First download the cutycapt from here

Open your cutycapt from command prompt and type following command

CutyCapt –url=http://www.example.com –out=anyfile.pdf (Convert in PDF Format)

CutyCapt –url=http://www.example.com –out=anyfile.jpg (Convert in Image File)

In Kali Linux

Open your kali linux terminal and type

CutyCapt –url=http://www.example.com –out=anyfile.pdf (To Convert in PDF Format)

CutyCapt –url=http://www.example.com –out=anyfile.jpg (To Convert in Image File)

Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s. XSS got listed as the top 3^rd Vulnerability in the OWASP 2013 Web application Vulnerabilities list. Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications which allows the attackers to inject client-side script into web pages viewed by other users. The execution of the injected code takes place at client side. A cross site scripting vulnerability can be used by the attacker to bypass the Same Origin Policy (SOP). In the past, the potentials of XSS vulnerability were not known. XSS was mainly used for stealing cookies and for temporary or permanent defacements and was not considered as high risk vulnerability. But later XSS tunneling and Payload delivering showed us the potential of XSS Vulnerability. Most of the large websites like Google, Facebook, Twitter, Microsoft, and Amazon etc. even now suffers from XSS bugs. That’s a brief introduction about XSS.

Some threats due to XSS

XSS Tunneling: With XSS Tunnel a hacker will obtain the traffic between the victim and a webserver.

Client side code injection: A hacker can inject malicious codes and execute them at client side.

DOS: A hacker can perform DOS against a remote server or against the client itself.

Cookie Stealing: A hacker can obtain the session cookies or tokens of a victim.

Malware Spreading: A hacker can spread malwares with a website which is vulnerable to XSS.

Phishing: A hacker can embed or redirect to a fake page of the website to get the login credentials of the victim.

Defacing: Temporary or permanent defacement of web application is possible.

What is Xenotix XSS Exploit Framework?

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications.This tool can inject codes into a webpage which are vulnerable to XSS.It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader, a XSS Reverse Shell and a XSS DDoSer. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.

Features of Xenotix XSS Exploit Framework

Xenotix XSS Exploit Framework is divided into two module

Scanner Module

Built in XSS Payloads

HTML5 compactable Payload list

XSS Auto mode Scanner

XSS Multi-Parameter Scanner

XSS Fuzzer

Exploitation Framework

XSS Keylogger

XSS Executable Drive-by downloader

XSS Payload Encoder

XSS Reverse Shell

XSS DDoSer

XSS Cookie Thief

Scanner Module

Built in Payload List

It is having an inbuilt XSS payload list of above 500+ XSS payloads. It includes HTML5 compactable XSS injection payloads.Most of the XSS filters are implemented using String Replace filter, htmlentities filter and htmlspecialcharacters filter. Most of these weakly designed filters can be bypassed by specific XSS payloads present in the inbuilt payload list.

The above chart shows the number of XSS Payloads in different XSS Scanning tools available in market. Xenotix XSS Exploit Framework got the world’s second largest XSS Payload list after IBM AppScan Security which is having 700 million payloads.

XSS Scanner Module

XSS Multi-Parameter Scanner

The Multi-Parameter XSS Scanner comes when you have multiple parameters to test for XSS. It can extract the different parameters from the given URL and test them individually. It saves a lot of your time as you don’t need to test each parameter separately.

XSS Fuzzer

The XSS Fuzzer is a convenient module to detect hidden XSS as well as other vulnerabilities like HTTP Parameter Polution. With the Fuzzer, one can conduct an out of the box testing of the box fuzzing to detect hidden vulnerabilities in a web application. 

Exploitation Framework

XSS Keylogger

The tool includes an inbuilt victim side Key logger which is implemented using JavaScript and PHP.  PHP is served with the help of a portable PHP server named QuickPHP by Zach Saw. A JavaScript file is injected into the web application vulnerable to XSS and is presented to the victim. The script captures the keystrokes made by the victim and send to a PHP file which further write down the logs into a text file.

XSS Executable Drive-by Downloader

Java Drive-by download can be implemented with Xenotix XSS Exploit Framework. It allows the attacker to download and run a malicious executable file on the victim’s system without his knowledge and permission. You have to specify the URL for the malicious executable and then embed the drive-by implemented webpage into a XSS vulnerable page and serve your victim. When the victim view the injected page, the java applet client.jar will access the command prompt and with the help of echo command, write down some scripts to a Visual basic script file named winconfig.vbs in the temp directory(%temp%) and then the cmd.exe will start winconfig.vbs. The winconfig.vbs will download the malicious executable specified by you in the URL to temp directory and rename it as update.exe and finally it will execute update.exe. The downloading and executing of the malicious executable happened without the knowledge and permission of the victim. 

