Is there any zone for discussing and asking about hacking techniques in codeproject?
-
I'm starting to study how to hack into a system (local and remote) and I have started with Sql Injection technique (the next is Cross-Site-Scripting) but it seems not to be easy to practice and that's why I need helps from others experienced. I have found a site vulnerable to Sql injection and I intend to use it for my Sql injection practices. Of course I like white hats more than others. Could you please help me? If there is no such zone in codeproject, could you please lead me to any other site? Wish you a merry Christmas. Thank you very much!
If you have found a site vulnerable to injection, you are probably not far away from a visit from the local constabulary. You do not learn on live system, that is a sure way to end up in jail. You learn on closed sandboxed systems, where you can control the vulnerability, and also learn what signature your attack has left thereby allowing you to develop your techniques to prevent detection and leaving a trail. The closed systems must be your own, or ones that have been established to allow the purpose of training e.g. by some of the uni's and companies that provide training in computer forensics. Keep going the way you are and you will probably be getting a knock on the door. Come to think of it, I don't think they tend to knock anymore, just kick your door in knock the sh!t out of you and ask questions later. As one of the others have said, you should report the vulnerability direct to the site in PRIVATE. There are code of ethics in place for vulnerability reporting, which give the affected site reasonable time to respond before you go public with it. Even then if they do not respond, I would take report it to one of the disclosure sites and let them follow it up. True hackers do not just publicly tell all about what they are up to. So, in summary, CodeProject does not welcome any discussion on exploits or hacking, as this will end up in the site being blacklisted by corporations and ruin it for everyone, so take you talk elsewhere please. Have a nice day. :)
Dave Find Me On: Web|Facebook|Twitter|LinkedIn
Folding Stats: Team CodeProject
-
I'm starting to study how to hack into a system (local and remote) and I have started with Sql Injection technique (the next is Cross-Site-Scripting) but it seems not to be easy to practice and that's why I need helps from others experienced. I have found a site vulnerable to Sql injection and I intend to use it for my Sql injection practices. Of course I like white hats more than others. Could you please help me? If there is no such zone in codeproject, could you please lead me to any other site? Wish you a merry Christmas. Thank you very much!
In the event that you decide that learning how to implement security might be a more appropriate approach here[^] is an article with some links to free training.
Henry Minute Do not read medical books! You could die of a misprint. - Mark Twain Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.” I wouldn't let CG touch my Abacus! When you're wrestling a gorilla, you don't stop when you're tired, you stop when the gorilla is.
-
I'm starting to study how to hack into a system (local and remote) and I have started with Sql Injection technique (the next is Cross-Site-Scripting) but it seems not to be easy to practice and that's why I need helps from others experienced. I have found a site vulnerable to Sql injection and I intend to use it for my Sql injection practices. Of course I like white hats more than others. Could you please help me? If there is no such zone in codeproject, could you please lead me to any other site? Wish you a merry Christmas. Thank you very much!
hackthissite.org is pretty good for beginners.
-
May I suggest you read up on Gary McKinnon[^] before going any further... I won't even explain how he did it - but it did not really involve any genius or even complex cryptography... A little bit of fun can turn into a whole lot of trouble when it comes to hacking, so my advice - don't do it... not even for practise...
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
Wow that poor bastard has had his life turned into hell. Hopefully it was not malicious but even so how to crap on your life, try hacking the US military.
Never underestimate the power of human stupidity RAH
-
Wow that poor bastard has had his life turned into hell. Hopefully it was not malicious but even so how to crap on your life, try hacking the US military.
Never underestimate the power of human stupidity RAH
Yes - I think he was used as an example... Basically the people who should have been in the press were the network administrators and bosses of NASA - as the security vulnerabilities were really unforgivable.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
Yes - I think he was used as an example... Basically the people who should have been in the press were the network administrators and bosses of NASA - as the security vulnerabilities were really unforgivable.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
It sounds like he was a class A amateur, little more knowledge than I have and he managed to get into US military networks. I think you are right in that the wrong people are being persecuted.
Never underestimate the power of human stupidity RAH
-
It sounds like he was a class A amateur, little more knowledge than I have and he managed to get into US military networks. I think you are right in that the wrong people are being persecuted.
Never underestimate the power of human stupidity RAH
He was also about as street-smart as the average house brick. He goes hacking through US computers looking for "secrets" immediately after the attack on the twin towers, and he expects them not to be annoyed with him? Pillock!
