STRATEGY & CREATIVITY

Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.

PORTFOLIO

We pride ourselves on bringing a fresh perspective and effective marketing to each project.

Showing posts with label ethical hacking career. Show all posts

Apart from usual read, write, and execute file permissions, Linux documents (files) have another set of attribute that control other characteristics of the file.

Permissions and Attributes

In Linux, who can access a file and what they can do with it is controlled by a user-centric set of permissions. Whether you can read the contents of a file, write new data into the file, or execute a file if it is a script or a program, is all governed by that set of permissions. The permissions are applied to the file, but they define the restrictions and capabilities for different categories of user.

There are permissions for the owner of the file, for the group of the file, and for others—that is, users who are not in the first two categories. You can use the ls command with the -l (long listing) option to see the permissions on a file or directory.

We can see that file permissions are user-centeric because they have choices to remove permissions at the user level. By contrast, the attributes of a file system centric. Like persmissions, they're set on the file or directory. But once they're set, they're the same for all users.

Attrbiutes are a separate collection of settings from permissions. Attributes control characteristics such as immutability and other file system-level behaviors. To see the attributes of a file or directory we use the lsattr command. To set the attributes we use the chattr command.

Inode File system

Permissions and attributes are stored inside inodes. An inode is a file system structure that holds information about file system objects such as files and directories. A file’s location on the hard drive, its creation date, its permissions, and its attributes are all stored within its inode.

Because different file systems have different underlying structures and capabilities, attributes can behave differently—or be completely ignored—by some file systems. In this article, we’re using ext4 which is the default file system for many Linux distributions.

Looking at a File’s Attributes

The chattr and lsattr commands will already be present on your computer so there’s no need to install anything.

To check the attributes on the files in the current directory, use lsattr:

lsattr

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ lsattr 
--------------e------- ./f.txt
--------------e------- ./a.txt
--------------e------- ./e.txt
--------------e------- ./g.txt
--------------e------- ./b.txt
--------------e------- ./atul.txt
--------------e------- ./hackingtruth.txt
--------------e------- ./c.txt
--------------e------- ./d.txt
--------------e------- ./atulkumar.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$

The dashed lines are placeholders for attributes that are not set. The only attribute that is set is the e (extents) attribute. This shows that the file system inodes are using—or will use if required—extents to point to all portions of the file on the hard drive.

If the file is held in one contiguous sequence of hard drive blocks, its inode only has to record the first and last blocks used to store the file. If the file is fragmented, the inode has to record the number of the first and last block of each piece of the file. These pairs of hard drive block numbers are called extents.

This is the list of the most commonly used attributes.

a: Append only. A file with this attribute can only be appended to. It can still be written to, but only at the end of the file. It is not possible to overwrite any of the existing data within the file.

c: Compressed. The file is automatically compressed on the hard drive and uncompressed when it is read. Data written to the files is compressed before it is written to the hard drive.

A: No atime updates. The atime is a value in an inode that records the last time a file was accessed.

C: No copy-on-write. If two processes request access to a file, they can be given pointers to the same file. They are only given their own unique copy of the file if they try to write to the file, making it unique to that process.

d: No dump. The Linux dump command is used to write copies of entire file systems to backup media. This attribute makes dump ignore the file. It is excluded from the backup.

D: Synchronous directory updates. When this attribute is turned on for a directory, all changes to that directory are written synchronously—that is, immediately—on the hard drive. Data operations can be buffered.

e: Extent format. The e attribute indicates that the file system is using extents to map the location of the file on the hard drive. You cannot change this with chattr. It is a function of the operation of the file system.

i: Immutable. An immutable file cannot be modified, including renaming and deleting. The root user is the only person who can set or unset this attribute.

s: Secure deletion. When a file with this attribute set is deleted, the hard drive blocks that held the file data are overwritten with bytes containing zeroes. Note that this is not honored by the ext4 file system.

S: Synchronous updates. Changes to a file with its S attribute set are written to the file synchronously.

u: Deleting a file that has its u attribute set causes a copy of the file to be made. This can be beneficial to file recovery if the file was removed in error.

Changing a File’s Attributes

The chattr command lets us change the attributes of a file or directory. We can use the + (set) and - (unset) operators to apply or remove an attribute, similar to the chmod command and permissions.

The chattr command also has an = (set only) operator. This sets the attributes of a file or directory to only the attributes that are specified in the command. That is, all attributes not listed on the command line are unset.

Setting the Append Only Attribute

If you want use a: append attributes then if you want to change the overwrite the file and add something, but it is not possible because A file with this attribute can only be appended to. It can still be written to, but only at the end of the file. It is not possible to overwrite any of the existing data within the file.

