Chinese Arabic French German Italian Japanese Korean Portuguese Russian Spanish Chat!
Hacker's Database
A BOOK! Leetupload.com is proud to present the publication of a new book, written by the founder/developer of this site. The book, as seen below, is entitled "No Root for You: A Series of Tutorials, Rants and Raves, and Other Random Nuances Therein. It is about network auditing, a step by step tutorial guide explaining how one would go about auditing, securing, and learning why certain exploits work, etc. It is available NOW, July 14th! Purchase your copy now, by clicking HERE! Keep in mind that the cover you see by Wordclay is just a "dummy" cover, and will change within 10 days. Your copy will look like the cover found below. To read more (view table of contents and the like) click here! Also, check out our new t-shirt store by clicking here!
This site is dedicated as a repository for "hacking" programs for Windows and Linux. Please note that hacking means nothing but tweaking or cleverly resolving a problem. Use the programs as you wish, but this site or its provider are not responsible in terms of how you use these programs, (i.e. for educational purposes only).
The way this site works is as follows. I will update the database to the best of my capability, to a point. You, the community, may upload whatever you feel is relevant to the site in terms of security, docs/videos, etc. Then, I will eventually review each submitted item, and add it to the database.
READ THE T.O.A. BEFORE PROCEEDING! It contains valuable information!
News Updates - Subscribe to the RSS Feed
As we all know, good code is properly parsed/well organized code. Tabbing is one’s friend. It seems as though people tend to take both very important concepts with a grain of salt. Obviously not in anyone’s best interest.
We all understand proper coding in terms of not being careless/lazy and allowing for easy exploitation (make reference to RFI/LFI especially when coding in PHP) but why should we care at all about neatness? I mean, hell, if it runs, then God bless. If it doesn’t segfault, that’s glorious. If its not amazingly efficient (or completely lack there of), who cares? Well, think about a few things here. First off, by example;
#define length 512
int main(int argc,char**argv){char**namestring=NULL;char tempstring[length];int numElements;int i;int len;do{printf(”%c%c%c%c%c%c%c%c%c%c%c%c
%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c
%c”,69,110,116,101,114,32,116,104,101,32,110,117,109,98,101,114,32,111,
102,32,115,116,117,100,101,110,116,115,32,40,49,45,49,48,41,58,
32);fgets(tempstring,length,stdin);sscanf(tempstring,”%d”,&numElements);}
while(numElements>10);printf(”%c%c%c%c%c%c%c%c%c%c%d%c%c%c
%c%c%c%c%c\n”,69,110,116,101,114,32,116,104,101,32,numElements,32,
110,97,109,101,115,58,32);namestring=malloc(length*sizeof(char));for(i=0;
i<numElements;i++){i[namestring]=malloc(length*sizeof(char));printf(”%c
%c%c%c%c%c%c%c%d%c%c”,32,32,78,97,109,101,32,32,i+1,58,32);fgets
(i[namestring],length,stdin);if((len=strlen(i[namestring]))!=0)if(i[namestring]
[len-1]==’\n’)if(i>=0)i[namestring][len-1]=’\0′;}for(i=0;i<numElements;
i++){printf(”%c%c%d%c%c%c%s\n”,32,32,i+1,32,45,32,i[namestring]);}
free(namestring);return 0;}
Now, obviously this is the extreme, and is purposely obfuscated in such a manner to the point at which the individual would have difficulty even understanding what the printf’s are expressing, well, printing. (Also mind you, for the curious, and the lazy; all the code is doing is taking in user input with fgets and sscanf, storing them in a 2d array, and then printing it out. Trivial, I know). But of course, there is always some obnoxious “show-off” in the crowd that states that they can read ASCII in decimal form. Anyway, break; tangent. Let us review why it isn’t in our best interest to write code in such a manner as described above, or more appropriately, why one should be organized, etc.
//The Anti-Commenter
Take the first scenario: Say you choose not to comment your code at all, and it is fairly lengthy, oh say… a little over a thousand lines. It works beautifully at the time, and then is shelved for latter use. You dig through your archives, find it, and decide to update it. But wait, you have no idea why you used nested for loops for outputting every third character into a printf. You think, I know I did this for some good reason, but it has been so long. Now your code is virtually worthless to you, unless you attain a revelation. Hosed.
Let’s Not Columnate, Yeah, Let’s Not
int main()
{printf("Hello World!\n");
return 0;}
Alright, so this may not look too terribly bad for such a small/virtually worthless program, but imagine this where it encompasses many nested for loops, well, let your imagination go while. Even with the simplest of compile errors, it may be quite difficult to pinpoint exactly what went awry. Sure, the compiler ignores spaces (in almost every case, minus scanf) but it helps you visually interpret where each bit of code needs to go, what is tied with what, et cetera.
Using Arbitrary/Single Character Variables Bring Me Joy
Oh, how I love to read code with variables such as i, temp, var, j, k… well, you get the idea. I don’t mind using ‘i’ when used as an index, but single character variables, and variables that may be interpreted as something else (such as temp and var, or even int1, int2) is just taking it a bit too far, and just plain carelessness. Once again, this applies to the first rant about not commenting; except for the fact that it may be applied in the now (give or take an hour) depending on how many of these wonderful variables you have, and how long the program is. This will only make things harder for you, and anyone else who may be interested in debugging your program.
Efficiency? Pfft, that’s for OCD perfectionists, as long as it works, am I right?
Sure, think that way. But when you are writing an MD5 hash+salt brute-forcer, and you don’t care about efficiency, don’t go complaining. Its well understood when you are writing a lengthy program that you eventually become lazy, and just “want it to compile,” but one should keep in mind that there is a tidying up/optimization phase always lurking at the end. A few things to keep in mind;
1. The less lines, the better. Think about it, that means less conversion to binary, and less processes to sift through. “Get to the freaking point,” per se. Take the following for example:
if ( ( len = strlen(namestring[i]) ) != 0 )
if (namestring[i][len-1] == ‘\n’ )
namestring[i][len-1] = ‘\0′ ;
Or… you could just cut to the chase, maybe? Depends on the situation. All of the code mentioned prior in the case at which it was used could have easily been made into:
namestring[0] = ‘\0′;
Bear in mind, this was in a for loop, hence the indexing. Anyway, you get the idea. Cut anything down to its purest form whenever possible. In metaphor, you wouldn’t ramble in an essay about nonsensical gibberish, would you? No.
In short, take pride in your code, and don’t simply throw things together simply because it “just works.” This often leads to any of the following in any combination if applicable; easy exploitation, illegibility in the latter, confusion in the now, and inefficiency/lack of optimization where it is most needed.
Happy coding, and keep in mind the prior mentioned trivial ideals.
Continue Reading