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
-
Hackers are the pond scum of computing. Is this really the course you want to follow in your life? To be reviled by your peers, to be shunned by society, to be hunted and treated as prey by your government...is that really what you want from life? We won't help you, if this is your goal in life. Go away. You're trash not worth providing the time of day to. Shoo... be gone. And may you die a horrible death - soon.
Will Rogers never met me.
I'm sorry but I said that "I like white hats", my purpose is training only. You said as if you know how to hack, so how did you learn hacking? Haven't you tried hacking any site in your life yet? Even for practice only? You are persuading me that you could drive a car even without getting into any cabin to learn how to drive before! I'm absolutely white and innocent. The reason I don't report the vulnerability to the webmaster is I don't want to loose a chance to practice what I have learnt.
-
I'm sorry but I said that "I like white hats", my purpose is training only. You said as if you know how to hack, so how did you learn hacking? Haven't you tried hacking any site in your life yet? Even for practice only? You are persuading me that you could drive a car even without getting into any cabin to learn how to drive before! I'm absolutely white and innocent. The reason I don't report the vulnerability to the webmaster is I don't want to loose a chance to practice what I have learnt.
King Boy wrote:
The reason I don't report the vulnerability to the webmaster is I don't want to loose a chance to practice what I have learnt.
As others have said, you do not practice this sort of thing on someone else's site. Apart from being a criminal act in most parts of the world if you are a beginner you do not know what you are doing and could do a great deal of damage. Set up your own site or use one of those set up for people to practice on.
Henry Minute Do not read medical books! You could die of a misprint. - Mark Twain Girl: (staring) "Why do you need an icy cucumber?" “I want to report a fraud. The government is lying to us all.” I wouldn't let CG touch my Abacus! When you're wrestling a gorilla, you don't stop when you're tired, you stop when the gorilla is.
-
I'm starting to study how to hack into a system (local and remote) and I have started with Sql Injection technique (the next is Cross-Site-Scripting) but it seems not to be easy to practice and that's why I need helps from others experienced. I have found a site vulnerable to Sql injection and I intend to use it for my Sql injection practices. Of course I like white hats more than others. Could you please help me? If there is no such zone in codeproject, could you please lead me to any other site? Wish you a merry Christmas. Thank you very much!
Every invalid "hacking" questions could be turned around to be a more valid computer/system/code security questions. i.e. I want to hack into X system ? to How can I improve this code to prevent such intrusion ? But If you feel that a web site has a security issue, just contact the web administrator and tell them about it. see this : http://www.wired.com/magazine/2011/11/mf_soghoian/[^] M.
Watched code never compiles.
-
I'm starting to study how to hack into a system (local and remote) and I have started with Sql Injection technique (the next is Cross-Site-Scripting) but it seems not to be easy to practice and that's why I need helps from others experienced. I have found a site vulnerable to Sql injection and I intend to use it for my Sql injection practices. Of course I like white hats more than others. Could you please help me? If there is no such zone in codeproject, could you please lead me to any other site? Wish you a merry Christmas. Thank you very much!
'Nuff said.
Software Zen:
delete this; -
I'm sorry but I said that "I like white hats", my purpose is training only. You said as if you know how to hack, so how did you learn hacking? Haven't you tried hacking any site in your life yet? Even for practice only? You are persuading me that you could drive a car even without getting into any cabin to learn how to drive before! I'm absolutely white and innocent. The reason I don't report the vulnerability to the webmaster is I don't want to loose a chance to practice what I have learnt.
King Boy wrote:
Haven't you tried hacking any site in your life yet?
Yes, I did, back in the BBS days. And no, I wasn't a "white hat" back then. End of discussion. Is it worth it?? Hell no. How did I learn how to do it? By playing by the rules and learning how everything should be done. There is no "practicing" this stuff in the real world as any attempt, even as "practice" as you call it is gambling with getting caught and arrested. Trust me, the jail time and fines are a huge price to pay for "practicing". If you want to practice this crap, setup your own sites off the 'Net and have at it.
King Boy wrote:
You are persuading me that you could drive a car even without getting into any cabin to learn how to drive before!
I did. Couldn't you??
King Boy wrote:
I'm absolutely white and innocent.
The law makes no distinction about what color hat you wear.