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ echo "Qm9iIC0gIVBAJCRXMHJEITEyMw== | base64 -d" > atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ cat atul.txt      
Qm9iIC0gIVBAJCRXMHJEITEyMw== | base64 -d
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ 
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ sudo chattr +a atul.txt                                   
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ lsattr
--------------e------- ./f.txt
--------------e------- ./a.txt
--------------e------- ./e.txt
--------------e------- ./g.txt
--------------e------- ./b.txt
-----a--------e------- ./atul.txt
--------------e------- ./hackingtruth.txt
--------------e------- ./c.txt
--------------e------- ./d.txt
--------------e------- ./atulkumar.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ echo "Qm" > atul.txt 
zsh: operation not permitted: atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$

We’ll redirect the output from ls into the file:

ls -l > text-file.txt

sudo ls -l > text-file.txt

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ lsattr atul.txt
-----a--------e------- atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ ls -la > atul.txt 
zsh: operation not permitted: atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ sudo ls -la > atul.txt                                                                                                                              1 ⨯
zsh: operation not permitted: atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$                                                                                                                                                     1 ⨯

The operation is not permitted, even if we use the sudo command.

If we use two angle brackets “>>” to redirect output it is appended to the existing data in the file. That should be acceptable to our append-only text file.

sudo ls -l >> text-file.txt

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ lsattr atul.txt     
-----a--------e------- atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ cat  atul.txt 
Qm9iIC0gIVBAJCRXMHJEITEyMw== | base64 -d
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ sudo ls -l >> atul.txt 
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ cat  atul.txt
Qm9iIC0gIVBAJCRXMHJEITEyMw== | base64 -d
total 8
-rwxrwxrwx 1 root      1006  0 May  2 08:57 atulkumar.txt
-rw-r--r-- 1 hackerboy root 41 May  3 12:59 atul.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 a.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 b.txt
-rwxrwxrwx 1 hackerboy root 40 May  3 13:01 c.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 d.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 e.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 f.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 g.txt
-rwxrwxrwx 1 root      1006  0 May  2 08:57 hackingtruth.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$

Although we can append data to the file, that is the only change we can make to it. We can’t delete it and neither can root.

rm text-file.txt

sudo rm text-file.txt

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ lsattr atul.txt       
-----a--------e------- atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ rm atul.txt         
rm: cannot remove 'atul.txt': Operation not permitted
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ sudo rm atul.txt                                                                                                                                    1 ⨯
rm: cannot remove 'atul.txt': Operation not permitted
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$                                                                                                                                                     1 ⨯

Don’t Rely on Secure Deletion on ext4

As we pointed out, some operating systems do not support all of the attributes. The secure delete attribute is not honored by the ext family of file systems, including ext4. Don’t rely on this for the secure deletion of files.

It’s easy to see that this doesn’t work in ext4. We’ll set the s (secure deletion) attribute on a text file.

sudo chattr +s atul.txt

s: Secure deletion. When a file with this attribute set is deleted, the hard drive blocks that held the file data are overwritten with bytes containing zeroes. Note that this is not honored by the ext4 file system.

What we’re going to do is find out the inode that holds the metadata about this file. The inode holds the first hard drive block occupied by the file. The file contains some lorem ipsum placeholder text.
Advertisement

We’ll read that block directly from the hard drive to verify we’re reading the correct hard drive location. We’ll delete the file and then read that same hard dive block once more. If the secure deletion attribute is being honored, we should read zeroed bytes.

We can find the inode of the file by using the hdparm command with the --fibmap (file block map) option.

sudo hdparm --fibmap third-file.txt

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ lsattr atul.txt          
-----a--------e------- atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ chattr +s atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ lsattr atul.txt   
s----a--------e------- atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ 
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ sudo hdparm --fibmap  atul.txt

atul.txt:
 filesystem blocksize 4096, begins at LBA 872241152; assuming 512 byte sectors.
 byte_offset  begin_LBA    end_LBA    sectors
           0  931425384  931425391          8
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$

The first hard drive block is 18100656. We’ll use the dd command to read it.

The options are:

if=/dev/sda: Read from the first hard drive on this computer.
bs=512: Use a hard drive block size of 512 bytes.
skip=18100656: Skip all blocks before block 18100656. In other words, start reading at block 18100656.
count=1: Read one block of data.

sudo dd if=/dev/sda bs=512 skip=18100656 count=1

As expected we see the lorem ipsum placeholder text. We’re reading the correct block on the hard drive.

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ sudo dd if=/dev/sda bs=512 skip=931425384 count=1
Qm9iIC0gIVBAJCRXMHJEITEyMw== | base64 -d
total 8
-rwxrwxrwx 1 root      1006  0 May  2 08:57 atulkumar.txt
-rw-r--r-- 1 hackerboy root 41 May  3 12:59 atul.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 a.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 b.txt
-rwxrwxrwx 1 hackerboy root 40 May  3 13:01 c.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 d.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 e.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 f.txt
-rwxrwxrwx 1 hackerboy root  0 May  2 08:56 g.txt
-r1+0 records in
1+0 records out
512 bytes copied, 0.0237929 s, 21.5 kB/s
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$

Now we’ll delete the file.

rm third-file.txt

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ lsattr atul.txt
                                                                                                                                   1 ⨯
s--------------------- atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ 

┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$ rm atul.txt
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/hackingtruth.org]
└─$

Again, don’t depend on this for secure deletion on ext4.There are better methods available to delete files so that they can’t be recovered.

