Tuesday, February 25, 2014
Thursday, November 14, 2013
What Is XSS Attack..?
‘XSS’ also known as ‘CSS’ - Cross Site Scripting is a common vulnerability that can be found in Web Applications. This vulnerability allows the attacker to inject codes into the already existing codes, causing the web server to execute both the default codes and our malicious codes. This method does not require you to know the real IP address of the target website. So because of that a lot of government sites, corporate sites can easily be exploited.
There are quite a number of injection methods but the 3 primary XSS injection methods are known as
- Persistent XSS
- Non Persistent XSS
- Dom-Based XSS
Persistent XSS:
Persistent XSS aka Stored XSS is a method where our injected codes get stored in the target server. The server would then run the code each time a user visits the particular injected page. In other words, it is a one time injection that will leave your codes in the web server to execute by itself when a visitor visits the link.
Non Persistent XSS:
Non Persistent XSS aka Reflected XSS is a method of injecting codes that will be sent to the server via HTTPrequest. The server will then embed the two codes into the html page and return the crafted url to the attackers browser. The attacker can then send the specially crafted link to his target. When the target clicks on the link, the embedded codes will get executed and information is revealed. The information varies based on the type of codes injected. So basically in other words, it does the same thing as persistent xSs but the difference is that it does not store the malicious codes on its server.
Dom-Based XSS
Unlike the Persistent and non persistent method where the payloads are placed in the response page. The Dom-Based XSS aka type-0 XSS is a method where the attackers payload is executed as a result of modifying the DOM “environment” in the victims browser. The victims page will execute differently due to the malicious modifications that have occurred in the DOM environment of their local machine. In simpler terms, unlike the above two attacks where we dont touch the users browser, in dom based xss…it is the users browser that we are trying to modify.
XSS exploitation can be used to deface webpages, cause denial of service attacks, malware attacks, session hijacking (stealing cookies), credit card theft and so much more. Bet that got your attention huh?
Injecting Codes?:
For those who are confused by the term “injecting codes”, let me attempt to explain. A website is usually made out of HTML,JAVA, CGI,PHP etc etc. The web server and your browser is able to digest and translate these codes. The attacker takes advantage of this by injecting/embedding acceptable codes within an already existing code provided by the target website to change its course of execution.
Basic example :
Original link : http://www.example.com/articles/viewarticles.php?workflowcode=
Modified link:
http://www.example.com/articles/viewarticles.php?workflowcode=”><script>alert(“XSS!”);</script>
I merely added a javascript “alert” code into the default url. This would in turn create a pop up box when i refresh the page. Now if this was a non persistent attack, then i would need to provide this link to my victim through social engineering means. If it was a persistent attack, the codes will get stored in the server for it to run on its own.
But of course we wont be sending the url to our victim as plain and naked as the one shown above. We will use an encoding option to encode the language to another acceptable “language” that the computer can understand and translate (Base-64,String.fromCharCode,Hex value etc etc) .
<script>alert(“XSS!”);</script> translated becomes :
Hex Value:
%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%4A%61%6D%65%73%20%77%61%73%20
%68%65%72%65%21%22%29%3B%3C%2F%73%63%72%69%70%74%3E
This means i can now use %3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%4A%61%6D%65%73%20%77%61
%73%20%68%65%72%65%21%22%29%3B%3C%2F%73%63%72%69%70%74%3E instead of alert(“James was here!”);
Making the new crafted url :
http://www.example.com/articles/viewarticles.php?workflowcode=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%4A%61%6D%65%73%20%77etcetc
The encoding option is used to prevent doubts caused by the exposed scripts in the victims browser.
So i will stop here for now, in the next tutorial later today i will demonstrate a non persistent attack for a better understanding. We will cover each attack one by one
Learn The Basics Of Ethical Hacking and Peneration Testing
LEARN The Secrets and The Arts of Penetration Testing
The best course to start your journey in the penetration testing and ethical hacking world
Why CODENAME: Samurai Skills is an incredible Course?
BECAUSE YOU WILL…..
- Gather Information Intelligence
- You will learn how to find and gather important information about your target during penetration testing.
- Find Web Applications and Systems Security Vulnerabilities
- You will learn how to find and exploit we application vulnerability like: SQL Injection, XSS and more.
- Scan Your Target Stealthy
- You will learn how to use Nmap to scan targets protected by IDS and how to bypass them.
- Exploit Web applications and System vulnerabilities
- You will learn how to take over Windows, Linux targets and how to exploit most of Web Vulnerabilities to gain system access.
- Real World Client Side Attacks
- You will learn how to hack people using modern web browsers to gain access to their systems.
