http://www.hackingtricks.in/ennoreply@blogger.com (Deepanker Verma)Wed, 01 May 2013 01:43:13 PDTBlogger http://www.blogger.com651125blogspot/csAFghttp://feedburner.google.comhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/2mmaEuOmRw8/a-new-android-malware-badnews.htmlCyber Newsnoreply@blogger.com (Deepanker Verma)Sun, 21 Apr 2013 06:51:07 PDTtag:blogger.com,1999:blog-5009365634130283389.post-3300587103721380214 A new bad news comes in the form of new Android Malware called BadNews. This new malware has been found in more than 9 million downloads. Security Firm Lookout found this malware in 32 apps. Most of these 32 apps were available in Google Play and target Russian users. Company posted the name and download numbers in blog post. Most downloaded Malware appw as a game called Savage Knife. This 2013-04-21T19:21:07.373+05:300http://www.hackingtricks.in/2013/04/a-new-android-malware-badnews.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/_PfBl-HfSWg/how-to-start-web-application.htmlsmartphone penetration testingpenetration testingnoreply@blogger.com (Deepanker Verma)Mon, 15 Apr 2013 11:57:21 PDTtag:blogger.com,1999:blog-5009365634130283389.post-2162222304878220402 If you are a developer, owner of a software firm or a testing engineer, you must know the importance of security testing. Hackers are everywhere and they always try to intrude in the system, network and applications. If we talk about Web application penetration testing, there are so many tools available. In this post, we will see how to use Websecurify for penetration testing of web 2013-04-16T00:27:21.605+05:300http://www.hackingtricks.in/2013/04/how-to-start-web-application.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/KpnHAm1GcBc/popular-online-document-sharing-website.htmlCyber Newsnoreply@blogger.com (Deepanker Verma)Fri, 05 Apr 2013 00:30:48 PDTtag:blogger.com,1999:blog-5009365634130283389.post-5854521625226559338 World's most popular online document sharing website Scribd is the latest member of cyber attacker. Company has posted a security announcement in which it claims that attackers try to access users' information. Company is also asking users to change their passwords. Scribd has already sent mail to all affected users. “Earlier this week, Scribd’s Operations team discovered and blocked 2013-04-05T13:00:48.290+05:300http://www.hackingtricks.in/2013/04/popular-online-document-sharing-website.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/9Yvyec1qbYY/methods-of-finding-admin-login-page-of.htmlWebsite hackingpassword crackingnoreply@blogger.com (Deepanker Verma)Sun, 17 Mar 2013 03:52:22 PDTtag:blogger.com,1999:blog-5009365634130283389.post-449108687142462401 Sometimes it is hard to find admin login pages on the website because they are not linked with main website. Once I found SQL injection vulnerability in a website and easily got the admin user name, password. Next step was finding the admin login page and try the password. But it took hours to get the page. Sometimes, it is really hard to find the admin login pages. This is because admin 2013-03-17T16:22:22.790+05:300http://www.hackingtricks.in/2013/03/methods-of-finding-admin-login-page-of.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/gGsgJPNHNRU/wordpress-security-scanning-with-wpscan.htmlwordpressWeb Application Security Scanner Frameworkandroidnoreply@blogger.com (Deepanker Verma)Fri, 15 Mar 2013 01:55:51 PDTtag:blogger.com,1999:blog-5009365634130283389.post-8556779737356393825 With the increasing popularity of Android devices, security companies are developing penetration testing tools for this platform. If you own a WordPress website, now you can scan it for known security vulnerabilities with WpScan Android app.  Wpscan is a blackbox WordPress security scanner written in Ruby. This app was also available on Google Play store, but now it is unavailable. You can 2013-03-15T14:25:51.128+05:300http://www.hackingtricks.in/2013/03/wordpress-security-scanning-with-wpscan.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/FlOD5dO4w2w/evernote-hacked-emails-and-encrypted.htmlwebiste hackingCyber Newsnoreply@blogger.com (Deepanker Verma)Sat, 02 Mar 2013 21:56:14 PSTtag:blogger.com,1999:blog-5009365634130283389.post-4062583921748702186 Few hours ago, Popular tech company Evernote has also confirmed that hackers have broken into their systems. Company revealed that hackers have access the emails addresses and encrypted passwords. Now, Company is forcing users to change their account password before accessing the service. Company is also sending emails to all registered users and requesting them to change password as soon 2013-03-03T11:26:14.670+05:300http://www.hackingtricks.in/2013/03/evernote-hacked-emails-and-encrypted.