Disclaimer

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

What is Hacking and what is Ethical Hacking, is it Legal or Illegal.
What is Hacking? I welcome you to my blog. guys, I try to make the post written by me hundred percent correct. So that you can get the correct information and make it easy to read. Today's topic is related to hacking. So guys, today we will know what hacking is. What are the types of hackers. How is hacking done?

What is Hacking?

I welcome you to my blog. Friends, I try to make the post written by me hundred percent correct. So that you can get the correct information and make it easy to read. Bahral, we go to our topic. Today's topic is related to hacking. So friends, today we will know what hacking is. What are the types of hackers. How is hacking done? What is Hacking and what is Ethical Hacking, is it Legal or Illegal.

Nowadays the use of Computer and Smartphone is increasing very fast. It is almost impossible for people to do their work without Smartphone and Computer. Whether it is own business or working in a company / bank.

Computer is used everywhere, computer is used for doing small work.

Many problems have to be faced while doing the same work, in such a situation, when we are talking about computers, then the matter of cyber crime also becomes necessary.

Friends, you must have heard about Cyber Crime. If you have not heard, then I want to tell that Cyber Crime is a type of crime in which hackers steal personal details or data of others using computers. Due to which people suffer heavy losses. And blackmail them and grab lakhs of rupees. Due to cyber crime many organizations have to pay crores of rupees every year due to their data being stolen.

In the computer world, where the crime is not taking the name of stopping, how to protect the people of Longo from the files kept in their -2 computers and the data of the company and Bussiness from being hackers. So friends, we will give you the answer to this question in this post. So, you must read this article about

what is hacking?

Hacking means to find a weakness in a computer's system and take advantage of that weakness and hack that system. The person or person who does this Hacking, we call it Hacker. A Hacker has all kinds of knowledge related to computer, that is why he can easily hack Valunerbility from someone's computer system. On hearing the name, we realize that this is a wrong thing.

Types Of Hacking

Network Hacking

This type of Hacking means that it receives all the information over the Hacker Network itself, for which many tools are available such as -Telnet, NS, Lookup, Ping, tracert, Netstat etc. Its main purpose is only to reach the network system and its operation.
Website Hacking

In website hacking illegally gaining control over the association of its web server and website, ie Database or Interface.

Email Hacking

In email hacking, Hacker creates a duplicate Phishing page, reaches the user to that phishing page, if the user puts information in it then the Email ID gets hacked. It is used in illegal works in an unauthorized manner.

Ethical Hacking

This type of Hacking goes into many ethical tasks. In this Hacking, First Owner's Permission is taken by hacker to find Weakness in the system and Owner is helped in removing these Weakness.

Password Hacking

In this type of Hacking, passwords are cracked in an unauthorized manner, in which the system is hacked by stealing secret passwords kept in the computer.

Computer System Hacking

In this type of hacking, the hacker knows the ID and password of a computer's system and uses the computer illegally by sequre connection to it.

He deletes 2 files sitting at one place and also steals the data. hacking news

See Also

For More information :- Click Here

CEH v10 ( website ) :- Click Here

CEH V10 ( Videos ) :- Click Here

CEH V10 ( Videos ) :- Click Here

What are the types of hackers?

1. Black Hat Hacker

Black Hat Hacker illegally gain the ID and password of your website, Computer System, Android Smartphone, Facebook etc. without your permission.

And assert their authority over the information kept in them. Whether he deletes them or demands a ransom from the owner, Black Hat Hacker is very bloodthirsty. They do not hesitate at all to harm others. Ethical Hacking, is it Legal or Illegal.

2. White Hat Hacker

White Hat Hacker does hacking in an ethical way. Hackers of this category provide protection to our system, website and smartphone from being hacked. Such hackers take permission from the owner of the system and help us in protecting from the attacker. White hat hacker check the security of our website or system. This tells whether the system is a sequer or not. Finds weakness and provides sequrity. It is also called ethical hacker.

3. Gray Hat Hacker
Gray Hat Hacker is actually in a state of confusion. They may or may not play with anyone without permission. By the way, it can hack anyone's system to improve their skills, but they do not cause any harm but they cannot be called a white hat hacker and not a black hat hacker.

Disclaimer

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing malicious or damaging attacks. Performing any hacks without written permission is illegal ..!

All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.

All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.

