tag:blogger.com,1999:blog-20334785946977581212024-03-13T23:16:30.615-07:00HACKhacking, sql injection, how to, hack facebook, javascript, seo, pythonAdeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.comBlogger66125tag:blogger.com,1999:blog-2033478594697758121.post-4945666199143940902015-08-31T02:13:00.003-07:002015-08-31T02:28:19.797-07:00Magento Shopping Cart 0day Exploit
Hi Friends,
Many of you already know that people try to do the things which provide them some fruits. likewise Carders trying to Exploit Shopping carts for getting into the transaction system in order to snatch people's money. Magento is a famous eCommerce CMS. this is the main target also as many of shopping sites are based on this CMS.
Here is a Recent exploit "obviously not found by meAdeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com8tag:blogger.com,1999:blog-2033478594697758121.post-85017549589490865462015-05-02T06:53:00.000-07:002015-05-02T06:53:38.039-07:00Node JS & Command Execution
Introduction
Node.JS is a Cross Platform and
Runtime Environment Where one can execute javascript code, outside the Web
Browser. Node.JS is Very helpful but it has a couple of Killing features which
make it very dangerous and hazardous for a web application. In this tutorial we
are going to discuss one of them, Command Execution in Node.JS, You Folks must
know what is Command ExecutionAdeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com5tag:blogger.com,1999:blog-2033478594697758121.post-62920010461499634592014-12-27T04:08:00.001-08:002014-12-27T04:08:20.098-08:00Cross Site Tracing | WebAppSec
Hey Folks, Let's Have a little look over Cross Site Tracing though many of you know as it is simple and easiest way but still for some of you who don't know what it is. M gonna Demonstrate.
Introduction
XST (Cross Site Tracing) is combined Attack that includes HTTP TRACE METHOD and XSS Techniques. XST Allows an Attacker to see what data is being recieved at the other end of the request Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com2tag:blogger.com,1999:blog-2033478594697758121.post-63603286592794275652014-11-25T07:53:00.000-08:002014-11-25T07:53:02.132-08:00TCP Wrappers in Linux
Introduction
Tcp Wrapper is a Library which provides control access and logging for the services over a server which accepts tcp connections.Most of the Linux Systems are compiled with tcp wrappers. it is a network filter ACL(access control list) that is used to filter the network access.
How TCP Wrappers Help?
helps in system logging
pattern matching access control
verifies the Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com1tag:blogger.com,1999:blog-2033478594697758121.post-2365437612881234332014-11-23T07:22:00.000-08:002014-11-23T07:22:11.671-08:00CRLF Injection - Inject the Headers
CRLF Injection
Introduction
CRLF(Carriage Return Line Feed) Injection is another Web Application Vulnerability which occures due to improper input sanitization in headers fields of a website like, Location, User-agent, Max-Age etc. This vulnerability can cause some highly risky vulnerabilities like XSS, LFI Etc.
Scene Behind CRLF
CR & LF are 2 characters that indicates the end ofAdeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com1tag:blogger.com,1999:blog-2033478594697758121.post-10086862231479866232014-10-25T20:09:00.001-07:002014-10-25T20:09:28.513-07:00How Hackers Hidding Spam Codes Now
Introduction
Hi, Im Muhammad Adeel From UrduSecurity, here Im gonna describe a simplest way with a simple example that how now a days hackers are tricking the Search Engine bots in order to let them think that the injected code is not a spam or they can hide it in a realistic way so that the bots think that the code is legit.
Example
one of the best way to do the job is inserting our Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com2tag:blogger.com,1999:blog-2033478594697758121.post-52213067015748183292014-08-24T11:44:00.001-07:002014-08-24T11:59:44.917-07:00Android Hacking: Hacking Debuggable Android Apps
Hello Readers, Whats Up? Hope You all should be fine enough to read this tutorial. As in previous Article I said that i'll demonstrate that how to attack debuggable android applications. So This tutorial is about Finding and Attacking Debuggable Android Applications.
Before i start the procedure Let's collect the requirements.
Android Emulator
Vulnerable APK Application
apktool
jdb Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com10tag:blogger.com,1999:blog-2033478594697758121.post-77801268325306440612014-08-23T09:39:00.001-07:002014-08-23T09:39:44.399-07:00Android Hacking: Getting Started with Android Pentesting
Hello Fans, currently Busy with a lot of things and i got exams too so i'll be lazy in updating the blog, well let's start Android Hacking as its the hottest topic to be discussed these days. This tutorial is a simple walk through of Android, adb shell & other Android Pentesting tools an sources.
