keystroke hacking

Hacking MSSQL without knowing the password Copyright owned by original author0x01 Preface In a recent penetration test, I accidentally noticed some unencrypted MSSQL traffic during packet capture. Because the syntax is put there, it won't be wrong. At first, I thought this was a way to capture the authentication credential. However, MSSQL encrypts the login traffic, which means I had to crack its encryption algorithm to obtain the credential. If a se

.googlecode.com/svn/trunk proxmark-trunk // because this is the code that is cloned from Google via SVN, when executing this command remember FQ CD proxmark-trunk/Clientmake// Enter PM3 's working terminal HW Tune // test Equipment0x02 ConclusionThe environment was set up, as the article said: PM3 can be in the water card, bus card, Access card and other RFID\NFC card and corresponding to the machine read, data exchange time to sniff attack, and use the sniffer data through the XOR Check tool

Are you still looking for a tool to complete your daily activities, or are you just looking for new tools that you can try to play? No need to worry, because today is your lucky day! Today, I will mention a variety of links, resources and editing tools that can be used for penetration testing, computer forensics, security, and hacking techniques.toolswatch.orgToolswatch.org is maintained by NJ Ouchn (@toolswatch) and Maxi Solder (@maxisoler). This is

Hacking events ringing network security alarms(Forwarded ... )22nd this month, Weibo topic # E-commerce in the face of hackers lost millions # sparked a hot debate. It is reported that the event is the first social e-commerce show Ah, the app in the event of a machine in lieu of real users to register for download to obtain rewards, many times cheating, millions of active funds immediately exhausted, the actual interests of other users have been infri

Soon after work, always want to do something, learn something, but never seem to start.Yes, I want to learn hacking, perhaps a lot of people want to learn, but many Daniel said, this has a foundation, towering high-rise, I did a little bit of cryptanalysis, plus some places have small paranoia, try to translate the book. As a Test 8 times before CET6 engineers, in fact, really can not ask too high, the content of the deviation and translation of the C

Unauthorized access defects in Redis can easily lead to system hacking The Sebug website publishes detailed vulnerability information about unauthorized access defects in Redis. Unauthorized Access defects in Redis can easily lead to system hacking. For details, see the following:Vulnerability Overview By default, Redis is bound to 0.0.0.0: 6379, which exposes the Redis service to the public network. If aut

Hacking Team attack code analysis Part 1: Flash 0day Recently, Hacking Team, a hacker company dedicated to network listening through attack techniques, was hacked and leaked GB of data containing the company's emails, documents, and attack code. 360 the Vulcan Team immediately obtained the relevant information and analyzed the attack code. We found that at least two remote code execution vulnerabilities for

Hacking Team's principle and Function Analysis of Mac malware Last week, security personnel Patrick Wardle published an article about HackingTeam's new backdoor and virus implants. It also indicates that the Hacking Team becomes active again, bringing new malware. To understand the principles and functions of the malware, some security personnel have made an in-depth analysis. The malware is named Backdoor.

A few days ago, I accidentally visited rootkit and saw an article about wow hacking, which talked about World of Warcraft hacks development and some anti-Warden technologies, reminding me of my Diablo II years. Since I started hack dialbo II a few years ago, I have done a lot of crazy things in retrospect (for example, I used C to completely restore a program from binary ), he has also accumulated a wealth of experience in the hacks production of Diab

If you are attacked by hackers, you will want to find out where the people are attacking themselves, so that we can be targeted for the prevention of hackers work. So how can this be done? This requires us to track hackers, and the hacker's "Dig" out, which has a lot of doorways, to achieve a certain degree of difficulty. This chapter introduces the common user's anti-black requirements from the discovery of hackers to trace the hacker's various methods, the purpose is to let readers after readi

Hacking Strings and redishacking for Redis code readingHacking Strings The implementation of Redis strings is contained in sds. c (sds stands for Simple Dynamic Strings ).The C structureSdshdrDeclared inSds. hRepresents a Redis string: struct sdshdr { long len; long free; char buf[];}; TheBufCharacter array stores the actual string.TheLenField stores the lengthBuf. This makes obtaining the length of a Redis string an O (1) operation.TheFreeFi

Master showdown-story about hacking of blog serversEvery hero needs to confront the wall on the road to growth. either you succeed, stand on the top of the world, and gain top-level knowledge; or be beaten down by it to become one of all beings, and then get used to it.I am no exception.Not long ago, I had just built my own "ladder" on my server. This is the story from "ladder.The opening night is deep, and I am still sitting on the computer, thinking

Android Hacking Part 12: reinforce Shared Preferences with a third-party library In the previous few issues, we introduced the implementation of Shared Preference during Android Application Development, and demonstrated how to steal Shared Preferences saved by apps with insufficient security protection. In this section, we will learn how to use a third-party library named "Secure Preferences" to protect data stored in Shared Preferences. Even if the d

Android Hacking Part 1: Attack and Defense (serialization) of Application Components) With the rapid growth of mobile apps, mobile app security has become the hottest topic in the security field. In this article, let's take a look at how to attack Android app components. What is an android application component? Application components are a key part of an android application. Each application is composed of one or more components, and each is called i

In order to be able to follow up on the latest security warnings, we often spend time on vulnerability rewards and ctf competitions. When we discuss what we want to do this weekend, Matthias comes up with an interesting idea: What goals can we use to attack ourselves? The answer is Google search engine. For scanning google vulnerabilities, what can be better than google search engines. What is the most likely breakthrough? ① Old and unmaintained software ② unknown and difficult software ③ only a

is Disclaimed. In NO EVENT shall the COPYRIGHT * OWNER OR CONTRIBUTORS is liable for any DIRECT, INDIRECT, incidental, * special, EX Emplary, or consequential damages (including, but not * LIMITED to, procurement of substitute GOODS OR SERVICES; LOSS of Use, * DATA, OR profits; or business interruption) however caused and on any * theory of liability, WHETHER in contract, STRICT liability, OR TORT * (including negligence OR OTHERWISE) arising in any-out-of-the----the-software, even IF advised

Hacking the D-Link DIR-890L In the last six months, D-Link had been making bad mistakes, and turned me dizzy. Today I want to have some fun. I log on to their website and I can see a terrible scene:D-Link's $300 DIR-890L routerThere are many bugs in the firmware running on this vro, and the most unusual thing is that it is exactly the same as the firmware used by D-link on various vrouters over the years. Click here to watch the video.0x01 start Analy

. Inf file hacking SubmittedIcebergOn 2004, October 29, am.Miscellaneous This article does not describe the basics of the INF file.For more information about the INF file structure, see the DDK help documentation.1. Modify the telnet service, change the port to 99, and set the NTLM authentication method to 1.C:/myinf/telnet. inf[Version]Signature = "$ Windows NT $"[Defainstall install]Addreg = addregname[My_addreg_name]HKLM, softwar

subsequent content, we will use SDR to capture the GSM packets in the phone during the call and use the Samsung Phone Lock screen Bypass vulnerability to directly obtain Tmsi, KC to decrypt the captured packets and extract the voice content from the call process.Maybe, we can also discuss the security of 4G LTE base station based on Gr-lte Open source project. (The Gr-lte project is an Open Source software package which aims to provide a GNU Radio LTE Receiver to receive, sync Hronize and decod