Web applications are becoming more and more popular, replacing traditional desktop programs at an accelerated rate. With all these new apps out on the web comes various security implications associated with being connected to the internet where anyone can poke and prod at them ...more
Welcome back, my hacker novitiates! In an earlier tutorial, I had introduced you to two essential tools for cracking online passwords—Tamper Data and THC-Hydra. In that guide, I promised to follow up with another tutorial on how to use THC-Hydra against web forms, so here we ...more
When attempting to gain access to a server, there may come a point when you need to get around file upload restrictions to upload something. If we can find a way to get around the restrictions, then we can upload anything we want to the server, effectively compromising it. Tha ...more
Users are often the weakest link when probing for vulnerabilities, and it's no surprise they can be easily fooled. One way to do this is called clickjacking. This type of attack tricks the victim into clicking something they didn't mean to click, something under the attacker's ...more
Cross-site scripting is one of the most common vulnerabilities found on the web today, with repercussions of this type of flaw ranging from harmless defacement to sensitive data exposure. Probing for XSS can be tedious and time-consuming for an attacker, but luckily there are ...more
Single sign-on (SSO) lets users login across different sites without having to manage multiple accounts. I'm sure most of us appreciate the convenience of seeing "Sign in with …" buttons that let us login with a single username. Hackers, however, see a possible avenue for expl ...more
Welcome back, my tenderfoot hackers! In this series, we are exploring the myriad of ways to hack web applications. As you know, web applications are those apps that run the websites of everything from your next door neighbor, to the all-powerful financial institutions that ru ...more
Directory traversal, or path traversal, is an HTTP attack which allows attackers to access restricted directories by using the ../ characters to backtrack into files or directories outside the root folder. If a web app is vulnerable to this, an attacker can potentially access ...more
Welcome back, my novice hackers! In this third installment of my Hacking Web Apps series, we will look at the authentication of web applications. Remember, there are many ways to hack web applications (as I pointed out in my first article), and cracking authentication is just ...more
One of the best ways to dig into a website and look for vulnerabilities is by using a proxy. By routing traffic through a proxy like Burp Suite, you can discover hidden flaws quickly, but sometimes it's a pain to turn it on and off manually. Luckily, there is a browser add-on ...more
It only takes a few commands to manipulate a MacBook's secure HTTPS traffic and pluck login passwords out of the encrypted data. Let's take Facebook and Gmail hacking to the next level by intercepting Safari and Google Chrome web traffic in real time. Both Facebook and Gmail ...more
Welcome back, my budding hackers! With this article, I am initiating a new series that so many of you have been asking for: Hacking Web Applications. In previous tutorials, we have touched on some of the techniques and tools for web app hacking. We looked at web app vulnerab ...more
As Android bug bounty hunters and penetration testers, we need a properly configured environment to work in when testing exploits and looking for vulnerabilities. This could mean a virtual Android operating system or a dedicated network for capturing requests and performing ma ...more
Dirty, malformed, and outright mischievous text strings have long been the enemy of interactive website developers. Strings contain any combination of letters, numbers, spaces, and punctuation, and are entered into text boxes on websites by users. These strings in particular c ...more
Correctly identifying the underlying technologies that run on a website gives pentesters a considerable advantage when preparing an attack. Whether you're testing out the defenses of a large corporation or playing the latest CTF, figuring out what technologies a site uses is a ...more
Welcome back, my tenderfoot hackers! Now that we have begun this trip down web app hacking lane, we need to first address target reconnaissance. Like any hack, reconnaissance is critical. (Are you tired of me saying that yet?) There is no better telltale sign of a script-kid ...more
