Learn how to hack websites using Auto SQL I Helper V.2.7 + with images

Cr3dits- tartou2

I have been asked lately to write a tutorial on how to use "SQL I Helper V.2.7" tool.

At the begening "SQLIHelperV.2.7" is a tool that will hack vulnerable websites using SQL injection. You don't have to spend hours and hours trying to find your way in a website and trying hundreds of combinations and codes to hack a website.
This tool will do it all by itself. You only have to tell her what do and where to look.

Click here to Download


Lets start.
first you need to find the potential website that you think it might be possible to hack it. Remember that some websites are simply unhackable.

Use Exploit Scanner to find the vulnerable websites.
Download

and use this Dorks List to use it in the search
Download

And at the end once you find the admin username and his password use Admin finder to help you finding the admin login page but remember that this can't find all login pages. It use the most common extensions. You have the ability to add more extensions to the list to increase your search range.
Download
or learn how to find the admin login page from my tutorial here

After you find your website ( better to end with "article.php?id=[number]" ) example: "http://encycl.anthropology.ru/article.php?id=1"

I will explain my tut on how to hack this website.

Check if your website can be hacked by trying to go this address :
http://encycl.anthropology.ru/article.php?id='1 <-- notice the ' before the number 1.

you should get this message:

Code:

Query failedYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'1 ORDER BY lastname' at line 1 SELECT * FROM person_old WHERE id=\'1 ORDER BY lastname

This mean that this website can be hacked because you get an error.

Now open your SQL I Helper V.2.7
and write the link :
http://encycl.anthropology.ru/article.php?id=1 <---- without the '
here


and press the inject button.

Now you should wait until the tool finish searching for columns . Time may vary depending on your connection speed , your pc speed , and the number of columns in the website.
So now you should have this:

Make sure that the website support union otherwise the injection won't work.

then select "Get database" and you get this:


Now select any element from the "database name" box and press the "Get tables" button , I will select "anthropo_encycl":


then select any element from the "table name" box and press the "Get columns" button , I will select "user":


then select any elements you want from the "columns name" box and press "Dump Now" , i will select "usr_login" and "usr_pass"


After clicking "Dump Now" , you should see this new window


Now copy the hash on a peace of paper and go to this website:
http://www.md5crack.com/

enter the hash and press the button "Crack that hash baby!" and you should get the source of the hash.
hash:21232f297a57a5a743894a0e4a801fc3
username: admin

hash:202cb962ac59075b964b07152d234b70
pass: 123

Here is a little chart made by hahaha.lol that describe how this tool will work

Thank you hahaha.lol for this picture.

And after that you will need to find the admin login page where you can use the username and password.

Read More

How To Setup a HTTP Botnet + Getting a Website and Hosting.

I will teach you step by step about how to setup a Botnet.

Some things you need to know:
A Botnet is a Panel that can keep many Computers connected to it.
The Computers connected to it is called Bots.
The bots will be under your Command so you will be able to command them to do things and they will do it.
In this tutorial I will teach you how to setup a Botnet.

Alright lets start.

If you already got a Website + Hosting Dont click on this Spoiler, if you dont click :)

PS. Website name cannot be longer than 12 Characters.

This is how to create a free Website and get Free Hosting.

First go to Dot.Tk and Register

After you login go to Domain Panel and then add a Domain Name

Now open a new browser and go to DerpyMail ( Free Hosting )
Add the free hosting to you cart and register then checkout!
Go back to Dot.TK and go to the Domain Panel and Click Modify
Change the Name Servers ( DNS/NS ) to

Code:

ns1.derpymail.us
ns2.derpymail.us

Then wait for the Email with your new account information and continue to the next Part!

Before doing anything Download the Botnet File's.
To download the Botnet Click Here

Step: 1

Extract the Botnet Files and then open up the Folder "Panel".
Find Config.Php and Edit it with any writing Program.

Step: 2

Now go to your Webhost and add SQL DB and User.
When you are done with that upload the .sql to your sql DB from the Folder "SQL".

Step: 3

Edit the SQL Connection info in Config.Php.

