Monday, 20 May 2013
Thursday, 16 May 2013
How to Hack Computer / PC Easy Method
Step 1: Free Download Apocalypse 1.4.4 to hack Computer or hack password.
Step 2: Now, go to No-ip.com and register for an account. After email verification, login to your account and click on "Add a host" to get this page,
Step 3: Now enter the details to your new host and press create host.
Hostname : Choose anything you want. Here, I have used- wildhacker. From the adjacent drop down box, select "no-ip.biz" (Don't use any other or it may not work). Leave all things same and hit on "Create host".
Step 4: Now time to download the duc client software, So it can update your no-ip with your IP : Click here to download the client
Step 5: Now open install the no-ip duc, open it then enter your login email or username and pass then press select hosts.
Now it should look like this,
Step 6: Now extract the downloaded Apocalypse rat file and open the rat and it should look like this.
Step 7: Go to the builder tab and choose the icon you want,
Step 8: Now go to basic settings and delete the IP already here. Then enter the no-ip and the port and press add. you can change your server password if you want.
Step 9: Now go to the message box tab and choose if you want to add the image. You don't need to add one.
Step 10: Now go to file binder and if you want to use it that is ok. But if you don't then you can don't need to.
Step 11: Now go to the installation tab and mostly do what I did.
Step 12: Go to the build server tab and un-click the UPX if you want to and enter the file name then click build server and select a location and name then click save.
Step 13: If you go to the setting tab you can change the port and settings (Use the port you used to make the server) the port should already be clicked which is good.
Step 14: Now spread that server file which we have created in Step 12. I tested it on a slave and it worked fine.
Step 2: Now, go to No-ip.com and register for an account. After email verification, login to your account and click on "Add a host" to get this page,

Step 3: Now enter the details to your new host and press create host.

Hostname : Choose anything you want. Here, I have used- wildhacker. From the adjacent drop down box, select "no-ip.biz" (Don't use any other or it may not work). Leave all things same and hit on "Create host".
Step 4: Now time to download the duc client software, So it can update your no-ip with your IP : Click here to download the client

Step 5: Now open install the no-ip duc, open it then enter your login email or username and pass then press select hosts.

Now it should look like this,

Step 6: Now extract the downloaded Apocalypse rat file and open the rat and it should look like this.

Step 7: Go to the builder tab and choose the icon you want,

Step 8: Now go to basic settings and delete the IP already here. Then enter the no-ip and the port and press add. you can change your server password if you want.

Step 9: Now go to the message box tab and choose if you want to add the image. You don't need to add one.

Step 10: Now go to file binder and if you want to use it that is ok. But if you don't then you can don't need to.

Step 11: Now go to the installation tab and mostly do what I did.

Step 12: Go to the build server tab and un-click the UPX if you want to and enter the file name then click build server and select a location and name then click save.

Step 13: If you go to the setting tab you can change the port and settings (Use the port you used to make the server) the port should already be clicked which is good.

Step 14: Now spread that server file which we have created in Step 12. I tested it on a slave and it worked fine.

CONGRATS ! Your server is now ready !! Now, simply send this server file
to victim and make him run this file on his computer(Social
Engineering). After he runs our sent server file on his computer, you
will get all passwords and records saved on his computer also you can
handle your victim computer remotely. That's it.
Saturday, 11 May 2013
XSS Tutorial
XSS Tutorial
In this XSS tutorial I will explain the basics of cross site scripting and the damage that can done from an XSS attack.
Many people treat an XSS vulnerability as a low to medium risk vulnerability, when in reality it is a damaging attack that can lead to your users being compromised. SQL Injection is a more easily understood vulnerability, as it involves attacking a web application to extract data or modify the web apps back-end database.
An XSS attack involves compromising the users browser rather than the actual web application; keep in mind that the web application is still involved as it is where the attack will originate. So in a typical attack; the bad guy will leverage the web application to effectively launch a browser based attack back at an end user.
Attacker -> exploits web application -> web application delivers a malicious script to a normal users browser -> attacker now has the ability to control the users browser. This is bad for the user and bad for you if you manage the web application.

Some examples of the damage an XSS attack can cause:
These are the most common and dangerous attack outcomes, which
typically lead to complete compromise of a users system or personal
information.
There are different types of XSS attack and different exploitation points but this is a typical and easy to understand scenario.
In addition there is a HTTP Header that can be used to leverage features in a users browser to prevent XSS attacks. This is the X-XSS-Protection HTTP Header.
Keep in mind that the malicious input could be executed from not only script tags but also the body tag, image tags and more. A browser can be quite forgiving even if the resulting html is broken, it still may execute the script.
This tutorial is aimed at those who need a basic understanding of cross site scripting. For further information take a look at the resources available on the OWASP web site.
Many people treat an XSS vulnerability as a low to medium risk vulnerability, when in reality it is a damaging attack that can lead to your users being compromised. SQL Injection is a more easily understood vulnerability, as it involves attacking a web application to extract data or modify the web apps back-end database.
An XSS attack involves compromising the users browser rather than the actual web application; keep in mind that the web application is still involved as it is where the attack will originate. So in a typical attack; the bad guy will leverage the web application to effectively launch a browser based attack back at an end user.
Attacker -> exploits web application -> web application delivers a malicious script to a normal users browser -> attacker now has the ability to control the users browser. This is bad for the user and bad for you if you manage the web application.

Some examples of the damage an XSS attack can cause:
- Redirect page to phishing sites, or fake login pages
- Steal the users cookies, allowing them access to other web applications with authenticated sessions
- Insert links to remotely hosted client side exploits within a html body; with the goal of installing malware on the system (key loggers, remote access tools)
How does XSS work?
The actual xss attack is formed by injecting unsanitised input into a web application. The input is usually in the form of javascript, that can be stored by the application and returned to other users when they visit the page. Thereby executing the javascript in the users browser.There are different types of XSS attack and different exploitation points but this is a typical and easy to understand scenario.
How to prevent XSS
Sanitize the input, all user submitted input anywhere in an application must be treated as hostile and filtered. This should be done by the application code, but can also be performed by a web application firewall (WAF) such as mod_security. The most effective way to prevent this is to do both, use well coded applications and have a WAF or filtering as a second line of defense.In addition there is a HTTP Header that can be used to leverage features in a users browser to prevent XSS attacks. This is the X-XSS-Protection HTTP Header.
Keep in mind that the malicious input could be executed from not only script tags but also the body tag, image tags and more. A browser can be quite forgiving even if the resulting html is broken, it still may execute the script.
This tutorial is aimed at those who need a basic understanding of cross site scripting. For further information take a look at the resources available on the OWASP web site.
Subscribe to:
Posts (Atom)