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/mY_OEd8x2rI/which-tool-should-i-use-for-pentesting_23.htmlhacking tutorialpenetration testingnoreply@blogger.com (Deepanker Verma)Sat, 23 Feb 2013 08:54:17 PSTtag:blogger.com,1999:blog-5009365634130283389.post-978058915508708669 Penetration testing is the process of finding of security vulnerabilities in web application. It can also be seen as security testing. To make the testing process simple, there are many manual tools and automatic tools available. By using these tools, we can find vulnerabilities faster than manual testing methods.  There are so many penetration testing tools available. You can find most of 2013-02-23T22:24:17.676+05:300http://www.hackingtricks.in/2013/02/which-tool-should-i-use-for-pentesting_23.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/p_yhwOwasRo/twitter-hacked-changed-your-password-now.htmltwitter hackingCyber Newsnoreply@blogger.com (Deepanker Verma)Sat, 23 Feb 2013 03:25:01 PSTtag:blogger.com,1999:blog-5009365634130283389.post-6027810781783108090 Its a bad news for Twitter users. Today, Twitter has announced that some hackers gained access to its network and compromised few user accounts. According to Twitter, 250,000 Twitter accounts may be compromised. Twitter has also started sending notification emails to all compromised account users. If you are a regular Twitter user, I will advise you to change your Twitter password now.  “2013-02-23T16:55:01.452+05:300http://www.hackingtricks.in/2013/02/twitter-hacked-changed-your-password-now.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/dLcxDBDZdac/password-cracking-with-cain-able.htmlHacking ToolsHacking tutorialspassword crackingnoreply@blogger.com (Deepanker Verma)Sat, 26 Jan 2013 01:42:29 PSTtag:blogger.com,1999:blog-5009365634130283389.post-929058994461338670 If you have few knowledge about password cracking and know few password crackers, I am sure you already know about Cain and Able. Cain and Able is one of the most popular password cracking tools. You can learn more about this tool in our security tools gallery. Officially, Cain and Able is a password recovery tool available for Windows operating systems and supports all available version of 2013-01-26T15:12:29.351+05:300http://www.hackingtricks.in/2013/01/password-cracking-with-cain-able.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/mL_4R2rr8hg/what-is-cross-site-scripting-or-xss.htmlXSSHacking tutorialsnoreply@blogger.com (Deepanker Verma)Fri, 18 Jan 2013 00:11:44 PSTtag:blogger.com,1999:blog-5009365634130283389.post-6132357509877079722 Cross Site Scripting is also a well known vulnerability and it can be found in most of the popular websites. If you are regular reader of Hacking Tricks, you already know that I found XSS in Amazon, Adobe, eBay, PandaSecurity, Symantec, QuickHeal, K7Antivirus and many other popular websites. Cross Site Scripting (abbrivated as XSS) is a web application vulnerability that allows attackers to 2013-01-18T13:41:44.686+05:300http://www.hackingtricks.in/2013/01/what-is-cross-site-scripting-or-xss.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/W9kulBculcU/most-hidden-dangers-of-facebook.htmlfacebook hackingnoreply@blogger.com (Deepanker Verma)Thu, 17 Jan 2013 00:42:53 PSTtag:blogger.com,1999:blog-5009365634130283389.post-718395219346027191 The last 3-4 years have observed a tremendous positive growth ladder in the success rate of Facebook, a social networking website. Phenomenal success of Facebook has made it the No.1 social networking website presently. In fact, it has beat Google by the maximum number of visitor visits for one entire week. But things always go the same way as one may think of. Both positive and negative 2013-01-17T14:12:53.524+05:300http://www.hackingtricks.in/2013/01/most-hidden-dangers-of-facebook.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/WzialSlktp4/download-windows-8-ebook-for-free.htmlwindows 8ebooksnoreply@blogger.com (Deepanker Verma)Wed, 16 Jan 2013 06:00:23 PSTtag:blogger.com,1999:blog-5009365634130283389.post-7670218103263279205 Hello readers, Although I am not active enough now due to less availability of time. But I try my best to provide best resource to you all. Today, I got a nice ebook on Windows 8 that costs $9.95 but you can download it for free from Hacking Tricks. This book covers most of the problems users are facing with Windows 8. Windows 8 is totally different from older version of Windows and it 2013-01-16T19:30:23.527+05:300http://www.hackingtricks.in/2013/01/download-windows-8-ebook-for-free.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/bHLZ6_rZ7Hw/microsofts-delishcom-vulnerable-to-xss.htmlWebsite hackingXSSnoreply@blogger.com (Deepanker Verma)Fri, 11 Jan 2013 03:04:31 PSTtag:blogger.com,1999:blog-5009365634130283389.post-5570170034672612819 I have noticed some XSS vulnerabilities to Microsoft's Delish.com and notified to Microsoft about this. Microsoft has also responded quickly and assured me to patch this vulnerability soon. See the POC below: You can see the snapshot where cookies are there in the Javascript alert box.  