News: Test Your Hacking / Exploiting Skills with SmashTheStack!
Hello Null-Byte community. First off: this my first post here on Null-Byte. Some of you may have already seen me in the comment section, to all others: Hi, I'm the new guy.
Exploiting Search Results
How to Hack Like a Pro: Hacking Windows Vista by Exploiting SMB2 Vulnerabilities
Hi, gang! Time for another hack using Metasploit. We have exploited Windows XP (a very insecure operating system) and we have exploited Ubuntu and installed Meterpreter on a Linux system exploiting the Samba service. Several of you have asked for a hack on more modern Windows systems, so here goes.
How To: Use Commix to Automate Exploiting Command Injection Flaws in Web Applications
The ability to execute system commands via a vulnerable web application makes command injection a fruitful attack vector for any hacker. But while this type of vulnerability is highly prized, it can often take quite a bit of time to probe through an entire application to find these flaws. Luckily, there is a useful tool called Commix that can automate this process for us.
Exploiting XSS with BeEF: Part 2
Now that we have our vulnerable server, it's time to start up BeEF. Getting Started
Exploiting XSS with BeEF: Part 3
Now that we have control over a victim's browser, we need to use some attacks to maintain the connection, or even better: upload a shell.
How To: Gain Control of WordPress by Exploiting XML-RPC
WordPress did not become what is arguably the most popular blogging and CMS platform on the planet because it was difficult to use. Rather, its user-friendly and rich feature set led to it finding a home on somewhere north of 70 million websites—and that's just counting blogs hosted on WordPress.com.
Hacking Windows 10: How to Break into Somebody's Computer Without a Password (Exploiting the System)
After a hacker has configured Metasploit on a remote private server, created a resource script for automation, and created a simple payload, he or she can begin the process of remotely controlling someone's Windows 10 computer with just a few moments of physical access — even if the computer is off.
How To: Pop a Reverse Shell with a Video File by Exploiting Popular Linux File Managers
What appears to be an ordinary MP4 may have been designed by an attacker to compromise your Linux Mint operating system. Opening the file will indeed play the intended video, but it will also silently create a connection to the attacker's system.
How To: Find caves and lava in Minecraft by exploiting a glitch
This is a clever little exploit that you can use in Minecraft that shows you how to use correctly positioned gravel to take advantage of a glitch in the programming. Use this to be able to tell where there are caves and lava!
Exploiting XSS with BeEF: Part 1
BeEF is an XSS-exploiting framework that lets you "hook" or gain control of victim web browsers. In this part of XSS exploitation, we will be working on finding an XSS-vulnerable website. We can simply do this by Google Dorking.
How To: Manually Exploit EternalBlue on Windows Server Using MS17-010 Python Exploit
EternalBlue was a devastating exploit that targeted Microsoft's implementation of the SMB protocol. Metasploit contains a useful module that will automatically exploit a target, as long as it's vulnerable. But what if we wanted to exploit this vulnerability without Metasploit holding our hand? It can be done using a Python file to exploit EternalBlue manually.
Hack Like a Pro: How to Exploit SNMP for Reconnaissance
Welcome back, my rookie hackers! The more we know about a system or network, the better our chances of owning it and not leaving a trace for investigators to follow. One of the often overlooked sources for information is the Simple Network Management Protocol (SNMP). Many rookie hackers are not even aware of it, but it can prove to be a treasure trove of information, if you understand how it works and how to hack it.
How To: Exploit Shellshock on a Web Server Using Metasploit
One of the most critical bugs to come out in the last five years was Shellshock, a vulnerability which allows attackers to execute arbitrary code via the Unix Bash shell remotely. This vulnerability has been around for a while now, but due to the ubiquity of Unix machines connected to the web, Shellshock is still a very real threat, especially for unpatched systems.
How To: Exploit Routers on an Unrooted Android Phone
RouterSploit is a powerful exploit framework similar to Metasploit, working to quickly identify and exploit common vulnerabilities in routers. And guess what. It can be run on most Android devices.
Siri Exploited: Bypass the iPhone's Lock Screen to Browse Contacts, Make Calls, Send Emails, & Texts (iOS 7.1.1)
If you've haven't had your fill of Apple's security issues in recent weeks, Siri is now the latest to join the slew of problems with the most recent version of iOS (7.1.1).
