This page is for anonymous public messages. If you'd like to e-mail me directly, see here for my contact info.
Send a message
Answered messages
would you say there is a distinction between gay as in "horny for men" and gay as in "in love with men" and which one are you
• frome259eec9467e6527
Well, there is a distinction in that somebody can be one but not the other, but they're really just different manifestations of attraction. Anyways I am both in love with and horny for men 24/7
Uhhhhhhh hi
• from
I'd like a number 15, number 6, and a side of hot gay sex please3f5860274fbe923c
sorry creampie machine broke
Opinion on [DATA EXPUNGED]?
• from30c8e63155de417c
Hot take, but I think it's very [CENSORED] and [REDACTED], tbh.
What do you think of OMORI?
• impersonatingcocks_lol
It sure is a video game! Thank you ~keithmail user cocks_lol
mr tables may i have the filename"; ?><?php echo __FILE__; ?>
• from25355d4964cb81dd
That's not gonna work, lol. Anyways, if you want the filename, it's literally just mail.php
.
I might still try the “get the website to leak the secret or gain access to the server” option
• from21fe8af59374b868
Go ahead! I don't think there are any vulnerabilities that'd let you get the PHP source, but do let me know if you find one. The actually important stuff (database credentials) is stored in environment variables, so I'm not too worried about people poking around. Just, like, be a good Netizen, don't do anything harmful.
So do I earn the privilege of signing my own cookies by brute forcing the hash somehow or by hacking your website to steal the secret?
• from489ccc9ac3f9d6c8
I honestly didn't think that far - what I'll probably do is add the vulnerability in later.
this is a tumblr ask
• from191977ebd02ad296
Yeah, that's basically where I got the idea from. Except my version is better
Hey can you do me a favor and run the following code:
• from
hash('sha224', 'Cock Enjoyer' . $sig_secret)
And then publish the output?
That way everyone can be a legitimate Cock Enjoyer0aea81556791686c
Nah, it's more fun if y'all earn that privilege :-)
*steals your penis*
• fromfa332d1d1fee8801
Luckily, I was wearing a second, smaller penis underneath.
if i saved my cookie+sigcookie somewhere could i perpetually have this identity
• from639298336a02484c
Yeah. It's intended to be a short-lived identifier (that's why it resets when the browser's closed), but if you modify the cookies you can do whatever you want.
wait, so how hard is it actually to brute force sha224? Like, could I theoretically do it on my home computer? and then use the secret to "sign" my own cookie? (is the secret something lewd? I feel like it's something lewd)
• from4eeb07b498ac4fa8
SHA2 is still secure enough that it can't reasonably be bruteforced. But if you did get the secret, yeah, you could just use it to validate any abitrary cookie.
I can change cookies at will it's like being a shapeshifter
• from
If your signature algorithm is something home grown and not just like, RSA or something I could maybe even find a way to trick it and forge cookies without being revealed as an impersonator. By signing my own cookie.
That last sentence sounds like a dirty joke.f4e7f44a7d623d20
It's just hash('sha224', $mail_cookie . $sig_secret)
, but DAMN, that's a good idea! Maybe in a future overhaul, things will become a little more interesting.