Keyloggers are a must-have tool in your arsenal. Hardware keyloggers have the advantage of being undetectable through anti-virus or other protection programs. They also capture keystrokes before the OS even boots up, so they are pretty handy tools.
Reverse shells are useful for issuing commands to a remote client when the client is behind something such as a NAT. You might say, "But can't a normal shell or simple SSH tunnel do the same thing?". No, it can't. All over the internet I see a lot of confusion regarding the difference between a normal shell and a reverse shell. Let's clear this up before we get started.
Just removed an important gem from your weapon? Totally screw yourself over by restarting a bloodline instead of the battle you just lost? It sure would be great if you could backup your character so you can always have a safe copy ready to go at a moment's notice. Well, those smart folks over at the Infinity Blade forums have devised a clever way to do this.
Last Friday's mission was to accomplish solving HackThisSite, basic mission 8. This meant that we had to learn some more basic Unix commands.
For newbies to astronomy, expensive equipment is an understandable deterrent. But with some thorough Google searching, you can find plenty of How-To's for making your own tools for less. Below are a few sites with several cool projects to offer.
I can't believe it, but I've actually read about dozens of people getting their iTouch, iPhone, or iPad stuck in a bricked recovery loop and then going out to buy a new one. This is overly unnecessary. When it gets stuck in the recovery loop, some people mistake themselves by thinking that it is impossible to get the device back into DFU (Device Firmware Upgrade) mode. Getting the device back into DFU mode would at least allow us to jailbreak the device, essentially bringing it back from its ...
Another great Community Byte in the bag! This week was really cool, especially with programming going on twice a week. We transitioned to the new times very smoothly with no one left behind, from what I can tell.
Cheers to another completed Community Byte project! Things went well regarding timeliness and being friendly to the other coders and students. If you've got ideas for our next mission, or an idea for a tutorial, submit them to me. Friday, our mission was to take out HackThisSite, basic mission 5. This mission focused on JavaScript, again. This time there is a little bit more security in place.
Last post, we looked at fractal cookies based off of the recipe by Evil Mad Scientist Laboratories. In this post, we'll follow their recipe for fractal cupcakes based off of the Koch Snowflake, which we used previously to decorate pumpkins for Halloween.
Welcome to another Community Byte announcement from Null Byte! The goal of the Community Bytes is to teach people in a co-operative, hands-on manner. Learning from experience and immersing yourself in a subject is the best way to learn something foreign to you, so that is exactly what we do! In our sessions, we have started to both code and complete HTS missions. This means that there is something for everyone here, so make sure you join us.
With the rather large success of the Community Byte activities, both programming and HackThisSite, I have decided to continue to do both activities every session! With that said, when programming sessions occur, they will be lead by Sol Gates in Gobby. Also, the programming mission will no longer be to code a tool, we have changed it to be even more "noob friendly". This means that instead of coding a tool, you will be walked through puzzles and challenges that must be solved by coding a scri...
Welcome to another Community Byte announcement! For the past few Community Bytes, we coded an IRC bot, and hacked it. Then, we created a web-based login bruteforcer! This week we are going to start something a bit different. We are going to start going through the missions at HackThisSite one-by-one each week, starting with the basic missions.
Our mission for this week's Community Byte was to create a Python program to crack web-based passwords, like the ones you would see on an email or router login. I wanted it to be universal in the sense that it could be easily modified and adapted to another website just by changing a few variables. That was a success! Even though people weren't on time to the coding session, everything went well.
JavaScript is the language of the internet. It is what allows us to create dynamic, interesting webpages that are fast, web-based applications and so much more. The primary use of JavaScript is to write functions that are embedded in or included from HTML pages and that interact with the Document Object Model (DOM) of the page. This is the magic that allows all of what we see to happen, and for our browser to be manipulated.
File recovery on Linux is a bit different than Windows. It requires different software than the Windows counterparts because every OS has their own file system. Windows uses NTFS, or FAT file systems, while on the other hand, Linux uses ext-based file systems. I personally use ext4 file system because it's the latest and greatest ext-journaling system and supports a large level of directory recursion and file sizes, but most installations still use ext2 or ext3. When files are deleted from a ...
Welcome to the second Goonight Byte! Our second coding session was kindly hosted by th3m, so props to him for letting this happen.
Welcome to part two in a series about steganography, the art of hiding things in plain sight. We are practicing steganography because it can be a useful skill if you don't have access to encryption software, or need a quick solution to make sure the sender and recipient are the only ones who are able to read your message.
In Linux, all password hashes are normally stored using the MD5 hashing algorithm in the /etc/shadow file, but MD5 is algorithmically weak due to collision vulnerabilities. The new recommended standard are the higher level SHA-2 hashing algorithms, SHA256 or SHA512. As a friend pointed out to me, Ubuntu is currently the only distro implementing SHA-2 as the default. With SHA-2, your passwords take an unreasonably larger amount of time to calculate. This will greatly decrease how many password...
Cheating. It happens everywhere. From scientists faking human ears on mice, to Hollywood thirty-somethings cheating on their quadragenarian wives, to chess players accusing supercomputers of fraud. There's no game or profession out there that doesn't have a cheater or two, but the bigger nuisance is probably those people who accuse others of cheating.
Beginning this week, Null Byte will be hosting a new feature called Community Byte, a weekly coding and hacking session held in the Null Byte IRC. This is a chance for our community to do something fun, and make something awesome together!
