How to Determine What Program Is Listening on a Port in OS X or Linux

To determine what daemon or program is listening on a port in Linux or OS X you can use the lsof command. You need to run the command while logged in as root or if your operating system supports sudo like OS X, you can use that.

Command to run in Linux:

lsof -i -nP

Command to run in OS X:

sudo lsof -i -nP


How To Open A Combination Lock With A Soda Can

The popular combination Master Locks are susceptible to being opened with a simple tool fashioned from an aluminum can. With this crude tool a thief can pop open a lock in a few seconds. Here is a video that shows how to construct and use this tool which is referred to as a “shim”:

Open A Combination Lock With A Drinks Can!Click here for this week’s top video clips

Windows Prefetch Cache

The Windows XP prefetch cache is a cache meant to speed up the launch of programs by keeping the first few bytes of a program on disk in order to have them preloaded before the user launched the program. Only commonly used programs are cached in the prefetch. You can use the prefetch cache to see what programs were launched at the time a computer was compromised in order to see what programs were run on the computer.


Basic SQL Injection Exploit with PHP

Here is an example of a basic login function which is taught in a lot of PHP tutorials. The purpose of this code is to prevent someone from viewing a web page unless they provide a valid username/password in a form. The username/password is stored in a MySQL database.

$username = $_POST["username"];
$password = $_POST["password"];$query = "SELECT * FROM users WHERE Username = '" . $username . "' AND Password = '" . $password . "'";
$result = mysql_query($query);
$validated = false;
while ($rs = mysql_fetch_array($result))
{ $validated = true; }

If a programmer does not do any input validation and uses the very basic username/password authentication example shown above, the following SQL code placed in the “password” field of a web application using code like this will usually give you access to the protected area:

foo' OR 'a'='a

The presence of this vulnerability in the code may allow a malicious
person to execute other SQL commands such as editing or deleting the
data in your database.

Shadow of hand over keybaord