Archive
funny git commits
hacking with URL shorteners
This article (https://freedom-to-tinker.com/blog/vitaly/gone-in-six-characters-short-urls-considered-harmful-for-cloud-services/) just gave me an excellent idea…
In a nutshell: these URLs are so short that you can explore a lot of them with a simple brute force approach. Just generate a random hash and there is a high chance that it points to somewhere.
Example: with bit.ly I generated a link: http://bit.ly/1bNGJd3
. I tried to modify some characters in the hash and in most cases it pointed to somewhere…
10 million passwords
Do you want 10 million username/password combinations? Strictly for research purposes, of course. If yes, then check out this blog post. Magnet link at the bottom.
Black Hat youtube videos
https://www.youtube.com/results?search_query=black+hat+2013
Example: Exploiting Network Surveillance Cameras Like a Hollywood Hacker
MD5 decrypter
MD5 is a hash, not an encryption. From this hash value you cannot restore the original content. However, you can take a dictionary, hash every word in it with md5, then compare the original md5 value with them. If there is a match, your md5 is cracked.
“MD5Decrypter.co.uk allows you to input an MD5 hash and search for its decrypted state in our database, basically, it’s a MD5 cracker / decryption tool… We have a total of just over 43.745 billion unique decrypted MD5 hashes since August 2007.” (source)
So, if you store your passwords in md5 format and someone has access to them, they are not safe at all… If an md5 hash is generated from a weak password, it can be cracked in an instant with the tool above.
OK, but… how should I store the passwords then?
See this post for a great tip: How to store and verify a password?
black magic: 0x5f3759df
The number 0x5f3759df
is a magic constant that can be used to calculate the inverse square root of a number very efficiently. See this post for a detailed explanation. Now if you come across this number (which can happen anywhere, anytime), you will say “aha, I know that one”.
Find API keys on GitHub
Problem
You need an API key for a service (like Google or Imgur) and you want to use someone else’s key. Naturally, this is just a theoretical problem.
Solution
This blog post shows how to harvest API keys. In short:
- visit GitHub’s advanced search page
- type in a keyword (for instance “
AIza
” for Google API keys) - hit the Search button and choose Code on the left side