- Hacking Truth by Kumar Atul Jaiswal

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

35 lakh rupees waiting for you even a little knowledge of hacking is there

If you too have a fondness for hacking, you know about coding, then 35 lakh rupees are waiting for you. Sony, the leading electronic company, has announced the bug bounty program for the gaming console PlayStation. Under this program, gamers or any common man may be entitled to this award by removing bugs in the PlayStation 4 and PlayStation Network. Earlier, Sony's PlayStation bug bounty program used to be private, but this year for the first time the company has announced to make it public. hacker101

Announcing this bug bounty program, Sony wrote in its blog, 'It is a fundamental part of our product security that gives a great experience to our community. To strengthen the security, we attach great importance to the research community. We are excited to announce the new bug bounty program. hackerone

The company has partnered with HackerOne for this and under this program, work is going on to find flaws in PS4 system, operating system, accessories and PlayStation network. It must be mentioned here that PS3 and PS2 are not part of this program. Bug Bounty Program

Sony has divided the prize money of Bug Bounty into four parts, which include Critical, High Severity, Medium Severity and Low Severity. For finding Critical Bugs in PlayStation 4, you will get 50,000 dollars i.e. about 38 lakh rupees, while searching for High, Medium and Low Severity bugs will get 10,000 dollars i.e. about 7.5 lakh rupees, 2,500 dollars i.e. two lakh rupees and 500 dollars i.e. about 38,000 rupees respectively. Bug crowd

Talking about the PlayStation Network (PSN), if you find a critical bug in it, then you will get 3,000 dollars i.e. about 2.5 lakh rupees, while on searching for high, medium and low severity bugs, 1,000 dollars i.e. about 75,500 rupees, 400 dollars i.e. 30,000 rupees respectively. 100 dollars i.e. about 7,500 rupees.

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

Background Concept About Cross Site Scripting ( XSS ) With Examples

Now we are going to talk about XSS cross site scripting. XSS Vulnerabilities are among the most wide spread wab application vulnerabilities on the internet.

Cross-site-scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicous code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur antwhere a web application uses input from a user within the output it generates without validating or encoding it. Background concept about cross site scripting with examples

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browsers has no way to kmow that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens or, other sensitive information retined by the browser and used with that site. cross site scripting with examples

It's refer to client side injection attack where an attacker can execute malicious scripts into a legitimate website or web application. By leavrging a cross site scipting, an attacker doesn't target the victim directly instead an attacker would exploit a vulnerability within a web applications or websites that the victim would visit essentially using the vulnerable website as a vehicle the deliver the malcious script to the victim's browser. basicallly we will use a website to deliver our payloads to the victime, when victim visit into that they paylaod are will executed and the payload will to our job, payload can be malicious, payload can be simple whatever. xss examples

Let's talk about impact of XSS

1) Cookie theft
2) Keylogging
3) Phishing
4) URL Redirection

cross site scripting can be used to a part of URL redirection. Cookies stealing, Keylogging, Phishing etc.

so, in order to run our javascript malicious script in a victim's browser, an attacker must first find a way to inject a payload into web page. That's the victim visit.

for exploitation, attacker can used social engineering way such as email, click jacking to manipulate user for executation to our payload.

Let's talk about the Types of XSS...

Mainly cross site scriptings are parts of three types :-

1) Reflected XSS
2) Stored XSS
3) DOM-based XSS

Reflected XSS or Stored XSS

It's a most common types of Cross site scripting, attacker payload script has to be part of the request which is send to the website an reflect back in such as a way that the HTTP response includes that the payload.

so, basically reflected cross site scripting are required client site interaction, if user will visit that the vulnerable web page and server will deliver our paylaod to the users browse here, then user stored this but server want any payload,we will deliver our paylaod to the client browser and if client visiting that then there's a client side attacks. sql injection cheatsheet

DOM Based XSS :-

it's a advance type of cross site scripting attack, which be made possibly when the web application client site scripting writes user provides a data into a document objects model. The Most dangerous parts of this attack is client side attacks. how to prevent from sql injection

In the attacker's payload is never sent to the server, this makes it will more to detect web application firewall and security engineers.

so basically let's take example of Reflected, stored and DOM through practially,

This is a website testphp.vulnweb.com

So we will type something in the search box like Hello or HackingTruth.in and hit go button...

so it's a reflected but not stored, it's not storing..
so there may be reflected cross site scripting.

Now. let's click on the signup option and you can try withlogin based application and if i will give a any text like kumaratuljaiswal.in

DOM XSS

if i will give any parameter like hello

paramter=hello

<script></script>

and just executing to the user's context, nor the server side to the sever application, then there may be DOM based...

Example this

prompt.mI/O

this is not sending to the server there are executing to the our context, if i will give anypayload there and it will execute then this is called DOM based scripting. cross site scripting how to prevent

see this

so just only executing on the user's script, nor the server side nor to the client side.

