/hf/ - Hack Funk

Email
Subject
Comment *
File *	Select/drop/paste files here
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Password	(For file and post deletion.)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 8 MB. Max image dimensions are 10000 x 10000. You may upload 1 per post.

File: 1422266003394.jpg (41.7 KB, 404x256, 101:64, sqli.jpg)

/hf/ - SQLi (part 1) Anonymous 01/26/15 (Mon) 09:53:23 No.40[Reply]

SQL injection is a code injection technique, in which malicious SQL statements are inserted into an entry field for execution.
What you'll need -

*A list of dorks, I got these for you:
http://www.mediafire.com/download/lzy8cjo52xct1m4/Dorks.txt

*A functioning brain (50% of you can stop reading here)

We'll be covering manual and blind SQLi injection, No Havij.

Step №1 - Check for vulnerability
You can either use a vulnerability scanner or manually check websites, it's up to you.

Using the lists of dork, find a website, let's say we found www.halfchan.org/news.php?id=4
Post too long. Click here to view the full text.

2 posts omitted. Click reply to view.

Anonymous 07/12/15 (Sun) 20:26:11 No.98

>A functioning brain (50% of you can stop reading here)

Epic, simply epic.

File: 1421914004390.png (33.12 KB, 256x256, 1:1, hansen.png)

Anonymous 01/22/15 (Thu) 08:06:44 No.2[Reply]

Welcome to /hf/ - Hack Funk

This is an info and discussion board regarding hacking, cracking, skidding and all malicious security acts.

Discussed topics can be but not limited to:

Botnets, IRC Bots, and Zombies,

Cryptography, Encryption, and Decryption

Pentesting and Forensics,

Decompiling, Reverse Engineering, Disassembly, and Debugging,

Worms, Malware, and Viruses,

Doxing, Personal Information Masking, Databases, Anonymity.

Feel free to ask newbie or stupid questions.

Feel free to discuss anything else related.

Global Rules Enforced

Don't be dumb.

An extensive lists of guides and reading material will be placed here, as soon as I'm done compiling it.

Post last edited at 07/08/15 (Wed) 14:27:56

File: 1422059809065.jpg (23.85 KB, 300x342, 50:57, w9uusl.jpg)

✿ ♀ ✿ /fem/ swami!!MEE2pnW0Vk 01/24/15 (Sat) 00:36:49 No.21 [Reply]

you better watch out OP! >>>/baphomet/ will ping your IP and it'll be all over!

2 posts omitted. Click reply to view.

Anonymous 01/24/15 (Sat) 14:15:57 No.31

>>23
Kinda, it's mostly modified though right?

Anonymous 01/24/15 (Sat) 18:09:47 No.32

>>21
>>22
Thanks a lot but stop tripfagging you nigger

Anonymous 01/28/15 (Wed) 06:07:07 No.45

>>21
Still butthurt I see that I permab& you kek

Anonymous 07/11/15 (Sat) 05:11:35 No.96

Shoo, tripfags.

Boardowner, please activate forced anonymity.

Anonymous 07/12/15 (Sun) 15:07:42 No.97

>>96

Good idea, I'll get to it today.

File: 1422590402686.gif (94 B, 16x16, 1:1, adminicon.gif)

Anonymous 01/30/15 (Fri) 04:02:08 No.56 [Reply]

8chan is great and all, but Yotsuba's user interface (especially the catalog and the mobile theme) are far superior. I am trying to implement Yotsuba's UI into infinity. Anyone interested in doing this?

4 posts and 1 image reply omitted. Click reply to view.

Anonymous 02/20/15 (Fri) 15:21:52 No.69

>>66
That's extremely good progress.
Do you still have the IRC channel up?

Anonymous 02/20/15 (Fri) 16:02:52 No.71

>>69
Yes I just got back in it. Meet me there if you're interested

Anonymous 02/22/15 (Sun) 03:48:44 No.74

If anyone knows PHP (especially Twig) I could really use help with the catalog part of it.

Anonymous 02/22/15 (Sun) 21:35:48 No.75

Updated git repo. Threads, quick reply boxes, js, and indexes work great. (also, for those trying to access the git repo, I fixed it. Make an account to contribute.)

Anonymous 07/11/15 (Sat) 05:09:15 No.95

>especially the catalog

Eh, nah.

File: 1422057330616.jpg (28.96 KB, 620x465, 4:3, pipebomb.jpg)

Pyrotechnics General Anonymous 01/23/15 (Fri) 23:55:30 No.18 [Reply]

How to make a pipe bomb, no gunpowder.

