Category: Web Hacking


This question has not yet appeared in my inbox, although since I have already written an explanation on the meaning of the term “Sniffer” it makes sense to write one about a tool commonly used in conjunction with a “Sniffer”. So here is an explanation on what a “Scanner” is and what it may be used for. Note I am referring to a “Network Scanner” not an optical scanner.

A “Scanner” is a shortened term for “Network Scanner”. The “Network Scanner” is a software program that can be used to passively scan for network broadcasting devices, such as a wireless access point (AP) that could potentially be exploited in order to gain unauthorized access into a system belonging to the network connected to this wireless access point, or perhaps authorized access assuming you have permission from the owner of the network or computer to perform a security audit.

 

By using the term “Passive Scan” I am referring to a scan in what is commonly known to security enthusiasts as a scan in “Monitor Mode”. This means that the wireless device will only capture data packets and broadcast beacons without sending and data packets. Thus making you much less likely to be discovered by the owner of the device or devices that you are collecting data packets from. I would also like to note that in most circumstances collecting wireless packets should be no more illegal than say peering into your neighbour’s lounge room through the front door that he left open. It is in principle no different. Just be sure that if you do choose to pursue the data packets of your surrounding access points that the owner of them is not a security freak or a person with a great lawyer, as this could result in them turning the tables on you and getting you in trouble.

 

Due to the haze between the terms “Sniffer” and “Scanner” personal opinions on each may vary. My preference in network sniffers would be Wireshark and my preference in “Scanner” would be Airodump-ng.

I hope that this has helped you understand the meaning of the term “Scanner” when referring to network security. Have fun testing your network from the outside, perhaps it is not as secure as you may have once thought.

This guide I am writing is intended to finally give the Facebook community the freedom to add the long awaited “Dislike” button into their statuses. Read below to find out how easy it is to post a status on your profile with a “Dislike” button. The first thing you will need to do is sign into your Facebook account. Then you will need to visit the following link to acquire the “Status Magic” app:

http://apps.facebook.com/statusmagic/ Once you have visited this URL and you have installed the application you can then post your statuses through the “Status Magic” app and add any button you would like (in place of the “Dislike” button). Once you have installed the app you can click the “Account” tab in the top right of your Facebook browser and then click “Application settings”. Once you have clicked “Application settings all you will need to do is scroll through your applications and find “Status Magic” and then click the “Status Magic” link to open it. When you open the “Status Magic” app through the “Account/Application settings” Link you will be led to a page similar to the one shown in the screenshot of my computer running the same app below: Status Magic Demo Now that you have opened “Status Magic” you can type your status in the text box provided and then type in the options for your custom button. Once you have written your post and edited the text for your custom button you can click the “Share” button and you are done. Your Post will now be published with the added option of the custom button you created.

It is that simple to create a “Dislike” button, or any custom button on Facebook for that matter. Enjoy your newfound Facebook interface enhancement knowledge.

In this guide there are a few steps on how to gain administrator access to most websites utilizing low level security. Note: this method may not work and regardless of its success I will not be held responsible for any negative repercussions of your actions. This is only intended for testing your OWN website for security flaws unless otherwise authorized by the owner of the site to do so. The term “hack” is marked with an asterisk to indicate that it is not actually a “hack” but more of a stab in the dark approach, you may be lucky and you may not be; although it is much wanted of myself and others that you do not call this a “hack” as it is not a “hack” it is a search hoping to reveal the obvious and that is all.

 

The first step in gaining some form of elevated access to a secured webpage is of course through the oldest trick in the book; reading the source code. To read the source code you will need to set your browser to be viewing the webpage that you intend to “hack” and click the “view” button in the file menu at the top of the web browser window.

 

Next you will need to search the source code looking for any suspicious looking phrases such as a mix of letters, numbers or a combination of the two. If it appears you have found something that looks like it may be password related you will need to store it on paper or in a file on your computer for later reference.

 

Now, you will need to combine this suspicious chain of numeric or alphanumeric characters with a common administrator username. The most common user names include; admin, administrator, Admin, Administrator. If you would like more common usernames then it is advised that you search the term “common administrator usernames” using your preferred search engine (I recommend Google as it is more insecure when it comes to hiding the confidential information of websites such as passwords, sensitive information and other data not intended for the public eye).

 

If you have tried many usernames and are still not satisfied with the results then the next step could be one of two things. You could attempt to search the source code for the term “password.php” or you could search the file index of the site directly using your browser and search for the file named “password.php”.

 

Also, if you believe that you have drained all of your sources of relevant passwords then you could also search the term “default administrator passwords” using Google or any other search engine that you feel comfortable with.

 

Once you have gathered what you consider to be a decent list of usernames and passwords then you can attempt to combine them either manually by combining them in the corresponding data boxes of the website or by using some kind of brute forcing program, which can be found by searching the term “brute force software”.

 

If this method works then you will have gained access to YOUR website and will now have reason to change your passwords and or usernames to one that would be a lot more difficult to break.

 

Have fun, use this guide only for constructive purposes. I will not be held responsible for any misuse of this guide as it is intended for informational purposes ONLY.

%d bloggers like this: