hacking

Found a critical bug, but the company doesn't care

I know several people who were in a situation like this. Let's say, you were trying out random sites for basic XSS/SQL Injection vulnerabilities, and you've found one that could be easily compromised. You email the admin/webmaster, but they don't reply. What would you do? ...

Tabbed file browsing in Windows

I'm so tired of not having tabbed browsing when navigating through windows explorer. I've tried a few solutions in the past, but what I really want is just an extension/addon/plugin/something that lets me browse my file system with tabs. Does anyone have any good solutions that they have found to do this? Alternatively, I'm willing to ...

Looking for a specific FireFox extension / program for Form posting

I am looking for either a FireFox extension, or a similar program, that allows you to craft GET and POST requests. The user would put in a form action, and as many form key/value pairs as desired. It would also send any cookie information (or send the current cookies from any domain the user chooses.) The Web Developer add-on is almost w...

well written open source projects (for learning)?

We learn programming by writing programs and learning from other programs. Which open source code repositories/programs you suggest for learning/improving programming? While citing reference please also mention the thing you liked about it. ...

What are good books about security, hacking, and computer forensics?

I know this is a broad area, but... I'm looking at Writing Secure Code, Second Edition, but I was wondering what other good books were out there on the subjects of security, hacking, and computer forensics. A quick search turns up plenty, but I'm not sure where to begin. For the record, I am a software engineering undergraduate student...

How to store passwords in Winforms application?

I have some code like this in a winforms app I was writing to query a user's mail box Storage Quota. DirectoryEntry mbstore = new DirectoryEntry( @"LDAP://" + strhome, m_serviceaccount, [m_pwd], AuthenticationTypes.Secure); No matter what approach I tried (like SecureString), I am easily able to see the pass...

Can I put an ASP.Net session ID in a hidden form field?

I'm using the Yahoo Uploader, part of the Yahoo UI Library, on my ASP.Net website to allow users to upload files. For those unfamiliar, the uploader works by using a Flash applet to give me more control over the FileOpen dialog. I can specify a filter for file types, allow multiple files to be selected, etc. It's great, but it has the f...

How do I prevent replay attacks?

This is related to another question I asked. In summary, I have a special case of a URL where, when a form is POSTed to it, I can't rely on cookies for authentication or to maintain the user's session, but I somehow need to know who they are, and I need to know they're logged in! I think I came up with a solution to my problem, but it n...

What are some interesting, small Linux kernel projects to help learn the source?

What small projects would you suggest to a novice with the kernel, but someone who has plenty of systems and C experience? The aim is to develop a familiarity with the kernel source code, and a facility for experimentation with crazy ideas. I'm trying to think of some manageable small tasks (for example, add a syscall), but what would y...

Reverse engineering war stories

Sometimes you don't have the source code and need to reverse engineer a program or a black box. Any fun war stories? Here's one of mine: Some years ago I needed to rewrite a device driver for which I didn't have source code. The device driver ran on an old CP/M microcomputer and drove a dedicated phototypesetting machine through a se...

Is there a way I can retrieve sa password in sql server 2005

I just forgot the password. Can anyone help me how to get back the password. ...

Is it relatively easy to hack Network Time Protocol(NTP)?

I read somewhere that NTP is based on UDP and there's no security built with NTP communication so it is easy to spoof NTP responses. Is it true? Wouldn't that be a major security issue since most of the servers out there depend on NTP to sync their clock? ...

Advice about forming Hackers Club

I'm thinking of forming a Hackers Club at work. My idea is that we would meet monthly and at each meeting one member would present an interesting hack he had created. (The hacks presented wouldn't necessarily have to be software hacks; they could also be the sort of things you read about in MAKE magazine.) There would also be ANSI sta...

What harm can DBO do to a server?

Aside from executing XP_CmdShell, which I have disabled in my SQL 2005 installation, what could a malicious user who gains DBO rights to my database do: to my database, to my server? I'm assessing the worst-case security risk of someone obtaining DBO to justify running a "least-privileged" user account in an application. Some allege ...

How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?

One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere I am connecting to the database so I dont think it is SQL injection. I have now removed t...

How to increment the TTL value on Windows?

On Linux this is easy to do. Is it possible on Windows? Clarification: I want to increment the TTL for all incoming packets. ...

How to read source code learn how to use large system

Let's say you want to start contributing to an open source project with thousands LOC. I am interesting in ways/suggestions on how you would start learning/hacking the new system. ...

What kind of programming method do you prefer? Success vs. Freedom

Would you prefer to have total complete freedom over all of your development techniques, or would you rather follow a safer more boring approach that has a significantly better chance of working in the end? Hacker vs Engineer? Painter vs Electrician? ...

How to determine an Oracle query without access to source code?

We have a system with an Oracle backend to which we have access (though possibly not administrative access) and a front end to which we do not have the source code. The database is quite large and not easily understood - we have no documentation. I'm also not particularly knowledgable about Oracle in general. One aspect of the front end...

What is the legal definition of "hacking"?

I know a lot of programmers use the word "hacking" to mean clever or skillful programming, but I'm referring to the more common meaning: computer crime. We all know that it's not only unethical and immoral to write code that will break into someone else's computer and use it against their will and interests, but it's also forbidden by l...