Welcome back, my tenderfoot hackers! Not too long ago, I showed how to find various online devices using Shodan. As you remember, Shodan is a different type of search engine. Instead of indexing the content of websites, it pulls the banner of web servers on all types of onlin ...more
One of the most common web application vulnerabilities is LFI, which allows unauthorized access to sensitive files on the server. Such a common weakness is often safeguarded against, and low-hanging fruit can be defended quite easily. But there are always creative ways to get ...more
With the number of web applications out there today, it comes as no surprise that there are just as many vulnerabilities waiting for hackers to discover. Finding those vulnerabilities can be a difficult task, but there are plenty of tools available to make the process easier. ...more
The key to becoming a competent white hat is knowing how the technology that you are trying to exploit actually works. SQL injection is one of the most common methods of attack used today and also one of the easiest to learn. In order to understand how this attack works, you n ...more
Using a keylogger to intercept keys pressed on an infected computer can circumvent encryption used by email and secure chat clients. The collected data can often reveal usernames, passwords, and potentially compromising and private information which hackers abuse for financial ...more
Compromised uTorrent clients can be abused to download a malicious torrent file. The malicious file is designed to embed a persistent backdoor and execute when Windows 10 reboots, granting the attacker remote access to the operating system at will. Torrent clients like uTorre ...more
Kali Linux, by default, probably doesn't have everything you need to get you through day-to-day penetration testing with ease. With a few tips, tricks, and applications, we can quickly get started using Kali like a professional white hat. Most Linux distributions are highly c ...more
Many of our members here at Null Byte are aspiring hackers looking to gain skills and credentials to enter the most-valued profession of the 21st century. Hackers are being hired by IT security firms, antivirus developers, national military and espionage organizations, private ...more
Welcome back, my greenhorn hackers, and happy New Year! Now that your heads have recovered from your New Year's Eve regaling, I'd like to grab your attention for just a moment to preview 2015 here at Null Byte. I hope you will add your comments as to what you would like to se ...more
Router gateways are responsible for protecting every aspect of a network's configuration. With unfettered access to these privileged configurations, an attacker on a compromised Wi-Fi network can perform a wide variety of advanced attacks. Brute-Forcing Router Logins with Pat ...more
Kali Linux is probably the most well-known hacking distribution among penetration testers. However, there are alternative distros which offer versatility and advanced package management systems that are absolutely worth considering. One such distribution is Pentoo, a Gentoo-b ...more
Withstanding an attack from a motivated hacker is one of the most important responsibilities a system administrator must undertake. This is especially true for websites that may contain sensitive customer information and a high volume of users. So it's important for a sysadmin ...more
To name just a few companies, VK, µTorrent, and ClixSense all suffered significant data breaches at some point in the past. The leaked password databases from those and other online sites can be used to understand better how human-passwords are created and increase a hacker's ...more
How To:
Use Genmoji to Create Custom Emoji That Work Just Like Regular Emoji in Messages, Notes, and More
How To:
Make Typing Text Easier to Read on iPhone, iPad, or Mac with Apple's Hover Typing Tool
How To:
Change the Default Web Browser App on Your iPhone to Open Links in Chrome, Firefox, Safari, and More
How To:
Use Apple Intelligence's Image Playground to Craft Custom Drawings and Animations for Almost Anything You Can Think Of
How To:
Follow the 2024 Election Results in Real Time with Apple News' Live Activity for iPhone, iPad, and Apple Watch
How To:
Experience Music on Your iPhone Like Never Before with Music Haptics, Which Lets You Feel Every Beat
How To:
Generate Text, Images, and Insights with Apple Intelligence's Built-in ChatGPT Integration
How To:
Remove Unwanted Objects, People, and Distractions in Photos on Your iPhone, iPad, or Mac