- Tactical Post Exploitation on windows and linux systems
- You will not stop after hacking a system but you will learn how to take more advantage of a hacked system and collect more important information
- Develop Windows Exploits
- You will learn how to Create an exploit for a FTP program from scratch using python, immunity debugger and how to convert it to metasploit exploit module.
- Ask and we will answer your questions within 24 hours
- Just ask about anything about the course and we will answer you within 24 hours.
- 17 hours HD hands-on penetration testing videos
- You will get 17 Hours of High Definition Practical Penetration Testing videos with 20% theory and 80% Hands On.
- Use The most powerful tools
- You will learn how to use powerful tools like: Metasploit, SQLMap, Havij, Nmap and much more!
- You will have FUN
- You will enjoy every single minute of our course during your journey to learn real world penetration testing and ethical hacking techniques.
50 Reasons to fall in love with CODENAME: Samurai Skills Course
- You will learn Real World Ethical Hacking and Penetration Testing Techniques
- You will learn how to find your target and gather information about it
- You will lean how to find and fingerprint web application firewalls
- You will learn how to detect and find DNS and HTTP load balancers
- You will learn how to find your target’s (REAL) web server name and version number
- You will learn how to find to perform SSL scan and find supported SSL ciphers
- You will learn how to use Google search engine to find more information about your target
- You will learn how to find and extract hidden important details inside images, pdf, doc(x), ppt(x) from your target
- You will learn how to enumerate your target’s internal network from outside
- You will learn how to craft and manipulate tcp packets with scapy
- You will learn how to write a port scanner with scapy
- You will learn how to scan your target for open,closed and filtered ports
- You will learn different port scanning types and how to perform most of them
- You will learn how to scan your target and inspect and analyze traffic with wireshark in real time
- You will learn how to use nmap advanced options and nmap scripting engine (NSE)
- You will learn how to perform STEALTH port scanning with nmap
- You will learn how to evade and bypass REAL WORLD intrusion detection systems while you scan your target
- You will learn how to scan your target and find vulnerabilities
- You will learn how to crack and brute-force network protocol passwords
- You will learn how perform man in the middle attack (MITM)
- You will learn how to sniff most common network protocols traffic
- You will learn how to sniff encrypted HTTP traffic (HTTPS)
- You will learn how to sniff and decode RDP traffic
- You will learn how to exploit your target and get a full command shell
- You will learn how to find and exploit windows remote exploits
- You will learn how to find and exploit Linux remote exploits
- You will learn how to open ports in your router and testing them
- You will learn how to configure SET effectively for client side attacks outside your internal network
- You will learn how to conduct REAL WORLD client side attacks
- You will learn how to perform tactical windows post exploitation
- You will learn how to perform tactical Linux post exploitation
- You will learn how to maintain access and persistence
- You will how to pivot from network to another network
- You will learn how dump and crack windows password hashes
- You will learn how to dump and crack Linux password hashes
- You will learn how to use windows dumped hashes to exploit other targets ( no need to crack it )
- You will learn how to find and exploit SQL Injection vulnerabilities and get a FULL command shell
- You will learn how to find and exploit Blind SQL Injection vulnerabilities and get a FULL command shell
- You will learn how to find and exploit local/remote file include vulnerabilities to get a FULL command shell
- You will learn how to exploit file upload vulnerabilities and get a FULL command shell
- You will learn how to find and exploit reflected/stored XSS vulnerabilities and get a FULL command shell
- You will learn how to find and exploit CSRF vulnerabilities and get a Full command shell
- You will learn how to find and exploit stack buffer overflow on windows
- You will learn how to find bad characters in your shellcode
- You will learn how to encode your shellcode
- You will learn how to generate metasploit exploit module
- You will learn how to get more power from metasploit framework
- You can ask and we will answer your questions within 24 hours
- You will learn new things and will get new big discounts on new courses we will release in future
- You will have FUN !
Hacking Remote Computer via IP and Open Ports
Hacking is accessing something or somebody in internet without their permission or interest. While, speaking in summary, hacking is very easy job, it is like instead of using front door, finding the hidden door of a house and hijacking the precious things. Among all the hacking, hacking via IP address is one of the most common yet powerful beginning.
You may want to hack the website and put your advertisement there or grab some database information In this type of hacking, you are playing with the web server’s computer instead of the administrator’s computer. Because, www.website.com is hosted in separate web server rather than personal computer.
Another can be accessing your friend’s computer from your home. Again this is IP based and this is possible only when your friend’s computer is online. If it is off or not connected to internet then remote IP hacking is totally impossible.
Well, both of the hacking has the same process. Let’s summarize what we must do.
