In this episode of Full Disclosure we are explaining the website attack known as Cross-Site Scripting (XSS). Cross-Site Scripting is a type of security vulnerability that affects web applications that do not sanitize user input properly. This kind of vulnerability allows an “attacker” to inject HTML or client side script like JavaScript into the website. Cross-Site Scripting is most commonly used to steal cookies. Cookies are used for authenticating, tracking, and maintaining specific information about users; therefore, by stealing a user’s cookies an attacker could bypass the website’s access control. There are three types of XSS attacks: Persistent, Non-Persistent, and DOM-Based. In this episode we will cover Persistent and Non-Persistent Cross-Site Scripting attacks.

Live Stream Here
Download Here

Download Cookie Catcher Here

On the forums, there has been many questions concerning Backtrack. Therefore, we decided to make a video that tries to answer as many as these question as possible. In this episode we cover: Where to get Backtrack 2, How to burn an .ISO file, How to boot Backtrack 2, How to login, and start the GUI interface. Also, we illustrate basic Linux commands, and how to set up your Network Interfaces.

Live Stream Here
Download Here

For Infinity Exists Full Disclosure’s first Website Hacking episode, we demonstrate how to exploit a security vulnerability occurring in a website’s database to extract password hashes. Sql (Structured Query Language) is a computer language designed for the retrieval and management of data in a system’s database. The Attack, known as Sql Injection, manipulates Sql statements before they are sent to the Sql Server, allowing the Attacker to create, change, or retrieve data stored in the database. Sql Injection is a hard concept to understand, so we made a video that encompasses all our knowledge on the subject to make it easier for our viewers to grasp.

Live Stream Here
Download Here

We demonstrate Sql Injection on WP-Forum version 1.7.4 by Fredrik Fahlstad; therefore, if you use WP-Forum you are vulnerable to this attack! To fix this exploit download our patch.
Download WP-Forum Patch Here

In this episode of Full Disclosure we will demonstrate how to crack MD5 password hashes. MD5 (Message-Digest algorithm 5) is a hash function commonly used by websites to encrypt passwords. MD5 is a one-way hash; therefore, to crack the password you most try every possible dictionary word and if that does not work, every possible letter/number/symbol combination. The programs we use to crack the passwords are Cain and MDCrack-NG.

Live Stream Here
Download Here

This is our third video in our Lock Picking series; after this video we will return to computer hacking videos for a while. In this video we demonstrate how to unlock the Master Lock 653D, Targus Defcon CL, and the Master Lock 175. The different methods shown in this video to unlock these three locks will help you not only unlock these locks; but also, help you develop your own way to crack other mult-disc combo locks that you may come across.

Live Stream here
Download video here

This is our second video in our Lock picking series. In this video we explain how to make and use Padlock Shims. Padlock Shims are used to unlock spring latch Padlocks.

Live Stream here
Download video here

Our seventh episode is a mix between Phone Phreaking and Network Hacking. In this episode we demonstrate how to sniff Voice Over IP conversations, which basically means how to tap an internet phone. We thought that this would be a good video to follow the beige box.

Live Stream here
Download Video here

This episode of Full Disclosure we are demonstrating how to tap a phone line with the old school Beige Box! We are planning to have many Phone Phreaking (telephone hacking) episodes like Sniffing VOIP, Hacking COCOT, and Red Boxing to name a few. Check out the live stream here or download the episode here

Episode 5 is the first of our Lock picking series. In this episode we describe how to make and use a bump key to quickly unlock most residential grade locks.

Live Stream here
Download video here

In celebration of the 4th, the infinity exists crew decided to take a break from the computers and go to something a little more hands on. For our 4th of July Full Disclosure special edition we brought you our longest show yet on making sparkler bombs. You can check out the live stream here, tell us what you think and feel free to ask any questions on the shownotes post here. Thanks for watching and have a happy 4th of July.


Update!
This video has been removed.