What lessons do you want
heres your chance to get some of the skilled hackers to teach you "how to hack", as so many of you ask so frequently. Im aiming to have about 10/20 lessons. Nearly all of them will be basic lessons, and will consist of known exploits.
here are the idea's i have had so far: **Guestbook hacking, via html Nearly Completed XSS attack on a site, via PM or articles etc SQL injections on a forum **
Please add onto these idea's with what you would want to see being done.
Also, if you are interested in making a video / slide show, then please contact me. email your work to [mail]mrcheese.hellbound@gmail.com[/mail]
I was thinking about doing something like H*cking through cmd prompt. I just need to get on my home computer and d/l snagit and i could get started.
Also, did Ghostly put many ways to change a user-agent for firefox AND IE, cuz i could do one if all he used was the ua switcher for Firefox. I can't d/l it because i haven't been on a different computer than school's for a long time.
Wireless hacking using netstumbler to find the networks….
Tried this with the "all amazing" linux CD - The hacking version of Knoppix, awesome, but Knoppix does not recognize my wireless card in my laptop…:(
Perhaps even a tutorial on how to find/install drivers in Linux (for Dummies)… Anyone here good at that?
Well, I'm working on a few network hacking lessons.
Unfortunatly, since I don't have a mic (nor a soundcard :s ) they're not movies. Its a text file with a bunch of screenshots to go with it.
If its okay for me to submit a non-video lesson, I could make it into a slideshow thingy or whatever. But I do think its eaiser to follow the way it is now.
Jegoviciusss wrote: Someone should teach them an xss injection like this: Send a message containing javascript that reads the source on the admins view message page finds all the links, follows the links and reads the source there. (This is quite useful, you can use another javascript after that to post something through the admins account) of course he has to open the message This is going to be off-topic… but, when seeing this post and the thread you currently have going, I've come to the conclusion that you might misunderstand a bit what Javascript is generally used and not used for.
Javascript is a client-side scripting language that runs in the user's browser. It is capable of manipulating elements on the page on which it exists, and it is capable of making asynchronous (i.e., no page refresh) requests to other pages on the same server. Beyond that, w3schools and tizag (as I linked in your thread) are good resources for learning more about Javascript.
For a spidering application, you're probably going to want to go with a different language. I always recommend Python, since it's ridiculously simple to learn. Whichever language you choose, Google "<language> web spider", where <language> is your programming language. There are plenty of examples to get you started.
Oh, I almost forgot… If you're determined to learn Javascript (no matter how wrong it may be for what you're intending), then I highly recommend PMing Mouzi, since he is quite knowledgeable in Javascript.
On-Topic Portion Sadly, the only on-topic contribution I have to this thread is that HBH doesn't need any more lessons. People just need to start learning the things that are already here (when you get back to content from around '06 or '07).
Rooting tutorial. I'm just pulling this out of the sky. If it's hacking through the command prompt (like I think…) I'd love to learn it as I don't know anything about it! A blind SQL injection tutorial. The only one I can find on this site (apart from Mozzer's article which is very good) only deals with some program… I'm with the posts above about XSS. The site can only benefit from having more lessons, especially on the basics. I know that to make lessons that you need people experienced and willing to make a decent effort at making good lessons and that there aren't too many of them around. I've looked at the lessons in the lessons section and I found the first 2 good. If HBH could have more lessons, articles or tutorials of a high calibre the newbies on this site (like me :p) would learn a lot faster and be less likely to resort to skiddie programs.
Also, a lesson on php shells?
NotMyFault wrote: A blind SQL injection tutorial. The only one I can find on this site (apart from Mozzer's article which is very good) only deals with some program…
There are great tuts on this elsewhere online… Maybe you should read some of them, learn the topic well, then write one for here. :)
NotMyFault wrote: Also, a lesson on php shells?
Lesson: Google "php shell" and read the code. It's just file functions and system functions.
define wrote: After seeing this post and the thread you currently have going, I've come to the conclusion that you might misunderstand a bit what Javascript is generally used and not used for.
Jegoviciusss wrote: It is possible to read the source of a webpage with javascript. It is also possible to follow links and then read the source code of the desired pages.
Yes, I know it is possible to read the source of a web page with Javascript and request remote pages with it. I was one of the ones helping with advice for you to do so in another thread, remember? :)
If you need any proof of what I can do with Javascript, just check the Code Bank for the two Greasemonkey scripts that I posted in there. :ninja:
That being said… I did not say that Javascript could not do it. I said that Javascript is generally not used to do it. While there are some that do seem to code mostly (if not entirely) in Javascript, it is ill-suited for or cannot perform a lot of tasks. Running a spidering or bot application in Javascript relies on the memory available to the browser… which can pretty easily be exceeded on large applications. Even the Greasemonkey script referenced above (the most recent one) locks up the browser after a period of time because it leaks memory like crazy. A desktop scripting language is more suited for these tasks as it only has to worry about the memory it consumes, and scripting languages have better garbage collection. Also, scripting languages are capable of file access and other things that Javascript is not capable of.
What can Javascript do better than desktop scripting languages? Web scripting on behalf of a web site. That's what it is there for, and that's what it does best. Greasemonkey scripts are a fine-lined exception that impose functionality that a web site either should have or won't have but someone finds useful.
Jegoviciusss wrote: So lets say admin is logged on and reead your message. Your script finds the page edit_forum.php an reads its source. Then you know how the edit_forum.php works approximately… You write a new javascript that uses edit_forum.php to fill out the form and edit the forum. Send the message containing javascript to the admin, he opens the message and edits the forum… (you can also add a script that deletes yor message from his inbox afterwards)
You can do this same thing with a scripting language using a cURL or similar remote request library (urllib2 for Python, maybe LWP for Perl). Just because your crafted message will contain Javascript in the form of an XSS or otherwise injected code doesn't mean that the whole app need be written in JS. :)