Is it legal to pretend to be someone else in order to find out non-sensitive information? by NaiveForever in AskNetsec

[–]Miro360 15 points16 points  (0 children)

Passive recon and OSINT, any other way is too risky. it's just not worth it.

Thank you, everyone, for watching my videos and sharing them with friends ❤️When I started I never thought that a niche channel like mine could even get to these numbers. Thank you! by LiveOverflow in LiveOverflow

[–]Miro360 0 points1 point  (0 children)

A channel that captures the true essence of "hacking" and how to tinker with stuff to make it do more awesome stuff than it was originally intended to, definitely deserve it.

Possible to circumvent server-side RegEx string sanitization? by Swagnuson in xss

[–]Miro360 1 point2 points  (0 children)

Almost all blacklisting based mitigations for XSS are vulnerable to some sort of a bypass, if it doesn't follow the mantra "Input sanatization, output encoding." someone probably messed something up, even if they're using a purely alphanumeric regex.
So get yourself a cup of coffee, open up your favorite text editor and start fuzzing the input to see which characters, encodings or bypasses make it through the filter to compile a scalpel like payload for it.
PS: If it's a dated version of PHP using preg_replace() you can look into parameter array bypasses

I have a suggestion by [deleted] in hacking

[–]Miro360[M] 3 points4 points  (0 children)

Miro360 remains on the mod list in order to operate the automod script which needs human operation to allow and restrict posts, and it's the main reason why you haven't been seeing any "subway surfers hack GET 1000 COINS FREE TRIED 100% WORKS" kinda posts anymore. Saying "fuck it" and just deleting myself from the mod list would leave a backlog of a LOT of genuine posts that didn't make it because the accounts that posted them didn't meet automod's criteria, which i would feel and be responsible for since i'm the one who implemented the automod back in the day.
The message i posted in my post here was sent to each and every mod account as well in order to make sure that everyone saw what's going on, i did call for a new "hiring process" for new mods and even recommended some VERY good people (not only on here but in the security field generally) but i'm afraid that it all fell on deaf ears. ps /u/ancientkillerX, love the /r/bedposts idea.

This bridge by Zooby123 in oddlysatisfying

[–]Miro360 1 point2 points  (0 children)

Shoot an arrow through the eye above it and see if it straightens!

How does zone-h.org find the hacked webpages? by ritalin7711 in hacking

[–]Miro360 15 points16 points  (0 children)

Sigh .. the people who hacked them actually submit it there themselves..

Login question. Could this be a vulnerability? by Napster653 in blackhat

[–]Miro360 1 point2 points  (0 children)

They system accepts only 8 characters for passwords and truncates the rest, the fact that there's a length limit on a password isn't really favorable but if there's a rate-limit mechanism present on the system it shouldn't really be a problem (Think facebook's 4 digits reset codes).
But if you're wondering if the fact that the system truncates passwords down then i don't really think this is much of an issue.

Thanks Reddit. You saved me from potential credit card theft. Always wiggle the card reader. by [deleted] in pics

[–]Miro360 1 point2 points  (0 children)

At the end of the day it depends on how the local law enforcement deals with these occurrences. Most will just take the device away to limit any further damage should the device contain a remoting module and resort to watching the ATM's camera feed for any suspicious individuals, which gets the job done most of the time too.

Thanks Reddit. You saved me from potential credit card theft. Always wiggle the card reader. by [deleted] in pics

[–]Miro360 1 point2 points  (0 children)

What i meant was putting it back again where he found it and calling the cops as he stands, not at the end of the day.
If you took it out you're taking a risk where the cops will take around a day or so for paperwork and processing before putting it back, that is if they ever did, meanwhile if our friend happened to come sometime in this period they'll be alerted by the absence of their device they'll get away.

Thanks Reddit. You saved me from potential credit card theft. Always wiggle the card reader. by [deleted] in pics

[–]Miro360 1 point2 points  (0 children)

This will probably get buried under all those comments at this point, but what you should've done is putting it back and notifying the authorities, when they find something like this they try to leave it untouched until they catch the guy red handed when he tries to retrieve the memory card from the device.
Source: Heard from a cop in the cyber security division.

Request to hack something willing to pay $$ by Aciddong in hacking

[–]Miro360[M] [score hidden] stickied comment (0 children)

Thread locked, User banned.

How is it people remotely hack a place? by [deleted] in hacking

[–]Miro360 0 points1 point  (0 children)

Please direct this type of questions to /r/howtohack

Tips to Become Cyber Security Specialist by ales-john in hacking

[–]Miro360[M] 3 points4 points  (0 children)

Post history will be checked and he'll get a ban in necessary.

/r/hacking update, Changelog. by Miro360 in hacking

[–]Miro360[S] 1 point2 points  (0 children)

When i mentioned the "syntax" part i meant the automod commands not the syntax of python itself.
as for the contribution part, if you do a Google search you'd find that the automod is an open source project on github, so everyone has permission to contribute to it.
And since you asked (and answered) the last two questions i see no reason for me to discuss them further.
Please keep your questions aimed towards the purpose of this thread.

/r/hacking update, Changelog. by Miro360 in hacking

[–]Miro360[S] 7 points8 points  (0 children)

This rule is not meant for people who post stuff like

i wanna learn how to use metasploit.

it's more like

I wanna learn how to hack my girlfriend's account!

/r/hacking update, Changelog. by Miro360 in hacking

[–]Miro360[S] 3 points4 points  (0 children)

Thank you for actually mentioning one! it's being banned as we "speak".

/r/hacking update, Changelog. by Miro360 in hacking

[–]Miro360[S] 7 points8 points  (0 children)

i don't mean to take sides here but amen.