echo "0xHat Security"

 "This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.The pcap file used in this example is from a CTF challenge " Protocol - Hypertext Transfer Protocol - Used for exchanging or transfer hypertext  Connection Type - TCP  So the challenge scenario is something like this .  Find the username and passport for the bacis http authentication. So to solve this challenge I will use Wireshark. First I load the pcap file in Wireshark. In the filter bar I will write "http" so that it displays the packets matching the HTTP protocol only. Now we will analyze the first capture and right click on it and select "Follow TCP Stream". After analyzing the we will find that the page is protected by Basic Http Authentication.  GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* Accept-Language: en-us Accept-Encoding: gzip, def

 "This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.The pcap file used in this example is from a CTF challenge " Protocol - Simple Mail Transfer Protocol - Used for sending emails Connection Type - TCP Commonly Used Commands : HELO , MAIL , RCPT ,  So the challenge scenario is something like this .  Find the username and password of the SMTP authentication. So to solve this challenge I will use Wireshark. First I load the pcap file in Wireshark. In the filter bar I will write "smtp" so that it displays the packets matching the SMTP protocol only. In SMTP we need to authenticate before we can send any mail . After applying the filter we can see the details of the SMTP . We can find the info by looking at the output or we can also get the details by following the TCP stream at "Authentication Successful" . So I will right click on that and selec

CAUTION     "This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.The pcap file used in this example is from a CTF challenge " Protocol - Simple Mail Transfer Protocol - Used for sending emails Connection Type - TCP Commonly Used Commands : HELO , MAIL , RCPT ,  So the challenge scenario is something like this .  Find the senders email address and the recipients email address of the SMTP transfer out of the pcap file . So to solve this challenge I will use Wireshark. First I load the pcap file in Wireshark. Now my objective is to find out the senders and receivers emails. So in the filter bar I will write "smtp" so that it displays the packets matching the SMTP protocol only. In SMTP we need to authenticate before we can send any mail . After applying the filter we can see the details of the SMTP . We can find the info by looking at the output or

CAUTION "This tutorial should be used for educational purpose only. I won't be responsible if you misuse this techniques and get yourself in trouble.The pcap file used in this example is from a CTF challenge " Protocol - File Transfer Protocol - Used for transferring files from one host to another.  Connection Type - TCP Commonly Used Commands : USER , PASS , RETR So the challenge scenario is something like this .  Extract the credentials required for the FTP Authentication out of the pcap file . So to solve this challenge I will use Wireshark. First I load the pcap file in Wireshark. Now my objective is to find out the credentials required for the ftp authentication . So in the filter bar I will write "ftp" so that it displays the packets matching the FTP protocol only. Now if we look closely at the results we will see a lot of response codes . The response "230 User Sandy logged in" is pretty interesting.   So I will right

Hello , While Penetration Testing I found out one interesting thing .  If you use external scripts from other domain then you should be careful and cautious about the http cookie access. Certain time it can happen that you need to include scripts from other domain. But if you are not  taking  enough  care of security practices, then other users account can be compromised by session hijacking and session fixation even if your website is not vulnerable .  Confused ? Okay I will make it easy. What will happen if the web server from where you are including the external JS scripts is compromised ? Well you may think that's not a big deal because that's not the server where the developer is hosting the website.  But what if I modify that external JS script of the compromised server ?   Anyway I wont speak much and will give you a small demo instead. Here is the source code of the external JS file located at 192.168.42.145. This code return a random quote from an array.

DNS Part 2 - Linux and Windows Command Line Utilities to query DNS Server Now we are going to deal with some command line utility  1. Host  Purpose - Dns Lookup Utility Platform : linux Usage :  $ host google.com 2. Nslookup  Purpose - Query Internet NameServers Interactively Platform : Windows , Linux (does not support some features like ls) Usage : $ nslookup >set type=A  >google.com Similarly you can try out to query other record type by replacing set type = A to set type=NS  $nslookup >set type=NS >google.com 3. Dig  Purpose - Advanced Dns Lookup Utility Platform : Linux Usage Please note by default dig uses A type record querying  $ dig google.com If you want to query all types of records at once then use this command . $dig ANY google.com Hope you enjoyed this tutorial . In the next part  DNS Part 3 we will learn about some hacking techniques to query the dns server like zone transfers

Hello friends, I am back again with some more tutorials . The whole tutorial is going to be divided in 4 parts .  Part 1 - Basics of DNS Part 2 - Linux and Windows Commandine Utilties to query dns Part 3 - Advanced Tools - Dnsdict6 , Fiere , theHarvester  Part 4 - Bash Scripting to Automate DNS Queries and Security Issues in DNS  Well what is DNS ? DNS stands for Domain Name System. It is used to resolve host name to IP Address and vice-versa. A simple overview of its working It is not possible to remember all the ip address of the system. DNS helps to give a hostname i.e a meaningful name for an ip address since it is easy to remember a name instead of a series of numbers. So when I want to browse any site say google.com I put that address in the address bar. After that the system using DNS query queries the dns server to resolve the ip address of google.com. Say it responds with an answer 74.125.236.41 . Now the browser will intiate a TCP connection to 74.125.236.41 a