hacking

What is the difference between DoS and Brute Force attacks?

Hello guys, I was reading about DoS attacks on Apache servers but the "Brute Force" word pops up sometimes I know DoS attacks but "Brute Force" seems to be similar, is there a difference or it is just another word of DoS ?? ...

Is there an HTTP proxy tool that can substitute browsed content?

What I'm looking for is some sort of a proxy tool that will allow me to specify a local file to load instead of one specified in the web page that is being browsed. I have tried Burp Suite which is almost working - it allows us to intercept a file and replace it by pasting the contents of the file we are swapping in into an input field. ...

Can a unathorized user capture a ssl packet, resend it and login?

Here's the scenario: We have users login on a secure connection. Could an unathorized user capture packets sent from the users machine to the server and then resend them? Would this allow them to login? This is a homegrown login system running on coldfusion. ...

Website got Hacked? Site got redirected

my friend's website got hacked somehow. The index.php page got inserted an extra line of javascript, which redirect the page to another website. The index.php is just a text file not managed by any CMS. he has changed all ftp/ssh user password. Somehow this is still happening. Any hint on what might be the cause? ...

How would I go about implementing this algorithm?

Friday afternoon seems like a good time to ask this question... A while back I was trying to brute force a remote control which sent a 12 bit binary 'key'. The device I made worked, but was very slow as it was trying every combination at about 50 bits per second (4096 codes = 49152 bits = ~16 minutes) I opened the receiver and found i...

java: retrieve bytecode from in-memory to prevent hacking

How can i retrieve the bytecode and make a hash to see if someone has manipulated with my bytecode in-memory or on file? EDIT: Does signing the binaries protect the code from being modified and executed? As much as I want to protect my users from making sure they are running my software. I would also like to protect the program (server)...

Hacking your own application

I am a web developer that is very conscious of security and try and make my web applications as secure as possible. How ever I have started writing my own windows applications in C# and when it comes testing the security of my C# application, I am really only a novice. Just wondering if anyone has any good tutorials/readme's on how to ...

Handle URI hacking gracefully in ASP.NET

I've written an application that handles most exceptions gracefully, with the page's design intact and a pretty error message. My application catches them all in the Page_Error event and there adds the exception to HttpContext.Curent.Context.Items and then does a Server.Transfer to an Error.aspx page. I find this to be the only viable so...

Memory modifying in C++

im trying to learn to modify games in C++ not the game just the memory its using to get ammo whatnot so can someone point me to books ...

Can the "x-requested-with" http header be spoofed?

My research shows that only the Host, Referer, and User-Agent headers can be spoofed. (source http://download2.rapid7.com/r7-0026/ ) Is this a correct assumption to make? The security of a site I am building may require that "x-requested-with" cannot be faked. This is far from ideal but may be the only avenue I have. ...

SMTP header injection in ASP.NET?

My ASP.NET website has a global error handler that sends an email to me (and another developer) when there is any kind of error in the web app. We recently received an error which contained a CC to an email address that we'd never heard of. The scary thing is that the list of developers that the error email is sent to is hard coded in ...

Hacking and exploiting - How do you deal with any security holes you find?

Today online security is a very important factor. Many businesses are completely based online, and there is tons of sensitive data available to check out only by using your web browser. Seeking knowledge to secure my own applications Ive found that Im often testing others applications for exploits and security holes, maybe just for cur...

Hacking/cracking deontology

Let's say you recently discovered some major vulnerabilities in a couple of web sites that activate mainly in your country and are very powerful in their market. The vulnerabilities I'm talking about are as worse as letting me browse the admin interface with superadmin privileges. What would you do now? I'm thinking of something like: ...

Preventing Url manipulation attacks with MVC?

Any good strategies, code snippets etc for preventing URL manipulation? For example I have this url; http://localhost/profile/edit/5 the id could easily be changed to anything and thus people could edit profiles they are not supposed too. Here are a few ideas I thought of but they all have there drawbacks: Change my system to use GUI...

Does hacking make you a better programmer?

You've heard about all the hackers who got caught and then received a killer job offering. But then again, you've probably heard about IT workers who sabotaged their systems after being fired. Some people also argue that hacking is much easier than securing a system. The question is, would you hire a hacker? And does hacking make a bet...

Good resources on security, hacking etc?

Hi there, I am interested in learning about how hackers find and exploit vulnerabilities. Specifically about windows hacking and web hacking i.e. I’m NOT interested in linux/unix stuff. Are there any good websites with technical articles about specifically how to find, exploit and block vulnerabilities with code samples and tools used...

Black hat knowledge for white hat programmers

There's always skepticism from non-programmers when honest developers learn the techniques of black hat hackers. Obviously though, we need to learn many of their tricks so we can keep our own security up to par. To what extent do you think an honest programmer needs to know the methods of malicious programmers? ...

Keeping address in C++ hacking game code?

I have this code that edits addresses in a game to get unlimited ammo and what not, and I found out that the addresses are different for every computer, sometimes every time you restart the game, so how would I manage making this work still even though they change. ...

Uploading photos - How can I keep our website safe/stable

My website would like users to upload their photos...but how do I keep our server safe from harm? Allowing only JPGs should avoid virus trouble, but what if someone selects a 10Gb file - will that slow the whole website down? We're using Classic ASP and IIS6 (sorry, but that's how it is, can't change that!). Previously we have used a DL...

MySQL/PHP connection error, possible user fabrication

I'm in charge of maintaining a learning management system and this is an issue that I've been dealing with on and off over the past few months. A single student (among thousands) is claiming that his essay submissions are being "eaten" by the website. After form submission he says his essay has been replaced by the following text: ...