It can be use for convert someone's web page into different page without redirecting.
Some hackers used this to deface my friend's web site.
Let's say you have a web page as follow.
<html>
<head></head>
<body>
<h1>Test</h1>
</body></html>
Tuesday, November 17, 2020
Friday, June 14, 2019
Open-source intelligence (OSINT)
Note : Copied from Github (jivoi/awesome-osint) for future reference if the original source not available.
↑ General Search
The main search engines used by users.- Advangle
- Aol
- Ask
- Bing
- Better Search
- Dothop
- DuckDuckGo - an Internet search engine that emphasizes protecting searchers' privacy.
- Factbites
- Gigablast
- Goodsearch
- Google Search - Most popular search engine.
- Instya
- Impersonal.me
- iSEEK Education
- ixquick
- Lycos
- Parseek (Iran)
- Peeplo
- Search.com
- SurfCanyon
- Teoma
- Wolfram Alpha
- Yahoo! Search -
Thursday, June 13, 2019
Parrot and Kali linux tools
Anon surf
""""""""""
Anon surf setting up the environment for anonymous internet browsing and it all so setup tor network to user. it will stop all the vulnerable apps and services and start tor connection to the machine. Then entire connection will setup using annonsurf
anonsurf start
anonsurf stop
anonsurf myip - check ip
zulucrypt, sirikali
"""""""""""""""""""
both are veracrypt like tools.
Remote desktop viewer
"""""""""""""""""""""
get rdp ssh etc connections to linux and windows machines
qBittorrent
"""""""""""
Bit torrent tool
""""""""""
Anon surf setting up the environment for anonymous internet browsing and it all so setup tor network to user. it will stop all the vulnerable apps and services and start tor connection to the machine. Then entire connection will setup using annonsurf
anonsurf start
anonsurf stop
anonsurf myip - check ip
zulucrypt, sirikali
"""""""""""""""""""
both are veracrypt like tools.
Remote desktop viewer
"""""""""""""""""""""
get rdp ssh etc connections to linux and windows machines
qBittorrent
"""""""""""
Bit torrent tool
Saturday, March 30, 2019
What is shellcode
Simply shellcode is opcode in machine language.
This can be extract from low level languages such as assembly, c
Lets say there is a c file which do something called dosomething.c
gcc -o dosomething.o dosomething.c
When execute shellcode.o it will do something. We need to get machine code of this process.
This can be extract from low level languages such as assembly, c
Lets say there is a c file which do something called dosomething.c
gcc -o dosomething.o dosomething.c
When execute shellcode.o it will do something. We need to get machine code of this process.
C:\Users\Ali\Desktop>objdump -D shellcode.o
Now we can see machine code and asm instructions. Using this we can build the shellcode.
00000000 <.text>: 0: 31 c0 xor %eax,%eax 2: 50 push %eax 3: b8 41 41 41 64 mov $0x64414141,%eax 8: c1 e8 08 shr $0x8,%eax b: c1 e8 08 shr $0x8,%eax e: c1 e8 08 shr $0x8,%eax
Thursday, February 7, 2019
Password extractor from local machine
LaZagne project is python based tool to extract passwords from local machine. Good password extractor. For remote use psexec can be utilized.
Github project link - https://github.com/AlessandroZ/LaZagne
Github project link - https://github.com/AlessandroZ/LaZagne
Sunday, November 4, 2018
What your browser knows about you?
When considering privacy and security of our data it is important to know what details grab by our browsers in day to day life and how they collect those data and how we can mitigate or prevent from being revealed ourselves.
To get know what details a website can grab through your browser visit following sites.
https://panopticlick.eff.org ; This site reveals your screen size and colour depth, browser plugins, time zone, keyboard language type, system fonts, platform and other things.
https://clickclickclick.click ; It is super for getting weird. This site shows your mouse location, whether it is moved or not. Time you spent in the site.
http://webkay.robinlinus.com/ ; This site shows your location, operating system, browser version, plugins, cpu cores, gpu details, battery percentage, local and public ip, isp location, social medias logged in, gyroscope if it is a phone or tablet without any button click. there are some other tests also. You can test your network by clicking on a button, demo of click jacking scenario and auto fill phishing demo. These tests indicates how any site can extract details from your browser and make those for malicious things. Important thing is using it's page source you can learn to write javascripts which can extract details (you can use its JS functions).
To get know what details a website can grab through your browser visit following sites.
https://panopticlick.eff.org ; This site reveals your screen size and colour depth, browser plugins, time zone, keyboard language type, system fonts, platform and other things.
https://clickclickclick.click ; It is super for getting weird. This site shows your mouse location, whether it is moved or not. Time you spent in the site.
http://webkay.robinlinus.com/ ; This site shows your location, operating system, browser version, plugins, cpu cores, gpu details, battery percentage, local and public ip, isp location, social medias logged in, gyroscope if it is a phone or tablet without any button click. there are some other tests also. You can test your network by clicking on a button, demo of click jacking scenario and auto fill phishing demo. These tests indicates how any site can extract details from your browser and make those for malicious things. Important thing is using it's page source you can learn to write javascripts which can extract details (you can use its JS functions).
Saturday, October 13, 2018
Miss concepts of TOR and How to use TOR
The Onion Router or the well known TOR is the most popular platform for being anonymous by freed from clearnet. For years it had well recognition for anonymity, but lately there was some bad news regarding the security of the TOR network, revealing TOR users and some of security breaches. Some of these has been exposed, but some of them are in a blackhole inside this network. As a result there is a trend to use a VPN with TOR browser. There are lots of guides to configure TOR with a VPN. Some of these solutions has raised because of the miss concepts. Therefore before getting into correct or wrong of these news and solutions, it must have to take a look into what happens inside TOR.
Subscribe to:
Posts (Atom)