Long before the internet, two brothers, FranΓ§ois and Joseph Blanc, pulled off the very first hack in history. This happened way back in 1834, when the coolest tech around was the telegraph. Sounds a bit surreal, but back then those telegraphs did not work with electromagnetic impulses. No, they were optical. The Blanc brothers’ scheme…
There is often a lot of confusion among many when it comes to the differences in cookies & sessions. In my arsenal of interview questions, I sometimes wielded this somewhat trick question like a gleaming sword of confusion. This wasn’t just any question; it was the litmus test to separate those who understand the simple…
Once upon a time in the digital kingdom, there lived a peculiar little creature known as the JWT Token. It was a curious being, part Header, part Payload, and part Signature. Together, they lived in harmony, carrying secrets and tales from one end of the web to the other. But not all was well in…
In the vast expanse of the internet, websites are mere islands in an ocean of code. And for the curious hacker, GitHub’s endless repositories hold the treasure maps to these islands. But what if these maps also contained hidden secrets? Keys to hidden doors, forgotten passages, and unguarded treasures? Today, we’re diving into the depths…
Let’s dive into the intriguing world of port scannersβwhere the digital equivalent of checking if the doors and windows are locked meets a touch of whimsy. Imagine if you will, a trio of characters in the grand digital saga: Nmap, Masscan, and Unicornscan. Each with their own quirks, talents, and party tricks, they embark on…
The Cluster bomb attack can be very useful when you need to use more than one payload. For instance, we are going to retrieve the administrator password via triggering conditional responses through SQL statement. We already know that the length of the password is 20 characters. Our statement is: ‘ AND (SELECT SUBSTRING(password,1,1) FROM users…
One of the most important things one can learn for hacking is getting comfy with programming. Python is a good language to start. Another very important aspect of hacking is – SEARCH ENGINES. It stands to reason to combine searching and programming. First, install the necessary library: This is how a request to google looks…
When we browse a web site, the first thing we often notice is its login pages. The more amateur hacker may try to brute-force it right away. However, the more experienced tester will think: are there any other authentication points to the same resource? The answer is often resoundingly YES! Modern applications often create alternative…
So what is de-serialization? What are serialization attacks? What is serialization? What is serial? Ok ok, hold your horses, kemosabe…will start from the beginning, this is serial: Now that the hard part is out of our way, lets start dissecting the rest. Common explanation: Serialization is merely representing object as a stream of bits and…
Lets say you found a security issue that allowed you to upload a PHP web shell into the application. We all have been through those simple php web shells: Classic! Or it can be hundreds of lines of more complex code. You then happily gallop to your shell to execute commands: http://your_url.com/?shell.php?cmd=dir And then something…