How To: Exploit Java Remote Method Invocation to Get Root
In the world of technology, there's often a trade-off between convenience and security. The Java Remote Method Invocation is a system where that trade-off is all too real. The ability for a program written in Java to communicate with another program remotely can greatly extend the usability of an app, but it can also open up critical vulnerabilities that allow it to be compromised by an attacker.
How To: Exploit Remote File Inclusion to Get a Shell
A simple security flaw can allow an attacker to gain a strong foothold with little effort on their part. When a web application permits remotely hosted files to be loaded without any validation, a whole can of worms is opened up, with consequences ranging from simple website defacement to full-on code execution. For this reason, RFI can be a promising path to obtaining a shell.
How To: Perform Local Privilege Escalation Using a Linux Kernel Exploit
Getting root is considered the Holy Grail in the world of Linux exploitation. Much like SYSTEM on Windows, the root account provides full administrative access to the operating system. Sometimes even a successful exploit will only give a low-level shell; In that case, a technique called privilege escalation can be used to gain access to more powerful accounts and completely own the system.
How to Use PowerShell Empire: Generating Stagers for Post Exploitation of Windows Hosts
PowerShell Empire is an amazing framework that is widely used by penetration testers for exploiting Microsoft Windows hosts. In our previous guide, we discussed why and when it's important to use, as well as some general info on listeners, stagers, agents, and modules. Now, we will actually explore setting up listeners and generating a stager.
How To: Locate & Exploit Devices Vulnerable to the Libssh Security Flaw
Computers all over the world rely on a program called "libssh" to use the SSH communications protocol, which allows trusted users to log in and administer computers remotely. Due to a flaw in libssh, fooling a computer into granting SSH access is as easy as telling it you already have permission. The vulnerability can lead to an attacker gaining complete control over a device.
Exploit Development: How to Learn Binary Exploitation with Protostar
Being able to write your own hacking tools is what separates the script kiddies from the legendary hackers. While this can take many forms, one of the most coveted skills in hacking is the ability to dig through the binary files of a program and identify vulnerabilities at the lowest level. This is referred to as binary exploitation, and today we're going to check out a tool known as Protostar.
Exploit Development: How to Manipulate Code Execution with the Instruction Pointer
The one thing that separates a script kiddy from a legitimate hacker or security professional is the ability to program. Script kiddies use other people's tools, while hackers and security pros write their own tools. To that end, we're going to see how a stack overflow vulnerability allows us to flood a variable with enough input to overwrite the instruction pointer with our own commands.
Advanced Exploitation: How to Find & Write a Buffer Overflow Exploit for a Network Service
While our time with the Protostar VM from Exploit Exercises was lovely, we must move on to bigger things and harder challenges. Exploit Exercises' Fusion VM offers some more challenging binary exploitation levels for us to tackle. The biggest change is that these levels are all network services, which means we'll write our first remote exploits.
Exploit Development: How to Defeat a Non-Executable Stack with ret2libc
After a long hiatus, we shall once again emerge from the shadowy depths of the internet to build an exploit. This time, we'll be looking at how to defeat a non-executable stack by using the ret2libc technique — a lean, mean, and brilliant way of exploiting a stack overflow vulnerability.
Forbes Exploited: XSS Vulnerabilities Allow Phishers to Hijack Sessions & Steal Logins
Here's another delicious Byte. Ucha Gobejishvili, a Georgian Security Researcher under the handle of longrifle0x, discovered two cross site scripting (XSS) vulnerabilities on the official website of Forbes. He discovered the hole in two different locations on the site, and has already informed the website of the vulnerability.
News: 9 Easy Exploits to Raise Combat Skills in Skyrim
Skyrim is an enormous RPG recently released by Bethesda. After many long years of waiting (I had 1000's of hours clocked into its predecessor, Oblivion, way back in 8th grade) the game is finally out and it surpasses everyone's expectations—save for removing custom spell crafting... Why, Bethesda?