King Boy wrote:
The reason I don't report the vulnerability to the webmaster is I don't want to loose a chance to practice what I have learnt.
Sure! Go ahead and spend more and more time in a system. The long you're doing it the greater the odds of getting caught. If you really think the owners of the system you're screwing with won't care about what you're doing, keep at it. I'm sure they'll just turn a blind eye to you and let you keep distrupting their business for as long as you want.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
King Boy wrote:
Haven't you tried hacking any site in your life yet?
Yes, I did, back in the BBS days. And no, I wasn't a "white hat" back then. End of discussion. Is it worth it?? Hell no. How did I learn how to do it? By playing by the rules and learning how everything should be done. There is no "practicing" this stuff in the real world as any attempt, even as "practice" as you call it is gambling with getting caught and arrested. Trust me, the jail time and fines are a huge price to pay for "practicing". If you want to practice this crap, setup your own sites off the 'Net and have at it.
King Boy wrote:
You are persuading me that you could drive a car even without getting into any cabin to learn how to drive before!
I did. Couldn't you??
King Boy wrote:
I'm absolutely white and innocent.
The law makes no distinction about what color hat you wear.
King Boy wrote:
The reason I don't report the vulnerability to the webmaster is I don't want to loose a chance to practice what I have learnt.
Sure! Go ahead and spend more and more time in a system. The long you're doing it the greater the odds of getting caught. If you really think the owners of the system you're screwing with won't care about what you're doing, keep at it. I'm sure they'll just turn a blind eye to you and let you keep distrupting their business for as long as you want.
A guide to posting questions on CodeProject[^]
Dave KreskowiakThank you! I don't want to be arrested. In fact the time when I can hack some vulnerable site is so far from now and that's really an unrealistic dream to me. Not easy to me at all, you can imagine that they will never have to care whether an ant can kill an elephant. That's exactly my case. Now I am still trying to become a good programmer. Thank you again!
-
I'm sorry but I said that "I like white hats", my purpose is training only. You said as if you know how to hack, so how did you learn hacking? Haven't you tried hacking any site in your life yet? Even for practice only? You are persuading me that you could drive a car even without getting into any cabin to learn how to drive before! I'm absolutely white and innocent. The reason I don't report the vulnerability to the webmaster is I don't want to loose a chance to practice what I have learnt.
Ok, let's set the record straight here shall we? The term hacker has for a long time had the wrong conotation and I'd like to correct a few misconceptions. First off, the negative individuals should be appropriately named crackers which are black hats (they break security). The white hats are called ethical hackers - lest we forget that personal computing started with individuals like Steve Jobs and Bill Gates, both of whom by appropriate definition were indeed hackers. A hacker essentially for all intents and purposes is a programmer. Captain Crunch was a cracker, he cracked the security of phone systems. Now, to get the appropriate training on becoming an ethical hacker, I strongly recommend that you attend the SANS institute workshop on Ethical Hacking. If you want to practice hacking on your own, fire up a virtual machine and have at it. Never attempt to try practicing on any system unless you have explicit written concent from the target or you are setting yourself up for a fall.
-
I'm starting to study how to hack into a system (local and remote) and I have started with Sql Injection technique (the next is Cross-Site-Scripting) but it seems not to be easy to practice and that's why I need helps from others experienced. I have found a site vulnerable to Sql injection and I intend to use it for my Sql injection practices. Of course I like white hats more than others. Could you please help me? If there is no such zone in codeproject, could you please lead me to any other site? Wish you a merry Christmas. Thank you very much!
-
Hackers are the pond scum of computing. Is this really the course you want to follow in your life? To be reviled by your peers, to be shunned by society, to be hunted and treated as prey by your government...is that really what you want from life? We won't help you, if this is your goal in life. Go away. You're trash not worth providing the time of day to. Shoo... be gone. And may you die a horrible death - soon.
Will Rogers never met me.
Roger Wright wrote:
Hackers are the pond scum of computing.
