Welcome back, my tenderfoot hackers! Now that we have begun this trip down web app hacking lane, we need to first address target reconnaissance. Like any hack, reconnaissance is critical. (Are you tired of me saying that yet?) There is no better telltale sign of a script-kid ...more
A lot of time can be wasted performing trivial tasks over and over again, and it's especially true when it comes to hacking and penetration testing. Trying different shells to own a target, and testing out privilege escalation commands afterward, can eat up a lot of time. Fort ...more
Backdooring a powered-off MacBook is easy when a few minutes of physical access is allowed. That attack works well if the hacker also shares a Wi-Fi network with the victim, but this time, I'll show how to remotely establish a connection to the backdoored MacBook as it moves b ...more
With the rise of website encryption (TLS), sniffing passwords from network activity has become difficult. However, it's still possible to quietly exfiltrate a target's network traffic in real time to extract passwords and sensitive information. Pertaining to macOS, there are t ...more
Hak5 isn't your ordinary tech show. It's hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Damn the warranties, it's time to Trust your Technolust. In this episode, see how to analyze p ...more
Complex shell scripts can be implanted into photo metadata and later used to exploit a MacBook. In addition to obfuscating the true nature of an attack, this technique can be used to evade network firewalls as well as vigilant sysadmins. In this attack scenario, a malicious c ...more
Welcome back, my fledgling hackers! Awhile back, I demonstrated one of my favorite little tools, netcat, which enables us to create a connection between any two machines and transfer files or spawn a command shell for "owning" the system. Despite the beauty and elegance of th ...more
Local port forwarding is good when you want to use SSH to pivot into a non-routable network. But if you want to access services on a network when you can't configure port-forwarding on a router and don't have VPN access to the network, remote port forwarding is the way to go. ...more
It only takes a few commands to manipulate a MacBook's secure HTTPS traffic and pluck login passwords out of the encrypted data. Let's take Facebook and Gmail hacking to the next level by intercepting Safari and Google Chrome web traffic in real time. Both Facebook and Gmail ...more
In most macOS hacks, a non-root terminal is used to create a backdoor into the device. A lot of damage can be done as a low-privileged user, but it has its limitations. Think twice before granting a file permission to execute — an attacker might be able to convert your harmles ...more
Welcome back, my aspiring hackers! Those of you who've been reading my tutorials for some time now know that I am adamant regarding the necessity of learning and using Linux to hack. There is no substitute, period. In this tutorial, though, we will be setting up a system to ...more
It's not uncommon for hackers to attempt to move laterally between devices in proximity of a compromised device to maintain a prolonged presence in the network. Malware utilizing USB flash sticks to self-replicate and compromise air-gapped machines isn't a new concept. In bot ...more
Welcome back, my hacker novitiates! Every so often, a MAJOR vulnerability appears that makes millions of systems vulnerable to attack. The most recent, named Shellshock, basically leaves every Mac OS X, Linux, and UNIX system on the planet vulnerable. As nearly two-thirds of ...more
The conversation of which operating system is most secure, macOS vs. Windows, is an ongoing debate. Most will say macOS is more secure, but I'd like to weigh in by showing how to backdoor a MacBook in less than two minutes and maintain a persistent shell using tools already bu ...more
Welcome back, my neophyte hackers! Many newbie hackers seem to be confused regarding the process or methodology to employ a successful hack. Most want to simply go straight to the exploit without doing the due diligence to make certain that the hack will work and you won't ge ...more
This guide is written for anyone who is practicing his penetration skills using the Metasploitable 2. The problem that we are facing here is that we have to penetrate to Metasploitable 2 and when this happens we understand that we are not logged in as root but as a user with l ...more
Locating and abusing files containing unsafe permissions is an easy and surefire way to elevate shell privileges on a backdoored macOS device. This time around, we'll be more aggressive and attempt to phish a user's login password by prompting a convincing popup message merely ...more
If you remember last time, we successfully uploaded picture with a small hidden PHP command executer embedded in it onto a server. Now, our goal is to take this a step further and get an interactive shell. To do this, we need to upload another file that either binds a port for ...more
Welcome back, my tenderfoot hackers! One key area on the minds of all hackers is how to evade security devices such as an intrusion detection system (IDS) or antivirus (AV) software. This is not an issue if you create your own zero-day exploit, or capture someone else's zero- ...more
Welcome back, my hacker novitiates! In the previous two posts in this series, we looked at the basics of buffer overflows. In this post, we will look at one technique for finding buffer overflows. We will try to send random, oversized, and invalid data at a variable to see wh ...more
Using Netcat to backdoor a macOS device has its short-comings. If the compromised Mac goes to sleep, the Netcat background process will occasionally fail to terminate correctly; This leaves Netcat running infinitely in the background and the attacker with no new way into the d ...more