How To: Hack a remote Internet browser with XSS Shell
XSS Shell is a cross-site scripting backdoor into the victim's browser which enables an attacker to issue commands and receive responses. During a normal XSS attack an attacker only has one chance to control a victim's browser; however, the XSS Shell keeps the connection between the attacker and the victim open to allow the attacker to continuously manipulate the victim's browser. XSS Shell works by setting up an XSS Channel, an AJAX application embedded into the victim's browser, that can ob...
How To: Cheat in Bejeweled Blitz legally
This shows me getting the highest possible medal on Bejeweled Blitz on Facebook applications by exploiting the timing window when the clock runs out (250k medal). To keep getting combos when the timer runs out, you need to select the next gem you want to swap before all the other gems are done falling. Once you have the desired gems selected repeatedly click the square that you want to swap. If you did it right, as soon as the gems on the screen all stop falling, your combo will go off and th...
How To: Hack a DNS (Domain Name System) from start to finish
If you're looking to get into the nitty gritty of DNS (Domain Name System) hacking, you MUST check this video out. In this in-depth tutorial, you'll get to adventure into the wonderful world of DNS. Explore the vast and intricate details of our beloved Domain Name System while exploiting mis-configured routers, brute forcing, and even look up Wikipedia entries from TXT records.
How To: Use the planetary interaction function in EVE Online
Planetary Interaction is a feature of the EVE Online expansion, Tyrannis. This video guide shows you how to use this new function. Choose your own planet, buy the command center and start exploiting its resources for your own gain!
How To: Set Up a Pentesting Lab Using XAMPP to Practice Hacking Common Web Applications
Hello friends! This tutorial will teach you how to build a local pentesting lab on your Linux machine which will enable you to easily install common web applications so you can practice locating and exploiting their known vulnerabilities (or discover new ones!). In particular, this is an excellent way to learn how to hack Wordpress, Joomla, and Dupral plus many more!
Hack Like an Elite: Batch Scripting for Malicious Purposes: PART 3 (The Main One)
At last, what you all finally waited for! Hi! Fire Crackers,
Hack Like a Pro: How to Take Control of Windows Server 2003 Remotely by Launching a Reverse Shell
When I left off on our last hack, we had hacked into the ubiquitous Windows Server 2003 server by adding ourselves as a user to that system so that we can return undetected at any time. The problem with this approach is that a sysadmin who is on their toes will note that a new user has been added and will begin to take preventative action.
Hack Like a Pro: How to Spoof DNS on a LAN to Redirect Traffic to Your Fake Website
Welcome back, my novice hackers! There are SOOOO many ways to hack a system or network, which means you need to think creatively in order to be successful.
Locking Down Linux: Harden Sudo Passwords to Defend Against Hashcat Attacks
Hacker's are always looking for new ways to exploit systems and exfiltrate passwords, even in hashed form. Sophisticated brute-force attacks powered by high-end GPUs can perform millions of password attempts per second. But Ubuntu and Debian users aren't completely helpless. There are ways to harden the hashed password to better defend against Hashcat attacks.
How To: Hack Your Neighbor with a Post-It Note, Part 1 (Performing Recon)
Using just a small sticky note, we can trigger a chain of events that ultimately results in complete access to someone's entire digital and personal life.
How To: Seize Control of a Router with RouterSploit
A router is the core of anyone's internet experience, but most people don't spend much time setting up this critical piece of hardware. Old firmware, default passwords, and other configuration issues continue to haunt many organizations. Exploiting the poor, neglected computer inside these routers has become so popular and easy that automated tools have been created to make the process a breeze.
News: Samsung Keyboard Vulnerability Exposes 600M Mobile Devices!
Last week, NowSecure security researchers revealed that nearly 600m Samsung mobile devices are vulnerable to a type of MitM attack.
News: Investors Bet $8M on Former Google & Facebook Engineers' Platform-Bridging AR Development Tool
Augmented reality software maker 8th Wall has closed a Series A funding round of $8 million in capital to feed the growth of its development platform.
How To: Hide the Status Bar on Your iPhone with This Cool & Simple Glitch
Apple's iOS might be user-friendly, but it's a bit restrictive when it comes to personalization, so you can really only change the look of the home screen by either jailbreaking or exploiting glitches. While there isn't a jailbreak for the current version of iOS, there is a glitch which helps a little bit.
Next Page
Prev Page