Category: /bin/more

Actual content

A Very Different Hello World

How to write a shellcode in assembly to display “Hello, world?” After last week when I barely had time to scratch my head and I had to transfer my fiancee’s website to a different hosting (and finally learn something about how does the dns system work) I am back to coding for myself. I decided […]

CSRF Protection – Part 2

Fun of bypassing CSRF protection - Putting giving a request a session cookie

Before I begin, I owe you an apology. In previous part I told that I would like to describe the CSRF protection mechanism, but when I got down to coding, I thought that this would be rather tedious and uninteresting. If you want to see how it works, just go to Flask’s WTF forms extension […]

CSRF protection – part 1.

Fun of bypassing CSRF protection - Putting giving a request a session cookie

CSRF – Cross Site Request Forgery is an attack in which the user performs unauthorized actions on a web page they are signed in to. In this article I will describe the theory behind it and in next part (available here), I’ll give you some code to fool around with. What is the problem? Imagine […]

First steps with radare2

OK I might not be going to make math at all, not because my last experience with chemistry was about 6-7 years ago in my high school. After all I like command-line tools after having Linux as my primary driver for some time (and maybe again in near future ;)), however, my relationship with VIM […]

Simple assembly program on MacOS

While going through shellcoding course on Pantester Academy I though I would like to check how the code in the course would look like on MacOS. On Linux this was pretty straightforward: Set one syscall (mov rax, 1), to write to standard output (mov rdi, 1), enter hello_world string, enter its length, call, set another […]

Password Recovery – Part 2 – Practice

In previous part I’ve given you an overview of strong and weak methods of storing passwords. I’ve told what are the gains of using slow hashing methods and salting as basic methods of protecting passwords. Today, I’m going to perform a simulated attack on passwords to compare efficiency of password cracking. As always all examples […]

Password Recovery – Part 1 – Theory

Have you ever thought what happens when you type your password in a login form? What happens to this top secret data? How is it protected? Note: if you are reading this to get a decent understanding of how you should store passwords, read additional resources at the end. I am not a cryptography expert […]

Pentester Academy GDB challenge (kinda)

A few weeks ago I bough access to Pentester Academy labs to boost my skills, since I do not have solid background in countless fields, my job is mainly writing web applications with a little bit of devops tasks (read: I sometimes modify Dockerfiles) and I rarely have an opportunity to observe how “smart people” […]

How do libraries work? Part 3.

simple-c-code

In previous two parts we’ve dealt with creating dynamic libraries on MacOS. Today we’re moving on to different system – Linux. I was planning to go with Windows, but running a web browser while using Virtualbox on my poor laptop is a nightmare and I think I will need to run my old laptop for […]

Next Page » « Previous Page