Often times when staying at a hotel or anywhere for that matter, you'll whip out your laptop and check the local area for Wi-Fi. I know you've all been in my shoes when you find an unsecured network that appears to be public Wi-Fi belonging to the hotel or airport, and you connect to it. You connect fast and perfectly, only to find that when you open your browser, it says you don't have an account, and are filtered from accessing the web. This is because the owners of the network want to keep...
The internet is a scary place, and if you're like me, you don't want anyone tracking you or learning your search habits. It's a blatant invasion of privacy for companies to do this, but at least we have methods of fighting back—one of which is Tor.
This Week's Workshop: Music To My Ears The heart of WonderHowTo's Minecraft World is, naturally, “How-To” and so in the spirit of all things tutorial and DIY we will be hosting a weekly workshop showcasing the best and newest tutorials, builds, and inspiring ideas. We hope to inspire creativity and create a place where the community can share ideas and practice skills, right here on our server.
In this Null Byte, I'm going to teach you about Null Byte Injections. Null Bytes are an older exploit. It works by injecting a "Null Character" into a URL to alter string termination and get information or undesirable output (which is desirable for the malicious user).
Like the recent XSS 0day exploit found in the Mac and Windows versions of Skype, a similar one has been found in the Skype app for iPhone. The vulnerability allows an attacker to send a message that contains malicious JavaScript code in the "Name" parameter. This code can steal your phonebook, crash the app, and potentially do a lot worse. The URI scheme is improperly identified for the web-kit browser. Instead of going to a blank browser page, it defaults to "file://". The code could steal a...
For as much money as they've made from North American video game audiences over the years, Japanese game developers don't seem to have very much faith in them. Dozens of great titles from their 40 years in the industry have appeared in Japan and across Europe, oftentimes even in English. But they never make it over to America, like Mother 3, Last Window: Midnight Promise, Dragon Force 2, and Tobal No. 2 (that one didn't even hit Europe).
Children under the age of 13 possess insight that can blow the minds of their elders, but not the wherewithal to make important life choices for themselves. This is exactly why there are strict rules against marketing cigarettes to them. In 2000, a law went into effect called the Children's Online Privacy Protection Act that institutes similar consumer protections for our youth's online identities, prohibiting companies from soliciting personal information from children under 13 years of age ...
I started playing MTG in 1994, the same year that the Fallen Empires set hit the market. It was, in fact, the first new set released after I started playing, making me one excited nine-year-old. I harangued my father, he took my friends and I to Gameworks again and again, and the booster packs started to mount. The problems only started to occur once we got them open.
Blogs are a gold mine Some of the best sentences you will ever get when building your vocabulary can definitely come from blogs. The language and vocabulary usage in blogs is always changing to reflect how people talk in this day and age, and therefore are the perfect research tool for vocabulary sentence building.
Having fun with those sentences So now you have about 30-50 sentences sitting in front of you and you've read through them, but don't quite have a feel for how they are supposed to sound. This is very demotivational because if you can't hear the flow of the sentence, you may be afraid that you are learning it incorrectly and that can really be a tough obstacle to get through.
Check out MY quick intro and some tips for the Crafting building then watch my video for more in depth, live action information! This post is NOT copied from the Zynga boards, so it's unlike any you have seen yet!
There is a wonderful site that just launched with the youth sports community in mind. The site is http://YouthSportTravel.com , a collaboration of youth sports coaches and a major online travel brand. They offer arguably the best prices on hotel and motel rooms anywhere. For proof, I tested a number of locations with www.hotel.com, Expedia and Travelocity in comparison with YouthSportTravel and in each case; YouthSportTravel was equal to or cheaper than the competition. But this is not all th...
GTA4 1st Person View Mod This mod has been out for a while, but with some people gettings Grand Theft Auto 4 for the PC last week because of the Steam sale, there has been talk about what are the best mods to get. There is a thread on Neogaf that talks about playing the game in first person mode instead of the default 3rd person point of view.
So, you've made your first zine. Now what? That depends on a couple things:
Lifehacker posts an article on the art of cracking weak passwords, courtesy of Internet standards expert, CEO of web company iFusion Labs, and blogger John Pozadzides. Pozadzides certainly knows a thing or two about password logic. (Note: this information is not intended to hack into accounts, but rather to protect you from using weak passwords).
With FarmVille being one of the hottest Facebook games on the market, it's no wonder it's the primary target for scams and virus downloads. Anyone playing FarmVille is at risk, but the primary targets are those looking to improve their gameplay and build their farms and neighbors up. These "farmers" are the ones seeking quick hacks and cheats.
WonderHowTo is made up of niche communities called Worlds. If you've yet to join one (or create your own), get a taste below of what's going on in the community. Check in every Wednesday for a roundup of new activities and projects.
I recently upgraded from Ubuntu 9.10 to 10.04 and now my boot screen is a bit messy. Since I'm not using the latest GRUB boot kernel (Linux 2.6.32-28-generic), I might as well delete it. For more documentation, visit Ubuntu Forums.
Antivirus programs usually aim to prevent malicious software from crashing your system, not ARE malicious software that crashes your system. Except, that was the case with AVG Anti-Virus yesterday when they released a software update that rendered 64-Bit Windows 7 systems useless. It affected both free and paid AVG owners.
The community here on Null Byte has always been great and helpful in sharing their know-how, even before I took up admin duties in this World. I jumped at the chance of leading Null Byte because I enjoy teaching and informing people on all of the important need-to-know things out there, but more so than that—there is a deeper reason.
