Saturday, 25 October 2014

Web Apps Pentesting


Introduction

Hi, Im Muhammad Adeel From UrduSecurity, here Im gonna describe a simplest way with a simple example that how now a days hackers are tricking the Search Engine bots in order to let them think that the injected code is not a spam or they can hide it in a realistic way so that the bots think that the code is legit.

Example

one of the best way to do the job is inserting our SPAM CODE between <div> tag with an ID or  Class. and Finally we have an option to add a Javascript to hide that DIV tag.

Trick:   We can use school level Math to Fool the engines and make a div tag Spammy, and to make ID to look different in javascript.

An Example code of the Described type of Attack Could be as follows.

Pentration testing

Explanation

The idea is simple as we can see id=10 and we are accessing it through javascript by (5*2) . Malware generates a random number , lets say ('X'), and doubles the number then use it as spam <DIV> tag. Finally using the Multiplication Operator to let the Search Engine Bots think that its legit and trustworthy.

References

http://sans.org
http://resource.infosecinstitute.com

How Hackers Hidding Spam Codes Now

Description: Hackers hiding/obfuscating the spam codes in a tricky way so that the Search Engine bots can't get them, here is a simple demo/Example.
  • Uploaded by: Unknown
  • Views:
  • Category:
  • Share

    2 comments:

    1. CLASSIC CYBER HACKS
      How well are you prepared for a Cyber incident or Breach?, Is your Data safe?
      Strengthen your Cybersecurity stance by contacting CLASSIC CYBER NOTCH @ GMAIL DOT COM for a Perfect, Unique, Classic and Professional Job in Securing your Network against all sort of breaches and from scammers as well.
      For we are Specially equipped with the Best hands to getting your Cyber Hack needs met as your jobs will be handled with utmost professionalism.

      We do All type of cyber Jobs such as:
      ☑ TRACKING of GPS location, cars, Computers, Phones (Apple, windows and Android), e.t.c.
      We also Track
      E-MAIL account,(G-mail, Yahoo mail, AOL, Proton mail, etc.)
      SOCIAL MEDIA account, (Facebook, Twitter, Skype, Whatsapp, e.t.c.)

      ☑ RECOVERY of Passwords for E-mail address, Phones, Computers, Social media Accounts, Documents e.t.c

      ☑ INSTALLATION of Spy ware so as to spy into someone else's computer, phone or E-mail address and also Installation of Spy ware software on your individual O.S so as to detect intrusion of any type.
      We also Create and Install VIRUS into any desired computer gadget.

      ☑ CRACKING Websites, any desired gadget it computers or phones, CCTV Survelance camera, Data base (of both Private and Govt organization, such as Schools, Hospitals, Court houses, The FBI, NSA) e.t.c....

      NOTE:
      Other Jobs we do are:
      ☑ We provide Private Investigator service
      ☑ Clearing Criminal records of diverse type
      ☑ Binary Options fraud Recovery
      ☑ Bitcoin Mining
      ☑ Issuing of Blank ATM cards
      ☑ And many more... etc.

      We assure you that your Job will be attended to with care and efficiency as it will be handled by the Best professional hands in Cyber literacy.
      We also have a forum where you can get yourself equipped with Advanced hacking Knowledge..

      CLASSIC CYBER HACKS gives you the Best service in the Hacking world as our Success rate is Top Notch

      Be sure to 📱 💻 us via E-mail @

      Classic cyber notch at gmail dot com

      any time, any day to get the Best Professional hands involved in putting a smile on your face.
      We're Classic Hacks

      Signed,
      Collins .A.

      ReplyDelete

     
    Copyright © HACK | Designed by Muhammad Adeel | Founder UrduSecurity