While the USB Rubber Ducky is well known by hackers as a tool for quick in-person keystroke injection attacks, one of the original uses for it was automation. In this guide, I'll be going the latter, explaining how we can use it to automate Wi-Fi handshake harvesting on the Ra ...more
Hello fellow training hackers. I do not know if many of you are familiar with ruby, but since it is a useful scripting language, that hasn't been covered too much here on Null Byte, I thought why not do some How-tos about it now and then. The idea is to write simple scripts ...more
In this simple tutorial you will be shown step-by-step how to write local shellcode for use on 64-Bit Linux systems. Shellcode is simple code, usually written in assembly that is used as payload in exploits such as buffer overflow attacks. Payloads are the arrow head of an exp ...more
Welcome back, my fledgling hackers! In an earlier tutorial, I introduced you to probably the most popular scripting language for hackers, Python. To become a professional hacker, you need to have some scripting skills and Python is a good choice if you want to master just one ...more
As you know, it's impossible to be a Steampunk without a pair of goggles. In fact, there are entire communities dedicated to judging other Steampunks based solely on their goggles. A Steampunk without goggles is like Samson without his hair, or a duck without a beak—totally po ...more
Dirty, malformed, and outright mischievous text strings have long been the enemy of interactive website developers. Strings contain any combination of letters, numbers, spaces, and punctuation, and are entered into text boxes on websites by users. These strings in particular c ...more
Welcome back everyone. This article isn't going to contain anything related to scripting, but rather some updates about the series. We'll be quickly discussing what we've covered so far and what is to come. When we started this series about 5 months ago, we were teaching the ...more
Hey everyone. Only found the site a few days ago but really loving it. Been reading and learning new things and always grateful for that. I used to code in c, as well as a few other languages a few years back but fell away from it a bit due to various other commitments. Gett ...more
Welcome to the final tutorial of the series on standard C. This article will cover the linked list abstract data type (ADT). There will be a lot of abstraction to try to deliver the understanding in the most basic way for easiest interpretation of what they are and how they wo ...more
When I first moved to Los Angeles, I rented a bed in a tiny studio. I was too broke to afford my own place, so all I had was a mattress in someone else's apartment. Unfortunately, this person had no interest in cooking, and therefore no kitchen equipment whatsoever. To make ma ...more
Programming is an essential thing in hacking/pentesting, and at times, I do not feel that it is being addressed enough here, at Null-byte. I understand that this is a forum dedicated for hacking, but I'll address some of the stuff I feel is muy importante about programming. I ...more
Hello my fellow hackers, Welcome to my republished revision of the ruby programming language, Part 1. Today, we will try to build an ftp cracker in ruby: This is going to be a quick one since OTW has already made one in python and we are gonna look upon that to create a simil ...more
While Google would like you to believe that Flash is incompatible on Android KitKat, there is a functional workaround that will get it up and running on your Samsung Galaxy Note 3's gorgeous screen in no time. You can't download Flash Player from the Play Store, but Adobe hos ...more
If you have a Mac running Mountain Lion, I'm sorry to tell you that all it takes to crash almost any app on it is eight little characters. This strange bug seems to only affect Mountain Lion and doesn't cause your computer any harm. Apparently, it even crashes the error report ...more
The Digispark is a low-cost USB development board that's programmable in Arduino and capable of posing as a keyboard, allowing it to deliver a number of payloads. For only a few dollars, we can use the Digispark to deliver a payload to a macOS computer that will track the Mac ...more
When it comes to sniffing Wi-Fi, Wireshark is cross-platform and capable of capturing vast amounts of data. Making sense of that data is another task entirely. That's where Jupyter Notebook comes in. It can help analyze Wi-Fi packets and determine which networks a particular p ...more
What if the code you are trying to reverse engineer is obfuscated or somehow corrupted? What if no way is left? Here comes what I like to call (wrongly and ironically) the "brute force of reverse engineering". Before I even start, as always, I wanted to apologize for any uncl ...more
Hacking web applications can sometimes be challenging due to the sheer amount of moving parts they possess. At the core of these apps are HTTP requests and parameters, but these things are often concealed from the user, due to security reasons, convenience, or both. However, a ...more
A lot of people still trust their web browsers to remember every online account password for them. If you're one of those users, you need to adopt a more secure way of managing passwords, because browser-stored passwords are hacker gold mines. With a USB Rubber Ducky and physi ...more
Developers creating login systems know better than to store passwords in plain text, usually storing hashes of a password to prevent storing the credentials in a way a hacker could steal. Due to the way hashes work, not all are created equal. Some are more vulnerable than othe ...more