XSS Payload Encoder

The inbuilt Encoder will allow encoding into different forms to bypass various filters and Web Application Firewalls. The encoder supports Base64 Encoding, URL Encoding, HEX Encoding, HTML Characters Conversion, Character Code Conversion and IP to Dword, Hex and Octal conversions.

XSS Reverse Shell

A XSS Reverse Shell can be implemented with Xenotix XSS Exploit Framework. This is made possible with the help of Java Drive-By. The XSS vulnerable web application exploited with the injectable scripts generated by XSS Reverse Shell when presented to a victim will initiate the drive by download of a Reverse TCP connecting shell. After the drive-by download, the reverse shell is executed by the same method used in Java Drive-by. 

The advantage of this method is that the reverse shell is downloaded and executed in the victim’s system without his knowledge. But for the execution of reverse shell, it will pop up a UAC dialog requesting for the permission to run the executable. The tool is having an inbuilt Listener that listens to the reverse shell. It is designed in a user friendly manner. All you have to do is to specify the reverse connection IP and port. 

XSS DDoSer

With HTML 5 comes great power. We harvest the power of HTML 5 to abuse the Cross Origin Resource Sharing (CORS) and WebSocket to implement a DDoS attack.  WebSocket is a technology that allows web applications to have a bidirectional channel to a URI endpoint. Sockets can send and receive data to and from a web server and respond to opening or closing a WebSocket. The XMLHttpRequest is a JavaScript object which is used to exchange data between a server and a bowser behind the scene. This can be used for Cross Origin Resource Sharing (CORS). We can perform a combined and powerful DDoS attack by abusing these two technologies. This module abuses WebSocket and creates numerous socket connections with a target server to slow it down. Along with it by abusing CORS, the add-on create numerous fake GET requests to slow down the target server. When we send the first request to the target server and the response contains the ‘Access-Control-Allow-Origin’ header with a value that restricts cross site requests, then at times the browser refuses to send more requests to the same URL. However this can be easily bypassed by making every request unique by adding a non-existing query-string parameter with changing values.

XSS Cookie Thief

It’s the traditional Cookie Stealer but a bit advanced and with real time cookie viewer. This module allows the pentester to create cookie stealing POC.

Features for the Next Build

Current version of XSS Exploit Framework is based on Internet Explorer’s webpage rendering engine Trident. Since XSS got slightly different behavior in different Web Browsers, the support for the Gecko (Used by Mozilla Firefox) and Webkit (used by Chrome, Opera, and Safari) Rendering engines will be added up in the next build. The support for XSS in POST Parameter and XSS testing by modifying the headers will be included in the next build. XSS Proxy to tunnel the victim-server traffic will be added in future builds. Automatic detection of parameters or variables vulnerable against XSS and DOM Based XSS detection will be added up in next build.

Conclusion

XSS in popular website is a high security threat. Xenotix XSS Exploit Framework can be used by Security Analysts to perform penetration test on Web Applications against XSS vulnerability and to create POC with the inbuilt exploitation framework. Most of the security tools related to XSS are either XSS Scanners or XSS Exploitation tools. Xenotix XSS Exploitation Framework is the first of its kind to act both as an XSS vulnerability scanner as well as XSS exploitation framework. Bug bounty programs like Google Vulnerability Reward Program, Facebook Bounty, Paypal bug bountyetc. are there. So go for a XSS hunting and grab your bounty.J

About Author

Ajin Abraham is an Information Security Researcher. He is the creator of OWASP Xenotix XSS Exploit Framework. He had published different whitepapers and tools in the scope of Information Security. He is one among the top 10 in Chakravyuh 2012, India’s Biggest Ethical Hacking Competition. His area of interest includes web application penetration testing, coding tools, exploit development and fuzzing. He has been a speaker at many security conferences including Defcon Bangalore-India 2012, ClubHack 2012, nullcon Goa 2013, AppSec APAC 2013, Hack Miami 2013, BlackHat Europe 2013 and many more.

However, in this tutorial, automated tools are used to ‘break the Bricks’. If you don’t already have Bricks installed, please go through the setupinstructions. It’s just a matter of few minutes.

SQLMap is seen as an industry standard penetration testing tool when it comes to SQL injection. It’s a free command line utility written in Python. The commands are easy and straightforward.

