Recent Entries

  • LFI Apache log poisoning

    LFI Apache Log Poisoning by Ausome1 Here's a quick overview: If you find a file inclusion vuln and you can't do a remote file include (RFI) attack on it but you can still use the LFI to view things outside the /home/$user directory (open_base turned off). What you can do to include some PHP co...
  • 40 Tips for optimizing your php Code

    1. If a method can be static, declare it static. Speed improvement is by a factor of 4. 2. echo is faster than print. 3. Set the maxvalue for your for-loops before and not in the loop. 4. Unset your variables to free memory, especially large arrays. 5. Avoid magic like __get, __set, __au...
  • How to Install Internet Explorer 7.0 Bypassing Genuine Windows Validation

    Internet Explorer 7.0 is the long awaited tabbed web browser by Microsoft. Nearly four years after the release of Internet Explorer 6.0, in the face of growing competition from Mozilla's Firefox, Microsoft has finally given the old IE platform a facelift. Optimized design along with new cool interfa...
  • Translating DOS to Linux

    DOS Command: dir, dir/w Linux Equivalent: ls, ls -l DOS Command: chdir (Current directory) Linux Equivalent: pwd DOS Command: del (remove a file) Linux Equivalent: rm DOS Command: deltree (remove a directory and all files under it) Linux Equivalent: rm -r DOS Command: copy Linux Equ...
  • How the myspace SWF hack worked

    How the myspace SWF hack worked First note: I DID NOT MAKE THE HACK. I simply downloaded the .swf's, decompiled them, looked at the actionscript, worked out what it did, found the Javascript that it uses, and tidied it up & commented it. I've probably got some bits wrong, feel free to contact me ...
  • Setting up a reverse SSH tunnel

    Takeaway: Learn to forward a port on a remote machine to a local machine while initiating the SSH tunnel from the local machine. SSH is an extremely useful tool in that it allows you to do many things in a secure fashion that you might not otherwise be able to do. One of the things SSH allows yo...
  • What is a Denial of Service (DoS) attack?

    What is a Denial of Service (DoS) attack? Well, its the most common form of security attack, the easiest to perform and the hardest to track down and stop. A DoS (Denial of Service) attack by design sends a large enough amount of traffic to a host, group of hosts or network in order to overwhelm ...
  • Google Hacking

    inurl:index.of.password Directory listing contains password file(s)? intitle:"Index of" service.pwd Directory listing contains service.pwd file(s) intitle:"Index of" view-source Directory listing contains view-source file(s) intitle:"Index of" admin Direcory listing contains administrat...
  • Hiding Files

    Hiding files, directories, or even to the names of the files themselves. A useful CLSID is the Control Panel one: {21EC2020-3AEA-1069-A2DD-08002B30309D}. Example 1: - Create a text file test.txt - Rename it: Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D} Its icon changes and looks li...
  • IRC Command Help - Basic Commands

    -- Basic Commands -- With most windows IRC clients an extensive help file is included. Dont hesitate to try the /help command. IMPORTANT NOTE : ALL IRC COMMANDS START WITH A "/". The forward slash is the default command character. Commands on IRC are not case sensitive, and can be abbreviat...
  • IRC Command Help - Some Less Basic Commands

    -- Some Less Basic Commands. -- /MSG {nickname|channel} {text} Sends a (private) message to specified nickname or channel. Besides chatting on IRC Channels you can also have private conversations or queries with other people on IRC. On most clients these conversations will be handled by separate...
  • IRC Command Help - Channel And User Modes

    -- Channel And User Modes -- Channels can have additional constraints, which can be set by the MODE command. To understand this, recall that the first person that joined a channel effectively creates it and is, at least initially, in charge of the channel. He or she becomes a Channel Operator or ...
  • Regular expression examples

    Addresses //Address: State code (US) '/\b(?:A[KLRZ]|C[AOT]|D[CE]|FL|GA|HI|I[ADLN]|K[SY]|LA|M[ADEINOST]|N[CDEHJMVY]|O[HKR]|PA|RI|S[CD]|T[NX]|UT|V[AT]|W[AIVY])\b/' //Address: ZIP code (US) 'b[0-9]{5}(?:-[0-9]{4})?b' Columns //Columns: Match a regex starting at a specific column on a line...
  • An A-Z Index of the Linux BASH command line

    An A-Z Index of the Linux BASH command line alias (Create an alias) awk (Find and Replace text, database sort/validate/index) break (Exit from a loop) builtin (Run a shell builtin) cal (Display a calendar) case (Conditionally perform a command) cat (Display the...