Thread 106283189

Fuckin' trannies man....
What the hell is their problem?
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/thread/MMCCEQKA4UPGGWFWEBWLYKHTYCAOQIZS

>>106283189 (OP)
>Trannies
*germans

>>106283189 (OP)
>Tranny dominates game made by another tranny.
It's all so tiresome.

>>106283189 (OP)
its probably a combination of malware botnet + residential proxy provider (like smartproxy)

>>106283189 (OP)
>trany catboy subnet gets b&
>have fun with your dead internet, bozo

>>106283284
KEEP MY WIFES NAME OUT YOUR FUCKING MOUTH

currently this board is more low iq than /pol/

>>106283189 (OP)
>guns.lol
>russian music autoplaying
the faggot has access to a botnet and is probably affiliated with ransomware gangs and other retarded skid shit
move along

>>106283189 (OP)
>zero reading comprehension

Smells like PR stunt.
Nothing stopping "Justine" from making all of this up so that people wonder "how can someone control 9% of all of the IPV4 IPs?" and then they look into it and play the game or otherwise engage with them which you then turn into ad money, merch money, project visibility, maybe even job opportunities.

>>106283383
Ties in as well with the question about whether any NA operators will pitch in to defeat this person. It's just invited more participation, more publicity.

I get a new ip every time I toggle airplane mode er uhmm I mean reboot my router

>>106283284
https://www.youtube.com/watch?v=LXVWLA5eKO0 she is a cute chuddey. Here she is doing an interview with the founder of proud boys

>>106283189 (OP)
>server written in C
some kind of buffer overflow or header injection, probably

>>106283189 (OP)
>>106283701
I think I got it. not telling, though. not wasting time on this shit either
here's the code for the server: https://github.com/jart/cosmopolitan/tree/master/net/turfwar
have fun, retards

>>106283357
can you post a link to the /pol/ thread?

>>106283189 (OP)
> 20 million IPs
> that actually belong to google
trannies and pajeets.. i swear they are the same people.

Holy fucking shit
Threads like this are a solemn reminder of the absolute retards browsing this board. LOL

>>106283930
to be fair, NANOG is supposed to be full of competent people, yet only a couple of people gave useful answers or advice

>>106283930
Thank you for your useless input

>>106283189 (OP)
A real mystery, what's a common way for a russian skid to control a massive amount of adresses, who could ever know

>>106284693
good points and all but you misgendered HER so your social life is pretty much over now

think twice in your next life

>>106283189 (OP)
It's probably some simple shit like X-Forwarded-For header spoofing.
Or the creator itself faked it and uses it to bait for engagement.

I am not here to fix your website.

Neat. Ipv6 exists and the government can commandeer ipv4 addresses at any time.

>>106284693
Retarded poster. The purpose of the website is to claim IPs. Http uses TCP and TCP requires two-way communication for setup so you cant fake a connection with fake source IP.

>Justine
Every fucking time these dipshit shut-ins, whose only experience with women is through chinese cartoons, pick some final fantasy tier name.

Did the Hacker News story about this get flagged and deleted?

>visit femboy.cat
https:////ipv4.games/claim?name=femboy.cat" hidden>
boy i wonder how

They should make permanent ipv4 addresses illegal at this point. If you need to stay available, use ipv6.

>>106285341
How do you get 20million people to visit a site with that image

>>106285341
kek
this is cheating

>>106284895
Sticking a script in a webpage a lot of people visit would work, or paying some cash for a botnet. The site doesn’t represent actual IP allocations.

>>106285792
from a quick glance at his site he runs a captcha and file upload site. really not that implausible that he inserts a tiny api call in every service of his, targeting an endpoint thats not secured in any way at all and thats ripe for abuse

>almost 6 hours since the OP posted the link
>no one has found what seems to be the vulnerability in the source code
HN did it in 5 hours

>>106284693
Not listening to this transphobe

>>106285988
nobody cares, jeetoid

>>106286306
>"""white""" amerimutt can't find vulnerabilities
top kek

>>106283189 (OP)
ok "Justine", I'll tell you what I think the issue might be:
the code checks for X-Forwarded-For and uses the origin IP if it's not a local/LAN IP... otherwise it uses the IP set in the X-Forwarded-For header.

well, what happens if you run a script from the internal network and set the IP in X-Forwarded-For to whatever you want? what if the femboy.cat guy has a Google VM too, and sends the requests from that VM?