Starting the scan

Scanning can be started simply by issuing the command:

sqlmap.py -u http://localhost/bricks/content-1/index.php?id=0

During the scan, SQLMap will go ahead and try to inject codes on all possible inputs. Once it detects a vulnerable point, it prompts a question back to the user asking whether they would like to continue looking for other injection points or not. For this tutorial, there is no point in analyzing the page further, so it can be skipped.

Listing out the databases

Enumerating the databases on the remote server can be done easily by issuing the following command:

sqlmap.py -u http://localhost/bricks/content-1/index.php?id=0 –dbs

This lists out all the databases on the remote MySQL server. For this particular tutorial, ‘brick’s is the database of interest.

Dumping the Entire database

The complete ‘bricks’ database can be dumped by issuing:

sqlmap.py -u http://localhost/bricks/content-1/index.php?id=0 -D bricks –dump

This dumps the complete database and shows in a nice manner on the command line. The result can also be seen in the sqlmap/output folder as a CSV file and can be opened using Microsoft Excel or any similar software.

This shows how easy it is to use an automated tool to perform SQL injection attacks. Let’s look at software called Havij.

Performing SQL injection using Havij is a point and click affair. Just supply it with the vulnerable URL, click on some buttons and you’re done!

 About Author

Abhi M is an information security professional and the project leader of OWASP Mantra and OWASP Bricks. He believes that being open can do incredible things for humanity. He is an avid reader of Hacking Articles and is following it since the first day he visited the same.

Tools Required

• Dex2jar: It is a tool which is used when working with android .dex and java .jar files.
• Jd-gui: This tool opens up the entire coding of .apk file.

You can Download both these tools from here.

https://www.dropbox.com/s/4bv9lagfc09hg47/Dex2jar%20and%20jd0gui.rar

In this article I will be taking example of faceniff.apk, but you can take any app of your choice.

Steps involved in reverse engineering android app:

Change the extension of android app to “faceniff.apk.zip“.

Unzip the file using any unzipping software.

Now open the command prompt and type “cd “.

Then type “cd c:androiddex2jar-0.0.9.7″. (Here “C:androiddex2jar-0.0.9.7” is the path of dex2jar tool in my drive, this may be different for you). Press enter.

Now type “dex2jar c:androidFaceniffclasses.dex“. Here “c:androidFaceniffclasses.dex” is the path of the classes.dex file which your will surely be in the extracted folder of the android app.

You will notice a new executable jar file in the unzipped folder of app. Now open that app with “jd.gui” and you will be able to see the source code of android app.

About the Author – Shikhil Sharma is an engineering student who is pursuing his engineering in Computer Science. He has great interest in Cyber Security, Hacking, Penetration Testing, SEO and Vulnerability Assessment and loves to write about them.

Website: www.hackingtweaks.com

This is a re-implementation of the venerable Firewalk tool, written by M. Schiffman and D. Goldsmith. Nevertheless, this nmap-embedded version is designed to be parallel multiprotocol, automated and fully integrated in nmap.

Find Ports in Network

Open your nmap and type

Detect Ports in Website

Example Usage

nmap –script=firewalk –traceroute <host>

nmap –script=firewalk –traceroute –script-args=firewalk.max-retries=1 <host>

nmap –script=firewalk –traceroute –script-args=firewalk.probe-timeout=400ms <host>

nmap –script=firewalk –traceroute –script-args=firewalk.max-probed-ports=7 <host>

open a Web browser and type “http://192.168.1.1” in the Web browser’s address bar, press “Enter,” then type in the username and password for the router’s control panel (the default is “admin” for both the username and password).

Click the “Maintenance” tab, then change Password

Change the Default SSID

An SSID is a 32-character alphanumeric key uniquely identifying a wireless LAN. Its refers to the name of your wireless connection, that you see on the “Available Wireless Connections” list from your laptop while connecting

Click on Interface Setup -> wireless settings -> Change the “Wireless Network Name (SSID)”

Disable SSID broadcast

Click on Interface Setup -> wireless settings -> Broadcast ssid Select no or Disable

Enable MAC filtering

Without MAC address filtering, any wireless client can join Wi-Fi network if they know the network name (also called the SSID) and perhaps a few other security parameters like encryption keys. When MAC address filtering is enabled users are granted or denied access to the WLAN network based on the MAC address of the client they use

Click on Wireless -> Wireless MAC Address filter -> Click on Activated radio Button

Enable Encryption

WEP (Wired Equivalent Protection) 64-bit and 128-bit: WEP is an old wireless encryption standard. Never use WEP encryption, which can be hacked within seconds.