The digital pen on the Surface Pro 4 and Surface Book is an indispensable tool for serious note-takers and artists alike. Out of the box, the Surface Pen is pre-programmed to do some pretty wonderful things. For example, the eraser can be single-clicked to open Microsoft's On ...more
Welcome back! In the last training session, we covered logical and membership operators. We're going to switch gears and expand our knowledge of lists. More specifically, we're going to be discussing list slicing and comprehension, in that order. You may be asking what these ...more
In the last iteration of how to train your python, we covered basic string manipulation and how we can use it to better evaluate user input. So, today we'll be covering how to take user input. User input is very important to scripting. How can we do what the user says if we ca ...more
Resflux is an Xposed mod developed by Julian Paolo Dayag, aka WisdomSky, that provides users with a straightforward and functional way to customize and theme almost every aspect of the packages (apps and system components) installed on their Android device. From within an eas ...more
Welcome back, my budding hackers! As you know, I firmly believe that to be a true professional hacker, you need to be proficient in Linux. This is for a number of good reasons. Most hacker tools are developed in Linux (well over 90 percent). Linux offers us greater granulari ...more
The most annoying thing about Christmas lights is when one bulb blows, the whole string stops working. There's no easy way to tell which one is out when it's a huge strand, so it can take forever to fix. Mehdi Sadaghdar figured out that zapping the Christmas lights with a pie ...more
A spare key is one of those things that never seems like a huge deal until you need it. If you've ever lost your keys, had them stolen, or locked yourself out of your house or car, you know how difficult and embarrassing it can be trying to get your door open. So, how would y ...more
This video is very clever, if a bit Rube Goldberg. It is the kind of thing that would be entirely charming if executed by an 8 year old boy. That said, not too many wives would choose the measuring tape over a mechanical or an electric draw string. Very Tim Allen. The idea ...more
From emergency thread to muting an annoying drippy faucet, dental floss can do all kinds of things around the house. But it's also a great tool for a few cooking tasks. In some cases, it actually works better than the intended tool for the job. Here are 4 ways you can use dent ...more
Assuming everyone knows of the recent "String of attacks" passed between Obama and Romney, I just want to talk about how useless this entire thing is. I'll try to be as un-biased as possible. Election year is a major phenomenon in any country. The masses pick their candidate ...more
If you're getting into automation, Bash scripting is usually the way to go. However, there are a couple of limitations, and one of them is logging into another device like a Raspberry Pi and running a script automatically. To help in those situations, we're going to automate d ...more
Know thy enemy — wise words that can be applied to many different situations, including database hacking. It is essential to performing adequate reconnaissance on a system before even thinking about launching an attack — any type of attack — and this is no different for SQL in ...more
If you need a tiny, flexible attack platform for raining down human-interface-device (HID) attacks on unattended computers, the USB Rubber Ducky is the most popular tool for the job. By loading the Ducky with custom firmware, you can design new attacks to be effective against ...more
Welcome back everyone. I apologize for the lack of training articles, but I've been rater busy lately. I've recently picked up a second job and my college courses are now back in session, so I'm a bit strapped for time. FTP is a very important protocol. It's not only importan ...more
What's up readers? Today I'll be introducing to you a new vulnerability called the Format String vulnerability (in case you missed the title). It won't be much, just a little motivation to keep you guys going. A little teaser, if you may. Pre-requisite information: For those ...more
Hello friends. This is actually my first how to. In this tutorial I'll be teaching how to simply copy someone's WhatsApp pictures gallery into your computer, in an automated way. It is just an example of how easy is to steal data from someone's smartphone. I am covering Whats ...more
In the last iteration of how to train your python, we covered if/else and conditional statements. We're going to diverge a little today and cover lists. Lists are simply that, lists. It is a set of values located under one variable. Now that we know the definition of a list, l ...more
We've seen all the Magic Leap One glamour shots, and we've even shown you a bit of what it looks like to view augmented reality on the device. But there's something else us super geeks appreciate more than anyone else: the grand unboxing! I met Magic Leap's Enjoy representati ...more
Ransomware is software that encrypts a victim's entire hard drive, blocking access to their files unless they pay a ransom to the attacker to get the decryption key. In this tutorial, you'll learn how easy it is to use the USB Rubber Ducky, which is disguised as an ordinary fl ...more
Nauto, which develops driver-monitor cameras and algorithms for autonomous vehicles, is among a growing list of driverless startups able to attract tens of millions of dollars in funding after raising $159 million in its latest round of financing. Led by a subsidiary of SoftB ...more