Save when done.

Step: 3

Upload everything in the Folder "Panel" to your Webhost.
Now close the folder etc.

Step: 4

Go to the Website you used to upload.
Login to your Botnet with the password in Config.Php


Congratulations!
You got your own Botnet!

Step: 5
Go back to the Folder "Botnet" and open up Build.exe.
Then type in Your Domain Name and the Path.


Build the File, Crypt & Spread!

This Tutorial is for Learning purpose only and should not be used in Illegal ways.
I am not responsible about what you do with this, but it should be used private only with permission from the computer owners.

I do not own or have coded the botnet.

Read More

X-DDOSer For Noobs[Works 100%]bonus Chrome cryptor

Hello guys This is the Top Give away of this Month

I have decided to Give away My Secret DDosing Software Wich is 100% Noob friendly and works out anything large...you can take down any site [not google,facebook etc] by hitting from My XDDOSER...
Am Sure u guys will enjoy This..

Also included the top  Chrome Cryptor For You guys as My Bonus..

Direct Link For Downloading-  http://adf.ly/AxTD6


i have added adf.ly link plz click on it and wait for 5 seconds then u can get direct mediafire link...

support me by clicking the adf.ly link...

Read More

How to hack an email without the use of any programs.

Now this method isn't guaranteed 100% success rates, but it's very good against people with low security.

Step 1:
Aquire the email of the person you're trying to hack.
For my demonstration i'll be using "Genericmail190@yahoo.co.uk".

Step 2:
Look at the domain name as the end of the email.
Ours is "Yahoo.co.uk", so head over to yahoo.com.
Once you're at the sign in page you'll see a screen like this:
And you'll want to click "I cannot access my account".





Step 3:
Once you click "I cannot access my account", you should see a screen like this.

Select "I forgot my password and click next.

Step 4:
Enter the details as such.

And click Next.


Step 5:
You should see something like this, wanting the answers to the sequrity questions.

Now we don't have the answers to these... Atleast not yet.


Step 6:
Now head over to "Facebook.com", and sign in using your own personal account or a fake one.

Step 7:
Enter the email of the person you want in the top search bar of facebook.


Step 8:
Click enter, and you should see the persons facebook account.


Step 9:
Now we have her facebook account we can see her cousins name...
Which is "Mark".


Step 10: Now go back to the tab where you needed to enter the security questions and enter her cousins name "Mark".
Like this:



Step 11:
And voila, it worked...
Now it's asking for her favorite book.






Step 12:
Now we'll go back to her facebook, and look at her interests.

It seems her favorite book may be twilight.



Step 13:
Now go back to the security questions, and enter "twilight" as her favorite book.


Step 14:
Yay! We got it.

Now we can enter what ever password we want, and we'll have control of the email account.



*The persons email I got is not real, just an example I made.
*The more secure the person is, the harder this will be.

These are the steps needed to reset the password.
You can apply the steps in the tutorial to other emails.
It won't always be laid out so easy, and it'll take alot of trail and error.


  good luck

Read More

How to get Girls/Female victims in your RAT

Steps:


1) You need to have a RAT, just choose one of your choice or the one in which you have command
2) You need to have FUD cryptor and FUD Binder
3) Now the main step. Download a girls software from Google for ex:

Free Female periods software
or
free female personal diary software
or
Detailed ebook on pregnancy
or
Free recipe guide
or
Home management software

4) Now its time to use the binder, bind your server with these programs and don't forget to clone the file assembly settings
5) Put your binded server in a .rar file, you need to have winrar for this (everyone does have)
6) Upload your .rar file which has your binded server to free hosting, I personally use mediafire, it uploads to many sites
7) Now the actual task, you need to create account on few forums where girls are active too, some of them are:

Code:

http://www.girlsonlyforum.com
http://www.women-health.com
http://www.femalenetwork.com
http://www.dirtytalkforum.com
http://www.girlsforum.com
http://www.desionline.com
http://www.coolyarforum.com
http://www.theattractionforums.com
http://www.sexforum.com

8)Make a fake account with the name of a Girl and post a mature picture so that it look real.
I personally used:

Code:

http://www.femalenetwork.com

9) After you have created a account on any forum, don't just start your thread with infected attachment. Make few post, introduce yourself in the forum, have a chat with members
10) Once you are known, its time for you to make a thread. Keep in mind the file you downloaded and binded the server with. Make a thread giving the detail about the software, the details can be found from the place where you downloaded the software (you don't need to be a girl to know all about them )

You will definitely get many female victims in few hours!!!

