XSS (Cross Site Scripting) Cheat Sheet Last revision (mm/dd/yy): 07/4/2018 This cheat sheet lists a series of XSS attacks that can be used to bypass certain XSS defensive filters. Please note that input filtering is an incomplete defense for XSS which these tests can be used to illustrate. Basic XSS Test Without Filter Evasion This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here): XSS Locator (Polygot) The following is a "polygot test XSS payload." javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> Image XSS using the JavaScript directive Image XSS using the JavaScript directive (IE7.0 doesn't support the JavaScript directive in context of an image, but it does in other contexts, but the following show the principles that would work in other tags as well: No quotes and no semicolon Case insensitive XSS attack vector HTML entities Malformed A tags <! <!
The w00w00 Security Research Group [Complete Guide] How To Flash A Custom ROM To Your Android ... Have you been hearing about all this custom ROM business - Cyanogen, DamageControl, etc and wondering what in the world all those are about? Or perhaps you already know what those are but are still afraid of trying custom ROMs on your phone because you don't know how to install them or don't want to lose your data and current OS state? Well, today is your lucky day because in this article from the "I wish somebody showed me how to do this crap when I was getting started" series, I will show you how to easily install a custom ROM but only after you back up your current system and exact phone state so that you can restore to that exact state with a click of a button What do you have to lose now? Sounds like a good deal? Note: By the way, having written this tutorial, I know it may seem like there is a lot to do here, scaring you away, but in reality there really isn't - I was simply trying to provide as much detail and be as clear as possible, covering all the bases. Custom ROMs The Steps 1. or
Metasploit Framework, Part 1 sploit(n.) Exploit. A defect in the game code (see bug) or design that can be used to gain unfair advantages. (Source: Dictionary of MMORPG Terms) At present the exploit development community (hackers and security professionals alike) is more sentient than ever before. Exploit development tools and automated frameworks for exploit testing and simulation is the need of the hour. This article provides an insight into the basics of exploit development frameworks, with a special focus on the Metasploit Framework and how it can be exploited to save time and resources. 1. I would like to begin my article with reference to some relatively current happenings. Putting yourself in the mindset of a security administrator in a typical IT company, the exploits added ever more to the existing security burden. Security patches, IDS, firewalls, and so on should not be the only criteria of safety. In my opinion, the solution is the usual, "think like an attacker" approach. 2. 2.1 Memory organization 3.
ldd arbitrary code execution The `ldd` utility is more vulnerable than you think. It's frequently used by programmers and system administrators to determine the dynamic library dependencies of executables. Sounds pretty innocent, right? Wrong! In this article I am going to show you how to create an executable that runs arbitrary code if it's examined by `ldd`. I have also written a social engineering scenario on how you can get your sysadmin to unknowingly hand you his privileges. I researched this subject thoroughly and found that it's almost completely undocumented. First let's understand how `ldd` works. The first command [1] runs `ldd` on `/bin/grep`. The second command [2] sets the LD_TRACE_LOADED_OBJECTS environment variable and seemingly executes `/bin/grep` (but not quite). The third command [3] again sets the LD_TRACE_LOADED_OBJECTS environment variable, calls the dynamic linker/loader `ld-linux.so` and passes `/bin/grep` to it as an argument. What's going on here? Compiling the new loader. That's it. Wow!
TECH SOURCE FROM BOHOL: 10 Best Hacking and Security Software Tools for Linux that you should check out. 1. John the Ripper 2. Nmap is my favorite network security scanner. Nmap runs on Linux, Microsoft Windows, Solaris, and BSD (including Mac OS X), and also on AmigaOS. 3. Nessus is a comprehensive vulnerability scanning software. -Vulnerabilities that allow a remote cracker to control or access sensitive data on a system. Nessus is the world's most popular vulnerability scanner, estimated to be used by over 75,000 organizations worldwide. 4. chkrootkit chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It can be used from a "rescue disc" (typically a Live CD) or it can optionally use an alternative directory from which to run all of its own commands. There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). 5. 6. netcat The original version of netcat is a UNIX program. 7. 8. hping 9. 10. tcpdump
Hackszine.com Here’s a special post from Hackszine – great way to follow all the authors from our HACKS series…. Ed note: In this guest post, veteran Hacks series author Paul Bausch takes on a challenge that’s been on my todo list for a while, providing a solution that should be of immediate interest to all readers of this site and just might serve as a seed for future hacking around here. I have a shelf full of O’Reilly Hacks books across a wide range of subjects. I contributed a couple in the Web Applications category, but I also have Hacks books about digital photography, hardware, scripting languages, gaming, and operating systems. The series has introduced me to a number of authors who are doing unusual things with technology in their particular area of expertise. I thought it would be interesting to follow each of these authors outside of the Hacks series by subscribing to their blogs, collectively. I plugged the feeds into Google Reader, and renamed each feed the author’s full name. Related:
Writing Buffer Overflow Exploits - a Tutorial for Beginners 1. Memory Note: The way we describe it here, memory for a process is organized on most computers, however it depends on the type of processor architecture. This example is for x86 and roughly applies to Sparc. The principle of exploiting a buffer overflow is to overwrite parts of memory that are not supposed to be overwritten by arbitrary input and making the process execute this code. To see how and where an overflow takes place, let us look at how memory is organized. A page is a part of memory that uses its own relative addressing, meaning the kernel allocates initial memory for the process, which it can then access without having to know where the memory is physically located in RAM. - Code segment, data in this segment are assembler instructions that the processor executes. - Data segment, space for variables and dynamic buffers - Stack segment, which is used to pass data (arguments) to functions and as a space for variables of functions. 2. What happens here? 3. 3a. 3b. 4. 4a. 4b.