Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 20
Members Online: 2

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Lessons

Page 1 of 3 1 2 3 >
Author

My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 00:24
Ok, I have decided that I am going to be writing a web hacking e-book, as the title says. It will be very in-depth, not a dinkly little article less than 1000 words, etc. It will cover Basic -> Medium -> perhaps some more advanced stuff. It will be full with pictures and diagrams, etc. Not sure whether or not there will be accompanying videos, but I might do that as well.

What I want to know from you guys, is specifically what all do you need / want to see.

So far I have thought of:

XSS
SQL Injection
CSRF
RFI
LFI

I know there are more types of exploits but, I again, I want to know what you guys want. If what you want is already specified above, please explain exactly what you want in that category(such as something not gone over much or you haven't seen before at all).

Already I have written the XSS chapter, however there might be something that I left out. It has many pictures, about 1500 words and is about 9 pages long. It covers the basics of XSS, shows you how to make an Ajax cookie logger as well, and how to counter XSS.

The exploits will not be done on vulnerable sites because I don't want skiddies to ruin sites, but I might detail exploits that are patched such as my PHP-Fusion exploit that I discovered a few months ago, and others.

Thanks for reading and I hope to release something that will be very beneficial.




Edited by on 02-04-07 01:09
Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 00:33
you could throw some JS injections in there in the beginning, ya know, for the easy stuff Pfft

then you could put in some rooting directions or something Smile


Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 01:10
well rooting is not exactly web hacking except in some cases such as with lfi/rfi


Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 02:02
*Possibly the most off-topic post ever and sorry for that but this caught my attention.*

If it's possible to "hack hex" on a program or image to make it so a computer has a consistent crash and refuses to run programs..maybe you could add something like that to your ebook thing Frown

Not really..web hacking...but it kinda got me thinking. I was thinkin it'd be pretty interesting to see that. Wink


Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 02:12
Ooo can i read the XSS chapter? Also, i second the JS injection, it will probably take up a page or two at most, but is easy to do, and will provide confidence for readers to continue..


Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 02:24
session fixation would be good and then ie flaws and exploits.


Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 02:24
i suppose that i can release the XSS chapter right now to see what you guys think. I will add in the JS injection later, but for now I will release the XSS PDF.

here is the URL to the XSS Chapter only.(PDF format)

http://www.shareb. . .--pdf.html

Please criticize it by saying what needs to be added, edited, etc. Thanks




Edited by on 02-04-07 02:26
Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 02:48
i enjoyed it, it think its great!

What i must suggest tho is put a part about URL based xss, such as www.site.com/index.php?thing=<script>alert("XSS"Wink;</script>

EDIT: If you want a hand writing I'll do some




Edited by on 02-04-07 02:57
Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 02:53
bigggnick wrote:
i enjoyed it, it think its great!

What i must suggest tho is put a part about URL based xss, such as www.site.com/index.php?thing=<script>alert("XSS"Wink;</script>



I Agree Wink and add some Basic pass cracking with JTR, for the noobs..Pfft

Nice work btw..




Edited by on 02-04-07 02:54
Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 02:57
I liked it too, really informative, and the pictures and examples help a lot Grin


Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 02:59
Ok, thanks for some quick replies. Realize that I wasn't even planning on releasing anything tonite, but Ponquile wanted to see what it is so far, so I tried to make a quick release of the just the XSS chapter. Realize that this is not even 1/5 of the way completely done. XSS is not the only type of web hacking.. lol. I will cover everything I said in my very first post just as in depth as this XSS chapter, if not more. They will all have their section that tells you how to secure against, etc. like the XSS chapter. I will try to perhaps do the LFI / RFI chapter next, so look for that this week sometime. Final completion of the book, probably will be done, by the end of April I hope.


Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 03:01
Oh and if you want to submit anything, just PM me it or send me a link to a .txt / .doc of it. I am doing it all in Word,and then converting it to PDF.


Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 03:01
good, I can't wait...

and in the meantime, I'll try my best to think of some other topics you can put in your ebook Grin


Author

RE: My Own Webhacking E-Book

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 02-04-07 03:04
I realy want to read the CSRF chapter. drooling with anticipation!


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 03:46

SQL Injection


Does that include Blind SQL Injection?? Smile


Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 03:50
It includes everything. Smile Trust me I want to make this complete, not leaving out much at all in the web hacking side of things.


Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 04:04
good Grin


Author

RE: My Own Webhacking E-Book

Zer0Man
Member



Posts: 194
Location: England, UK
Joined: 02.01.07
Rank:
Moderate
Posted on 02-04-07 15:40
Could there be a section on "How to use" such things as jtr, Cain etc... for us noobies please?

Thanks in advance.


Social engineering bypasses all technologies, including firewalls. (Kevin Mitnick)
The true computer hackers follow a certain set of ethics that forbids them to profit or cause harm from their activities. (Kevin Mitnick)
Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 16:31
This is a great idea! I'm downloading the first part right now and I'm looking forward to the other parts! and about another subject..hmm..well, I'll think about it Wink Good luck!

EDIT: reading right now and it's great!, but doesn't XSS stand for Cross Site Scripting instead of Cross Server Scripting?? Or is it both??




Edited by on 02-04-07 16:35
Author

RE: My Own Webhacking E-Book


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-04-07 18:39
I volunteer for some spell checking, if you want it:

ideal -> idea
"The idea of this type of exploit..."


Code
<b>(bold text) or <h1>(header 1), etc


-> should end the tags, like you did down below, otherwise it just doesn't give the right look to what you're trying to say.
Code
<b>bold text</b> or <h1>header 1</h1>, etc.




Run-on paragraph after you injected
Code
<b>hey guys>/b>




Off to coding in php,... - > We will be coding this logger in PHP,...
Because "Off to coding in php" seems misplaced or just missing something.

So a new user visits the guestbook... -> So a new user visits the guestbook, lets say his username is Jake.
^otherwise the sentances seem to be fillers

Yep you got it, pwd123 -> Yep, you got it, pwd123
Also, i'm not exactly sure on this one, but i don't think "yep" is a real word.

Now I will respond to the question i see a lot -> Now, I will respond to the question i see a lot.
Because words meaning time that start the sentance need a comma after it.



Well, we get around this... -> Yes, but we can get around this...
You didn't actually answer the quesion, you just went into your explanation.

Well the underlying reason of why we want to use it, is because...
This is a hard sentance to understand.
1.) Well, the
2.) Do you need that comma after it
3.) Try not to use the same word to start sentances one after another. An example would be "well." You used it to begin two sentances that are right next to each other. Try not to do that.

...you would post for your Message: -> Why is the "m" capitalized?

...now stored as a .txt on our server -> Different use of extension, you referred to it as just txt before, don't change things like that on your readers.

This effect -> This technique

...your message was that there is a call to an external... -> ...your message was and that there is a call to an external...

So now that you understand how the hacker is thinking in this exploit... ->
1.) So now that you undersand how the hacker can use this exploit...
2.) Seems misplaced, perhaps use this as the start to your next paragraph? Otherwise, it jumps from one idea to a comple other idea.
^could just be me being picky in this one...

...and htmlentities()(there... -> you never ended the ( in front of the word "there."

...after you search something; your -> improper use of ;

...of the s textbox, and you see value='asdf'. -> of the s textbox, and you should see value='asdf'.

Then we would escape the value attribute... -> I think that's a run-on sentance there.

Anyways the point of that example, is... -> Anyways, the point of that example is...

Revise first sentance in conclusion as there are several other errors.


Also, along with the whole, using in the url that was mentioned above. In conjunction with that, say why it has to be used on the site. Like you can't make a yahoo mail XSS and send it to a person logged into gmail and steal the gmail user's cookies. Tell them how setcookie() works and such.

:p


Page 1 of 3 1 2 3 >