Archive

Posts Tagged ‘hack’

hacking with URL shorteners

April 18, 2016 Leave a comment

This article (https://freedom-to-tinker.com/blog/vitaly/gone-in-six-characters-short-urls-considered-harmful-for-cloud-services/) just gave me an excellent idea…

In a nutshell: these URLs are so short that you can explore a lot of them with a simple brute force approach. Just generate a random hash and there is a high chance that it points to somewhere.

Example: with bit.ly I generated a link: http://bit.ly/1bNGJd3 . I tried to modify some characters in the hash and in most cases it pointed to somewhere…

10 million passwords

February 10, 2015 Leave a comment

Do you want 10 million username/password combinations? Strictly for research purposes, of course. If yes, then check out this blog post. Magnet link at the bottom.

Categories: Uncategorized Tags: , ,

Black Hat youtube videos

July 13, 2014 Leave a comment
Categories: Uncategorized Tags: ,

MD5 decrypter

October 2, 2013 Leave a comment

MD5 is a hash, not an encryption. From this hash value you cannot restore the original content. However, you can take a dictionary, hash every word in it with md5, then compare the original md5 value with them. If there is a match, your md5 is cracked.

MD5Decrypter.co.uk allows you to input an MD5 hash and search for its decrypted state in our database, basically, it’s a MD5 cracker / decryption tool… We have a total of just over 43.745 billion unique decrypted MD5 hashes since August 2007.” (source)

So, if you store your passwords in md5 format and someone has access to them, they are not safe at all… If an md5 hash is generated from a weak password, it can be cracked in an instant with the tool above.

OK, but… how should I store the passwords then?
See this post for a great tip: How to store and verify a password?

Categories: security, Uncategorized Tags: , , ,

black magic: 0x5f3759df

April 5, 2013 Leave a comment

The number 0x5f3759df is a magic constant that can be used to calculate the inverse square root of a number very efficiently. See this post for a detailed explanation. Now if you come across this number (which can happen anywhere, anytime), you will say “aha, I know that one”.

Find API keys on GitHub

March 4, 2013 Leave a comment

Problem
You need an API key for a service (like Google or Imgur) and you want to use someone else’s key. Naturally, this is just a theoretical problem.

Solution
This blog post shows how to harvest API keys. In short:

  • visit GitHub’s advanced search page
  • type in a keyword (for instance “AIza” for Google API keys)
  • hit the Search button and choose Code on the left side

Learn to Hack

Categories: Uncategorized Tags: , ,