Read More

[TUT] ★Most Detailed Java Drive-by Hosting TuT★ (With pics) {No banned Method}

Hello guys I have seen people have trouble making A drive-by site stay on the web

So I have made a really detailed step-by-step tutorial on how to do that

What this tutorial will teach you?

1.-making a free domain name
2.- making a web hosting site (that doesn't delete the drive-by)
3.setting it up

Now lets get started!
OK so the first thing we do is go to http://xtreemhost.com

Then we click on "create a account"
Then we are going to click on "create a domain"

After that head to checkout you will go to a" log-in or create a account page"

Create a account and remember to use valid info

After you create your account you will go to this page, Click on "Go to My Account"

Then click on "My Domains"

Now click on "Manage"

Now click on "Name server Setup and put the following

nameserver1:- NS1.XTREEMHOST.COM
nameserver2:- NS2.XTREEMHOST.COM

Then click update

Now that that's all done you can go back to xtreemhost and put your new domain in the blank *note don't put cz.cc at the end like I did*

You will then fill out your account for xtreemhost, then if you filled it in correctly you should get a page that has a "click me to continue" button

Now it will make you type in a captha code, after that it will say email sent to (your email)

Click the activation link in your email (It will take you to a page with all of your passwords) (save the page of passwords) then click "log into Vista Panel"

Read More

How To add Song to ur Deface page

Hello, I've gotten a couple of resquest to make this tutorial, so here I go.

Step One: Choose a song from youtube (I'll be using this for the tutorial :P http://www.youtube.com/watch?v=MXXRHpVed3M)

Step Two: Let's start changing the URL for it to load and to play by itself.

we are going to need this : http://www.youtube.com
Then add : http://www.youtube.com/v/
Go back to the URL and copy everything that is after the = sign (for the video I'm using this is what I need "MXXRHpVed3M" and paste it in next to the "/"
http://www.youtube.com/v/MXXRHpVed3M
and now without adding anything to the last letters or numbers of the code you pasted in, paste this next to it "&autoplay=1" The final link should be looking a little something like this : http://www.youtube.com/v/MXXRHpVed3M&autoplay=1

Test the URL you've made to see if your video plays by itself.

Step Three: Add the song to your deface page by using this code

Code:

<embed src="[color=#FF0000]LINK YOU CREATED[/color]" type="application/x-shockwave-flash" wmode="transparent" width="1" height="1"></embed>

Save your page, open it and you're done!

Read More

How To be Real Anonymous - Anti Forensic Guide

--
Hello, today I am going to be teaching you anti-forensics. Anti-forensics is the art of leaving no trace on your computer, it is combating common forensic tools in preventing any penetration for forensic tests on your computer. Anti-Forensics can pretty much be summed up in one famous quote:

"Make it hard for them to find you, and impossible for them to prove they've found you."

Because Linux installations are pretty much already secured, this guide will only focus on Windows. Windows keeps logs of everything you do, including timestamps, recently opened programs and folders, web browsing history, log in data, and much more.
In short Windows is a security nightmare, but what if I were to tell you there was a way around this, a way to make Windows secure? VPNs, proxies, and Tor only get you so far, but what do you do when they've traced it to your computer? Anti-forensics is designed for this situation, to prevent them from proving you've done anything wrong even if they have your computer.

With that being said, let's get started.

==
Disabling Time Stamps

Using TimeStamps, forensic experts can build a 'digital time-line', this can be very compelling evidence when cross-referenced with other known evidence. In order to strengthen security, we must disable these logs.