1. Confirm the website or a computer you want to hack.
2. Find or trace their IP address.
3. Make sure that IP address is online
4. Scan for open ports
5. Check for venerable ports
6. Access through the port
7. Brute-force username and password
Now let me describe in brief in merely basic steps that a child can understand it.
First, getting the IP address of victim.
To get the IP address of the victim website, ping for it in command prompt.
For example,
ping www.google.com will fetch the IP address of Google.com
This is how we can get the IP address of the victims website.
How about your friend’s PC? You can’t do www.yourfirend’sname.com, can you? Finding your friend’s IP address is little tough job, and tougher it is if he has dynamic IP address that keeps changing.
One of the widely used method to detect IP address of your friend is by chatting with him.
You might find this article helpful
How to get the IP address using MSN/Yahoo/Pidgin messenger
Now you got the IP address right? Is it online?
To know the online status just ping the IP address, if it is online it will reply.
If the IP address is online, scan for the open ports. Open ports are like closed door without locks, you can go inside and outside easily.
Use Advanced Port Scanner to scan all open and venerable ports.
Now you’ve IP address and open port address of the victim, you can now use telnet to try to access them. Make sure that you’ve telnet enabled in your computer or install it from Control panel > Add remove programs > add windows components.
Now open command prompt and use telnet command to access to the IP address. Use following syntax for connection.
telnet [IP address] [Port]
You’ll be asked to input login information.
If you can guess the informations easily then it’s OK. Or you can use some brute-forcing tools like this one: Brutus, THC Hydra...
- THC Hydra
In this way you’ll able to hack remove computer using only IP address
Top 10 Ways To Hack a Facebook Account..!
Facebook is one of the most widely used social networking site with more
than 850 million users, as a reason if which it has become the number 1
target of hackers, I mentioned the top methods which were used by
hackers to hack facebook accounts, however lots of things have changed,
Lots of methods have went outdated or have been patched up by facebook
and lots of new methods have been introduced, So in this post I will
write the top 10 methods how hackers can hack facebook accounts .
10 Ways How Hackers Can Hack Facebook Accounts
So here are the top 10 methods which have been the most popular :
So here are the top 10 methods which have been the most popular :
1. Facebook Phishing
Phishing still is the most popular attack vector used for hacking
facebook accounts, There are variety of methods to carry out phishing
attack, In a simple phishing attacks a hacker creates a fake login page
which exactly looks like the real facebook page and then asks the victim
to login into that page, Once the victim logins through the fake page
the victims “Email Address” and “Password” is stored in to a text file,
The hacker then downloads the text file and get’s his hands on the
victims credentials.
2. Keylogging
Keylogging, according to me is the easiest way to hack a facebook
password, Keylogging sometimes can be so dangerous that even a person
with good knowledge of computers can fall for it. A keylogger is
basically a small program which once is installed on victims computer
will record every thing which victim types on his/her computer. The logs
are then send back to the attacker by either FTP or directly to hackers
email address.
3. Stealers
Almost 80% percent people use stored passwords in their browser to
access the facebook, This is is quite convenient but can sometimes be
extremely dangerous, Stealers are software’s specially designed to
capture the saved passwords stored in the victims browser, Stealers once
FUD can be extremely powerful. If you want to how stealers work and how
you can set up your own one?, Kindly refer the book above.
4. Session Hijacking
Session Hijacking can be often very dangerous if you are accessing
Facebook on a http:// connection, In a Session Hijacking attack a hacker
steals the victims browser cookie which is used to authenticate a user
on a website and uses to it to access victims account, Session hijacking
is widely used on Lan’s.
5. Sidejacking With Firesheep
Sidejacking attack went common in late 2010, however it’s still popular
now a days, Firesheep is widely used to carry out sidejacking attacks,
Firesheep only works when the attacker and victim is on the same wifi
network. A sidejacking attack is basically another name for http session
hijacking, but it’s more targeted towards wifi users.
6. Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones.
In case the hacker can gain access to the victims mobile phone then he
can probably gain access to his/her Facebook account. Their are lots of
Mobile Spying softwares used to monitor a Cellphone.
The most popular Mobile Phone Spying softwares are:
1. Mobile Spy 2. Spy Phone Gold
The most popular Mobile Phone Spying softwares are:
1. Mobile Spy 2. Spy Phone Gold
7. DNS Spoofing
If both the victim and attacker are on the same network, an attacker can
use a DNS spoofing attack and change the original facebook.com page to
his own fake page and hence can get access to victims facebook account.
8. USB Hacking
Usb password stealer
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser.
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser.
