Search This Blog

VAPT Hacker

Learn about daily tech and hacking news along with VAPT( Vulnerability Assessment and Penetration Testing) through Kali Linux with step by step instruction.

Home
Privacy Policy
Contact us

More…

Contact us

Get link
Facebook
X
Pinterest
Email
Other Apps

You may reach us at

Email :- rohankalra97@gmail.com

Facebook:- facebook.com/vapthacker

LinkedIn:- https://www.linkedin.com/in/rohankalra97/

Twitter:- https://twitter.com/rohankalra97

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Session Hijacking using XSS

Session Hijacking Session hijacking can be defined as impersonating and sending a request as a user other than yourself. In layman's language, it is similar to plane hijacking, where a terrorist takes control of the plane except that here the hacker takes control of the session. It can be done in many ways, the most common being stealing the cookies of a user. Procedure 1) Find the website which is vulnerable to XSS. Let us assume that a site abc.com is vulnerable to XSS. 2) Assume that when a search (which is vulnerable to XSS) is performed on the website, parameters are passed in the url in the format http://abc.com/?s=hello 3) Now we need to save the cookies of the user. 4) Copy the code from my repository at https://github.com/rohankalra97/Session-Hijacking/blob/master/stealer.php and save it as stealer.php 5) Replace the 5th line with the url which you want the user to be finally redirected to. 6) Create an empty file with name log.txt . 7) Now pu...

1.3 Tb/sec DDOS on github!

What is DDOS? DDOS or Distributed Denial Of service refers to crashing server by sending tons of requests from different systems. The systems are usually infected with trojan or malware and all the online systems are made to send continuous requests at one particular time flooding the server. Memcached Server Memcached server are more responsive than usual servers since they have improved memory caching. The attack Attackers spoofed github's IP and took control of memacached servers of Github from UDP port 11211 . Github stated that these servers are inaccessible to the general public. They used it to amplify traffic and attempted to crash the server. The amplification was around 50 times. This lead to github being attacked at a volume of 1.3 Tb/s. This is the largest DDOS attack ever recorded in the history. Astonishingly it took Github approximately just 5 mins to recover. Github was down on 28th Feb between 17:21 UTC and 17:26 UTC. What now? As quoted from htt...

Cross Site Scripting

Introduction Cross-Site Scripting (XSS) is a type of injection which allows users to run custom scripts on trusted website. On giving a url to the users, it might allow one to showcase a custom page on a trusted website or redirect a user, allowing him to steal his cookies and do session hijacking. Checking for cross site scripting 1) Download Firefox browser. This does not required Kali and can be tested in windows as well as Mac. 2)In Firefox, type about:config in url. 3) Search for browser.urlbar.filter.javascript . 4) Double click on it, to change the value to false. 5) Now open the website which you want to test. 6) Generally, XSS is present in search bars. 7) In search bar type <script>alert(1)</script> and press enter 8) If you see an alert box, then the site is vulnerable to cross site scripting. 9) If it doesn't work, you can try the cheat sheet at https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet 10) If none of t...