How To:
Quickly Pixelate Faces in Photos on Your iPhone, iPad, or Mac to Blur Out People's Identities
How To:
New Menu Lets You Set Default Apps on Your iPhone or iPad for Calling, Messaging, Emailing, Web Browsing, and More
How To:
30 Must-Know New Features in iOS 18.1 and iPadOS 18.1 That'll Make You Want to Update
How To:
Easily Record Phone Calls on Your iPhone and Get Auto-Generated Transcripts and Summaries
How To:
Download and Install iOS 18.2 Beta or iPadOS 18.2 Beta to Try New iPhone or iPad Features First
How To:
Apple Music's 17 Hidden Features and Changes You Might've Missed on iOS 18 and iPadOS 18
How To:
Create and Manage Reminders Without Ever Leaving the Calendar App on Your iPhone, iPad, or Mac
How To:
Apple's Latest Podcasts App Update Brings 7 Must-Try Features in iOS 18, iPadOS 18, and macOS 15
How To:
Apple's Big TV App Update Gives You 10 New Features and Changes to Enhance Your Viewing Experience
How To:
Link to Specific Start Times in Apple Podcasts Episodes from iPhone, iPad, Mac, or the Web Player
How To:
Everything You Can Do with the Camera Control Button on Your iPhone 16 or 16 Pro
How To:
Always-Updated List of Apps That Support the Camera Control Button on iPhone 16 Series Models
How To:
Use Genmoji to Create Custom Emoji That Work Just Like Regular Emoji in Messages, Notes, and More
How To:
Use FaceTime's Secret Hand Gestures and Reaction Buttons to Add Animated On-Screen Effects to Your Video Feed
How To:
Use Apple Intelligence's Image Playground to Craft Custom Drawings and Animations for Almost Anything You Can Think Of
How To:
See Passwords for Wi-Fi Networks You've Connected Your Android Device To
Making Electromagnetic Weapons:
EMP Generator, Part One
How To:
16 Harry Potter Spells for Siri That Turn Your iPhone into a Magical Elder Wand
How To:
Change the Default Web Browser App on Your iPhone to Open Links in Chrome, Firefox, Safari, and More
How To:
Remove Unwanted Objects, People, and Distractions in Photos on Your iPhone, iPad, or Mac
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Create an Admin User Account Using CMD Prompt (Windows)
How To:
Clone Any Android App on Your Samsung Galaxy Phone Without Using Any Third-Party Tools
Warning:
Sensitive Info You Black Out in Images Can Be Revealed with a Few Quick Edits on Your iPhone
Modular Origami:
How to Make a Cube, Octahedron & Icosahedron from Sonobe Units
How To:
Test Your Samsung Phone by Using Secret Code *#0*#
How To:
Revive a Stale Baguette Using the Miraculous Water Trick
How To:
Generate random numbers (with decimals) in Excel
How To:
Disable the iMessage Typing Bubble Indicator So Others Don't Know You're Currently Active in the Chat
The Ultimate Onion Cheat Sheet:
Which Onion Goes Best with What?
How To:
CC in a Physical Business Letter
How To:
30 Must-Know New Features in iOS 18.1 and iPadOS 18.1 That'll Make You Want to Update
How To:
Generate Text, Images, and Insights with Apple Intelligence's Built-in ChatGPT Integration
How To:
Clear Your Frequently Used and Recent Emoji from Your iPhone's Keyboard
How To:
19 Harry Potter Spells Your Android Phone Can Cast Using Google Assistant
How To:
Download and Install iOS 18.2 Beta or iPadOS 18.2 Beta to Try New iPhone or iPad Features First
How To:
Keep Your Night Vision Sharp with the iPhone's Hidden Red Screen
How To:
Use Odin to Flash Samsung Galaxy Stock Firmware
How To:
11 Ways Apple's Reminders App Is Even Better with iOS 18, iPadOS 18, and macOS 15
How To:
Make the USB Connection on Your Android Phone Default to File Transfer Mode
How To:
19 New Messages Features in iOS 18, iPadOS 18, and macOS 15 You Didn't Know You Needed
How To:
All the Must-Try New Features That Make Apple's iPhone Calculator a Force to Be Reckoned With
How To:
Make This Amazing 9-Layer Density Tower from Things Found in Your Kitchen
How To:
Turn Your Gag Reflex Off with Pressure Points
How To:
Apple Music's 17 Hidden Features and Changes You Might've Missed on iOS 18 and iPadOS 18
How to Fix Car Dents:
8 Easy Ways to Remove Dents Yourself Without Ruining the Paint
Money Origami, Flower Edition:
10 Different Ways to Fold a Dollar Bill into a Blossoming Bloom
How To:
The Notes Widget Sucks — So Here Are 4 Better Ones for More Useful Sticky Notes on Your Home Screen
How To:
Make Delicious 3-Minute Meringues in Your Microwave
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
How To:
Extract DNA from a Strawberry with Basic Kitchen Items
How To:
High Heart Rate Warning on Your Apple Watch? Here's What That Means