XSS vulnerability is very harmful for websites. It can be used to execute malicious scripts when users 2013-01-11T16:34:31.600+05:300http://www.hackingtricks.in/2013/01/microsofts-delishcom-vulnerable-to-xss.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/Tw6SDi1DwGU/how-to-send-self-destructing-password.htmlnoreply@blogger.com (Deepanker Verma)Fri, 11 Jan 2013 02:04:18 PSTtag:blogger.com,1999:blog-5009365634130283389.post-815606543440331236 Privacy and data security is always an important thing which we care while using the Internet. We also know that hackers more active these days and they always try to hack into our emails and other accounts. So it is always risky to share important messages. Sometimes we wish to send emails that also have password protection. In case the other user's account  has been hacked, important email is2013-01-11T15:34:18.012+05:300http://www.hackingtricks.in/2013/01/how-to-send-self-destructing-password.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/z4VAFacSHFo/block-porn-websites-on-your-computer.htmlporn blockernoreply@blogger.com (Deepanker Verma)Sun, 06 Jan 2013 06:45:02 PSTtag:blogger.com,1999:blog-5009365634130283389.post-2754961264707823356 Do You want to protect your children from watching porn movies online?  You are not the only one. Almost all parents want to protect their children from watching porn online. But Internet has made it easy to get in touch with porn content. With the growth of Internet usage, average age of Internet exposure to pornography is going down. Now its only 11 years. If you also want to protect your 2013-01-06T20:15:02.637+05:300http://www.hackingtricks.in/2013/01/block-porn-websites-on-your-computer.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/R-KcS2OIowg/5-best-books-to-lean-web-application.htmlHacking tutorialsebooksnoreply@blogger.com (Deepanker Verma)Mon, 31 Dec 2012 09:01:13 PSTtag:blogger.com,1999:blog-5009365634130283389.post-3340489383043195833 Year 2012 is about to end and we are waiting to celebrate new year 2013. In 2012, we have seen so many hacking incidents, data breach  password leaks and website deface that belongs to popular websites. All these happens because of web application vulnerabilities that could be patched but developer failed to notice vulnerabilities. This is the reason why Application security field is booming and2012-12-31T22:31:13.254+05:300http://www.hackingtricks.in/2012/12/5-best-books-to-lean-web-application.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/R6mNgs3nB5Q/ask-your-problems-and-solve-others-join.htmlHacking tutorialsCyber Newsnoreply@blogger.com (Deepanker Verma)Mon, 24 Dec 2012 05:36:15 PSTtag:blogger.com,1999:blog-5009365634130283389.post-4344456748332720475 My readers have been requesting me to start a forum for past few months. But I am not prepare for that. Actually I am running few blogs and also work as a freelancer security researcher and a web developer. So answering each email and comment is not so easy for me. You can see that I am also less active on my blog. Still I care for my readers and try to solve their computer and tech related 2012-12-24T19:06:15.638+05:300http://www.hackingtricks.in/2012/12/ask-your-problems-and-solve-others-join.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/kAnUh3oB3_M/what-is-http-header-injection.htmlXSSvulnerabilityHacking tutorialsnoreply@blogger.com (Deepanker Verma)Sat, 22 Dec 2012 03:50:51 PSTtag:blogger.com,1999:blog-5009365634130283389.post-3875602231491598212 On this security blog, I have discussed so many web application vulnerabilities in details. But there are still many which we have not discussed. Today, I am going to explain few things about HTTP header injection. HTTP Header HTTP Header is the component of HTTP requests and responces. Header fields are transimitted with each request and responce and carry additional data about the requests 2012-12-22T17:20:51.597+05:300http://www.hackingtricks.in/2012/12/what-is-http-header-injection.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/hlJXpdk7Pyg/glass-door-is-vulnerable-to-xss-and.htmlDeepankerWebsite hackingXSSCyber Newsnoreply@blogger.com (Deepanker Verma)Wed, 19 Dec 2012 22:56:06 PSTtag:blogger.com,1999:blog-5009365634130283389.post-294722753555290400 LinkedIn rival Glass Door is now one of the most popular website that connects employer to employees. Yesterday, I noticed some serious XSS and Iframe injection vulnerabilities on Glass door website. This vulnerability can be used to hijack sessions and malware spreading. Although, I can not see much danger because there is nothing like payment on the website. Still, It is very harmful for the2012-12-20T12:26:06.452+05:300http://www.hackingtricks.in/2012/12/glass-door-is-vulnerable-to-xss-and.