Gmail conversations, Facebook private messages, and personal photos can all be viewed by a hacker who has backdoor access to a target's Mac. By livestreaming the desktop or exfiltrating screenshots, this information can be used for blackmail and targeted social engineering att ...more
Most users don't realize how much valuable data is in their network traffic. With a few simple tools, an attacker can quickly pick out cookies, passwords, and DNS queries from a macOS device as it covertly streams the victim's network traffic to the attacker's system. Here, we ...more
Computers all over the world rely on a program called "libssh" to use the SSH communications protocol, which allows trusted users to log in and administer computers remotely. Due to a flaw in libssh, fooling a computer into granting SSH access is as easy as telling it you alre ...more
What appears to be an ordinary MP4 may have been designed by an attacker to compromise your Linux Mint operating system. Opening the file will indeed play the intended video, but it will also silently create a connection to the attacker's system. Understanding the Attack Whi ...more
Web applications are ubiquitous in the modern online world, and knowing how to attack them is an increasingly valuable skill. But the key to a successful attack is good recon since it's easier to be focused and efficient with the more information you have. There are many finge ...more
As we've seen with other tools and utilities, administrators typically use certain things to do their job more efficiently, and those things are often abused by attackers for exploitation. After all, hacking is just the process of getting a computer to do things in unexpected ...more
Many FarmVille farmers want money fast, or experience fast, or want to level up, or want to speed things up— make and earn things faster. No matter how long they play, they're not getting what they want, and that is to outshine everybody else. But you can't reach the top by si ...more
Learn how to force the Windows 7 taskbar to display a preview for each and every one of your Mozilla Firefox tabs upon mouse-over. This home-computing how-to from the people at Tekzilla will show you a quick and easy about:config Firefox hack that will permit you to do just th ...more
Watch this video and learn to hack a padlock with a soda can. Make a lockpick for a padlock using just a soda can. A few cuts and folds and you'll be a full fledged thief or prankster. You can pull a pratical joke on any of your friends with the soda can hack after watching th ...more
The Nessus vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an ent ...more
Learn how to hack Google with this amazing video. This video will teach you how to hack Google by using advanced search operators and esoteric search terms to find “hidden” files and mp3s quickly and easily; you'll also learn how to use Google to hack unprotected Internet-cont ...more
They are after you from all over the globe. Looking for ways to exploit you. Ways to hurt you. Not political terrorists, but rather "info terrorists." Each month thousands of websites get hacked into and have hidden links inserted into the pages by people wanting their spam si ...more
Household Hacker demonstrates how to hack flash games. To get started, you need: 1. Cheat Engine: http://cheatengine.org/downloads.php 2. Your favorite flash game. We are going to show you how to hack any flash game using Cheat engine. You can hack games like bloons, deskt ...more
XSS Shell is a cross-site scripting backdoor into the victim's browser which enables an attacker to issue commands and receive responses. During a normal XSS attack an attacker only has one chance to control a victim's browser; however, the XSS Shell keeps the connection betwe ...more
Trevor4Ever595 teaches you how to hack mini tower defense using Cheat Engine. Start the game in your internet browser and then pause it. Start Cheat Engine and go to your process list - the little computer icon in the top left corner of the window. Select your browser and then ...more
This is a Piaip's and Cheat Engine hack for RC. Restaurant City is a Facebook game that allows you to create and manage your own virtual restaurant. Watch this video tutorial to learn how to hack Restaurant City: Garbage Guru trophy (11/15/09). This is the Garbage Guru Trophy ...more
Want to generate experience and level up your Pet Society character the easy way? Watch this cheater's guide, which will show you how to hack Pet Society for all the EXP you could ever want. Check out this video tutorial to learn how to hack Pet Society (01/10/10) using the e ...more
The video explains how to hack the game Agony: The portal. First he clicked the start game and created new character by entering the name as test dummy and set the difficulty level as normal. The he clicked the start campaign. While entering the game he skipped the tutorial an ...more
This is a great level hack for Pet Society, using, none other than, Cheat Engine. Try this out for yourself and see your levels rise like tides during a full moon close to an equinox. Check out this video tutorial to learn how to do a level hack in Pet Society (12/09/09). Dow ...more
If you've got an Nintendo DSi, you already know you can do a ton of fun things. But, did you know you can also watch DVDs on your hand held player? That's right, and this video will show you how to do it. In addition, this hack also lets you do it without using Adobe's Showckw ...more
This is a long form tutorial on exactly how to disassemble the disposable camera to make a shocking taser. Make a tazer or taser using simple things at like a disposable camera and some simple hack sense. This prank is great to pull on an unassuming friend. Transform a camera ...more
Interested in some good clean fun? With this hack from Japan, you'll learn to operate a Roomba vacuum cleaner remotely using a Nintendo Wii balance board with a Bluetooth serial adapter. Watch this tutorial and build your own Surfin'ba today!
