Search This Blog

VAPT Hacker

Learn about daily tech and hacking news along with VAPT( Vulnerability Assessment and Penetration Testing) through Kali Linux with step by step instruction.

Home
Privacy Policy
Contact us

More…

Contact us

Get link
Facebook
X
Pinterest
Email
Other Apps

You may reach us at

Email :- rohankalra97@gmail.com

Facebook:- facebook.com/vapthacker

LinkedIn:- https://www.linkedin.com/in/rohankalra97/

Twitter:- https://twitter.com/rohankalra97

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Session Hijacking using XSS

Session Hijacking Session hijacking can be defined as impersonating and sending a request as a user other than yourself. In layman's language, it is similar to plane hijacking, where a terrorist takes control of the plane except that here the hacker takes control of the session. It can be done in many ways, the most common being stealing the cookies of a user. Procedure 1) Find the website which is vulnerable to XSS. Let us assume that a site abc.com is vulnerable to XSS. 2) Assume that when a search (which is vulnerable to XSS) is performed on the website, parameters are passed in the url in the format http://abc.com/?s=hello 3) Now we need to save the cookies of the user. 4) Copy the code from my repository at https://github.com/rohankalra97/Session-Hijacking/blob/master/stealer.php and save it as stealer.php 5) Replace the 5th line with the url which you want the user to be finally redirected to. 6) Create an empty file with name log.txt . 7) Now pu...

1.3 Tb/sec DDOS on github!

What is DDOS? DDOS or Distributed Denial Of service refers to crashing server by sending tons of requests from different systems. The systems are usually infected with trojan or malware and all the online systems are made to send continuous requests at one particular time flooding the server. Memcached Server Memcached server are more responsive than usual servers since they have improved memory caching. The attack Attackers spoofed github's IP and took control of memacached servers of Github from UDP port 11211 . Github stated that these servers are inaccessible to the general public. They used it to amplify traffic and attempted to crash the server. The amplification was around 50 times. This lead to github being attacked at a volume of 1.3 Tb/s. This is the largest DDOS attack ever recorded in the history. Astonishingly it took Github approximately just 5 mins to recover. Github was down on 28th Feb between 17:21 UTC and 17:26 UTC. What now? As quoted from htt...

Kali Linux: VMWare or Dual Boot

People usually ask me whether they should dual boot their system with Kali Linux or install it as a virtual machine. Everyone has their own opinion on it but if you ask me I say it depends . Virtual Machine If you are new to this field I will recommend you to boot it on a virtual machine. This is because it will allow you to share data between operating systems. Moreover you won't have to worry about frequent windows updates since they are known to sometimes corrupt the MBR. If you mess up with drivers/kernel in Kali booted in VMware you wont have much problem in re-installing it. That said, there are various other problems associated with it. You cannot use your GPU with it. It is required to crack hashes or is used in software where high computation power is required. Secondly, there may be some network issues with it. Dual Boot Now if you have some experience in using linux, you should prefer dual booting your laptop. There are some workarounds that you have to do if y...