Hot Posts

How To: See Passwords for Wi-Fi Networks You've Connected Your Android Device To

You've probably connected your Android device to dozens of Wi-Fi networks since you've had it, and your phone or tablet remembers each of them. Whether it's a hotspot at home, school, work, the gym, a coffee shop, a relative's apartment — or even from a friend's phone — each time you type in a Wi-Fi password, your Android device saves it for safekeeping and easy access later.

How To: Brute-Force Nearly Any Website Login with Hatch

The tactic of brute-forcing a login, i.e., trying many passwords very quickly until the correct one is discovered, can be easy for services like SSH or Telnet. For something like a website login page, we must identify different elements of the page first. Thanks to a Python tool for brute-forcing websites called Hatch, this process has been simplified to the point that even a beginner can try it.

How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings

One of the best ways to dig into a website and look for vulnerabilities is by using a proxy. By routing traffic through a proxy like Burp Suite, you can discover hidden flaws quickly, but sometimes it's a pain to turn it on and off manually. Luckily, there is a browser add-on called FoxyProxy that automates this process with a single click of a button.

Warning: Sensitive Info You Black Out in Images Can Be Revealed with a Few Quick Edits on Your iPhone

These days, most images we post online or share with others come from our smartphones. Whenever personal data is in them, such as debit card numbers, addresses, phone numbers, passwords, and other sensitive information, it's easy to jump into your iPhone's markup tools to black out the text before sharing. But a digital marker may not hide everything.

Hack Like a Pro: How to Crack Online Web Form Passwords with THC-Hydra & Burp Suite

Welcome back, my hacker novitiates! In an earlier tutorial, I had introduced you to two essential tools for cracking online passwords—Tamper Data and THC-Hydra. In that guide, I promised to follow up with another tutorial on how to use THC-Hydra against web forms, so here we go. Although you can use Tamper Data for this purpose, I want to introduce you to another tool that is built into Kali, Burp Suite.

How To: Add Unsupported Cards and Passes to Apple Wallet for Quick, Easy Access on Your iPhone

Apple's Wallet app lets you store boarding passes, concert tickets, gym memberships, vaccination cards, movie stubs, rewards cards, insurance info, student IDs, and more in one place on your iPhone, and you just double-click the Home or Side button to access them. Unfortunately, a decent amount of cards and passes are not officially supported — but that doesn't mean you can't add them.

How To: Crack Shadow Hashes After Getting Root on a Linux System

After gaining access to a root account, the next order of business is using that power to do something more significant. If the user passwords on the system can be obtained and cracked, an attacker can use them to pivot to other machines if the login is the same across systems. There are two tried-and-true password cracking tools that can accomplish this: John the Ripper and Hashcat.

How To: The Trick That Lets You Link to Specific Start Times in YouTube Videos Right from Your Phone

The desktop version of YouTube, meaning the one you access on your computer, lets you add a timestamp to any video you're watching in just a few clicks. When you share the link or need to reference it later yourself, the timestamp makes the video start at the point specified, not the beginning. Unfortunately, tacking on timestamps from YouTube's mobile app is impossible — but there are workarounds.

How To: Exploit EternalBlue on Windows Server with Metasploit

Particular vulnerabilities and exploits come along and make headlines with their catchy names and impressive potential for damage. EternalBlue is one of those exploits. Originally tied to the NSA, this zero-day exploited a flaw in the SMB protocol, affecting many Windows machines and wreaking havoc everywhere. Here, we will use EternalBlue to exploit SMB via Metasploit.

How To: Write an XSS Cookie Stealer in JavaScript to Steal Passwords

JavaScript is one of the most common languages used on the web. It can automate and animate website components, manage website content, and carry out many other useful functions from within a webpage. The scripting language also has many functions which can be used for malicious purposes, including stealing a user's cookies containing passwords and other information.

How To: Crack SSH Private Key Passwords with John the Ripper

Secure Shell is one of the most common network protocols, typically used to manage remote machines through an encrypted connection. However, SSH is prone to password brute-forcing. Key-based authentication is much more secure, and private keys can even be encrypted for additional security. But even that isn't bulletproof since SSH private key passwords can be cracked using John the Ripper.