It's official! You can jailbreak whatever devices you want without fearing reprisal from the federal government! WIN! If you were worried about the legal implications before, worry no longer, and start taking advantage of your devices! This video will show you how to hack an i ...more
This hack with a USB fan uses activated charcoal to clean air of harmful smoke. Now you can have a cigarette while using the computer and not worry about smoking up the room. Make a USB smoke absorber. Click through to watch this video on metacafe.com
Foundstone Hacme Shipping is a web-based shipping application developed by Foundstone to demonstrate common web application hacking techniques such as SQL Injection, Cross Site Scripting and Escalation of Privileges as well as Authentication and Authorization flaws and how the ...more
In this tutorial, learn how to avoid Sprint's expensive 30.00 a month Hot Spot plan and hack your EVO for free tethering. This video will take you step by step through the process of setting up and using tether on your HTC EVO 4G in just a few simple steps.
What if you could have a secret hard drive connected to your computer that only you could activate? You can! Samimy shows you how to hack a remote controlled toy car and make a super secret hard disk drive in your computer, accessed via a secret activation key. This hidden eme ...more
Here's a good way to do the rope coin cheat on Pet Society using Cheat Engine. Cheat Engine never fails to amaze, so download it, use it, and enjoy. Check out this video tutorial to learn how to hack Pet Society: Rope coin cheat (11/30/09). For this rope coin hack, you will n ...more
Balloons Tower of Defense 4, also known as Bloons Tower of Defense, is one of the few web games you can hack without actually having to know anything about hacking. No cheat engines or hacks you have to download - this game has a bucket full of glitches that frequently play to ...more
How to hack Pet Society! Pet Society cheats, tricks, hacks. Watch this video tutorial to learn how to hack poo and coins on Pet Society (09/10/09). See how to get unlimited poo: normal, gold, or rainbow! You can sell them for lots of money! What you need: -Flash Player 9 -Ch ...more
Start with a Sony Handi-Cam (or any other camera that allows you to film using night vision) and then add in a special infrared filter and a little extra hardware. Now you can film completely in infrared and film in X-ray vision!
Apple's iOS 4.2.1 firmware update was released yesterday to all iPads, iPhones and iPod Touches, with enhanced multitasking features. It was the first significant update for the iPad since its introduction. And when there's a new firmware update for iOS, there's always a new ...more
Looking for instructions on how to do USB tethering with a Samsung Vibrant smartphone? You're in luck. This free video tutorial will see that you need everything you need to know. (Note, however, that this hack will require you to download the free Samsung Kies application.) F ...more
You can hack you XBox 360 as perfectly as you please, but if you don't burn the games that you want to play on it properly than it will all be for naught. This video will teach you an important part of the process, using AGBX360 and S360X to stealth patch your .iso game files ...more
Having trouble with The Heist 2? Well in this quick and easy tutorial by Trevor4Ever595 you can kiss your troubles goodbye. In this video Trevor4Ever595 shows you how to hack the credit amount so credit is no longer in your way to buying all the upgrades you need to fly throug ...more
Farm Town hacks, cheats, glitches. How to hack Farm Town. Watch this video tutorial to learn how to make an ocean and beach on Farm Town (09/30/09). Use the Farm Town glitch that lets you overlap objects using a dirt path to place rivers and dirt paths together to make a beach ...more
Get your dose of the coolest Adobe Lightroom tutorials, tips, time-saving shortcuts, photographic inspiration, and undocumented tricks with Matt Kloskowski from Photoshop User TV. Photoshop Lightroom is the leading photo management software solution. See what leading photograp ...more
There's probably a reason that laser pointers are banned from most schools: They're just to fun to put down! Whether you're using them as a pointer, to distract your classmates, or to very wickedly point them in people's eyes, they are toys that are quite addicting. Make your ...more
So, a lot of people seem to be having trouble rooting their Motorola Droid X smartphone from Verizon Wireless using ADB (Android Debug Bridge). Well, there is an alternative for those having problems with the ADB version. You will need to have a Wi-Fi or Bluetooth widget handy ...more