How to Hunt for XSS ?

Find a Input parameter, Give any input there and not senitizer then If your input reflect or stored any where there may be XSS.

Try to execute any javascript code there, if you succeed to execute any javascript then there is a XSS

Exploitation of XSS.

you'll find a input parameter then give input there , if your input reflect or stored anywhere there may be cross site scripting. cross site scripting example

XSS Cheatsheet Here :- Click Here

I hope its clear to about The Background concept of cross site scripting :-)

Disclaimer

This was written for educational purpose and pentest only.
The author will not be responsible for any damage ..!
The author of this tool is not responsible for any misuse of the information.
You will not misuse the information to gain unauthorized access.
This information shall only be used to expand knowledge and not for causing malicious or damaging attacks. Performing any hacks without written permission is illegal ..!

All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.

All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.

- Hacking Truth by Kumar Atul Jaiswal

Video Tutorial :- SooN

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

Calculate First and Last Usable IP on The Subnetwork

The network ID is 192.168.1.0, so the first usable address is 192.168.1.1. The broadcast address is 192.168.1.63, so the last usable address is 192.168.1.1.62. As a simple rule, the first usable address is the network ID + 1, while the last usable address is the broadcast address - 1.

You can use subnet calculators (tons are available online), but being able to calculate subnets is always handy. You can refer to a subnetting guide like this
to learn, and then create several exercises on your own to practice, using subent calculators to check if you did them correctly. calculate first and last usable IP on the subnetwork

See also :- Click Here For Bug find with ASN & CIDR Number

Demonstrate Subnetting

The best way to demonstrate subnetting method is by using an example. For example we are given a network address 192.168.116.0 with the default subnet mask of 255.255.255.0. The requirement is to perform subnetting such that we create as many subnets as we can with 30 hosts in each subnet. What is the network ID, broadcast address, first and last usable IP calculate on the subnetwork

Our First step will be to determine how many bits do we need to borrow from the host portion such that the requirement of minimum 30 hosts per subnet is fulfilled. Using the formula below

2n -2,

Where the exponent n is equal to the number of bits left after subnet bits are borrowed.

we can calculate how many bits will be required so that each subnet has 30 host addresses. 25 -2 =30, so 5 bits atleast must be available for host addressing and the remaining can be borrowed to create subnet addresses. The -2 in the formula accounts for two addresses the subnetwork address and the broadcast address which cannot be assigned to hosts.

The network 192.168.116.0/24 has 8 bits for host portion and we will reserve 5 bits for the new host portion, the 3 bits remaining can now be used for creating subnets. To determine how many subnets we can

create, use the following formula:

2n = number of subnets

where the exponent n is bits borrowed from the host portion.

Thus in this case we can create 23 =8 subnets

Our second step will be to calculate the new subnet mask, our previous subnet mask was 255.255.255.0 or 11111111.11111111.11111111.00000000 in binary. Since we have borrowed 3 bits from the host portion our new subnet mask will be 11111111.11111111.11111111.11100000 which is 255.255.255.224 when converted to decimal notation.

We have discussed in detail the conversion process of binary to decimal and vice versa. When performing IP subnetting we will refer to the picture shown below which is very handy in this process.

What is the network ID, broadcast address, first and last usable IP calculate on the subnetwork

So our original subnet mask was 255.255.255.0 and we allocated 3 bits from the host portion which allowed us to have 8 subnets and 30 hosts within each subnet. We can quickly convert 255.255.255.0 to binary by looking at the table above. An octet which is 255 in decimal will be 11111111 in binary so 255.255.255.0 will be 11111111. 11111111. 11111111.00000000. We will set the first 3 bits of the last octet to 1 and last octet will now be 11100000 which from the table above will be 224 in decimal. So our new subnet mask is 255.255.255.224

Our third step will be to determine the subnet multiplier which is fairly simple. All we have to do is subtract the last nonzero octet of the subnet mask from 256. So in this case our subnet multiplier will be 256-224 =32. We will use the subnet multiplier in the next step to list the subnets.

Our final step will be to list the subnet address, host range and the broadcast address. The first subnet address will be 192.168.116.0/27 and the following subnets will be with increments of 32, the subnet multiplier we calculated in the previous step.

Shown in the table below are the subnet addresses, their respective host ranges and the broadcast addresses.

As shown in the table, once we have listed the subnet addresses, calculating the host range and broadcast address is relatively simple. The broadcast address will be the last address of the subnet and one less the preceding subnet address. For example for the subnet 192.168.116.0/27 the broadcast address will be 192.168.1.31 which is last address of this subnet and in binary it will be all 1s in the host portion, this address is preceded by the next subnet address.