If you really want to end your next big guitar solo with a bang, consider giving this shotgun guitar a try. The instrument was conceived and played by Reverend Peyton of the Big Damn Band and created by custom pickup designer Bryan Fleming — and it's no escopetarra. It serves ...more
This year, there's no need to waste time and energy stringing colorful Christmas lights all over your home and yard. All you need is the Circuit Marker from AgIC, a Japanese technology company, and you're ready to deck the halls. Video: . The marker, along with special circuit ...more
Welcome back my friends !! Today we'll go through the second part of this C# series Let's start!! Last time we left off with Console.WriteLine and Console.ReadKey now we'll combine these with some variables and comments. Comments are useful for multiple reasons: for exemple ...more
Welcome finally, to a tutorial on buffer overflows! At last we have reached an exciting part of this series where I will dedicate the entire article on explaining and exploiting the notorious vulnerability. Grab some popcorn, sit back and enjoy the show. What Is a Buffer Over ...more
Hi guys, this is going to be kinda like a follow up to my previous post on hacking facebook with the remote keylogger. If you haven't seen that post I suggest you do. So like you can click here. Anyway let's move on. Even though people are the weakest form of security, some o ...more
Hello Null-Byte community. First off: this my first post here on Null-Byte. Some of you may have already seen me in the comment section, to all others: Hi, I'm the new guy. Secondly, a standardized text to wash my hands in innocence: I have used the search function with diffe ...more
I've always had an affinity for pretty wine bottles. When I was younger, my parents and my siblings would give me their empty wine bottles so I could collect them, and I loved every single one. Of course, once I reached a certain age, I realized that I loved what resided in t ...more
First, I want to give credit to the author where I first found how to do this: Astr0baby's Blog. This article was dated, so I took the script on his page and reworked it to make it work today. (I also included the way to make it hide the cmd line popup.) Requirements Kali (or ...more
One of the best times to get creative during the year is Halloween, and if you're one of those people that like to make your own costumes and decorations, then here's a little something you can do for that scary night... A GHOST!!! Video: . Materials You'll need the following ...more
The daily-problem of guitarists is very simple. It is to 'tune a guitar'. This post is for the most of the beginners who want to but couldn't tune their guitar. Here is a very short and easy process to tune a guitar. In this process ,the most important part is your listening ...more
Sometimes it's the little things that make our days better, like finding a dollar in our recently washed jeans or a box of donuts in the lunch room. But your Nexus 7 tablet's lock screen isn't typically one of those things—it's just a lock screen after all. Unless you add cus ...more
When you think of nail polish, it's probably almost always in the context of a manicure. I mean, that's what it's made for, right? But there are plenty of other things you can use clear or colored nail polish for besides painting your nails. Even if you're a guy living on his ...more
If you're an avid camper or hiker, you've probably been in a situation where you've needed a backpack and not had one. Maybe you brought one and it got broken or lost, or maybe your day trip turned into an overnighter. Whatever the reason, if you're in a pinch and have an extr ...more
There are some pretty incredible camera techniques out there, but the biggest problem that amateur photographers run into is that they don't have the equipment to try them. You can still get some great shots, but there are some things that are really hard to do if you don't ha ...more
With just two microcontrollers soldered together, you can inject keystrokes into a computer from a smartphone. After building and programming the device, you plug it into a desktop or laptop, access it over a smartphone, and inject keystrokes as you would with a USB Rubber Duc ...more
New updates are always exciting, even more so when Google's behind the wheel. Yes, Android 10 "Q" is here, at least in beta form, ready for software testers to dive in and explore all the new changes. Among those changes, however, lie some issues. We won't sugarcoat it — there ...more
A simple security flaw can allow an attacker to gain a strong foothold with little effort on their part. When a web application permits remotely hosted files to be loaded without any validation, a whole can of worms is opened up, with consequences ranging from simple website d ...more
Format strings are a handy way for programmers to whip up a string from several variables. They are designed to save the programmer time and allow their code to look much cleaner. Unbeknownst to some programmers, format strings can also be used by an attacker to compromise the ...more
Shodan calls itself "the search engine for internet-connected devices." With so many devices connected to the internet featuring varying levels of security, the special capabilities of this search engine mean it can provide a list of devices to test and attack. In this tutoria ...more
The sun-drenched people of Phoenix can now sign up to ride in an automated car, for free, courtesy of Waymo. The Alphabet affiliate announced its "early ride program," which will (hopefully) demonstrate how self-driving cars will fit into people's everyday lives. Highlighting ...more