Not every hacker is a scum. And the definition of a hacker is too blurry and with too many different beliefs to disqualify everyone. Many hackers out there are helping to improve security. Others disclosing vulnerabilities and some are doing the scum stuff. So please, hold on your words a little. This kid might not be starting right, but that doesn't mean you have to disqualify everyone. And kid, like others have said, if you found out a vulnerability it's your duty as a member of this proud community to report it to the site owner. Would you be happy if bad guys new how to get into your house through the back door? Would you be happy to have an unknown vulnerability to the safety of your home? Be responsible and report it. If you want to learn and practice, build your own web site in a vulnerable way and then you can explore its vulnerabilities the way you see fit, without the risk of being prosecuted or causing loss to anyone. There are plenty of books on security and web development that you can use to do things in the wrong way and explore that. Once you're a good hacker, use it to the benefit of the society. You can even earn some money that way, being a good kid. Edit: If you have missed it on CP's daily news, here is a fine example of a good Samaritan hacker: Hacking google for fun and profit.[^]
"To alcohol! The cause of, and solution to, all of life's problems" - Homer Simpson
-
Thank you! I don't want to be arrested. In fact the time when I can hack some vulnerable site is so far from now and that's really an unrealistic dream to me. Not easy to me at all, you can imagine that they will never have to care whether an ant can kill an elephant. That's exactly my case. Now I am still trying to become a good programmer. Thank you again!
Well... You never know... Curiosity and testing can take you far... "Hmm, I wonder what happens if I test a ' or 1=1 here..?" "Oh WOW!" "Hmm, I wonder what happens if I 'DELETE FROM..?" "Oh WOOOOW!... .... Oh SHIIIITTTT!!!!! I never imagined.... Oh shit, it worked..." I don't think there is any one formula to "learn to hack". If you're programming, and have an interest in securing your own work and a general interest in security... You start analyzing other's work... You find holes in your own work... And before you know it, you're there. Fun: Start with firebug, and find javascript insertion points in your target; ways to inject some code. Then create an iframe with javascript. Then load up some popular website and try to read input boxes. Then send the content of those boxes to some other page with a querystring. Abusing existing javascript functions on the page can also sometimes yield fascinating results. [..self censorship, was getting too evil for this website..] If all this doesn't sound like fun, then you will never be a hacker. It would be fun to have such a section in The Code Project. What's the harm of talking about it? Acting on it with malicious intent is something else...
-
He was also about as street-smart as the average house brick. He goes hacking through US computers looking for "secrets" immediately after the attack on the twin towers, and he expects them not to be annoyed with him? Pillock!
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
Obviously you are not aware that WTC was an inside job perpetrated by the Bush Administration to give an excuse to invade Iraq and introduce draconian legislation like the PATRIOT Act. :laugh:
Psychosis at 10 Film at 11 Those who do not remember the past, are doomed to repeat it. Those who do not remember the past, cannot build upon it.
-
Obviously you are not aware that WTC was an inside job perpetrated by the Bush Administration to give an excuse to invade Iraq and introduce draconian legislation like the PATRIOT Act. :laugh:
Psychosis at 10 Film at 11 Those who do not remember the past, are doomed to repeat it. Those who do not remember the past, cannot build upon it.
Your name is Captain C Sharp and I claim my Five Pounds! :laugh:
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
-
I'm sorry but I said that "I like white hats", my purpose is training only. You said as if you know how to hack, so how did you learn hacking? Haven't you tried hacking any site in your life yet? Even for practice only? You are persuading me that you could drive a car even without getting into any cabin to learn how to drive before! I'm absolutely white and innocent. The reason I don't report the vulnerability to the webmaster is I don't want to loose a chance to practice what I have learnt.
Quote:
The reason I don't report the vulnerability to the webmaster is I don't want to loose a chance to practice what I have learnt.
So let's follow that trail where it leads. 1) Mr. A finds a vulnerability on Mr. B's web site. 2) Mr. A spends a bunch of time messing around on that web site trying out hacking techniques, mainly just to learn about security in the hopes that he can understand better what things to know and watch out for when administering systems. 3) Evil Mr. X also finds the same vulnerability on Mr. B's web site. He does malicious things. He also is more experienced, and leaves few traces of himself or his identity. 4) Mr. B discovers X's intrusion and studies server logs, which point him to...Mr. A, who can be seen all over those logs systematically testing the web site for vulnerabilities! 5) Police show up at Mr. A's house. Career and family fun ensue. Even a softer version is this: 4) Mr. B loses a lot of money at the hands of Mr. X, who exploited a vulnerability that Mr. A could have warned him about. 5) Mr. A lives with guilt for having used his neighbor's weakness for his own gain instead of giving him a heads-up that his back door was unlocked ahead of the thieves showing up. Bad idea all around. Set up your own system and try attacking that.