Step 1.) User Assist File

There is a registry setting that keeps logs and dates of all launch programs, forensic experts can use this to build a digital timeline, we must disable this for computer security.

Navigate to 'HKEY_Current_User\Software\Microsoft\Windows\Currentvers ion\Explorer\Userassist' . You should see two subkeys called Count, delete both these keys. Now right-click the UserAssist key and create a new key named 'Settings'. In this key create DWORD value named NoLog, set the value to 1.

Windows will no longer store hidden logs of the exact times you have been accesing files, therefore forensics experts can no longer use these hidden logs to create a digital timeline.

Step 2.) Last Access Logs

Next we will disable the last access in Windows. What last access is is a setting on Windows that allows you to see when you opened, modified, and/or created files on your computer and is similar to the UserAssist registry key. By disabling this forensic experts won't as easily be able to tell when you've been accessing programs or files on your computer.

To disable last access open command prompt on your computer, if on Vista or Windows 7 make sure to run as administrator. In command prompt type the following:

fsutil behavior set disablelastaccess 1

Last access has now been disabled, in order for it to take effect you must restart your computer.

==
Encrypting Your Computer


It is very important to make sure that your computer is encrypted, in the case an unwanted visitor is trying to access your computer, they will not be able to access to computer if it is encrypted.



Step 1.) TrueCrypt

To encrypt your computer, you can use TrueCrypt, a free program that allow you to encrypt your computer. When encrypting with TrueCrypt, you have two options; the first one is to create a hidden container. A hidden container is an operating system that is impossible prove exists.

When creating a hidden container you will have three different passwords:

• 1. The First would be for your decoy system, the operating system you would show someone forcing you to login your computer.
• 2. The second password would be for your outer volume, the operating system you would show someone forcing you to login to the second partition on your computer (a second partition is require computer for your hidden container is.
• 3. Third password is for the hidden operating system on the second partition of your computer, this operating system is placed in the inner volume, and is impossible to prove exists (It appears to be RAW data).
  

The second option is to just encrypt your hard-drive. This is also very secure, but you may be forced to give up your password due to court-order (In this situation, if you are a VERY good lier, you could simply say 'I forgot', but you would have to make it believable.) With normal drive encryption, your computer is just as secure encryption wise, and you will have a single password.

For more information on TrueCrypt, please go to http://www.TrueCrypt.org

Step 2.) Encrypt Your Keystrokes

You need to protect yourself from keyloggers. As strange as it may sound even the government has keyloggers, a few years ago the law speculation about CIPAV, a government spyware known to send the users IP address, Mac address, open ports, operating system, installed applications, default web browser, visited URLs, logged in user, etc...

In order to protect yourself from keyloggers, you should encrypt your keystrokes. You can do this using a software called 'Keyscrambler'. Please note, you should NOT use the free version of Keyscrambler, you should only use the Premium version, which costs a decent some of money. (-Cough- ThePirateBay.se -Cough-).

Keyscrambler Premium supports 170 programs, including windows logon, most web browsers, and popular IM programs (i.e. Skype).

==
Making Encryption Secure

Encryption is pointless if it can be easily bypassed or overcome. You need to make sure that the encryption is secure too.



Step 1.) Make Sure Your Password Is Strong

Even with your computer encrypted, it is still vulnerable. Make sure your password is good (for optimal security, your password should be twenty or more characters, with symbols, numbers, and random capitals, and a special symbol (like ALT+1456) really increase security).

If you password is not strong enough, you can change it by right clicking your encrypted drive in TrueCrypt and selecting 'Change Password'.

Step 2.) Create A Locked Screen Saver

Encryption is pointless if the feds get to your computer while its running. They can use live forensic tools that don't require the movement or shutdown of a computer. A very simple technique to overcome this is to create a locked screen saver.

To create a locked screen saver in Windows Vista or Windows 7;

Right click your desktop and click on 'Personalize'. In the bottom left hand corner you should see 'Screen Saver', click that. Now, check 'On Resume, Display Logon Screen', and set 'Wait' to 5. Now, underneath that you may set what you want your screen saver to be.

