Pages

Thursday, 16 May 2013

How to Hack Computer / PC Easy Method

Step 1: Free Download Apocalypse 1.4.4 to hack Computer or hack password. 

Step 2: Now, go to No-ip.com and register for an account. After email verification, login to your account and click on "Add a host" to get this page, 

hack password

Step 3: Now enter the details to your new host and press create host.

hack password

Hostname : Choose anything you want. Here, I have used- wildhacker. From the adjacent drop down box, select "no-ip.biz" (Don't use any other or it may not work). Leave all things same and hit on "Create host". 

Step 4: Now time to download the duc client software, So it can update your no-ip with your IP : Click here to download the client 

hack password

Step 5: Now open install the no-ip duc, open it then enter your login email or username and pass then press select hosts. 

hack password

Now it should look like this,

hack password

Step 6: Now extract the downloaded Apocalypse rat file and open the rat and it should look like this.

hack password

Step 7: Go to the builder tab and choose the icon you want, 

hack password

Step 8: Now go to basic settings and delete the IP already here. Then enter the no-ip and the port and press add. you can change your server password if you want. 

hack password

Step 9: Now go to the message box tab and choose if you want to add the image. You don't need to add one. 

hack password

Step 10: Now go to file binder and if you want to use it that is ok. But if you don't then you can don't need to.

hack password

Step 11: Now go to the installation tab and mostly do what I did.

hack password

Step 12: Go to the build server tab and un-click the UPX if you want to and enter the file name then click build server and select a location and name then click save.

hack password

Step 13: If you go to the setting tab you can change the port and settings (Use the port you used to make the server) the port should already be clicked which is good.

hack password

Step 14: Now spread that server file which we have created in Step 12. I tested it on a slave and it worked fine. 

hack password

CONGRATS ! Your server is now ready !! Now, simply send this server file to victim and make him run this file on his computer(Social Engineering). After he runs our sent server file on his computer, you will get all passwords and records saved on his computer also you can handle your victim computer remotely. That's it.

Saturday, 11 May 2013

XSS Tutorial

XSS Tutorial

In this XSS tutorial I will explain the basics of cross site scripting and the damage that can done from an XSS attack.
Many people treat an XSS vulnerability as a low to medium risk vulnerability, when in reality it is a damaging attack that can lead to your users being compromised. SQL Injection is a more easily understood vulnerability, as it involves attacking a web application to extract data or modify the web apps back-end database.
An XSS attack involves compromising the users browser rather than the actual web application; keep in mind that the web application is still involved as it is where the attack will originate. So in a typical attack; the bad guy will leverage the web application to effectively launch a browser based attack back at an end user.
Attacker -> exploits web application -> web application delivers a malicious script to a normal users browser -> attacker now has the ability to control the users browser. This is bad for the user and bad for you if you manage the web application.
diagram representing the basics of an xss attack
Some examples of the damage an XSS attack can cause:

  • Redirect page to phishing sites, or fake login pages
  • Steal the users cookies, allowing them access to other web applications with authenticated sessions
  • Insert links to remotely hosted client side exploits within a html body; with the goal of installing malware on the system (key loggers, remote access tools)
These are the most common and dangerous attack outcomes, which typically lead to complete compromise of a users system or personal information.

How does XSS work?

The actual xss attack is formed by injecting unsanitised input into a web application. The input is usually in the form of javascript, that can be stored by the application and returned to other users when they visit the page. Thereby executing the javascript in the users browser.
There are different types of XSS attack and different exploitation points but this is a typical and easy to understand scenario.

How to prevent XSS

Sanitize the input, all user submitted input anywhere in an application must be treated as hostile and filtered. This should be done by the application code, but can also be performed by a web application firewall (WAF) such as mod_security. The most effective way to prevent this is to do both, use well coded applications and have a WAF or filtering as a second line of defense.
In addition there is a HTTP Header that can be used to leverage features in a users browser to prevent XSS attacks. This is the X-XSS-Protection HTTP Header.
Keep in mind that the malicious input could be executed from not only script tags but also the body tag, image tags and more. A browser can be quite forgiving even if the resulting html is broken, it still may execute the script.
This tutorial is aimed at those who need a basic understanding of cross site scripting. For further information take a look at the resources available on the OWASP web site.