Over Executed Search Results

How To: Beat LFI Restrictions with Advanced Techniques

One of the most common web application vulnerabilities is LFI, which allows unauthorized access to sensitive files on the server. Such a common weakness is often safeguarded against, and low-hanging fruit can be defended quite easily. But there are always creative ways to get around these defenses, and we'll be looking at two methods to beat the system and successfully pull off LFI.

How To: Use SQL Injection to Run OS Commands & Get a Shell

One of the ultimate goals in hacking is the ability to obtain shells in order to run system commands and own a target or network. SQL injection is typically only associated with databases and their data, but it can actually be used as a vector to gain a command shell. As a lesson, we'll be exploiting a simple SQL injection flaw to execute commands and ultimately get a reverse shell on the server.

Hacking macOS: How to Use One Tclsh Command to Bypass Antivirus Protections

Using Netcat to backdoor a macOS device has its short-comings. If the compromised Mac goes to sleep, the Netcat background process will occasionally fail to terminate correctly; This leaves Netcat running infinitely in the background and the attacker with no new way into the device. As an alternative, we'll use the lesser-known Tcl shell which can handle abrupt backdoor disconnections.

How To: Exploit Shellshock on a Web Server Using Metasploit

One of the most critical bugs to come out in the last five years was Shellshock, a vulnerability which allows attackers to execute arbitrary code via the Unix Bash shell remotely. This vulnerability has been around for a while now, but due to the ubiquity of Unix machines connected to the web, Shellshock is still a very real threat, especially for unpatched systems.

How To: Use a Misconfigured SUID Bit to Escalate Privileges & Get Root

Gaining access to a system is always exciting, but where do you go from there? Root or bust. Sure, a compromised host is a great way to run a botnet, or do some other boring, nefarious thing—but as hackers, we want root. We also want to take the easiest path possible, search out low-hanging fruit, and exploit them. SUID programs are the lowest of the low-hanging fruit.

How-to Ruby : Simple SSH Bruteforcer

Hello fellow training hackers. I do not know if many of you are familiar with ruby, but since it is a useful scripting language, that hasn't been covered too much here on Null Byte, I thought why not do some How-tos about it now and then.

How To: Play "Hilo March" in the ukulele

In this video tutorial, viewers learn how to play the song "Hilo March" on the ukulele. The video reveals the string movements and the order in which the notes need to be played, in order to execute the song. The video provides step-by-step narration and a visual demonstration for viewers to easily understand and follow along. This video will benefit those viewers who are interested in the ukulele and want to learn how to play a new song.

How To: Execute a power clean and push jerk

Proper form is very important to lifting weight and strength training. One wrong move could potentially lead to an injury. Follow along in this how-to video critique by Mark Rippetoe as he guides someone through the correct set up for a power clean and push jerk. Better form can lead to more effective lifting. Practice your power clean and push jerk.

How To: Use TypingRobot V1.0 (cheat Typing Maniac) (08/05/09)

http://www.texturemind.com/post463/ TypingRobot is an artificial intelligence studied to increase your points record with the Typing Maniac game on Facebook. It can recognize several labels because it uses a powerfull OCR system (tesseract) and some principle of word correction. With this program you can make millions of points without problems (my personal record is about 2.700.000 points).

How To: Play and spot opening chess moves

Chess is a strategy and logical deduction game between two players that is enjoyed by children and adults alike, from park benches to convention halls across the world. Though the game of chess has taken many variations over its long history, today's form involves black and white teams orchestrated by players and has even entered the digital age, as games and tournaments are played online and via email. Using a square board composed of grids and smaller squares, the game pits a queen's army a...

How to Hack Like a Pro: Getting Started with Metasploit

This is my first contribution in an ongoing series on detailing the best free, open source hacking and penetration tools available. My goal is to show you some of the quality tools that IT security experts are using every day in their jobs as network security and pen-testing professionals. There are hundreds of tools out there, but I will focus and those that meet four key criteria:

How To: The Novice Guide to Teaching Yourself How to Program (Learning Resources Included)

Today's post is a small go-to guide for beginner programmers in Null Byte. With many of our community members picking up programming from our Community Bytes, it only makes sense to lay out a one-stop guide for your reference. Hopefully this guide will help you make an educated and thoughtful choice on what programming languages you want to learn, and how you want to learn said languages.

How To: Securely Sniff Wi-Fi Packets with Sniffglue

Sniffing packets over a network is an easy way for hackers to gather information on a target without needing to do much work. But doing so can be risky if sniffing packets on an untrusted network because a payload within the packets being captured could be executed on your system. To prevent that, Sniffglue sandboxes packet sniffing to provide an extra layer of security.

How To: Easily Change Your Phone's Font Without Tripping SafetyNet

You can easily deck out your favorite phone with great wallpapers, ringtones, and icons, but what about fonts? Not all Android skins let you change the system font, and even when they do, the options are often limited to a few choices. Certain root apps can open up the system font to customization, but some of these can cause problems now that Google introduced a security measure called SafetyNet.

How To: Get Started Writing Your Own NSE Scripts for Nmap

The road to becoming a skilled white hat is paved with many milestones, one of those being learning how to perform a simple Nmap scan. A little further down that road lies more advanced scanning, along with utilizing a powerful feature of Nmap called the Nmap Scripting Engine. Even further down the road is learning how to modify and write scripts for NSE, which is what we'll be doing today.

SQL Injection 101: Advanced Techniques for Maximum Exploitation

For SQL injection, the next step after performing reconnaissance and gathering information about a database is launching an attack. But something seems off .. in the real world, it's usually not quite as simple as passing in a few fragments of SQL code to an input field and seeing all that glorious data displayed right in the browser. This is when more advanced techniques are needed.