The host range will start from the next address after the subnet address for example for the subnet 192.168.116.32/27 the host range will start at 192.168.116.33 and end at one less the broadcast address which will be 192.168.116.62 since the broadcast address is 192.168.1.63. The host address must exactly be 30 in number since we have reserved 5 bits for the host portion.

Top 100 Ethical Hacking Interview Question & Ans

Click Here :- Let's Visit

The methods shown above to calculate the range of valid host IP addresses and the broadcast address are very easy and quick. We will also learn another way to perform these calculations.

To calculate the broadcast address of a subnet change all the host bits values in the subnet address to binary 1s. For example if we need to find the broadcast address of the subnet 192.168.116.32/27 we will first list the subnet address in binary, (we have previously discuses the mathematical conversion process in a previous article). So 192.168.116.0/27 will result in 11000000.10101000.01110100.00100000. Then we will change all host bits values to binary 1s which will be 11000000.10101000.01110100.00111111. So now we have the broadcast address in binary. Converting this to decimal will result in 192.168.116.63.

We can also calculate a range of valid host IP addresses in a subnet using the binary method. For example if need to calculate the range of host addresses in the subnet 192.168.116.32/27 we will first find the first usable host IP address by changing the right-most host bit to 1 of the subnet address . Our subnet address in binary is 11000000.10101000.01110100.00100000 and when we change the right-most host bit to 1 it will be 11000000.10101000.01110100.00100001 which is 192.168.116.33, this is our first usable host IP address of the subnet. Now we will find the last usable host IP address of the subnet by changing all host bits in the subnet address to 1 except for the right-most host bit which will be 11000000.10101000.01110100.00111110, converting this to decimal will result in 192.168.116.62. So now we have the valid host IP address range for the subnet 192.168.116.32/27 which is from 192.168.116.33 to 192.168.116.62. It can also be confirmed from the table above.

This brings us to the end of this article in which we covered basic subnetting techniques. There are several techniques and each person has his favorite. The technique demonstrated in the article is simple and quick technique of performing subnetting.

Out first octet 11000000 can be converted to decimal by picking the bits which are 1 and adding the corresponding decmial values shown in the table above. So 11000000 will be 128 + 64 = 192.

Similarly the second octet 10101000 will be 128 + 32 + 8 = 168, third octet 01110100 will be 64 + 32 +16 +4 = 116 and the finally the fourth octet 11010010 will be 128 + 64 + 16 + 2 = 210.

This results in the IP address 192.168.116.210.

This brings us to the end of this article in which we learn the architecture of IP addresses and also explained the purpose of a subnet mask. We also covered a very imporant tutuorial on binary to decimal conversion and vice versa. It is very important to have firm concepts as these are the base for the entire upcoming CCNA lessons.

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

As data sets are getting larger and more prevalent, researchers are having to try to to tons of leg add reference to core programming - resulting in longer spent with tools like GIT and Kali Linux (something we have seen Hardly done before!).

For software engineers reading this post: you would possibly not find the subsequent useful, but as someone who has been through those early self-taught days as a junior researcher, i might like to see data scientists or ML researchers Feeling of budding pain!

Looking at all of that, i assumed about what commands i exploit daily and in my routine and which commands I wanted to understand beforehand. So from this, i'm now presenting my top 5 Kali Linux commands which have helped me reach the highest of my career! top 5 linux command for beginners

Command 1: grep

grep sounds like the noise frogs make, but actually it stands for Global regular expression print. That long phrase doesn’t make much sense outright, but the essential use case for the grep command is to search for a particular string in a given file.

The function is fairly quick and incredibly helpful when you’re trying to diagnose an issue on your production box, in which for example, you may think a TXT file has some bad data.

As an example, say we’re searching for the string 'this’ in any file which begins with the name 'demo_’:

$ grep "this" demo_*
demo_file:this line is the 1st lower case line in this file.
demo_file:Two lines above this line is empty.
demo_file:And this is the last line.
demo_file1:this line is the 1st lower case line in this file.
demo_file1:Two lines above this line is empty.
demo_file1:And this is the last line.

Not so bad huh? We can see on the left hand side that there are two files that begin with demo (demo_file and demo_file1)

Command 2: wget

Now we move onto something a little bit more sophisticated but still something we use quite a lot. The wget command is a useful utility used to download files from the internet. It runs in the background so can be used in scripts and cron jobs.

To utility is called as follows:

wget <URL> -O <file_name>

Where the following is an example if we wanted to download a file:

wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.17.2.tar.xz

Command 3: wc

Often you have a file of arbitrary length and something smells fishy: maybe the size of the file seems too small for the number of rows you expect or something you’re just curious how many words are in it. Either way, you want to inspect it a bit more and need a command to do so.