Let's start it , hope you'll enjoy these Articles.
Basically all the Android devices are Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com2tag:blogger.com,1999:blog-2033478594697758121.post-47347368898520251452014-08-21T09:11:00.002-07:002014-08-23T09:39:27.927-07:00Bypass and Crack Android Pattern Lock
Hi Folks, Whats up? Hope You all guys will be fine shine. I'm now going to introduce you from a way to Bypass & Unlock android Pattern Lock. Hope You'll Like This Tutorial. Let's First Collect the Requirements.
Requirements
Rooted Android Device
ADB Shell & Files (Click to Download)
Windows or Linux Environment (Windows is Used in this tutorial)
So guys just check if you have Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com22tag:blogger.com,1999:blog-2033478594697758121.post-9503295329836488742014-07-18T05:20:00.004-07:002014-07-18T05:20:48.763-07:00Hostifier - Dns Misconfiguration Detecter & Dns BruteForcer
Hello Dear Fans, Recently I've just Posted A tutorial on How to Use Pentester ToolKit. Now I'm Here to Blog about My New Tool Which can scan thousands of email in couple of Mintes in order to brute force its domains & Check for DNS Misconfiguration.
Here is How to Get it & Use, I've Partitioned the Process in two parts,
For Linux
open Terminal & type: sudo git clone Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com3tag:blogger.com,1999:blog-2033478594697758121.post-436938543344672792014-07-09T23:44:00.001-07:002014-07-09T23:44:19.201-07:00Playing with Pentester-Toolkit on Windows & Linux
Hello Guys, As You all Know That Lately I've Launched My Own Tool For Web App Vuln Scanning Purposes, that is Pentester-ToolKit & You can Download it From the Link Given Below.
Download Pentester-Toolkit
Its Much Efficient and Supports a handsome number of Modern Day Attack Scanning So its very beneficial for Security researchers or Website Masters in order to Secure Their Websites Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com12tag:blogger.com,1999:blog-2033478594697758121.post-18137392303815221622014-07-02T03:51:00.001-07:002014-07-02T03:51:03.586-07:00Pentesting HttpOnly Cookies
Hello Readers, Currently I've Described an Introduction to HttpOnly Cookies. in This Video you'll Learn How to Check a website For Http Only Flag.
incase of Queries Comment down Below the Post.
Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com0tag:blogger.com,1999:blog-2033478594697758121.post-87245981814566749092014-07-02T01:13:00.002-07:002014-07-02T01:13:58.423-07:00What & Why HttpOnly Flag
Greetings Gentel Men, I'm here to Give a Simple & Understandable concept of HttpOnly Falg. First time This Technique was used by MS-IE Developers in IE-6 with XP-sp1 Version.
HttpOnly
HttpOnly is an Additional Flag in Http Header Response named as set-cookie. and Usually using this httponly falg help in mitigating client side & server side Attacks.
Syntax:
Set-Cookie:Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com1tag:blogger.com,1999:blog-2033478594697758121.post-57986313316472699022014-06-22T08:56:00.000-07:002014-06-22T08:56:32.546-07:00Playing with DATA URL Tags in HTML
Hello Friends,
After a Long time I'm Just Writing a Blog Post but Believe me its Really Fun , and Very Very Deeper Im Gonna TAke you if you really Understood What I'm gonna Describe Below.
Let's Start, Basically Data_Urls in their Base64 Encoded Form can be Used For XSS Filter Bypass. and it gets Serious While working with Firefox & Opera. When Newly Opened Documents Retain Access for Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com1tag:blogger.com,1999:blog-2033478594697758121.post-16157678285690612722014-06-13T02:57:00.001-07:002014-06-13T02:58:27.992-07:00MS Office 2010 Exploit - UrduSecurity
Hello Fans, I'm gonna Share a Private Exploit which is basically gicing an idea of Microsoft office Exploitation. So see video and get the idea how it works.
Download Exploit
Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com1tag:blogger.com,1999:blog-2033478594697758121.post-60180361478974935562014-05-14T23:48:00.000-07:002014-05-14T23:48:49.690-07:00EasyFileSharing StackOverFlow Exploit
Hello firends , In this video I've Demonstrated the Way to exploit Easy File Sharing Server Stack Based Buffer OverFlow , Hope Yoyu'll Like the tutorial , Leave Your feed Back.
Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com0tag:blogger.com,1999:blog-2033478594697758121.post-81026336189549595472014-05-05T09:02:00.001-07:002014-05-05T09:02:51.039-07:00Internet Explorer Zero Day High Level Machines (CVE 2014-1776)
Hello Readers, this is another Sketch and Explanation given by Elastica Inc , Very Well Explanation is Given, Leave your feed Back.
Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com0tag:blogger.com,1999:blog-2033478594697758121.post-72929133588036692902014-05-05T08:40:00.004-07:002014-08-16T02:38:13.622-07:00Naxsi - A Great WebApp Firewall
Disclaimer: This article was first published by Protean Security at naxsi.
In this tutorial we’ll present naxsi nginx module, which provides a WAF (Web Application Firewall) to any application running behind Nginx web server. It works by inspecting HTTP requests and matching the malicious pattern rules in naxsi_core.rules. If a match is found, the malicious request is blocked and never Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com0tag:blogger.com,1999:blog-2033478594697758121.post-36151413046595466442014-04-30T20:10:00.001-07:002014-04-30T20:10:53.006-07:00Shell Uploading
Hello Guyz, Posting after Long time. In this video You'll see How to Upload Shell on victim Site Directly , Hope You'll Like This Tutorial. Actually itss Tutorial For Newbies As i Got Many Inboxes On How to Upload Shell. So Here is the Method.
Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com0tag:blogger.com,1999:blog-2033478594697758121.post-4470684669826833262014-04-30T01:21:00.001-07:002014-04-30T01:21:25.277-07:00Local File Inclusion
Hello Friends, I'm here to show You The way to find and exploit Local File Inclusion vulnerability. Hope You'll Like This tutorial.
See Video
Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com0tag:blogger.com,1999:blog-2033478594697758121.post-33579718477172739412014-04-26T02:53:00.000-07:002014-04-30T02:06:07.831-07:00Submit Your Blog To 220 Search Engines
Hi guys in this video i will tell you How To Submit Your Blog/Website in Search Engines.
Recomended:-Add Meta Tag In Blogger
Diggza is the best web where you can send your website on all Google Search Engines
How To Add Your Site In Diggza
Enter Your Blog Url
Enter Email and Click on check all and click on submit your website is start submitting on search engines
Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-2033478594697758121.post-12098615911310701702014-04-26T01:52:00.002-07:002014-04-26T01:52:17.511-07:00XSS Chalenges bypass
Hello friends, Just Wanna Share Some of My solutions for XSS CHALENGES BY Erling and i Hope You'll Try to Solve Them By YourSelf Too .
Okay Lets start .
Level 0
function escape(s) { // Warmup. return '<script>console.log("'+s+'");</script>';}
Here is no encoding So I'm just gonna Close log and Then Calling alert Function
Solution : ");alert(1)//
Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com2tag:blogger.com,1999:blog-2033478594697758121.post-31303252399795417382014-04-22T08:51:00.000-07:002014-04-22T08:53:05.900-07:00Website Keylogging With Metasploit
Hello Dear Fans, I'm Back with an Intresting tutorial , its Gonna Cover the Mechanism Behind Keylogging Websites with Metasplit.
Download Slides Here
See Video Demonstration.
If You Cannot See video then Use Proxy and visit Here to See video
Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com1tag:blogger.com,1999:blog-2033478594697758121.post-86360002719786828562014-04-21T01:53:00.001-07:002014-04-21T01:53:19.391-07:00ClickJacking - A Highly Risky attack
Hello Friends, Sorry For My Absence n I Hope You've Missed Me :D Okay Lets go Through a Highly Risky vulnerability Known As ClickJacking and I Hope You'll Like This Tutorial .
Download Lab Files & ClickJacking Files Here
See video And As Video I've Embeded in Youtube So If You Can't see Directly then go This Link Using Proxy.
Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com0tag:blogger.com,1999:blog-2033478594697758121.post-71489313101685691802014-04-17T07:13:00.002-07:002014-04-17T07:13:52.512-07:00VOIP SPOOFING - Spoof Caller ID
Hello Friends , I'm Here to Show you the Procedure of Voip Spoofing , Hope You'll Like this tutorial
As Video is Embeded From Youtube So If you Can't See directly Then You Proxy At This Link to see Video.
Adeel Chaudharyhttp://www.blogger.com/profile/05999617865265139230noreply@blogger.com0