1) GO TO YOUR LOCAL HARDWARE STORE AND TELL THE GUY THAT IS HELPING YOU
THAT YOU WANT A PIECE OF STEEL PIPE ONE FOOT LONG. AND ALSO THAT YOU WANT
THE ENDS THREADED AND YOU ALSO WANT CAPS TO PUT ON THE END.

2) NOW GET AHOLD OF A BABYFOOD JAR. MAKE SURE THAT THE JAR WILL FIT DOWN
THE PIPE REAL EASY LIKE. FILL THE BABYJAR WITH EVERYDAY VINEGAR. MAKE
SURE THE TOP IS SCREWED ON REAL TIGHT. **IF IT IS LOOSE YOU WILL BLOW YOUR
HAND OFF**

3)NOW CAP ONE END OF YOUR PIPE WITH ONE OF THE CAPS THAT YOU SHOULD HAVE
PICKED UP WITH THE PIPE. IF YOU KNOW OF SOMEONE WITH A WIELDER, HAVE HIM
WIELD A BEAD AROUND THE THREADS AFTER YOU HAVE IT CAPPED.
Post too long. Click here to view the full text.

Anonymous 07/11/15 (Sat) 05:08:34 No.94

bump

File: 1422098519679.jpg (40.15 KB, 504x663, 168:221, 528789_262427723850355_105….jpg)

Anonymous 01/24/15 (Sat) 11:21:59 No.28 [Reply]

Use this shit to bomb cellphones into oblivion.
Do not test this on your own device, it will freeze and most likely brick.

https://www.dropbox.com/s/218mrp1scg5vth7/Laquisha%20SMS.exe?dl=0

4 posts omitted. Click reply to view.

Repfuck Anonymous 01/26/15 (Mon) 07:13:26 No.38

File: 1422256406315.png (29.56 KB, 190x132, 95:66, download (1).png)

>>34
All hack tools will have some kind of false-positive.
If you're unsure, always use sandboxie, I will make a thread about it now.

>>37
That's a nice point, an interesting thing to think about is the .RAR exploit, which makes .rar's execute a shadow file binded to it, so no file is actually safe, there is two options I go to in this case.

1. Execute file on vmware
2. Use sandboxie

!bofOs07Urg 01/28/15 (Wed) 16:53:27 No.46

>>38
This is the best advice. I'd go with VMware myself, I keep a VM for testing shit like this. There's a collection of tools out there in a re-packed /i/ kit that needs to be evaluated by hand and checked. I might get around to doing that eventually, been too busy as of late to really work on it.

Anonymous 01/28/15 (Wed) 18:13:19 No.49

>>46
Do you have the /i/ toolbox?

Anonymous 01/28/15 (Wed) 22:29:12 No.52

>>49
Yeah,
https://mega.co.nz/#!TBsBHSoK!I9PmdQBKm-iYyqlS5K7pQS7v4yR2lImpeOLxq2Pyrbo

Feel free to test, sandbox, repack, report on things, whatever. I'll be lurking here.

Anonymous 07/11/15 (Sat) 05:06:37 No.93

>>38

>All hack tools will have some kind of false-positive.

>If you're unsure, always use sandboxie, I will make a thread about it now.

No, almost all.

That's because Almost all are poorly concealed trojans.

An anti-malware program will not see 'oh, this sends messages to phone too quickly' and conclude 'MUST BE A TROJAN'.

>>28

>.exe

Source code or kill yourself, OP.

File: 1423433653921.jpg (15.84 KB, 400x267, 400:267, me hacker.jpg)

Anonymous 02/08/15 (Sun) 22:14:13 No.63 [Reply]

I am looking for any problems with these guides..
can /hf/ please help me?

A Basic Guide to Online Anonymity
https://paste.sh/PeHdQrTb#8Vv_ywqNsltkmlLwgTyFR2Th

Anti Forensics- Scrubbing Your Computer Clean
https://paste.sh/qA5-Dwwt#fTsHKjgELTkvNjuAsTZAIKIv

Anonymous 02/08/15 (Sun) 22:23:19 No.64

here are some alt paste sites if you do not trust the site i posted..

A Basic Guide to Online Anonymity
http://paste.org.ru/?wfgjnw
http://pastebin.com/raw.php?i=2kQM6bxT

Anti Forensics- Scrubbing Your Computer Clean
http://paste.org.ru/?pdarmi
http://pastebin.com/raw.php?i=rN451jiY

Anonymous 06/16/15 (Tue) 01:15:57 No.91

/baph/ used to have some good guides, they're gone now.

