XSS cheat sheet by Gorvam saddar

XSS cheat sheet

Before we start what is XSS? let's come to basic !! hmm what is cookie , don't say something like eating stuff.
COOKIE:

A cookie is the variable that web-browsers use to store your login credentials. Without a cookie, you cannot "stay logged in" on websites.

CROSS SITE SCRIPTING:

Cross-Site Scripting is the process of injecting JavaScript (mainly) and also HTML into a webpage.

SOME POINTS ON XSS :

@ -XSS attacks almost always focus upon sites which use cookies for storing our username and password.
@-XSS is used to harm the website (may be defacing ).

tRAdiTIOnAL Type$: type0 , type1, type2

Install Backtrack 5 On Samsung Galaxy Tab by Gorvam saddar

Install Backtrack 5 On Samsung Galaxy Tab

First thing after I get Samsung Galaxy Tab 10.1 is how can I change or add some feature about penetration testing to my Tab. So after I read "How to install Backtrack5 on Motorola Xoom by Pual[.]com, I think I can install Backtrack 5 in my Tab too. That's it. I create this tutorial after I'm successful to installing Backtrack 5 on my Tab. But please do all the steps with you risk!!!!.
1. Download rooting file and transfer it to the tab.
2. Go into the recovery mode with hold "Power Button and Low Volumn Button" for rebooting and when you see the 2 icon press "Low Volumn" and press "High Volumn" or "Power Button" for go to recovery mode.
3. Choose "apply the update from sdcard" and choose "rooting file"
After this step, you're tab was rooted now.

Tutorial on How to Hack Terminal Services by Gorvam saddar

Tutorial on How to Hack Terminal Services

If you want to do any MS Terminal Server cracking you basically have your choice of three tools that can do it for you; TSgrinder, TScrack, and a patched version of RDesktop. This article and its companion Video: Terminal Server / RDP Password Cracking, takes you step-by-step through the concepts, tools and usage.

TSGrinder is readily available from http://www.hammerofgod.com/download.html.

TSCrack you'll have to google for as it is not readily available anymore.

Rdesktop v1.41 can be downloaded from http://www.rdesktop.org/ and you'll need the patch from foofus.net http://www.foofus.net/jmk/rdesktop.html.

Part 1: MS Terminal Services Overview

Hacking Exposed Windows Server 2003 goes a great overview, I won't plagiarize it all here, so check it out for me details and the references section of this paper for some MS references.
Prior to Terminal Services, Windows did not provide the ability to run code remotely in the processor space of the server. Another way to put this is there was no way to have an "interactive" session on the server. There were tools like wsremote or psexec or VNC. If an attacker got a non administrator level account on a remote machine they could map shares and copy files but had a difficult time running code on the server. Now, with Terminal Services, an attacker can log on as a non privileged user and run exploit local exploit code via the Terminal Services GUI. These attacks used to be fairly limited to local physical attacks or from users who actually logging into your domain but now if the server has Terminal Services (2000 server 2003 server) or RDP (Windows XP) running the attack vector increases.

SMS Spoofing with Kali Linux by Gorvam Saddar

SMS Spoofing with Kali Linux

The new Kali-Linux (BT6) comes with many advance and increasing features and one of its incredible feature is its SMS spoofing weapon. So today we will have fun with this feature and see how easily we can spoof SMS. This is an amazing and improved feature that has made many security professionals think. Anyone can easily spoof sms from various numbers and there is no chance to be caught. This feature is located in the SET (

Social Engineering toolkit

How to detect a hacker attack by gorvam saddar

How to detect a hacker attack

Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack. Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.

tips for secure online shopping by gorvam saddar

Shopping online isn’t just as safe as handing over your credit card in a store or restaurant. However, if you take care of few things it can be a safe deal. Following are the things you should take care of:

   1. Never respond to an email request for credit card details. All reputable companies will conduct transactions with you over a secure website connection.
   2. Remember to never respond to any email advertisement, and only visit sites you know or have book marked, and verify the address before browsing further.
   3. Only buy from trusted brands and websites.....

Snort by gorvam saddar

Introduction to Snort
1
Introduction to Snort
A lightweight Intrusion Detection System by Marty Roesch
Document based extensively on original snort documentation from /usr/local/share/snort

Introduction to Snort
2
Using Snort
What is snort?
Snort is a lightweight intrusion detection system that can log packets coming across your network. This