Why does my assembly program give segfault?
linux,debugging,assembly,segmentation-fault,hacking
I have compiled your example and then looked at it using hexdump: (I had to add BITS 32 to it to compile in 32-bit mode, because I'm using Linux-64): $ vi test.asm $ nasm test.asm $ hexdump -C test 00000000 5c 0f 88 2f 00 00 00 31 5c 78...
Our OAuth2 implemention has security flaws
java,angularjs,security,oauth-2.0,hacking
You've successfully implemented a session hijack. This happens because sessions are based on tokens stored in the web page or cookies rather than IP addresses or something. This makes sense because IP addresses can be spoofed while a cryptographically secure session token is practically impossible to spoof. While you could...
Dummy web application for penetetration testing ethical hacking
web-applications,owasp,hacking
this link should provide what you're looking for: http://www.amanhardikar.com/mindmaps/Practice.html
How can I hide my specific java source code (a single class) by convert into non readable?
There is only a way to partially do what you want. You can use proguard to obfuscate it. As for completely hiding the class I do not know any way to do that....
Stack overflow exploits: RET vs. SEH overwrite
security,stack-overflow,exploit,seh,hacking
It depends what is the vulnerability and what are the exploit conditions. If you can overwrite the RET and build a full blown exploit than you are correct and overwriting the SEH would is unnecessary. But this is not always the case .. In some cases RET overwrite protections will...
SQL injection without single quotes
This SELECT must be passed as a Scalar Subquery enclosed in parentheses. If date is simply concatenated with text then setting it to ' || (SELECT password FROM users WHERE username='admin') || ' results in INSERT INTO data_table VALUES ([other values], '' || (SELECT password FROM users WHERE username='admin') ||...
What do capture-the-flag challenges involve?
Capture the flag involves using various commands usually in linux and windows to navigate file directories for some challenges. When you enter a challenge you will usually have a certain amount of time to find as many flags as you can. Each flag is worth a different amount of points...
Unfamiliar Javascript syntax/hack
html,formatting,script-tag,hacking
My best guess is that the script code was originally put in a CDATA section like this: <script type="text/javascript" //<![CDATA[ //]]> </script> When deleting //<![CDATA[ (which wasn't needed since it's referring to an external source file), they simply neglected to remove the final //]]....
Strange security issue - why would this happen? [closed]
forms,security,bots,spam,hacking
I don't think that you will ever find any useful answer to your question, because there are lots of reasons that someone may do this. It may be "for fun", increase google ranking, or there are personal "rivalries" between someone else with the company. Well, you can see at least...
any standard tests to prevent hacking?
The only way to really stop hacking is to understand your code. For instance you have to understand in java how something like a hash table could be exploited. Or how a stack overflow could make your code vulnerable. There is no good way to stop a hacker but to...
Finding stack buffer overflows
c,memory,heap,stack-overflow,hacking
There are two main approaches for finding stack buffer overflows: Black box testing The key to testing an application for stack overflow vulnerabilities is supplying overly large input data as compared to what is expected. However, subjecting the application to arbitrarily large data is not sufficient. It becomes necessary to...
Android facebook sdk : Login works without proper key hash
android,facebook,facebook-graph-api,facebook-android-sdk,hacking
Using a webview, there's no ability to enforce the sending of a key hash since the SDK is open source, and anyone can modify the source code (meaning they can override whatever key hash the SDK generates). During login, the user will still see the name and icon of the...
What are bots trying to do by hitting my website?
They look for known vulnerabilities, e.g. by attempting to fetch the admin pages for a popular blog package which is known to be vulnerable in some old versions. When they find a vulnerable site, they have a script (which typically they don't even understand; hence, "script kiddies") which exploits the...
MATLAB cftool surface plot matrix
As a possible workaround (potentially not very efficient) is to plot the output of the fit (fitresult) and fetch the XData, YData and ZData properties of the plotted surface. For example, after performing a dummy fit: hP = plot(fitresult) yields those properties for hP: Surface (curvefit.gui.FunctionSurface) with properties: EdgeColor: [0...
Debug classes in rt.jar by copying their source to my project
You would have to put your replacement classes in a separate directory or JAR file and prepend that to the bootstrap classpath using the -Xbootclasspath/p option to the java command. You should not distribute any code that uses this mechanism to override rt.jar classes but it's fine to use for...
RegExp to find specific string with random characters in between
(?:b[^a-zA-Z]*?a[^a-zA-Z]*?s[^a-zA-Z]*?e)|(?:d[^a-zA-Z]*?e[^a-zA-Z]*?c[^a-zA-Z]*?o[^a-zA-Z]*?d[^a-zA-Z]*?e) You can try this.See demo. https://regex101.com/r/pG1kU1/17...