Header Banner
wonderhowto.mark.png
Gadget Hacks Next Reality Food Hacks Null Byte The Secret Yumiverse Invisiverse Macgyverisms Mind Hacks Mad Science Lock Picking Driverless
Heartbleed
RouterSploit framework displayed on a computer screen, showcasing an interface for network exploitation.
HOW TO
06/11/2018 10:32 pm

How to Seize Control of a Router with RouterSploit

A router is the core of anyone's internet experience, but most people don't spend much time setting up this critical piece of hardware. Old firmware, default passwords, and other configuration issues continue to haunt many organizations. Exploiting the poor, neglected computer inside these routers h ...more

Cybersecurity warning with a masked figure indicating high risk on a device.
HOW TO
10/14/2017 11:48 am

How to Detect BlueBorne Vulnerable Devices & What It Means

Armis Labs has revealed eight vulnerabilities, called "BlueBorne", which put 5.3 billion Android, iOS, Windows, and Linux devices that use Bluetooth at risk. With it, hackers can control devices, access data, and spread malware to other vulnerable devices through networks. In this post, we will lear ...more

A dark silhouette of a bird with spread wings against an abstract background.
FORUM
09/20/2017 2:47 pm

Pentesting with Shodan & Functional Exploits By [Mohamed Ahmed ]

today we will touch on "SHODAN" in its Pentesting mode, using functional Exploits that will help them understand and audit vulnerable servers that exist. first before going through the exploit methodology, we will have an "Extra" with a database manager "little known by some", but used by large &amp ...more

FORUM
03/02/2016 1:46 am

The DROWN Attack

http://news.softpedia.com/news/a-third-of-all-https-websites-are-vulnerable-to-the-drown-attack-501202.shtml DROWN, a new vulnerability in OpenSSL that affects servers using SSLv2, was revealed today as an attack that could decrypt your secure HTTPS communications, such as passwords or credit card n ...more

FORUM
07/04/2015 7:10 am

What Do You Do if There Is a Zero Day but No Patch Out Yet?

Things like Heartbleed come to mind, or really any Zero day to be honest. What if I am a company who relies on product X but product X has just been found to have a bad vulnerability and it will probably take a couple days to patch. What do I do? Do I leave it vulnerable and keep myself open or do I ...more

Terminal command output showing shell scripting syntax and text.
HOW TO
06/23/2015 5:43 pm

How to Exploit Shellshock-Vulnerable Websites with Just a Web Browser

I'm sure that many of us have heard of that nasty Shellshock vulnerability, but not very many people know how to exploit it. Try these few tricks on vulnerable websites! Background InformationSo, what is Shellshock? Shellshock is a vulnerability in Bash shell (v1.1 to v4.3, and possibly more...) tha ...more

FORUM
04/01/2015 4:31 am

Heartbleed Help

http://gyazo.com/7be35e7c0a9c0c559c98a79cfd949625 The follow URL shows a screenshot of again happening what happend last time. I tried to exploit it, but nothing came up. I set RHOSTS, I typed "run", as @occupythewebotw did in his tutorial, and nada. It just came up "Auxiliary Module Execution Compl ...more

Login interface with fields for username and password.
HOW TO
12/09/2014 9:24 pm

Dashlane & LastPass Can Now Automatically Strengthen All of Your Weak Passwords

A group ironically called the "Guardians of Peace" hacked into Sony Pictures' computer systems and released a mountain of internal information such as medical records, leaked scripts, work complaints, and even celebrity aliases. Why did this happen? Sure, a lot of well-thought-out work went into thi ...more

Code snippet highlighting the word "vulnerable" on a computer screen.
HOW TO
10/10/2014 7:28 pm

Every Mac Is Vulnerable to the Shellshock Bash Exploit: Here's How to Patch OS X

Heartbleed, move over. There's a new bug in town, and this time it's also affecting Mac and Linux computers. It's called Shellshock (its original official title is CVE-2014-6271), and it's currently got a 10 out of 10 severity rating over at the National Cyber Awareness System. While some updates ha ...more

Manage passwords and web forms settings on a browser interface.
HOW TO
10/08/2014 5:02 pm

How to Manage Stored Passwords So You Don't Get Hacked

Chrome, Firefox, and Safari all provide built-in features that allow you to save your username and password for your favorite sites, making the process for entering your credentials a breeze when you revisit them. While this automation does make your life a little easier, it definitely doesn't make ...more