The wc command helps out in that it essentially counts a few different things for the file in reference:

# wc --help
Usage: wc [OPTION]... [FILE]...
-c, --bytes            print the byte counts
-m, --chars            print the character counts
-l, --lines            print the newline counts
-L, --max-line-length print the length of the longest line
-w, --words            print the word counts
      --help            display this help and exit
      --version            output version information and exi

So, say we want to count the number of lines in a file:

wc -L tecmintt.txt

16 tecmintt.txt

or maybe the number of characters:

wc -m tecmintt.txt

112 tecmintt.txt

Awesome!

Command 4: Vi

The vi command is super helpful as it allows you to open and explore a file. The command works as follows:

vi [filepath]

And it takes you into an editor sort of thing. Now in this editor, you can use the following characters to navigate:

k    Up one line
j    Down one line
h    Left one character
l    Right one character (or use <Spacebar>)
w    Right one word
b    Left one word

However, in reality, you’ll find navigation pretty naturally. The following commands will be the most useful though:

ZZ     Write (if there were changes), then quit
:wq    Write, then quit
:q     Quit (will only work if file has not been changed)
:q!    Quit without saving changes to file

You’ll learn to love vi, I swear!

Command 5: CTRL+R

So I’ve saved the best for last as I really use this command quite a lot. CTRL+R isn’t really a command but more a shortcut type of thing. It allows you to search your history of used commands by typing in something which resembles the command, and then similar commands that you’ve used before come up!

For example, say you’ve just run a really long command and for whatever reason your terminal session breaks and you have to re-run the command again. With this command, you can quickly search for it again instead of reconstructing the command from scratch!

Let’s say I’m trying to remember a command that begins with hi, but I can’t remember it all. I type in ctrl+r and then I see what it recommends:

$ historybck-i-search: his_

Perfect! The command history has been recommended and that’s exactly the
command we were looking for. If you press tab at this point, the autocomplete fills in the line:

$ history

I’ve actually always struggled to use both Linux and GIT but over time, I’ve managed to remember a few key commands that’ve helped my development as an independent researcher. I can work fairly independently now and it’s thanks to the above command line tools that I’m able to so.

Therefore, I really recommend spending a few hours getting used to linux as the small lessons you take now will really help progress your use of the system going forward. It’s pure upside!

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

Learn how to get started as a professional hacker with this complete course!

Would you like to get started as an ethical hacker? Do you want to become a professional penetration tester? Enroll now in The Complete Ethical Hacking Course and learn how to think like a hacker, and become familiar with the toolkit of a professional pentester. This course covers a wide range of topics relating to network security: The Complete Ethical Hacking Course!

Introduction to ethical hacking
Reconnaissance
Scanning and enumeration
Network presence
Attacking systems
Web hacking
Social engineering

When you enroll in the course you will immediately receive access to 19+ hours of HD video tutorials, as well as additional supplemental resources for developing the necessary skills to succeed in the field. Learn by doing with demonstrations using popular pentesting tools such as Maltego, FOCA, Recon-ng, Nmap, masscan, tcpdump, Wireshark, Ettercap, Burp Suite, Scapy, Mimikatz, Hashcat, Konboot, Hydra, OWASP, SQLmap, mitmproxy, Skipfish and more! The completer beginner to advance level of ethical hacking course

Who this course is for:

This course was deigned for beginners and moves on to more advanced applications.

Requirements

A basic understanding of computer systems.
Various open source pentesting applications.

What you'll learn

Think like a hacker.
Perform effective reconnaissance.
Thoroughly scan public networks.
Monitor and intercept network traffic.
Attack Windows and Linux systems.
Penetrate web security.
Hack humans using social engineering attacks.

This course includes

19.5 hours on-demand video
7 downloadable resources
Full lifetime access
Access on mobile and TV
Certificate of Completion

Click Here :- https://www.udemy.com/course/ethical-hacking-professional/?ranMID=39197&ranEAID=tHnUyAHsRvI&ranSiteID=tHnUyAHsRv&couponCode=F4C430726B40111F9F9A

Coupan Code F4C430726B40111F9F9A

( NOTE :- Any coupon code for free courses is valid for a few days, so keep this in mind. )

Stay Connected

website
🌐https://www.hackingtruth.in
🌐https://www.kumaratuljaiswal.in
🌐https://iam.kumaratuljaiswal.in
🌐https://academy.hackingtruth.in
🌐https://hackingtruth.teachable.com
🌐www.kumaratuljaiswal.wordpress.com
➖➖➖➖➖➖➖

🔥 YT Channel 🔥

https://youtube.com/c/whoiskumaratul

➖➖➖➖➖➖➖

🔥 Stay Connected 🔥

https://instagram.com/h4cking_truth.in_
https://instagram.com/hackingtruthin
https://fb.com/hackingtruthin
https://twitter.co/hackingtruthin
https://www.linkedin.com/company/hackingtruthin

💥💥💥💥💥💥

https://instagram.com/whoiskumaratul
https://fb.com/whoiskumaratul
https://twitter.com/whoiskumaratul
https://linkedIn.con/whoiskumaratul

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

A word that is embeded in the mind of every youth in this modern period, and this words attracts these youths so much that they cannot stop themselves and that is the word that and perhaps you will be the people from me who will get pleasure from inside by hearing the name hacking word and there will be many of you who want to become hackers, so in this modern era it it hacking. The word is very exciting.

so, in via this article website we will know about ethical hacking, I think currently version of Ethical Hacking is in 10 ( CEHv10 ) trend and since many people are involved in preparing for the exam, we want that through this article too you can increase your knowledge in many places and share your knowledge.
Is 10 and 12th marks are important in the field of ethical hacking mainly in PCM?