>>106283189 (OP)
>>106287936
https://github.com/jart/cosmopolitan/blob/master/net/turfwar/turfwar.c#L1032
988 clientip = ntohl(client.addr.sin_addr.s_addr);
...
1028 ip = clientip;

// get client address from frontend
if (HasHeader(kHttpXForwardedFor)) {
1032 if (!IsLoopbackIp(clientip) && !IsPrivateIp(clientip)) {
...
1039 } else if (ParseForwarded(HeaderData(kHttpXForwardedFor),
HeaderLength(kHttpXForwardedFor), &ip,
0) != -1) {
...
1056 ksnprintf(ipbuf, sizeof(ipbuf), "%hhu.%hhu.%hhu.%hhu", ip >> 24, ip >> 16,
ip >> 8, ip);
...
1230 } else if (UrlStartsWith("/claim")) {
...
1280 } else if (!HasHeader(kHttpAccept) ||
(HeaderHas(msg, inbuf, kHttpAccept, "text/html", 9) ||
HeaderHas(msg, inbuf, kHttpAccept, "text/*", 6) ||
HeaderHas(msg, inbuf, kHttpAccept, "*/*", 3))) {
++g_htmlclaims;
ksnprintf(msgbuf, MSG_BUF,
"\n"
"\n"
" "content=\"width=device-width, initial-scale=1\">\n"
"The land at %s was claimed for "href=\"/user.html?name=%s\">%s.\n"
"

\nBack to homepage\n",
ipbuf, v.name, ipbuf, v.name, v.name);
...

ip is set as the value of the header in 1039, after verifying (in 1032) that the IPs aren't loopback or private, and then ipbuf is set with this value, which is user-controlled.
the HTML code at the end of this ^ is what you get when you send a claim request.

also, there might be some kind of server-side request forgery or request smiggling allowing this.

>>106283701
obsessed

>>106285911
>he runs a captcha and file upload site
>a captcha
of course! why did nobody think of that

>>106284896
It's a common french name. But I suspect trannies probably pick it in reference to Sade's works.

>>106288181
brainlet

>>106283617
wow her voice sounds good

>>106291134
>she

>>106291160
yeah chud what about it

>>106283189 (OP)
Since the decades old predication of IPv4 becoming so scarce people have to ditch it didn't pan out they're now so desperate they're trying to get as many IPv4 blocks as they can to force IPv6 adoption.

>>106291178
did you just assume my chudiness? how derogatory of you

>>106288163
Post link to the thread

>>106291188
Retard that only reads headlines #7395527 spotted

>>106283189 (OP)
sex with justine tunney

>>106288163
This is trans erasure. Delete this now!!

>>106291208
don't you think that's a tired bit by now. like are you also gonna make an attack helicopter joke afterwards

>>106291258
don't you think men pretending to be women is a tired bit by now? like are you also gonna make a 'she's strong and independent' joke afterwards

kys

*ahem*
SEX WITH JUSTINE TUNNEY

>>106291276
if it makes chuds seethe then it cannot be a tired bit

>>106291233
>implying I even read the headlines
kek, retard

>>106291233
It's in the filename https://news.ycombinator.com/item?id=44925570

>>106283189 (OP)
IPv4 cucks blown the fuck out. Pay the fuck up or move to IPv6 already you fags.

62% of these IPs go unattributed every year though.

>>106291328
>>106291178
>Chuds
>Chuds
>Chuds
>Chuds
Seek help

>>106285988
Why would anyone be looking for exploits, especially for free, for someone else's personal game website.
How desperate for attention does someone on HN have to be to act that way.

>>106288163
>implying visits with "&claim=YOURMOM" as YOURMOM has control over the IP
Admitteldy, capturing traffic of 9% of known IPv4s is quite something though.

To often have people marketed with ulterior motives masquerading as retardedness, and too often do normies let them get away with it.

...probably because they're all covering for each other.

>>106291627
Did you completely miss the point of the nanog thread, of this one and the HN threads?
The owner of the game is asking how it is possible to claim so many IPs in the game. It should not be possible without some tricks, yet the tranny is doing it.
It's basically a CTF, something that you brainlet probably never heard of...

>>106291896
Utterly retarded interpretation. This is like admitting to getting tricked into free work and then doing mental gymnastics to explain yourself.

>>106291896
>b-bro it's b-basically ctf!
Holy fucking shit kiddo you need to be 18+ to post here.