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/2pQVisuhx0o/symantec-is-vulnerable-to-url.htmlDeepankerXSSCyber Newsnoreply@blogger.com (Deepanker Verma)Tue, 18 Dec 2012 01:37:46 PSTtag:blogger.com,1999:blog-5009365634130283389.post-7689629273374064732 Website of security giant, Symantec is vulnerable to unvaidated URL redirection. This potentially dangerous redirection vulnerability affects the main website of Symantec that can be used to redirect users to protentially harmful websites. This link is able to redirect users to any website. Attacker can use this vulnerbility to redirect users to perform phishing or malware spreading. We all 2012-12-18T15:07:46.270+05:300http://www.hackingtricks.in/2012/12/symantec-is-vulnerable-to-url.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/52dzXhXsz5k/aol-badly-affected-with-xss-and-iframe.htmlDeepankerXSSCyber Newsnoreply@blogger.com (Deepanker Verma)Sat, 15 Dec 2012 01:50:28 PSTtag:blogger.com,1999:blog-5009365634130283389.post-5464173954647590746 AOL is a reputed company with so many popular online brand. Today, I noticed few XSS and Inframe injection vulnerabilities in its shopping website. Yes, AOL Shopping website is badly affected with XSS and IFRAME injection. Attacker can use this vulnerability to steal users cookie and then hijack session. See the proof of concept with cookies in alert box. I was also able to add a hyperlink2012-12-15T15:20:28.837+05:300http://www.hackingtricks.in/2012/12/aol-badly-affected-with-xss-and-iframe.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/wwrW60IeYcg/got-dom-based-post-xss-on-quick-heal.htmlDeepankerXSSnoreply@blogger.com (Deepanker Verma)Fri, 14 Dec 2012 04:04:26 PSTtag:blogger.com,1999:blog-5009365634130283389.post-5761038357486230107 This time again XSS on a high profile website. Its not so complicated but it can be used to trick users and redirect them to some malicious websites. So attacker can redirect users to some phishing website or some fake website spreading malware. See the proof of concept: XSS is known as Cross Site Scripting that allows attackers to inject malicious client side code in innocent websites in 2012-12-14T17:34:26.432+05:300http://www.hackingtricks.in/2012/12/got-dom-based-post-xss-on-quick-heal.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/dl3_t-TUd5c/multiple-xss-vulnerabilities-on-k7.htmlDeepankerXSSCyber Newsnoreply@blogger.com (Deepanker Verma)Wed, 12 Dec 2012 00:57:39 PSTtag:blogger.com,1999:blog-5009365634130283389.post-7278530098976671415 In recent days, I was busy in some projects so could not do much in security field. Now I am back with some of my other high profile finding. This time, XSS in K7 Antivirus website. K7computing.com is vulnerable to XSS vulnerable that can redirect users to some other malicious websites or execute client side code on users' browser. Vulnerability is found on some critical pages that i can not 2012-12-12T14:27:39.309+05:300http://www.hackingtricks.in/2012/12/multiple-xss-vulnerabilities-on-k7.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/wJoqRy0ygcU/remote-computer-hacking-with-sniperspy.htmlHacking Toolskeyloggersnoreply@blogger.com (Deepanker Verma)Tue, 04 Dec 2012 04:24:05 PSTtag:blogger.com,1999:blog-5009365634130283389.post-8423840768181334579 Are you looking to hack a remote computer? Do you wan to hack passwords of your friends? I am here with a leading remote computer hacking software. SnipeSpy (Best Rated Remote hacking software) SniperSpy is the best Remote hacking Software that also features remote installation and remote control. Once installed on the remote computer, you only need to login on your sniper spy account 2012-12-04T17:54:05.341+05:300http://www.hackingtricks.in/2012/12/remote-computer-hacking-with-sniperspy.htmlhttp://feedproxy.google.com/~r/blogspot/csAFg/~3/HnPE6k4dJIw/tutorial-on-cookie-stealing-via-xss-and.htmlcookieXSSHacking tutorialsnoreply@blogger.com (Deepanker Verma)Mon, 03 Dec 2012 06:17:28 PSTtag:blogger.com,1999:blog-5009365634130283389.post-5124664321416351286 I have already posted much about cookies and its usage in my older article on cookie poisoning attack. Cookies are used to remember sessions because HTTP is a stateless protocol. If you manage to get the cookies of a active session of user, you can use that session and the account of the user. Here the attack involve mainly two things. Finding XSS vulnerable websites and then stealing. I 2012-12-03T19:47:28.487+05:300http://www.hackingtricks.in/2012/12/tutorial-on-cookie-stealing-via-xss-and.htmlnonadult