Now you must go to your Control Panel. Click on System and Securtiy, now click on 'Power Options' find your selected plan and click 'Change plan settings.' Now, set 'Turn Of Display' to 5 minutes. Voila! You have now created a locked screen saver.

Step 3.) Get A Good Anti-Virus

This may seem obvious, but all this is pointless if you get infected with a keylogger that takes screen shots. Having a good anti-virus is one of the most important things you can do. Now, listen up. AVG, Avast, McCafe, Norton? They all SUCK. The only Anti-Virus you should even consider are ESET Nod32 and Kaspersky, BitDefender is also pretty good.
These anti-virus programs are expensive, but you can torrent them from ThePirateBay.se, just make sure you find one with a lot of seeders.

==
Disabling Windows Hibernation

You may as well hand your computer over to the feds if they raid your house and your computer is in hibernation. Also, putting your computer into hibernation is pretty much just taking a screen shot of your RAM that gets saved to your hard drive.

To disable hibernation in Windows Vista/7:

Open your Control Panel. Click System and Security, then click 'Power Options'. Click 'Change plan settings' for you current power plan.

Now click 'Change advanced power settings'. Expand 'Sleep', then expand 'Hibernate After'. Enter “0" for 'Setting:' to set hibernate to 'Never'.

Hibernation is now disbaled.

==
Disable and Remove USB Logs
 
Next on the list of Anti-Forensics in to disbale logs of USB activity, flash drives, etc... This can be valuable if you have a flash drive with sensetive data and you don't want any logs of it ever being plugged it to your computer.



Step 1.) Delete the USBSTOR Registry Setting

The USBSTOR setting contains history of plugged in USB devices.

To delete it, hit the WINDOWS Home Button + R at the same time. This will open up 'Run'; type: "Regedit" (without quotes). Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR

Now, right click 'USBSTOR' and hit 'Delete', then confirm that you want to delete the key. Now, the key has been deleted.

Step 2.) Delete The Setupapi.log File

The Setuppapi.log is a plain-text file that stores the list of installed USB devices and their drivers. We will delete it with a program called CCleaner.

CCleaner is actually one of the best anti-forensic tools out there, and its free. For Instructions on using CCleaner, Please see the 'CCleaner' section of this guide.

==
Windows Security Misc.

This is for the shit that has to do with windows anti-forensic security, but wasn't big enough to have its own section. That does NOT mean this section isn't important, the stuff in here may actually be the most important in the whole guide.



Step 1.) Disable System Restore Points

System Restore points can be used to bring your computer back to a date when it wasn't secure and can also be used to restore overwritten files.

To disable System Restore points, right click 'Computer' and click 'Properties'. Now click 'Advanced System Settings'. Under 'System Protection' click 'Configure'.

Now, select 'Turn Of System Protection' and apply it.

Step 2.) Disable 'Send Error Report to Microsoft

This is self-explanitory, we obviously don't want microsoft having logs of all our crashed programs.

To disable this open Control Panel, click on Preformance and Maintenance. click on System, then click on the Advanced tab.

Click on the 'Error Reporting' button on the bottom of the windows. Select Disable Error Reporting. Click OK, then click OK again.


Step 3.) Wipe With CCleaner

This is the heart of Anti-Forensics right here. CCleaner is actually one of the most powerful Anti-Forensic tools, -IF- used correctly.

As it turns out, when deleting files, you DO NOT need to do multiple overwrites. With modern hard-drives, one overwrite really is enough to delete a file beyond repair, even though it is popular belief that you need several overwrites to be secure.

With CCleaner, I would recommend three overwrites, just incase it misses something the first time around (remember, it is a free software).

Once you have CCleaner installed, run it (AS ADMIN), go to 'Settings' and make sure you have it set to overwrite deleted data with three passes.

Go back to 'Cleaner' and check EVERYTHING. I mean EVERYTHING, and hit 'Run Cleaner'. You might want to leave this on overnight.

Do this everytime you are done with a major hacking job. When using normally (what should be every time you are done with your computer), uncheck 'Wipe Free Space', this will cut down the time from hours to a few minutes.

