lol hackforums
#11
It's always extra funny when hacking related forums get pwnd, well HF is more of a skid forum but still.
Reply
#12
Nice find!

I got a error when adding a newline character at the end (%0a):
http://tracking.hackforums.net/tracking/...5%74%2F%0A;

Error:
Code:
Error: An API error has occurred - Redirect URI cannot contain newline characters. at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) at ElasticEmail.Tracking.TrackClick(HttpRequest request, HttpResponse response) in C:\MgmtTool\Builds\trunk\Source\ElasticEmailAPI\Tracking.cs:line 117 at ElasticEmail.API.HandleTrackingRequest(HttpRequest request, HttpResponse response, String target, Int64 reqId) in C:\MgmtTool\Builds\trunk\Source\ElasticEmailAPI\API.cs:line 373 at ElasticEmail.API.ProcessRequest(HttpContext context) in C:\MgmtTool\Builds\trunk\Source\ElasticEmailAPI\API.cs:line 139
Reply
#13
(03-31-2016, 04:54 PM)IAT Wrote: Btw omni told that he has nothing to do with the wiki subdomain. It's been handled/hosted by someone else.

But still the fact that it's located on hackforums domain can make people trust it more. I could link someone to it through an image or something like that and probably not that many people would question it. That's at least what I think.

(04-16-2016, 12:16 PM)Sehaal Wrote: Nice find!

I got a error when adding a newline character at the end (%0a):
http://tracking.hackforums.net/tracking/...5%74%2F%0A;

Error:
Code:
Error: An API error has occurred - Redirect URI cannot contain newline characters. at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) at ElasticEmail.Tracking.TrackClick(HttpRequest request, HttpResponse response) in C:\MgmtTool\Builds\trunk\Source\ElasticEmailAPI\Tracking.cs:line 117 at ElasticEmail.API.HandleTrackingRequest(HttpRequest request, HttpResponse response, String target, Int64 reqId) in C:\MgmtTool\Builds\trunk\Source\ElasticEmailAPI\API.cs:line 373 at ElasticEmail.API.ProcessRequest(HttpContext context) in C:\MgmtTool\Builds\trunk\Source\ElasticEmailAPI\API.cs:line 139

Trying HTTP Response Splitting? Seems like newlines are unfortunately disallowed. I tried replacing with with carriage return (%0d) haha but that resulted in error 500 in GreySec. I should try to learn more XSS, at this point I'm just testing stuff without really understanding it.
Reply
#14
(04-16-2016, 12:24 PM)Insider Wrote:
(03-31-2016, 04:54 PM)IAT Wrote: Btw omni told that he has nothing to do with the wiki subdomain. It's been handled/hosted by someone else.

But still the fact that it's located on hackforums domain can make people trust it more. I could link someone to it through an image or something like that and probably not that many people would question it. That's at least what I think.

(04-16-2016, 12:16 PM)Sehaal Wrote: Nice find!

I got a error when adding a newline character at the end (%0a):
http://tracking.hackforums.net/tracking/...5%74%2F%0A;

Error:
Code:
Error: An API error has occurred - Redirect URI cannot contain newline characters. at System.Web.HttpResponse.Redirect(String url, Boolean endResponse, Boolean permanent) at ElasticEmail.Tracking.TrackClick(HttpRequest request, HttpResponse response) in C:\MgmtTool\Builds\trunk\Source\ElasticEmailAPI\Tracking.cs:line 117 at ElasticEmail.API.HandleTrackingRequest(HttpRequest request, HttpResponse response, String target, Int64 reqId) in C:\MgmtTool\Builds\trunk\Source\ElasticEmailAPI\API.cs:line 373 at ElasticEmail.API.ProcessRequest(HttpContext context) in C:\MgmtTool\Builds\trunk\Source\ElasticEmailAPI\API.cs:line 139

Trying HTTP Response Splitting? Seems like newlines are unfortunately disallowed. I tried replacing with with carriage return (%0d) haha but that resulted in error 500 in GreySec. I should try to learn more XSS, at this point I'm just testing stuff without really understanding it.

Yep, would be intressting if that would work with hackforums.
Reply
#15
HackForums is most probably just another honeypot of us government. They track your browser and require your real ip (no vpn/proxy/tor/etc) allowed on their site. Even if it was not originally a gov honeypot, im sure they work close togther... they really crap.
Reply
#16
(05-17-2016, 02:43 PM)charge Wrote: HackForums is most probably just another honeypot of us government. They track your browser and require your real ip (no vpn/proxy/tor/etc) allowed on their site. Even if it was not originally a gov honeypot, im sure they work close togther... they really crap.

The one community which has nothing to do with hacking.
Reply
#17
(05-17-2016, 02:43 PM)charge Wrote: HackForums is most probably just another honeypot of us government. They track your browser and require your real ip (no vpn/proxy/tor/etc) allowed on their site. Even if it was not originally a gov honeypot, im sure they work close togther... they really crap.

Considering they (the administrator of HackForums) started CarderProfit.cc under the direction/guidance of the Secret Service as an invite-only group, I would say there's absolutely no doubt they work with the government
Reply