WPA (Wi-Fi Protected Access): WPA-PSK is also refered as WPA-Personal. This is a new version of wireless encryption standard and more secure than WEP. Most of the wireless adapters on your laptop will  support WPA.

WPA2: This is the latest wireless encryption standard that provides the best encryption. Always use WPA2, if both your wireless router and laptop wireless adapter supports it.

Click on Interface Setup -> wireless settings -> ChangeAuthentication Type” drop-down menu, select Authentication Type 

Find who is Connected to your Network

Click Start, click Run, type cmd, and then click OK, to open a command prompt.

At the command prompt, type 

How to Connects to a Wireless Network

Replace MTNL with your own profile name

How to disconnect to a Wireless Network

How to show available Wireless Network profiles your PC

How to Saves wlan profiles as XML files to the specified location

How to Block a Wireless Connection

If you want to block this computer from accessing all wireless network use denyall option in the command. 

How to show the blocked network

How to show the installed Wireless drivers

First Download nmap From Here and install in your pc

How to Detect All Connected PC in Network

nmap -sn 192.168.0.100/24

How to Scan Network Exclude a Specific Host

nmap –exclude 192.168.0.108 192.168.0.1/24

How to Detect Installed OS in Remote PC

nmap -O 192.168.0.102

How to Scan All TCP Port in All Remote PC

nmap -sT 192.168.0.100/24

How to Scan All UDP Ports in Remote PC

nmap -sU 192.168.0.102

How to Scan IP Protocol

nmap -sO 192.168.0.102

How to Detect services of Remote PC

nmap -sV 192.168.1.2

How to Scan Name Server of Website

nmap -sV -T4 -F www.upscportal.in

http://en.wikipedia.org/w/index.php?title=Special:LinkSearch

How to Find the Editors of Particular Wikipedia Articles

This site shows some current status and analysis of en.wikipedia. The data upon which this site’s contents are based is publicly available on wikipedia. The author of this site has no affiliation with wikipedia or other wikimedia projects.

http://en.wikichecker.com/article/

How to Convert Wikipedia Article to MP3

Pediaphon is a free service by Andreas Bischoff, which generates MP3 audio files from Wikipedia articles by speech synthesis. The service was developed at the University of Hagen, Germany. These files can be played immediately in the web browser or be downloaded for later use in a MP3-Player. A podcast will be generated for each inquiry.

http://www.pediaphon.org/~bischoff/radiopedia/index_en.html

How to Track Wikipedia Article Page View Statics

stats.grok.se will add a link to a site showing traffic information for any given page on Wikipedia. By default the link is included in a pre-formatted sentence and links to statistics for the previous month. The default behavior can be manipulated using a small set of parameters.

How to View Deleted Wikipedia Webpage

Deletionpedia

Deletionpedia is a web site containing articles deleted from the English Wikipedia between February and September 2008. Its version of each article includes a header with more information about the deletion such as whether a speedy deletion occurred, where the deletion discussion about the article can be found and which editor deleted the article.

http://deletionpedia.dbatley.com/w/index.php?title=Main_Page

For introduction to GPS please refer GPS

This Article will make us aware about the working of a basic GPS Tracking Software

A GPS Application provides the following features

Mapping

Mapping feature is provided by almost every GPS Application, this feature enables to view the physical location of a device on a Map, and there are several mapping service providers available offering a wide range of offline, online as well as customized maps, and GPS application integrates with multiple maps simultaneously.

Individual Device Map: Displaying a single tracker at a given time 

Group Map: Displaying multiple Trackers at a given time

Route Map: Displaying the route taken by the tracker

Reporting

Reporting is another major feature provided by almost every GPS Application , reports are tabular representation of tracking information, tracking application are capable of providing multiple reports based on end user requirements some of the basic reports generated by tracking application but we can have a lot more based on our requirement.

Device Detail Report: Providing complete description of Tracker

Group Report: Providing description of Multiple Trackers in a single screen

Over Speed Report: Providing detail of tracker Over Speeding

Administration

Administration is a very important feature of any GPS Application; this option is available in every GPS application but can be known by different names. This feature is required to manage all the user, trackers, groups etc, maps, reports, etc. This is mainly for use of the system admin. The following are basic administration options

Tracker Admin: For managing tracker on like Adding a new tracker, changing its Details, Etc.

Account / User Admin: For managing account and users on the application on like Adding a new Account or user, changing its Details, Etc.