Step 4.) Disable Debugging Upon Failure

This keeps logs of your computers failures and blue screen info.

To disable it, right click 'Computer' and go to 'Advanced System Settings', now go to 'Start Up and Recovery'. Now, set 'Debugging Information' to 'None'.

Step 5.) Disable Windows Event Logging

Windows keeps logs of all events on the computer. First, before we disable, we must clear all the logs.

To disable it, go to Control Panel then System and Security. Now, click Administrative Tools, and then Event Viewer. In either pane of the Event Viewer window, right-click System and then select Clear All Events, you will get a window that says: "Do you want to save 'System' before clearing it?", click 'No'.

Now we must disable Windows Event Logging. Go to 'Run' and type in 'msconfig', then go to 'Services' and make sure 'Hide all Microsoft Services' is UNCHECKED. Now scroll down until you find 'Windows Event Logging', and UNCHECK it.

Now restart your computer right away.

Step 5.) Disable StandBy In Registry

Disable 'Stand By'. Just create a new text document and add this:
Windows Registry Editor Version 5.00

Code:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ACPI\Parameters] "AMLIMaxCTObjs"=hex:04,00,00,00 "Attributes"=dword:0070 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ACPI\Parameters\WakeUp] "FixedEventMask"=hex:20,05 "FixedEventStatus"=hex:00,84 "GenericEventMask"=hex:18,50,00,10 "GenericEventStatus"=hex:10,00,ff,00

Then save as a .REG file, and run it. Click okay when prompted for confirmation.
 



--
██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██​▌██▌██▌██▌██▌██▌██▌
Preventing From Being Found In The Traced In The First Place
██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██▌██​▌██▌██▌██▌██▌██▌██▌

You should never be tracked in the first place. Follow these guide lines to stay anonymous:

• 1.) Use a no log VPN, such as nVPN, KryptoVPN, or BlackShades VPN. Offshore is better than onshore.
• 2.) Use Tor for web browsing you wouldn't want the FBI, or your ISP looking at.
• 3.) Never release personal information online and use different aliases. Never connect ANY real information to your hacking alias. Build fake information if you are paranoid.
• 4.) Assume the FBI has the IP logs of every website in the world.
• 5.) Use SSH tunneling to an offshore shell on top of your VPN for extra security.
• 6.) Don't get lazy, and be patient.
  
  

TIPS:

NEVER Have Personal Information On Your Hacking Computer (Facebook, Twitter, Pictures, etc...)
---
Always Use SSL Versions Of Websites, There Are Add-Ons To Many Browsers That Will Do This For You
---
NEVER Talk About Hacking In Emails, Use Encrypted Chat Services (Skype Works If On VPN, And ChatCrypt Is A Good One)
---
Ideally, there should be nothing incriminating in your home, or at least too incriminating. No crack, no ectasy. Marijuana is okay in some states as long as its under an ounce (It will just be a fine.)
---
Wrap your ID In Tin Foil When Not In Use, There Are Trackers In Your ID That The Government Can Use To Track You.
---
Don't Use Credit Cards Anywhere Near Places You Use Wi-Fi To Hack From, And Remember, They DO Have Security Cameras.
---
When Receving Items From Social Engineering, Send To A Near-By EMPTY House, And Wait For It On The Day Of Its Delivery, And Only Use USPS, or UPS If You Have It So You Don't Need To Sign For It.

PLEASE READ: It took me a LONG time to right this, the LEAST you could do is say thanks and take the time post to keep this thread alive. Thank you.

