Chinese Arabic French German Italian Japanese Korean Portuguese Russian Spanish Chat!
Hacker's Database
This site is dedicated as a repository for "hacking" programs for Windows and Linux. Please note that hacking means nothing but tweaking or cleverly resolving a problem. Use the programs as you wish, but this site or its provider are not responsible in terms of how you use these programs, (i.e. for educational purposes only).
The way this site works is as follows. I will update the database to the best of my capability, to a point. You, the community, may upload whatever you feel is relevant to the site in terms of security, docs/videos, etc. Then, I will eventually review each submitted item, and add it to the database.
READ THE T.O.A. BEFORE PROCEEDING! It contains valuable information!
News Updates - Subscribe to the RSS Feed
Ah, another day, another small DDoS. I do not believe my site goes a day without someone attempting multiple simultaneous continuous connections whilst cycling through random IP addresses. Oh well, but it is fun to watch, as my bandwidth laughs at the feeble attempts… One example, happening as I post this, is on the forum. Apparently there are 18 IP addresses connected at the same time, all looking at the C Obfuscation contest. All of which are dropping, and then connecting with another 18 every minute or so. As of yet, there are 101 simultaneous connections, doing absolutely no harm. This is kind of sad, though. Oh well.
Go get the popcorn, I’ll tivo it for later!
Well, I was bored. Shoot me. Or rather, stun me. I was perusing the “inter-blag” and stumbled-upon what people were declaring it was a taser, which is no where near he specs. Anyway, I decided to take this effort upon myself.
All one needs to do is get a disposable camera (you can sometimes get used ones for free from the photo department) and the slightest knowledge of how electricity functions in a circuit, and some common sense.
Ply open the camera, take the casing off, and carefully extract the flash circuit. Take the wires off of the flash bulb end, along with the flash and throw that portion away. Pop in the battery (if not already in) hold in the flash charge for any desired amount of time, be sure to keep hands away from anything metal on the camera, and have the red and black wires touch. Bam! There goes a blue flame (note, not a spark, a blue flame that does indeed melt a dime). I don’t condone using this on people, that would be way too cruel. Heh.
I have a link to the video of me testing it out, marvel in all the 360v of pain, glory. And if you think that doesn’t hurt, think again (though, I have had worse by putting my finger in an electrical socket; NO it was a mistake, not on purpose! heh).
Continue ReadingYup… There is a contest going on in the forums where people post their obfuscated C code. Should be interesting to see what people come up with. For full rules and submissions, please go to the following link: Obfuscation Contest!
Have fun, and have fun making people writhe in pain while attempting to interpret what your code really does. 
As we all know, good code is properly parsed/well organized code. Tabbing is one’s friend. It seems as though people tend to take both very important concepts with a grain of salt. Obviously not in anyone’s best interest.
We all understand proper coding in terms of not being careless/lazy and allowing for easy exploitation (make reference to RFI/LFI especially when coding in PHP) but why should we care at all about neatness? I mean, hell, if it runs, then God bless. If it doesn’t segfault, that’s glorious. If its not amazingly efficient (or completely lack there of), who cares? Well, think about a few things here. First off, by example;
#define length 512
int main(int argc,char**argv){char**namestring=NULL;char tempstring[length];int numElements;int i;int len;do{printf(”%c%c%c%c%c%c%c%c%c%c%c%c
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c
%c”,69,110,116,101,114,32,116,104,101,32,110,117,109,98,101,114,32,111,
102,32,115,116,117,100,101,110,116,115,32,40,49,45,49,48,41,58,
32);fgets(tempstring,length,stdin);sscanf(tempstring,”%d”,&numElements);}
while(numElements>10);printf(”%c%c%c%c%c%c%c%c%c%c%d%c%c%c
%c%c%c%c%c\n”,69,110,116,101,114,32,116,104,101,32,numElements,32,
110,97,109,101,115,58,32);namestring=malloc(length*sizeof(char));for(i=0;
i<numElements;i++){i[namestring]=malloc(length*sizeof(char));printf(”%c
%c%c%c%c%c%c%c%d%c%c”,32,32,78,97,109,101,32,32,i+1,58,32);fgets
(i[namestring],length,stdin);if((len=strlen(i[namestring]))!=0)if(i[namestring]
[len-1]==’\n’)if(i>=0)i[namestring][len-1]=’\0′;}for(i=0;i<numElements;
i++){printf(”%c%c%d%c%c%c%s\n”,32,32,i+1,32,45,32,i[namestring]);}
free(namestring);return 0;}
Now, obviously this is the extreme, and is purposely obfuscated in such a manner to the point at which the individual would have difficulty even understanding what the printf’s are expressing, well, printing. (Also mind you, for the curious, and the lazy; all the code is doing is taking in user input with fgets and sscanf, storing them in a 2d array, and then printing it out. Trivial, I know). But of course, there is always some obnoxious “show-off” in the crowd that states that they can read ASCII in decimal form. Anyway, break; tangent. Let us review why it isn’t in our best interest to write code in such a manner as described above, or more appropriately, why one should be organized, etc.
