Advertise Here

Hacking College Networks



Uploaded by: jrhelgeson
Video Description:
While this may be 1-2-3 for web application programmers, it is quite revealing for those not involved with web application security on a daily basis.


Tags for this video: application college exploit hacker hacking injection java javascript security SQL

Find more videos in the "Howto" category
See more videos uploaded by jrhelgeson

Related Videos
Hacking WLANHow to Discover SQL InjectionInternet Camera Hacking
hacking-wlan.htmlhacking-wlan.htmlhacking-wlan.html
How To Hack A Windows XP Password Without Any ProgHacking Vista: Easier than you'd thinkWireless WEP Key Hacking
hacking-wlan.htmlhacking-wlan.htmlhacking-wlan.html


Share This Video:       StumbleUpon       del.icio.us       Reddit       digg       Furl       Spurl       Simpy       YahooMyWeb


Comments for this video: Show || Hide
Comments for this video on YouTube
Hello Joel I have a ... ( 5 months ago by CYCLOPSONE)
Hello Joel I have a question.
A very detailed question.
You have email address?
This is all well ... ( 4 months ago by Th3Hamm3r)
This is all well and good, but any sysadmin worth their salt will have patched a SQL injection exploit. Unless they are very, VERY stupid, as it's the first thing most people try.
This only works on ... ( 4 months ago by CYCLOPSONE)
This only works on select websites.
Anybody know anything about accessing password protected websites?
Funny thing is, ... ( 4 months ago by jrhelgeson)
Funny thing is, there isn't a generic patch against SQL injections. It all depends on the website programmer sanitizing their inputs from the SERVER SIDE not the client side, as was done here.
My video is meant ... ( 4 months ago by jrhelgeson)
My video is meant to be educational to illustrate why it is important to validate user input on the server side, as opposed to on the client. -- Most developers have now learned to validate and sanitize their inputs and it appears the website you're trying to hack is properly built.
isn't that illegal? ( 4 months ago by drummerforpeace)
isn't that illegal?
Only if I did it ... ( 4 months ago by jrhelgeson)
Only if I did it without permission. I state in the video that I was contracted to perform a security audit on their website.
i missed that part. ... ( 4 months ago by drummerforpeace)
i missed that part. whoops.
OSHI- ( 4 months ago by DiscoBiscuit06)
OSHI-
This is a ... ( 3 months ago by minntc)
This is a password-protected website. jrhelgeson made only one mistake in his verbal description of his activities; in modifying and saving the source code for that website, he did not disable "all authentication", he disabled input validation. The input validation was only performed on the client side (in-browser), which is a huge no-no.
As an aside to jrhelgeson, this is a good demonstration, but labelling it as "college networks" instead of "a website", you miss a wider audience...
Cheers!
all the colleges ... ( 3 months ago by kklloopp)
all the colleges are protected now right????? cuz i dont want ppl messing with my grades and stuff.
When attempting an ... ( 3 months ago by jonnyhackercake)
When attempting an SQL injection, you really shouldn't count on using the injection in the password form. The reason for this is that most sites use md5 hashing when comparing passwords. So, when doing that, your injection won't be parsed. I would personally just use something really simple, like, ' or 1=1-- for the username and laksdjflkasjf for the password. If they are vulnerable and you want a specific username, you could type, usernameyouwant'-- as the username and blabal as the pass.
I liked what you ... ( 3 months ago by cholokun)
I liked what you did. this is nice
too much power! ( 3 months ago by filipfie)
too much power!
whoever who's ... ( 2 months ago by shaneiadt)
whoever who's javascript to validate anything on there web page for user input is an idiot.....server-side scripting for user input validation is a must!!!
This can be ... ( 2 months ago by snuffsan)
This can be disabled by few lines of code :P
I dont get it??!?! ... ( 2 months ago by dumbworld)
I dont get it??!?! How can you edit the source, then save it on your PC.And then get access on the server from that file??Can somebody explain???
You just go to view ... ( 2 months ago by jonnyhackercake)
You just go to view -> page source. You select all of it and save it in blah.html file on your desktop (or however you want to name it as long as the extension tells your computer it is an html file - normally .html or .htm). He just removes the validation javascript (most likely length validation, etc.) After that, he isn't restricted by the length so he can input whatever he wants. They don't use any filters before submitting a query, so he can make it right no matter what.
OMG soo dull!! ( 2 months ago by avwos)
OMG soo dull!!
just dont be the ... ( 1 month ago by DJPJR8462)
just dont be the first name and ur safe XD
wow thats me times ... ( 1 month ago by adesattftl)
wow thats me times 100 when i grow up
NICEEE :D ( 1 week ago by realmusic629)
NICEEE :D
lol if i was ... ( 1 week ago by realmusic629)
lol if i was creating it i would make a fake first person :D
That strategy is ... ( 1 day ago by Raven4511)
That strategy is hard to be done in a website which has an excellent security.



Tell a friend:


URL 
Embed Code 


Advertise Here