Search This Blog

VAPT Hacker

Learn about daily tech and hacking news along with VAPT( Vulnerability Assessment and Penetration Testing) through Kali Linux with step by step instruction.

Home
Privacy Policy
Contact us

More…

Contact us

Get link
Facebook
X
Pinterest
Email
Other Apps

You may reach us at

Email :- rohankalra97@gmail.com

Facebook:- facebook.com/vapthacker

LinkedIn:- https://www.linkedin.com/in/rohankalra97/

Twitter:- https://twitter.com/rohankalra97

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Session Hijacking using XSS

Session Hijacking Session hijacking can be defined as impersonating and sending a request as a user other than yourself. In layman's language, it is similar to plane hijacking, where a terrorist takes control of the plane except that here the hacker takes control of the session. It can be done in many ways, the most common being stealing the cookies of a user. Procedure 1) Find the website which is vulnerable to XSS. Let us assume that a site abc.com is vulnerable to XSS. 2) Assume that when a search (which is vulnerable to XSS) is performed on the website, parameters are passed in the url in the format http://abc.com/?s=hello 3) Now we need to save the cookies of the user. 4) Copy the code from my repository at https://github.com/rohankalra97/Session-Hijacking/blob/master/stealer.php and save it as stealer.php 5) Replace the 5th line with the url which you want the user to be finally redirected to. 6) Create an empty file with name log.txt . 7) Now pu...

1.3 Tb/sec DDOS on github!

What is DDOS? DDOS or Distributed Denial Of service refers to crashing server by sending tons of requests from different systems. The systems are usually infected with trojan or malware and all the online systems are made to send continuous requests at one particular time flooding the server. Memcached Server Memcached server are more responsive than usual servers since they have improved memory caching. The attack Attackers spoofed github's IP and took control of memacached servers of Github from UDP port 11211 . Github stated that these servers are inaccessible to the general public. They used it to amplify traffic and attempted to crash the server. The amplification was around 50 times. This lead to github being attacked at a volume of 1.3 Tb/s. This is the largest DDOS attack ever recorded in the history. Astonishingly it took Github approximately just 5 mins to recover. Github was down on 28th Feb between 17:21 UTC and 17:26 UTC. What now? As quoted from htt...

Sniffing Android API

API Application Programming Interface aka API is a code that allows two different softwares to interact with each other. We will try to sniff Web API here. Web API are of mainly two types :- SOAP and REST. SOAP API contains only headers while REST API contains headers as well as body. Headers and body are used to send data to a server across the internet. SNIFFING If your APIs are insecure, a hacker can sniff them and modify it to cause damage to your server. Fiddler is one of the software which allows us to sniff API. 1) Download fiddler from https://www.telerik.com/download/fiddler and install it in Kali or Windows. 2) Install Fiddler and run it as Admin. 3) You will see a screen like this 4)Go to tools->option->connections and check allow remote computers to connect. 5) On taking the cursor to the top right corner of the screen, you can see your the local IP address of the PC. 6) Open your android phone and enter this IP in...