>>106291923
We may have donated 5 hours as a group collectively doing multiple fields of research but at the end the man in the dress said we were leet so it was worth it.

>>106291923
>>106291935
Spotting vulns is fun, and you retards really have no clue how the security industry works. It's called reputation.


Also,
>muh free work
It's as much free work as the retards saying "you can beat the game by embedding some javascript in some high traffic website"

>>106292142
LOL

>>106283318
>residential proxy
you mean pajeets hacking home connections, fixed that for you. (think about if anyone for example on a german home connection would be offering a proxy, with the shitty german anti-piracy actions.)

>>106292142
>It's called reputation
I appreciate that you're willing to admit it, but that's just reiterating what I said in my initial post.
>How desperate for attention does someone on HN have to be to act that way
Sad to see.

>>106283383
Via evidence from real life, the pajeets can hack a lot of the iot devices called e-scooters.
>How many e scooters are there in europe?
>It's difficult to pinpoint the exact number of e-scooters in Europe,
>but estimates suggest there are millions in use.
>One source indicates 750,000 private e-scooters in the UK alone,
Then add in from a hacked e scooter you can potentially abuse x home connections.

>>106292283
All you need to know about the "ethical" sourcing of residential proxies are the ridiculously low costs. Yeah I'm sure there are tens of thousands of normal people in basically every country reselling their internet access for 1/1000th of a cent a month.

>>106292366
there is a rumor(half proven, did not test it.) about a provider who is shit insecure in the 94.x.x.x block, the femboy.cat group has 78000 IP's in that block. if you get more precise info where he has the IP's in that block this could support/ contradict.

>>106292383
thanks, good point!

>>106284693
The edit makes me block the user.

>>106292312
Anon, it's not "desperation", and I think you are also missing the point of HN itself LMAO. You don't gain visibility in the security industry (and the tech/IT industry in general) by sending private emails to people to fix their bugs/vulns for free or whatever, you talk to people in the open to expose your competence (or at least pretend to be competent). The more exposure you get, the higher probability of having someone contact you for some job/gig.
Have you read the news about some new vulnerability or whatever? 90% of that is some bullshit vulnerability some retard found onsome wordpress plugin PR whatever. Yet they still publish them. Why do you think it happens?

>>106292366
>>106292383
>>106292479
>>106292498
They aren't using or claiming 9M real IPs, retards.

>>106292533
This reads like self convincing. Sorry to hear that.

>>106292551
This reads like a woman or tranny who doesn't understand the read world and has never worked for a single day in their life.
Pathetic. Though not unexpected for /g/

>>106292533
>its fine if I spent my free time on this game because it's not significantly challenging
>reputation is important in this profession which is why I need to tell people I did this
interesting

>>106292603
Where is that coming from? Seems baseless, comes across as lashing out or projection.

>>106292612
So I'm correct and you've never heard of CTFs. Just google it and try one of the easiest challenges. You'll waste a lot.more time on that than finding the bug on this shitty game kek

>>106292631
I work in the industry. I know what I'm talking about.

>>106292639
>I work in the industry. I know what I'm talking about.
The thread is about a web service, not female focused mental health facilities.
That skillset doesn't translate at all and isn't really on topic.

>>106285341
Fucking zazed CSRF
Justine utterly BTFO

>>106292639
>Just google it and try one of the easiest challenges
I don't think you realize that adds to the point being made here >>106292612

>>106292668
>The thread is about a web service
>isn't really on topic.
If you think claiming 9 million IPs in matter of days in this game isn't a computer security problem, you really have no understanding of technology.

Get the fuck out of this board

>female focused mental health facilities
The OP is a tranny, you retard
Meanwhile, practically NO women work in cyber security kek

>>106292691
I know it does.
My point was that you have to spend a lot of time practicing to get good in all things offensive security, just like programming and IT.
This is why I'm calling the other retard an unemployed, inexperienced retard. Imagine thinking that practice in this industry is a bad thing because "you worked for free" for someone else. It's a miserable mindset that only shows the mediocrity of that retard.

>>106292770
You seem to be getting more and more upset over this so I'm going to leave you alone instead of allowing you to continue arguing against your own self and getting even more flustered. Good luck with your nursery job or whatever.

>>106283189 (OP)
Mostly terrible propaganda created to make everyone that could be a problem to the megacorporations to end their own lives, so they can create the fuck you as a service world.