9. Man In the Middle Attacks
If the victim and attacker are on the same lan and on a switch based
network, A hacker can place himself b/w the client and the server or he
could also act as a default gateway and hence capturing all the traffic
in between, ARP Poisoning which is the other name for man in the middle
attacks is a very broad topic and is beyond the scope of this article.
10. Botnets
Botnets are not commonly used for hacking facebook accounts, because of
it’s high setup costs, They are used to carry more advanced attacks, A
botnet is basically a collection of compromised computer, The infection
process is same as the keylogging, however a botnet gives you,
additional options in for carrying out attacks with the compromised
computer. Some of the most popular botnets include Spyeye and Zeus.
All about DNS Poisoning
This is the first post of my blog.DNS poisoning is a technique that tricks a DNS server into believing that is has received authentic inforamtion when, in reality, it has not. It results in substitution of a false Ineternet provider address at the domain name service level where web addresses are converted into numeric internet provider addresses. It allows attacker to replace IP address DNS entries for a target site on a given DNS server with IP addresses of the server he/she controls. Attacker can create fake DNS entries for files with same names as that of target server.
The DNS provides a way for computers to translate the domain names we see to the physical IPs they represent. When you load a webpage, your browser will ask its DNS server for the IP of the host you requested, and the server will respond. Your browser will then request the webpage from the server with the IP address that the DNS server supplied.
To launch a DNS poisoning attack, follow these steps:
+ set up a fake website on your computer
+ Install treewalk and modify the file mentioned in the readme.txt to your IP address. Treewalk will make you the DNS server.
+ Modify the file dns-spoofing.bat and replace the IP address with your IP address.
+ Trojanize the dns-spoofing.bat file and send it
+ When the host clicks the Trojanned file, it will replace DNS-entry in her TCP/IP properties to that of your machine.
+ You will become the DNS server and her DNS requests will go through you
There are four types of DNS poisoning attacks using which you can compromise the target system:
+ Intranet DNS spoofing (local network)
When an attacker performs DNS poisoning on a locl area network (LAN), it is called intranet DNS spoofing. An attacker can perform intranet DNS spoofing attack with the help of the ARP poisoning technique. THis is usually conducted on a swithced LAN. To perform this attack, you must be connected to the LAN and be able to sniff the traffic or packets.
Once the attacker succeds in sniffing the ID of the DNS request from the intranet, he or she can send a malicious reply to the sender before the actual DNS server.
+ Internet DNS spoofing (remote network)
Internet DNS poisoning is also known as remote DNS poisoning. This attack can be performed either on asingle or multiple victims anywhere in the world. In order to perform this attack, you need to set up a rouge DNS server with a static IP address.
Internet DNS spoofing is performed when the victim's system is connedted to the Internet. It is done with the help of Trojans. It is one of the MITM types of attacks, where the attacker changers the primary DNS entries of the victim's computer. The attacker replaces the victim's DNS IP address with the fake IP address that refers t the attacker's system; thus all traffic will be redirected to the attacker's machine. Now the aatcker can easily sniff the victim's confidential information.
+ Proxy server DNS poisoning
In the proxy server DNS posoning technique, tha taattacker changes the proxy server setting of the victim to that of the attacker. This is done with the help of a Trojan. This redirects the victim's request to the attacker's fake website where the attacker can sniff the confidential information of the victim.
+ DNS cache poisoning
The DNS system uses cache memory to hold the recently resolved domain names. It is populated with recently used domain names and respective IP address entries. When the user request comes, the DNS resolver first checks the DNS cache; if the domain name that the user requested is found in the cache, then the resolver sends its respective IP address quickly. Thus, it redueces the traffic and time of DNS resolving.
Attacker target this DNS cache and make changes or add entries to the DNS cache. The attacker replaces the user-requested IP address with the fake IP address. Then, after when user requests that domain name, the DNS resolver checks the entry in the DNS cache and picks the matched entry. Thus, the victim is rediirected to the attacker's fake server instead of the authorized server.
*** How to defend against DNS spoofing:
- Resolve all DNS queries to local DNS servers
- Block DNS requests from going to external severs
- Implement DNSSEC
- Configure the DNS resolver to use a new random source prot from its available range for each outgoing query
- Configure the firewall to restrict external DNS lookup
- Restrict the DNS recuring service, either full or partial, to authorized users
- Use DNS Non-Existent Domain rate limitng
- Secure your internal machines
- Implement IDS and deploy it correctly
- Use static ARP and IP table
- Use SSH encryption
- Use sniffing detection tools
- Do not open suspicious files
- Always use trusted proxy sites
- Audit your DNS server regularly to remove vulnerabilities