Read More

XSS Tutorial Complete[ultimate]

Today I Am Going To Introduce You To The Main Common Code Injection Cross Site Scripting

So Let's Have Some Talks About XSS Stands For Cross Site Scripting
It's The Main Code Injection Through Which An Attacker Can Gain Unauthorized Access To System With Few JavaScript Injections :)
And That Allows An Attacker To Send Client Side Scripts To The Server Viewed By Another Person

In Case Of Simple Understanding
The Attacker Just Sends JavaScript To Client Server And Then Whenever A User As A Victim Logs In Then It Executes Malicious Scripts That's It :D

Few Causes :

1 : Phishing
2 : Cookie Stealing
3 : Server Rooting
4 : Defacing
5 : Hijacking Session Contents

Let's Start

First Start With Finding Vulnerabilities :)
Just Go To This Website Suppose = http://www.wordhippo.com/

Then Find Input Through Which You Can Send Malicious Crafted Scripts To Users For Identifying Vulnerabilities In Website

Input Could Be Anything Like Search Box , Comment , Login , Sign Up , Registration Form And Anything That Allows An User To Input Data/Information

For That You Must Have Some Basic Knowledge Of JavaScript And HTML That's It :D

After Getting That Just Use JavaScript And Then It Automatically Notifies You Whether It's Vulnerable To XSS Or Not

Types Of XSS

1 Persistent XSS = Persistent Means Permanent XSS When Malicious JavaScript Injection Remains In The Websites Forever

For An Example

Let's Take An Example Where A User Can Submit Their Records In Database And Email Them So That It Stores In It And Later On An Administrator Can See The Result Of The Message He Received
Now An Attacker Store XSS In It And If There's Poor Validation Of Queries In Website Then It Can Be Execute For Example

A Forum Where We Are Registered And Send Message There We Send Malicious Scripts And Later On It'll Executed And Whenever A User Tries To Open It Then He Will Get Pop Up Notification Result And That Can Be Used As Defacing And Many Other Unpredictable Methods

Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest. The server embedd the input with the html file and return the file(HTTPResponse) to browser. When the browser executes the HTML file, it also execute the embedded script. This kind of XSS vulnerability frequently occur in search fields.

Example:
Let us consider a project hosting website. To find our favorite project, we will just input the related-word in the search box . When searching is finished, it will display a message like this "search results for yourword " . If the server fail to sanitize the input properly, it will results in execution of injected script.

In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser. The browser then executes the code .

Read More

Burp Suite 5: Sequencer | Comparer | Decoder

Burp Sequencer
The Burp Sequencer tool is used to check for the extent of randomness in the session tokens generated by the Web application. Brute force attacks enumerate every possible combination for gaining authentication from the Web application. Thus it is important to have a high degree of randomness in the session token IDs. For this Burp Suite training tutorial, let us start with sending a request that contains a session token.

Token request using sequencer

Figure 1 shows a token request to the website google.com. The right side of the screenshot has the token start and token end expressions. You can either specify an expression such as “Google” or even set the offset from where the token has to start. This also applies to the token end panel, where you can set the delimiter, or specify a fixed length for the capture to start. After fixing these parameters, click START CAPTURE.

Start capture action panel

The start capture action panel is depicted in Figure 2. It sends requests to the target and gives detailed analysis of the randomness in the cookie tokens. You can pause or stop the analysis at any point. For this Burp Suite training tutorial, stop the scan midway and check out the results. The screenshot in Figure 3 explains the results better.

 

Token randomness analysis results

The scan components are as follows:

1. Overall result
2. Effective entropy
3. Reliability
4. Sample size

Burp automatically analyzes these aspects and generates this report in the sequencer tool. Burp also provides character-level analysis, which reports on the degree of confidence in the randomness of the sample, through a graphical display. Similarly, bit-level analysis can be performed at the bit level. There is an option to pad characters and also to decode in base64 if needed.
For this Burp Suite training tutorial, let us look at the following options provided by Burp sequencer. None of these is compulsory for analysis and they can be chosen or dropped as desired.
1. Character count analysis 
This test analyzes the distribution of characters used within each token.
2. Character transition analysis
This test analyzes the transition of characters between successive tokens. Depending on the randomness of the characters, the transitional analytics vary.
FIPS monobit test
This test does an analysis of the positions of 0s and 1s at each bit position. If the generation is random, then the distribution is likely to be approximately equal.
a. FIPS poker test
This divides the bit sequence into consecutive and unique groups of four. The distribution is evaluated by a chi-square calculation method.
b. FIPS runs test
As the name suggests, the bit sequence is divided into runs of consecutive bits with the same value.
c. FIPS long runs test
Similar to FIPS runs test, this test analyzes the longest bit sequence with consecutive bits of the same value.
d. Spectral tests
This is an advanced method with complex statistical analytics. It treats a bit sequence as a point in multidimensional space and performs the analytics.
e. Correlation test
The tests described thus far analyze each bit in an isolated manner. The correlation test puts together these isolated results and presents the analytics by considering bits as a whole.
f. Compression test
This test works on the principle of the standard ZLIB compression technique. The bit sequences are compressed and the degree of compression is calculated. A higher degree of compression translates to a lower degree of randomness.
Burp Decoder
The Burp Decoder Tool is used to send a request to the decoder. Within the decoder, there are multiple options to encode the request in various formats such as base64, URL, and so on. There are also options to convert it to hashes such as MD5 or SHA-1.

