Skip to main content

Posts

Featured Post

How to Create a Phishing Site From Scratch

Disclaimer: THIS BLOG IS FOR INFORMING THE RISK CAUSED BY PHISHING AND PLEASE DO NOT USE THIS FOR ILLEGAL PURPOSES.I AM NOT RESPONSIBLE FOR WHAT EVER AFTER EFFECTS YOU FACE IF YOU USE IT IN WRONG WAY!
REQUIREMENT PHP BASICSHTML BASICSAccount in free Web host such as 000webhost.comWhat is Phishing?
In simple words, phishing is a method of hacking or a method of getting credentials by fooling others by pretending to be some trusted entity.
What we gonna do?
For the sake of example we gonna imitate Facebook and create a login screen similar to them and will fool users to login with it and we get their credentials.
What we need? For this, the foremost thing we need is a login page similar to Facebook.In most of the tutorials they teach you to save Facebook page and edit it,but i wont recommend you that because if we do so its easy for the server or the browser to warn the users or block our page.So, we will need a fresh webpage. I surfed on the internet and found it in:
http://w3lessons.info/2013…
Recent posts

Some Topic For Self Learning In Cyber Security

Some topic for self Learning??

[+] Sql Injection Attack
[+] Hibernate Query Language Injection
[+] Direct OS Code Injection
[+] XML Entity Injection
[+] Broken Authentication and Session
Management
[+] Cross-Site Scripting (XSS)
[+] Insecure Direct Object References
[+] Security Misconfiguration
[+] Sensitive Data Exposure
[+] Missing Function Level Access Control
[+] Cross-Site Request Forgery (CSRF)
[+] Using Components with Known Vulnerabilities
[+] Unvalidated Redirects and Forwards
[+] Cross Site Scripting Attacks
[+] Click Jacking Attacks
[+] DNS Cache Poisoning
[+] Symlinking – An Insider Attack
[+] Cross Site Request Forgery Attacks
[+] Remote Code Execution Attacks
[+] Remote File inclusion
[+] Local file inclusion
[+] EverCookie
[+] Denial oF Service Attack
[+] Cookie Eviction
[+] PHPwn
[+] NAT Pinning
[+] XSHM
[+] MitM DNS Rebinding SSL/TLS Wildcards and
XSS
[+] Quick Proxy Detection
[+] Improving HTTPS Side Channel Attacks
[+] Side Channel Attacks in SSL
[+] Turning XSS i…

Basics You Should Know to Analyze a Website

I recently realized that,giving walk through wont help half of the beginners..even i have struggled initially to make my own moves without knowing how other analysts are thinking..
So, Lets dive into some basic web tags which will help you know what the site is doing and analyzing. 
Every website should have this basic structure...
<html>
<head>
<title></title>
</head>
<body></body>
</html> Every web design is  structured using Hyper Text Markup Language. the code of HTML is written between <html> and </html> [opening and closing html tags] <head> tag is where we import important things such as CSS or JS files ..we also define CSS and JS within the head tag.Within head opening and close tags there is title tag which defines the title of the page.Then we have body tag,this is where the content of web-page is written.This is were we have to make a close look for analyzing. <div> tag is used for defining divisions..it…

Hack Invite Code To Register - Hack The Box

Recently I found another website that have more advanced hacking challenges...I know I need to cover other websites which i have promised you but something in this website is interesting.For registering in this website,you need to hack and get an invite code.So, I thought to deviate from our regular topic and talk about it.
The WEBSITE is

HACK THE BOX

They are asking invite code for registering.As usual i checked source-code of the page.Since I found nothing suspicious,I started looking at JavaScript and found one that seems can help me.


<script defer src="/js/inviteapi.min.js"></script>I visited the js..There is a script and i found some keywords from that like "log","invite","verifyInviteCode","makeInviteCode"I went back to our registration page now right clicked and selected inspect.

SELECT CONSOLE

 Try typing in each keyword and check if function exist.


I got output when i checked verifyInviteCode();
But, there was no help fro…

HackThisSite Realistic Mission 2

Chicago American Nazi Party Racist pigs are organizing an 'anti-immigrant' rally in Chicago. Help anti-racist activists take over their website!  ================================================
From: DestroyFascism 
Message: I have been informed that you have quite admirable hacking skills. Well, this racist hate group is using their website to organize a mass gathering of ignorant racist bastards. We cannot allow such bigoted aggression to happen. If you can gain access to their administrator page and post messages to their main page, we would be eternally grateful.
 ================================================ So a guy named DestroyFascism  is asking for our help.Lets visit the website and check the steps we did in previous missions to find vulnerability. Right click and select view source.There is only 52 lines of code. Check the code for suspicious data.I found something!

CODE ------------------------------------------------------------- <a href="update.php">…

Vulnerability Is Almost Everywhere!

As you all know(even if you dont know let me tell you) I am not any elite hacker. I am learning like all of you.May be it is because I haven't found vulnerability in any sites other than these challenge sites (myself),my confidence is very low.
But something occurred today that lifted my confidence a little higher.

what was it??

Well..first of all let me ask you, have you seen the game menu in this blog? which has hangman game for you to play? Well I was playing in it today and got wrong guess always..then i thought ,why on earth i can't win even this small game!!
Then an Idea struck me!! what if like all this challenge site, there is vulnerability in this game which is a simple code i have copied from another website without even reading it!
I right clicked on the "Guess" button and  selected inspect!
 There i saw 


<input name="ratebutton" type="button" value="Guess" onclick="pruefeZeichen()">

now I know my input is given to the…

Hack This Site! Realistic 1-Uncle Arnold's Local Band Review

Uncle Arnold's Local Band Review  Your friend is being cheated out of hundreds of dollars. Help him make things even again!
After Finishing our basic missions and JavaScript missions we gained a lot of confidence.Now it is time to test in real life scenario. This is where Realistic missions comes in handy.
==================================================

It Says:


From: HeavyMetalRyan 
Message: Hey man, I need a big favour from you. Remember that website I showed you once before? Uncle Arnold's Band Review Page? Well, a long time ago I made a $500 bet with a friend that my band would be at the top of the list by the end of the year. Well, as you already know, two of my band members have died in a horrendous car accident... but this ass hole still insists that the bet is on!

I know you're good with computers and stuff, so I was wondering, is there any way for you to hack this website and make my band on the top of the list? My band is Raging Inferno. Thanks a lot, man!

===========…

Hack This Site JavaScript Mission 7 - JS Obfuscation. FTW!

There is No hint Given to us!All we have is the name 
JS Obfuscation. FTW!

What this means?Obfuscation- the action of making something obscure, unclear, or unintelligible. So clearly,it has some thing to deal with the JavaScript code.Lets find out. As usual, I typed in something in the input box and hit "check password" Got an alert "WRONG! Try again!" Now , as usual we have to go for this in the source code. Right click and select view page source (for chrome).In that search for 
"WRONG! Try again!"

Wow! no code found!what will we do?don't worry! go back to our page and right click on check password and select inspect.Got the code below: <button onclick="javascript:if (document.getElementById(&quot;pass&quot;).value==&quot;j00w1n&quot;){alert(&quot;You WIN!&quot;);window.location += &quot;?lvl_password=&quot;+document.getElementById(&quot;pass&quot;).value}else {alert(&quot;WRONG! Try again!&quot;)}"…