635429224363630941.jpg
HOW TO
08/06/2014 6:48 pm

Hack Like a Pro: Metasploit for the Aspiring Hacker, Part 2 (Keywords)

Welcome back, my rookie hackers! I recently began a series on using Metasploit, and my goal with it is to teach you the very basics the incredibly powerful hacking tool has to offer while progressively moving on to the more advanced features. In my first Metasploit installment, I showed you the vari ...more

Smartphone displaying apps next to coins and keys.
HOW TO
08/01/2014 7:39 pm

How to Safely Manage All Your Two-Factor Authentications in Just One Android App

As great as the Internet is, it is not without its dangers. Hackers at any time may be breaking into your online accounts and compromising your sensitive information. Last year, hackers broke into Facebook, Gmail, and Twitter and made off with 2 million stolen passwords. It's a nightmare to be the u ...more

Illustration of a networked community with houses, trees, and radio waves representing connectivity.
HOW TO
06/11/2014 12:54 am

How to Keep Comcast from Using Your Router as a Wi-Fi Hotspot

In a era where cyber security is becoming increasingly important, Comcast has decided to use its customers' routers to provide hotspot access to the public. A new program, outlined by Dwight Silverman over on the Houston Chronicle website, seeks to provide Xfinity customers with city-wide Wi-Fi hots ...more

Pink highlighter marking a calendar date for a hack event at 2:30 am.
HOW TO
05/18/2014 3:58 pm

Hack Like a Pro: Linux Basics for the Aspiring Hacker, Part 18 (Scheduling Jobs)

Welcome back, my aspiring hackers! In previous tutorials, I have shown you how to scan the globe for vulnerable servers and write simple scripts in BASH and Perl to perform other reconnaissance tasks. In a very recent guide, I taught how to scan vulnerable servers for Heartbleed. In all of these cas ...more

Heartbleed vulnerability represented with code in the background.
HOW TO
05/12/2014 6:55 pm

Hack Like a Pro: How to Scan the Internet for Heartbleed Vulnerabilities

Welcome back, my budding hackers! Recently, I showed you how you could exploit the widely disseminated OpenSSL vulnerability that has to become known as "Heartbleed". Although the world has known about this vulnerability for over a month now, it will likely take many more months—or even years—for ev ...more

Heart symbol on a background of binary code.
HOW TO
05/06/2014 4:03 pm

Hack Like a Pro: Hacking the Heartbleed Vulnerability

Welcome back, my greenhorn hackers! In recent weeks, the Heartbleed vulnerability of OpenSSL has been dominating the information security headlines. This vulnerability enables an attacker to extract data from the server's memory that may contain authentication credentials, cookies, the servers priva ...more

iPhone displaying iOS 7.1.1 software update screen.
NEWS
04/22/2014 11:29 pm

Apple's iOS 7.1.1 Update Is Now Available: Why It's a Bigger Deal Than You Think

Incorporating features such as CarPlay, UI enhancements such as the new call screen, and several bug fixes, iOS 7.1 was the first major update to Apple's operating system since iOS 7 was released in June of last year. Now Apple has released a seemingly small update in the form of iOS 7.1.1, which co ...more

Android mascot with a heart design and "Android" text.
HOW TO
04/18/2014 3:22 pm

Heartbleed Still Lingers: How to Check Your Android Device for Vulnerabilities

Unless you've been living under a rock with no internet connection, it's safe to say that you've heard of the Heartbleed flaw that allows practically anyone with the right knowledge to steal your personal information, such as passwords, credit card numbers, and e-mail addresses using OpenSSL. What m ...more

Keys being handed over between two hands with a cloudy sky background.
HOW TO
04/17/2014 4:18 pm

Hack Like a Pro: The Ultimate Social Engineering Hack

Welcome back, my greenhorn hackers! Although we have focused primarily on technical hacks here, social engineering can sometimes be especially effective. This one requires a bit of technical skill, but not too much. In addition, it's limited by how specific a target you can choose—but it will work. ...more

Google Chrome logo alongside a heart symbol with a blood-like dripping effect.
HOW TO
04/08/2014 10:07 pm

Encrypted Sites May Not Be Safe to Visit Using Chrome's Default Settings

As you may have already heard, the worst bug in OpenSSL history went public yesterday, dubbed Heartbleed. While we can go deeper into the technical details of it later, the short version is that OpenSSL, the library used to encrypt much of the web running on Linux and Apache has been vulnerable for ...more