Anonymous 07/08/15 (Wed) 14:18:16 No.92

Very well written guides, first of all, but there is still a lot you missed, for example, you didn't really truly cover the extent someone can go to mask themselves online, from disabling DMZ (if open), blocking all ports besides crucial ones, using log-less VPN's, browsing through emulated enviroments.

Regardless, really well written posts.

Post last edited at 07/08/15 (Wed) 14:20:58

File: 1433696957041.jpg (57.21 KB, 370x370, 1:1, cyberghostvpnlogo.jpg)

CyberGhost Patch by PainteR KILLCEN 06/07/15 (Sun) 17:09:17 No.90 [Reply]

https://mega.co.nz/#!pUlBTAaJ!3zac_8mNxYrDejtfB0bX6YM88CvKNIL76HQAkrbeqQA

Have fun while it lasts!

File: 1428461437811.jpg (336.61 KB, 875x591, 875:591, 082756t802-305.jpg)

Halp Anonymous 04/08/15 (Wed) 02:50:57 No.88 [Reply]

Reckon any of you geniuses are able to find the password to a RAR file or know how to bypass a rar's password?

Tried to download this: http://games.torrentsnack.com/neverwinter-nights-2-pc/
The fucker has a password on it that wants a survey done and since I have shitty Australian internet that means it takes me ages to download anything I would rather see if anyone here is able to find a way to avoid me downloading NWN2 another way.

Anonymous 04/21/15 (Tue) 20:36:11 No.89

kickass.so

File: 1422425020241.png (21.35 KB, 528x383, 528:383, edf09ff2db5dbb009bbcfcd3f5….png)

Crack+ Bruteforcing Platform Anonymous 01/28/15 (Wed) 06:03:40 No.44 [Reply]

Supports multiple threads and modules.
Run in sandboxie. >>39

https://mega.co.nz/#!Qk0VWCxJ!z4uP66dy7JkfX_UWB-mMRCJwZSrgMwtdHCnWrc6mqfA

Anonymous 01/28/15 (Wed) 18:15:40 No.50

thanks

Anonymous 01/30/15 (Fri) 03:44:37 No.55

Hydra is a good choice for Linux.

Anonymous 04/02/15 (Thu) 18:28:06 No.86

>>44
Awesome

File: 1424556946817.png (2.22 KB, 220x229, 220:229, sqlinject.png)

HelpMeSqlinject Ashur 02/21/15 (Sat) 22:15:46 No.73 [Reply]

Hello.

I have been looking for a weak .php site and i finally found one. http://www.blacksys.co.kr/eng/product/product.php?id=8

so, first what i did was adding an ' after id=8

then i got this error: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/bsys/public_html/eng/product/product.php on line 8

And now i'm trying to see how many tables by using: order by 100/* and still getting the error. I can even add order by 1000/* and the are still showing

(yes i'm new to this and do not want to use Havij).

Any tips and tricks?

Anonymous 02/23/15 (Mon) 02:18:46 No.76

>>73

You misunderstand the order command, you must use 1 increments per function, not a 100 or a 1000

Look at this for an example:

www.halfchan.org/news.php?id=4 order by 1/* <– no error
www.halfchan.org/news.php?id=4 order by 2/* <– no error
www.halfchan.org/news.php?id=4 order by 3/* <– no error
www.halfchan.org/news.php?id=4 order by 4/* <– error (we get a relayed message along the lines of Unknown column ‘4′ in ‘order clause’)
We do not count the last table because it does not exist, so we have 3 columns.

Full guide at
>>40
Post too long. Click here to view the full text.

Post last edited at 02/23/15 (Mon) 02:33:11

Anonymous 03/09/15 (Mon) 22:06:43 No.84

>>76
yes plz

!!Bo8eeQiEsM 03/10/15 (Tue) 00:11:49 No.85

>>84
11 columns, which would be order by 12/* = returning no error

so 11.

File: 1422058731409.jpg (39.84 KB, 524x677, 524:677, h2h.jpg)

How to avoid being swatted Anonymous 01/24/15 (Sat) 00:18:51 No.19 [Reply]

The edgyness of children online breaks all bounds, kids should know that swatting is a very serious offence which will get you in prison, for a long time, regardless of age.

http://www.secretsofthefed.com/15-year-old-swatted-gamer-convicted-domestic-terrorism-25-years-life-federal-prison/

http://www.nbcwashington.com/news/local/Canadian-Teen-Charged-in-Swatting-Calls-Throughout-US-258713271.html?_osource=SocialFlowTwt_DCBrand

Don't be dumb, don't swat.

