Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Burp Suite
- ----------
- Tucha sa.... sasta sa.... tikau sa... tool
- "Hacked By Indian Hacker"
- 2.2 crores....
- 1000 Million Dollars
- OTP --> 4 digits..... beta version.....
- forget password..... OTP.....
- OTP Brute Forcing....
- 0000-9999
- www.facebook.com..... 4-5 baar
- m.facebook.com..... unlimited try
- Brute Forcing
- -------------
- Lock ----> Key..... key is not working..... tod fod...
- Sare password... all possible combination of the password... try.... if right then i will get access of the thing.... if not.... agla word try kro....
- 000000-999999
- Open Burp Suite
- goto Proxy--> Options--> 127.0.0.1:8080
- Goto Browser
- open Menu---> Options ---> Advanced ---> Network ---> Settings
- Manual Proxy ----> 127.0.0.1-->8080
- Welcome to the password protected area admin
- GET /dv18/vulnerabilities/brute/?username=Abhijeet&password=username&Login=Login HTTP/1.1
- Host: 127.0.0.1
- User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.5
- Referer: http://127.0.0.1/dv18/vulnerabilities/brute/?username=abhijeet&password=lucideus&Login=Login
- Cookie: security=low; PHPSESSID=sq92gtpla0v78ch9mt9qot4sh0
- Connection: close
- Upgrade-Insecure-Requests: 1
- POST /bank/login.aspx HTTP/1.1
- Host: demo.testfire.net
- User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.5
- Referer: http://demo.testfire.net/bank/login.aspx
- Content-Type: application/x-www-form-urlencoded
- Content-Length: 40
- Cookie: ASP.NET_SessionId=lbidtv554elc0gfr1netynjj; amSessionId=02314248311
- Connection: close
- Upgrade-Insecure-Requests: 1
- uid=admin&passw=password&btnSubmit=Login
- POST /bank/ws.asmx HTTP/1.1
- Host: demo.testfire.net
- User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
- Accept: */*
- Accept-Language: en-US,en;q=0.5
- Referer: http://demo.testfire.net/bank/transfer.aspx
- SOAPAction: http://www.altoromutual.com/bank/ws/TransferBalance
- Content-Type: text/xml
- Content-Length: 555
- Cookie: ASP.NET_SessionId=lbidtv554elc0gfr1netynjj; amSessionId=02314248311; amUserInfo=UserName=anNtaXRo&Password=RGVtbzEyMzQ=; amUserId=100116014; amCreditOffer=CardType=Gold&Limit=10000&Interest=7.9
- Connection: close
- <?xml version="1.0" encoding="UTF-8"?>
- <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema">
- <soap:Body>
- <TransferBalance xmlns="http://www.altoromutual.com/bank/ws/">
- <transDetails>
- <transferDate>2000-01-01</transferDate>
- <debitAccount>1001160141</debitAccount>
- <creditAccount>1001160140</creditAccount>
- <transferAmount>10000</transferAmount>
- </transDetails>
- </TransferBalance>
- </soap:Body>
- </soap:Envelope>
- 1. User good encryption certificate
- 2. Always use HTTPS instead of HTTP
- 3. Always use and redirect using POST method instead of GET method
- Tool --> Netsparker
- --------------------
- Vulnerability Scanning Tool
- Chota sa.... sasta sa.... tikau sa pyara sa tool
- Javascript
- ----------
- java --> Its a programming language... it is used for creating software
- javascript --> It is also a programming language.... but used only for website and customisation
- alerts
- popups
- etc etc
- <html>
- <head>
- <title>FirstScript</title>
- </head>
- <body>
- <form>
- first number : <input type="text" id="one"><br>
- second number : <input type="text" id="two"><br>
- <input type="submit" onClick="sum()">
- </form>
- <script>
- function sum()
- {
- var a = document.getElementById("one").value;
- var b = document.getElementById("two").value;
- var s = a + b;
- document.write(s);
- alert(s);
- }
- </script>
- </body>
- </html>
- Cross Site Scripting
- --------------------
- It is a javascript based vulnerability... which runs when your browser's javascript is enabled...
- Where I can find a XSS BUG
- ==========================
- comment box, message box, feedback box, post your status
- E-commerce site
- social networking
- news site
- Survey site
- There are two types of XSS
- ---------------------------
- 1. Reflected XSS --> It is just one time use only.... ek baar dalo... refresh kro.... fir se gayab
- 2. Stored XSS --> Ek baar dalo and jb tk database reset nahi hota.... tb tk me attack kr sakta hu..
- cookie ---> username&password×temp&sessionID
- Security = Low
- <script>alert("XSS Mill Gya")</script>
- <script> --> ""
- 1. <ScRiPt>alert("XSS mil gya")</ScRiPt>
- 2. <scr<script>ipt> <script>
- <script>alert("XSS Mill Gya")</script>
- </>()
Add Comment
Please, Sign In to add comment