying a bit inside just witnessing it. Please argue about something less boring and lame‚ such as quilting or the intricacies of Open Source licenses.
Fine, how about "blonde, brunette or calico"?
-
@RogerWilco said:
Me too.@Mole said:
Depends if you have the technical ability of this kind of kid or not: http://www.youtube.com/watch?v=SXmv8quf_xM
How on earth can someone find the tracert command without at least getting some indication of what it is for? And why would you think "oh, look, there's some output, I'll just make a wild guess as to what it means and then post a video to Youtube" is a good procedure when even the simplest search would tell you?
Especially if you're calling yourself a "NextGenHacker".
-
@Scarlet Manuka said:
Me too.
How on earth can someone find the tracert command without at least getting some indication of what it is for? And why would you think "oh, look, there's some output, I'll just make a wild guess as to what it means and then post a video to Youtube" is a good procedure when even the simplest search would tell you?
Especially if you're calling yourself a "NextGenHacker".
There's still the possibility it's an epic troll, and we've all been had.
-
@blakeyrat said:
There's still the possibility it's an epic troll, and we've all been had.
NO! Children are INNOCENT! They can't troll.It makes murdering them wholesale so much easier when you know they aren't sarcastic bastards waiting for a chance to usurp you and slaughter your own kind.
-
I don't think this guy is alone. I've seen another video of someone booting up Linux on there Mac because Linux is "The hackers friend" and then using traceroute in a similar manner to that video. Unlike the video above, this persons ISP didn't hijack DNS queries that are non-existent, so he goes on about how google have tightened there security, but he knows a way around this additional security by dropping the "http://" and thus "fooling googles security".
-
That second video was an obvious parody (hint: OpenSolaris is not Linux).
-
@blakeyrat said:
There's still the possibility it's an epic troll, and we've all been had.
I'm hoping that that is the case. I tend to not have that much faith in humanity, but you never know.