Burp Decoder 

Figure 4 depicts a Burp Decoder request. For our Burp Suite training tutorial, consider an encoded request such as the one shown in Figure 5. The upper portion shows a request encoded in the base64 format while the lower one depicts the request decoded into plain text. While the entire request has been encoded here, you could also selectively choose a portion of the request to decode/encode.

Encoded Request

This tool is useful when there is client-side encryption of username and password into commonly used hashes or encoders. The username or password field can be selectively decoded and the content then viewed in plaintext.
Burp Comparer
Burp Comparer is used for comparisons between two sets of data. For instance, the two sets could display responses to two different requests. The comparison can be performed either on a word scale (word by word) or bit by bit. Burp automates this process for the user and compares the two requests or responses accordingly. For this Burp Suite training tutorial, the comparison shown in Figure 6 is of two different requests to a website.

Comparison of requests to a website

This ends the Burp Suite training tutorial series. The extent to which Burp Suite can be used is limited only by the imagination of the user

Read More

Lock/Unlock Computer With Pendrive

First, what is “syskey”?
SYSKEY is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit encryption key.
SYSKEY was an optional feature added in Windows NT 4.0 SP3. It was meant to protect against offline password cracking attacks so that the SAM database would still be secure even if someone had a copy of it. However, in December 1999, a security team from Bind  View found a security hole in SYSKEY which indicates that a certain form of cryptanalytic attack is possible offline. A brute force attack then appeared to be possible.
Microsoft later collaborated with Bind View to issue a fix for the problem (dubbed the ‘Syskey Bug’) which appears to have been settled and SYSKEY has been pronounced secure enough to resist brute force attack.
According to Todd Sabin of the Bind View team RAZOR, the pre-RC3 versions of Windows 2000 were also affected.
So this is pretty cool, right?  Well, I really like the idea of keeping this on Floppy so that it requires a floppy disk (a sort of 2 factor (hardware/software) authentication?).
Naturally I wanted to go a bit further and use this on a USB drive instead of storing to a Floppy.  I can’t see myself carrying a floppy and a USB floppy drive around with me.  After all, this provides another layer of security.
NOTE:  I haven’t tested copying data from 1 USB to another USB to see if it works as a backup.  This way you could lock up a USB drive as a spare if needed.
Here’s how to get this to work using a USB drive.
1.  Insert your USB drive into your system and wait for it to be recognized and install any necessary drivers.
2.  Fire up disk management and re-assign the drive letter it was given to “A”.


Start up disk management by clicking Start and typing diskmgmt.msc



Right-click the USB drive and choose to assign driver letter or path.

Assign it to letter “A”

Accept the warning message

Now your USB drive is “A”

3.  Run Syskey and save encryption to USB Drive “A”

Click Start and type syskey followed by hitting Enter

Syskey launched; Click “Update”

Choose “Store Startup key on floppy disk” and click “OK”

You’ll be prompted to enter your diskette. Make sure your USB drive is inserted and writable.
4.  Reboot and have fun.  Don’t lose your USB disk!  Also, to revert this, you can run syskey again and choose to store it locally instead of “on a floppy disk”.

Read More