About Hacking

Hacking — Hacking is identifying weakness in computer systems or network to exploit its weakness gain access. Example of hacking :- using password cracking algorithm to gain access to a system.

In mid 80s & 90s, The media termed hacking related to cyber crime as false. Some peacocks then started using the very beautiful word - before moral hacking and it has become ethical hacking. Just ridiculous.

Media falsely related hacking to cyber crime. Some moron then started using a much pretty word — ethical to precede hacking and it’s become Ethical Hacking. Simply ridiculous.

Cyber security training has developed a mushroom over the years. Most of them are just fake. And innocent youth who consider cyber security to be a demanding field of computer science are keen to become a hacker.

No person can become a hacker from a street course like CEH. Nor can one become a successful hacker (LOL) by two or three years of undergraduate or diploma courses. Studying to become a successful security specialist requires a lot of sweaty hours of study and many nights of sleep with many systems.

Those who cannot cope with the CLI should simply move away from the information security field. Also system scripting languages such as bash, csh, sh, perl, python are required to write their own code to deal with the system and talk with the network. By using just the tools available in Kali Linux or using Metasploit etc., it does not mean that you are a good security expert or so-called hacker.

Cyber security is a matter of own experience in dealing with vulnerabilities and threats. I saw many students who successfully completed a hacking course like CEH and still struggle to avoid getting stuck in simple Linux gotchas.

Is 10 and 12th marks are important in the field of ethical hacking mainly in PCM?

No, 10th and 12th class marks are not important in hacking career and not only 10th and 12th even graduation/post graduation marks also not important in hacking career. Is 10 and 12th marks are important in the field of ethical hacking mainly in PCM?

You can excel in a cyber security career even without a degree, but you have the passion and determination to break into the system with your skilled mind (unlike the years of skill and patience that you have in films overnight Or do not become hackers in short time.)

If you have a good knowledge on any one of the below

Network Security
web applications Security
Exploit writing
Reverse engineering
Wireless Security
IOT Security then no need of even degrees.

For private companies: Your sound knowledge on concepts is irrespective of the certificate and marks you have obtained after graduation / post graduation. I know that some members (from hacking groups) excel in their hacking careers without a degree.

For government companies : There is a systematic approach so here certificates and marks ( above 60%) matters.

If you are passionate and enthusiastic about security try to learn above any one of concepts deeply then jobs will come after you.

I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)

WHAT WE DO

We've been developing corporate tailored services for clients for 30 years.

ABOUT US

OUR TEAM

Kumar Atul Jaiswal

Kumar Atul Jaiswal

Kumar Atul Jaiswal

OUR SKILLS

Marketing

Websites

PR

ACHIEVEMENTS

STRATEGY & CREATIVITY

PORTFOLIO

Permissions and Attributes

Inode File system

Looking at a File’s Attributes

Changing a File’s Attributes

Setting the Append Only Attribute

Don’t Rely on Secure Deletion on ext4

Disclaimer

What is Hacking?

what is hacking?

Types Of Hacking

Email Hacking

Ethical Hacking

Password Hacking

Computer System Hacking

What are the types of hackers?

Disclaimer

35 lakh rupees waiting for you even a little knowledge of hacking is there

Background Concept About Cross Site Scripting ( XSS ) With Examples

Let's talk about impact of XSS

Let's talk about the Types of XSS...

DOM XSS

Example this

How to Hunt for XSS ?

Disclaimer

Video Tutorial :- SooN

Calculate First and Last Usable IP on The Subnetwork

Demonstrate Subnetting

Command 1: grep

Command 2: wget

Command 3: wc

Command 4: Vi

Command 5: CTRL+R

Learn how to get started as a professional hacker with this complete course!

Who this course is for:

Requirements

What you'll learn

This course includes

Stay Connected

About Hacking

Is 10 and 12th marks are important in the field of ethical hacking mainly in PCM?

Ads

Youtube

Linkedln

Popular Posts

Like Us

Labels

Let's Talk About

Tweet

Connection

WHAT WE DO

ANALYTICS

CONSULTING

DESIGN

DEVELOPMENT

MARKETING

SEO

CONTACT US

Hacking Truth.in