Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Reference Manual


ghost's Avatar
0 0

I recently made a Reference manual and thought it would be a good idea to share it with others.Here it is:

SQL: Basic Injections(for passwords or usernames): markup' OR 1=1-- (Note: – is used to delete all commands after it) markup' OR 'a'='a Direct query in URL: ?SQL Query


Javascript: Format: Javascript:Injection (in the location(URL) Bar) always use alert to confirm sucessful execution form changer:markup"document.forms[0].elements[0].options[0].value" cookie changer:markup"alert(document.cookie='name=value')" NOTE: Variables declared in scripts but not inside functions have GLOBAL SCOPE and can be modified by an injection


HTML Comment: markup<!--This is a comment-->(Comments are used to hide several important points and to place reminders by Admins)


SSI(Server Side Include): format:<!–#command–> Execute CMD or CGI:markup &lt;!--#exec cmd=&quot;command&quot;--&gt; &lt;!--#exec cgi=&quot;command&quot;--&gt;


Common UNIX Commands: CD - change directory ls - List files in directory(ls .. lists files in directory above current one) CAT - View a file rm - Delete a file


RFI(Remote File Include): URL Format: Original: markupwww.example.com/wazzup.php/page=something.php Changed:


OLLYDBG(OLLY Debugger): Steps: 1.)Right click:Search For:All Referenced strings 2.)Search for and find the good boy or bad boy string 3.)Right click on string location and click follow to disassembler 4.)Search the code above the string call to search for the conditional operation and change it acc. to your needs 5.)Run It and check if goal has been accomplished.If it is…Congrats else,Return to step 1

Note: Good boy string is something that congratulates you when you get the correct password (example:"Press OK to View password") Bad boy String is the opposite of Good Boy string (example:"Wrong Password,Only 3 turns left")


Websites: Search Engines: www.google.com (A Beginner's best friend) www.clutsy.com (Nice and orderly result display format) www.altavista.com (Nice,But not as good as google) Note:Using Certain techniques like the rbts.txt file,Crawlers can be prevented from indexing certain private web pages

Information: 1.)Search Engines 2.)www.wikipedia.com(Nice intros and links to some useful sites) 3.)Forums and Articles on HBH ———————————————––It Never Ends——————————————————————— (please PM me if you have any doubts,I will try my best to help you) If you can,Please comment or rate this article


ghost's Avatar
0 0

Cool :) Good to see people sharing.


spyware's Avatar
Banned
0 0

Lol.


ghost's Avatar
0 0

Ummm. Thanks?


ghost's Avatar
0 0

I lol'd.


ghost's Avatar
0 0

moshbat wrote: Nowadays, "lol" means fuck all, really. It's simply a three character word to fill what would otherwise (yeah fucking right) be constructive text. Lol, to my understanding, means laugh[ed] out loud. How many times do you say "lol" after you've actually laughed out loud? Furthermore, it's often used when one is uninterested in what another is saying, and uses lol to avoid reading/answering. I myself am guilty of this when I am busy, but too polite to say I am busy. It also used as a subliminal way of saying "Shut the fuck up" Bearing the above line in mind: lol.

LOL


spyware's Avatar
Banned
0 0

whitecell wrote: LOL

Don't talk to moshbat like that, prick.


ghost's Avatar
0 0

spyware wrote: [quote]whitecell wrote: LOL

Don't talk to moshbat like that, prick.[/quote]

LOL