Featured post

Split Kali Linux Terminal Window | Yourmonojit Tech

Image
 Split Kali Linux Terminal Window  Step by step how to Split Kali Linux Terminal Window: 1.  In this tips and trick we will utilize screen. As the manual page says: Screen is a full-screen window manager that multiplexes a physical terminal between several processes (typically interactive shells). 2. Type screen in the terminal. press ENTER to skip and then continue to next step. 3. To vertically divide the terminal press CTRL + A and then press | (pipe) sign 4. To horizontally divide the terminal press CTRL + A and then press SHIFT + S 5. To move between the window press CTRL + A and then press TAB 6. To activate the window press CTRL + A and then press C FInally in the end here is the result I've made 🔸 Conclusion: 1. You can make your own and you can create which one the most comfortable layout for you. 2. To divide the window it's depend with the active cursor position in which window. 3. You can share your screen window here and opinion why you use that layout.
Post a Comment

Basic Hacking Via Cross Site Scripting (XSS) – The Logic

 


Basic Hacking Via Cross Site Scripting (XSS) – The Logic


Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users.


So let say that Cross Site Scripting (XSS) was a hacking method that allow attacker inject some script to web server that can affect other users that accessing that webpage.


Actually there's 2 types of Cross Site Scripting (XSS) : Non-Persistent and Persistent (you can read it more at wikipedia), but in this tutorial we will learn about the non-persistent one.


One of my computer security classmate ask me about what will I got if I successfully found a vulnerable XSS website?, I simply can answer it's depend; yes it is depend on how the server handle your request and how they take care the malicious data you provide to the server, but the non-persistent one is great enough to spread a malicious file to many internet users.


🔸Requirements :


1. Found a Cross Site Scripting (XSS) vulnerable website, or


2. You can download the simple PHP file


🔹Step by Step :


1. You can use the PHP file that u have downloaded for you test it on your own lab(use XAMPP), but for this tutorial I will use from real website on the wild internet (do not worry, the logic was the same, once you understand it you'll got the point) 2. Use Google to search for vulnerable website :


Google keyword : Pencarian inurl:co:id


Pencarian was Indonesian language equal to searching, you can modify the Google parameter for search the much more specific website even in your own language.


3. To find a vulnerable website, you need to do a trial and error. I'm testing more than 5 website to test for their search feature is it vulnerable or not for XSS.


The simple method to test was using h1 and script alert 'x' script tag


4. If the website was vulnerable


▫️Description :


1. I test other website and input the code h1 TEST / h1 or script alert x script on search box.


2. The result was show a heading title, but I'm not sure, then


3. I check the selection source to make sure it's not a bold :-p


4. Oops..my query was purely processed by server without filtering :-)


5. Now we got the vulnerable website what to do next?? Did you know that with Cross Site Scripting (XSS) you also can do a defacing to a website by injecting some code in it?(not really deface/fake)


I put this script on search box to display the fake website deface.


script document.body.innerHTML= style body visibility:hidden style div style=visibility:visible h1>THIS SITE WAS HACKED scrip


6. This Cross Site Scripting (XSS) Vulnerability also you can use to steal a session cookie,?


7. Now after we can do deface, show a heading tag, and alerting using javascript what next?


! Only for education purpose !

Comments

Post a Comment

Popular posts from this blog

Cradit card information gathering use Termux

Image
  Credit Card Information Generate Hacking Tool to Termux Generate Cradit card use Termux Commands $ apt update && apt upgrade $ apt install python $ apt install git $ git clone https://github.com/INDOnimous/Card-Number $ cd Card-Number $ ls $ chomd 777 Card.sh $ sh Card.sh [#] Count : 10 [#] Delay : 2 Note :- Make sure that whatever you are doing from pdf guidance is only for educational purpose and nothing else if you are doing any illegal activity then we are not responsible for that. Subscribe our YouTube channel  HAck4Edu Join our Telegram channel  HAck4du
Read more

How to Auto Report Facebook Account for Termux

Image
Report3 tool for Termux How to use this tool? Copy paste this command  in Termux $ pkg update && pkg upgrade $ pkg install git $ pkg install python2 $ git clone https://github.com/PangeranAlvins/Repot3 $ cd Repot3 $ bash install.sh $ python2 Repot3.py Note :- Make sure that whatever you are doing from pdf guidance is only for educational purpose and nothing else if you are doing any illegal activity then we are not responsible for that. Subscribe our YouTube channel  HAck4Edu Join our Telegram channel  HAck4du HAck4Edu # # # # ####### # # # # #### # # # # # ##### # # # # # # # # # # # # # # # # # ####### # # # #### # # ##### # # # # # # ####### # # # ####### # # # # # # # # # # # # # # # # # # # # # # # #### # # # ####### ##### ####
Read more

Osi.ig tool for Termux

Image
Click image for practical video.   How to collect Instagram information? 1. termux (play store) 2. Open termux and type commands Ois.ig Tool for Termux $ pkg install -y git $ git clone https://github.com/th3unkn0n/osi.ig.git && cd osi.ig $ chmod +x install.sh && ./install.sh $ python3 main.py -u username Note :- Make sure that whatever you are doing from pdf guidance is only for educational purpose and nothing else if you are doing any illegal activity then we are not responsible for that. Subscribe our YouTube channel HAck4Edu Join our Telegram channel HAck4du
Read more