In the case you feel you have a chance of being swatted, prevention is easy (considering your perpetrator is not familiar with you outside the internet)

1. Google your full name, phone number, address, online nickname, email, and look what's available.

Google is undoubtedly a powerful tool that plays a key role in doxing. Since Google indexes almost anything on the Internet (sometimes even the private information), it is possible to dox for details such as email ID, address, phone numbers and photographs of a person or company. Once you obtain the search results for your query, carefully examine the description part which in most cases contain the piece of information that you are looking for.

2. Get rid of your useless Social Network accounts, unless they contain 0 information about you.
Post too long. Click here to view the full text.

2 posts omitted. Click reply to view.

Anonymous 01/27/15 (Tue) 12:18:25 No.43

>>42
Unless you share a name with a famous person a single google search will not bump up your details to the top

Anonymous 01/30/15 (Fri) 13:08:35 No.58

File: 1422623315308.png (7.11 KB, 282x282, 1:1, 1421579873409.png)

Personal thing I do because I'm kind of a normalfag, I tell people a fake name when I meet them and keep my facebook and other such things under that name. My online alias is different. My real name is only used by employers and legal documents.

It throws people off, people try to dox me but when they find my facebook they find a bunch of addresses that aren't mine. Just play the part, though, "Oh don't swat me please"

>mfw people swat people that aren't even me

Anonymous 01/31/15 (Sat) 01:49:18 No.60

File: 1422668958022.png (136.18 KB, 250x250, 1:1, 1417341014103.png)

>>19
>15-year-old Paul Horner broke down in tears after a judge found the young man guilty on two counts of domestic terrorism and was sentenced to twenty-five years to life in federal prison
>SWAT team then raided the house, shooting and critically injuring the “Livestreamer’s” father in the process.
is this real life?

Anonymous 02/15/15 (Sun) 00:05:55 No.65

>>42
plus google will know you exist and have your information, however you can also request google remove it.

Anonymous 03/04/15 (Wed) 19:53:49 No.83

>>65
This is exactly what crossed my mind, as well.

You will also ping your presence, data inquiry, and other relevant information.

Anyone know anything good about startpage?

File: 1424808740719.png (83 KB, 263x221, 263:221, sälmatte.png)

Expensive ass software. Anonymous 02/24/15 (Tue) 20:12:20 No.77 [Reply]

I bought an autel maxidiag elite md802, and it included updates that only lasted a year, now they want 100USD for a new years worth of updates.
Is there a code generator for this bullshit out there already?

Anonymous ## Board Owner 02/25/15 (Wed) 04:50:31 No.78

I don't see that happening unless you are able to mount external files onto the device, which I'm assuming you can't, let me know.

urmum!!Bo8eeQiEsM 02/25/15 (Wed) 04:51:11 No.79

>>78
nice meme name(USER WAS L33T H4X0RD FOR THIS POST)

File: 1424338580703.jpg (2.08 MB, 3264x2448, 4:3, image.jpg)

I can't be the only one Anonymous 02/19/15 (Thu) 09:36:20 No.67 [Reply]

Am I the only one who thinks that all these gets on half chans b are done by scriptfags with the amount of them there is no fucking way it's luck

Anonymous 02/20/15 (Fri) 15:18:14 No.68

They are all scriptfags.
The scripts predict when you should hit the 'post' button to hit the GET.

You do get your occasional random dubs but that's it.

Anonymous 02/21/15 (Sat) 21:11:29 No.72

>>68
want

File: 1421974382864.png (274.37 KB, 1000x1515, 200:303, 104owup.png)

Leak Thread Anonymous 01/23/15 (Fri) 00:53:02 No.11 [Reply]

Dumping HF product leaks here.
Steam Grinder Leak =
http://ge.tt/62LDG982/v/0?c

pass is steam11

5 posts and 3 image replies omitted. Click reply to view.

Anonymous 01/25/15 (Sun) 16:19:22 No.33

>>11
>>12
Download button isn't working on these sites for me.
A shame.

Anonymous 01/28/15 (Wed) 18:21:43 No.51

File: 1422469303089.png (61.3 KB, 1561x773, 1561:773, 2015-01-28 13_20_41-prodox….png)

how do I fix this?

Anonymous 01/29/15 (Thu) 03:13:10 No.53

>>51

Those are attack sites by the way

Repfuck Anonymous 01/29/15 (Thu) 08:52:03 No.54

>>51
Use a direct link:
http://ge.tt/api/1/files/4SOUkW62/0/blob?download

Anonymous 02/05/15 (Thu) 15:39:56 No.62

>>51

same here, doesn't work for me, even with the direct link here >>54

Delete Post [ File] Password

Reason [Global]