How To: Brute-Force FTP Credentials & Get Server Access

Hackers often find fascinating files in the most ordinary of places, one of those being FTP servers. Sometimes, luck will prevail, and anonymous logins will be enabled, meaning anyone can just log in. But more often than not, a valid username and password will be required. But there are several methods to brute-force FTP credentials and gain server access.

How To: Open a New Private Tab in iOS 15's Updated Safari Design

When you open Safari for the first time after updating to iOS 15, you'll instantly notice its search bar is now at the bottom, and its Page Settings menu has moved with it. For tabs, moving between them is as easy as swiping on the Tab Bar or selecting one from the new grid view, but you may get confused whenever it's time to open a private window.

How To: Use This Trick to Quickly Select All Photos & Videos on Your iPhone to Bulk Delete or Share

With high-resolution photos and 4K videos being standard these days, it's no surprise that media hogs most of the storage space for many iPhone users. If that's you, there's always iCloud, but you only get 5 GB free, and a paid 50 GB or 200 GB plan can fill up fast. To save money and reclaim storage, you can just delete content from the Photos app, and there's a trick to doing it faster.

How To: Make Siri Say Whatever You Want Every Time You Connect Your iPhone to a Charger

Whenever your iPhone's on Ring mode, you'll hear Apple's iconic "Connect Power" chime every time you connect it to a wired or wireless power source, which lets you know that charging has started. There's no way to disable the sound without turning on Silent mode, but there is a way to make Siri automatically say whatever you want after a successful connection.

How To: Can't Find an App on Your iPhone's Home Screen? Its Icon Is Likely Hiding from You

You know that you have the Gmail app on your iPhone. After all, you get Gmail notifications, you see it in the app switcher, it's in the Settings app, and there's an "Open" button in the App Store instead of "Get" or a download icon. But you cannot find the app on your Home Screen. If this situation sounds like something you're dealing with on iOS 14 or iOS 15, there's an easy answer.

How to Hack Wi-Fi: Cracking WPA2 Passwords Using the New PMKID Hashcat Attack

Cracking the password for WPA2 networks has been roughly the same for many years, but a newer attack requires less interaction and info than previous techniques and has the added advantage of being able to target access points with no one connected. The latest attack against the PMKID uses Hashcat to crack WPA passwords and allows hackers to find networks with weak passwords more easily.

How To: Hunt Down Social Media Accounts by Usernames with Sherlock

When researching a person using open source intelligence, the goal is to find clues that tie information about a target into a bigger picture. Screen names are perfect for this because they are unique and link data together, as people often reuse them in accounts across the internet. With Sherlock, we can instantly hunt down social media accounts created with a unique screen name on many online platforms simultaneously.

How To: Get Root with Metasploit's Local Exploit Suggester

So you've managed to get a shell on the target, but you only have measly low-level privileges. Now what? Privilege escalation is a vast field and can be one of the most rewarding yet frustrating phases of an attack. We could go the manual route, but like always, Metasploit makes it easy to perform local privilege escalation and get root with its exploit suggester module.

How To: Crack WPA/WPA2 with Wifite

Hi there again, aspiring hackers (and veterans as well)! I'm going to explain how to perform a dictionary attack on a WPA/WPA2 protected network with Wifite. Please note that this doesn't work with WPA Enterprise For that end, you'd have to use an Evil Twin to get the "Enterprise" auth attempt, and then crack it.

How To: Use x-ray techniques in Photoshop to show naked skin through clothing (NSFW)

Do those new naked body scanners have you freaked out at the airports? As far as the TSA is concerned, those x-ray machines are here to stay, but you might as well take comfort in knowing that airport security guards aren't the only ones looking at your private parts. Practically anyone with a computer can manage to see through your clothes, and it's all thanks to a little program called Photoshop. Thanks, Adobe.

How To: Unlock Android 12's Developer Options on Your Pixel for Powerful Hidden Tools Anyone Can Use

When you start up your new Google Pixel 6 or 6 Pro, one of the first things you should do is unlock the hidden "Developer options" menu. Don't let the word "developer" scare you because there are little-known features in this secret Android 12 menu that every Android user can enjoy.

Prev Page