//The Anti-Commenter
Take the first scenario: Say you choose not to comment your code at all, and it is fairly lengthy, oh say… a little over a thousand lines. It works beautifully at the time, and then is shelved for latter use. You dig through your archives, find it, and decide to update it. But wait, you have no idea why you used nested for loops for outputting every third character into a printf. You think, I know I did this for some good reason, but it has been so long. Now your code is virtually worthless to you, unless you attain a revelation. Hosed.
Let’s Not Columnate, Yeah, Let’s Not
int main()
{printf("Hello World!\n");
return 0;}
Alright, so this may not look too terribly bad for such a small/virtually worthless program, but imagine this where it encompasses many nested for loops, well, let your imagination go while. Even with the simplest of compile errors, it may be quite difficult to pinpoint exactly what went awry. Sure, the compiler ignores spaces (in almost every case, minus scanf) but it helps you visually interpret where each bit of code needs to go, what is tied with what, et cetera.
Using Arbitrary/Single Character Variables Bring Me Joy
Oh, how I love to read code with variables such as i, temp, var, j, k… well, you get the idea. I don’t mind using ‘i’ when used as an index, but single character variables, and variables that may be interpreted as something else (such as temp and var, or even int1, int2) is just taking it a bit too far, and just plain carelessness. Once again, this applies to the first rant about not commenting; except for the fact that it may be applied in the now (give or take an hour) depending on how many of these wonderful variables you have, and how long the program is. This will only make things harder for you, and anyone else who may be interested in debugging your program.
Efficiency? Pfft, that’s for OCD perfectionists, as long as it works, am I right?
Sure, think that way. But when you are writing an MD5 hash+salt brute-forcer, and you don’t care about efficiency, don’t go complaining. Its well understood when you are writing a lengthy program that you eventually become lazy, and just “want it to compile,” but one should keep in mind that there is a tidying up/optimization phase always lurking at the end. A few things to keep in mind;
1. The less lines, the better. Think about it, that means less conversion to binary, and less processes to sift through. “Get to the freaking point,” per se. Take the following for example:
if ( ( len = strlen(namestring[i]) ) != 0 )
if (namestring[i][len-1] == ‘\n’ )
namestring[i][len-1] = ‘\0′ ;
Or… you could just cut to the chase, maybe? Depends on the situation. All of the code mentioned prior in the case at which it was used could have easily been made into:
namestring[0] = ‘\0′;
Bear in mind, this was in a for loop, hence the indexing. Anyway, you get the idea. Cut anything down to its purest form whenever possible. In metaphor, you wouldn’t ramble in an essay about nonsensical gibberish, would you? No.
In short, take pride in your code, and don’t simply throw things together simply because it “just works.” This often leads to any of the following in any combination if applicable; easy exploitation, illegibility in the latter, confusion in the now, and inefficiency/lack of optimization where it is most needed.
Happy coding, and keep in mind the prior mentioned trivial ideals.
Continue ReadingNo offense to anyone who might be offended - eh, screw it. If you don’t like it, then don’t read it, capice?
Ubuntu fan boys+stumbleupon is almost as bad as those iWhore Mac/Apple/OSX/anything to do with the company, fans. I have never seen an operating system hyped to such an extreme (other than Windows, which has obvious reasons) in the Linux community. It all seemed to start with Dell’s adaptation of the “savior” of OS’s. Sure, you get to use an operating system that spoon-feeds you everything, takes up less resources, and isn’t Windows (and of course you have no true reasoning behind using such an OS, just to say “Hey, I am now cool since I have stopped using the retched MS.”) Or we have the ignorant lot that follows Dell no matter what, trusts their hardware, etc. etc. and think that they are saving money since they are supposedly not spending roughly the $200 for the Windows OS (which that price was left in, by the by; sorry kids, the price of Windows was deliberately left in, go figure).
Anyway, to the point. All hype leads to epic failure. Recently, it has been spotted on https://bugs.launchpad.net/ubuntu/+bug/104535 that Ubuntu apparently runs more clock cycles than what is necessary. Thus, leading to premature hard drive failure. I do believe that such a finding should be posted on WorseThanFailure.com. I wonder why Ubuntu would come with such horrible power conf settings; there should be an option upon installation if the user is running the given OS on a laptop or not (since this problem is most striking on a laptop; settings change when laptop is not running on AC). For more information, click on the link provided earlier to patch your system.
As for me, I said screw it, and went with the Gentoo Sabayon flavor. Why was I running Kubuntu originally you may ask? Well, at the time, nothing appeared to run for hell on my laptop. It has a Celeron M… you do the math. As of yet, Sabayon boots faster, has better support for my wireless/sound/gfx drivers (ndiswrapper+ALSA+VIA) on the fly, without having to compile the drivers from source. I recommend any flavor of Gentoo to any novice, programmer, veteran or what have you. It is a very powerful and highly optimized OS that has yet to fail me after running it for quite some time on my desktop.
Enough ranting, back to ‘hacking,’ *ahem* learning, rather.
Continue Reading
