How to create a bootable pendrive of kali Linux

In this tutorial we are going to learn how to create a bootable pendrive of kali Linux. Recently offensive security have released kali Linux. Its designed for the security researchers and pentesters and it have so many inbuilt tools. Now to create a bootable pendrive of kali Linux we need Universal USB Installer, using it we can install any Linux operating system very easily. Download Universal USB installer and then simply plugin your pendrive and open the universal USB installer and then choose your Linux distribution and locate it using Browse button and click on create.

You might also like:
                         Create Bootable pendrive of any windows OS

 

After that one window will popup and it will extract all the files in to the pendrive and then we have done just restart your computer and boot kali Linux from your pendrive.

Introduction to Cross Site Scripting (XSS)

Cross site scripting also known as xss, it’s a most common web application vulnerability and widely spared over the cyber space. Cross site scripting (xss)  allows an attacker to run his own client side script (mainly javascript) in to the web pages viewed by the users. Cross site scripting comes in to the picture when some of the input fields (like search box, comment box, ) in the websites executes the commands instead of reading it. In the typical XSS, an attacker can inject his malicious javascript code in the website and when user visits the injected page then the malicious javascript code will be executed !!

 

Suppose an attacker have found the XSS in the PayPal and inject malicious script, and when the victim opens the injected webpage an attacker  can redirect the victim to the fake PayPal login page (phishing website) and he can also hijack the session of the victim and he can get the full access to anybody’s PayPal account using these attack !!!

Cross site scripting Attack (XSS Attack)

1. Finding the vulnerability
Attackers uses the search engine to find the XSS vulnerability in the website and they simply use the Google dorks like “inurl:.php?q=” (its just one simple dork example you can make your own dork too!) to find the xss vulnerability.

2. Testing for the vulnerability

Now we have some of the links (we already got it using Google dork) and now we have to taste if for the cross site script vulnerability now search for “<script>alert(“HFS”)</script>” and search for it and if our alert command got executed then the website is vulnerable to the cross site scripting !!

Types of XSS

There are two types of the cross site scripting (XSS), XSS reflected and XSS stored.

1. XSS Reflected

XSS reflected or Non-Persistent XSS occurs when the web page just executes the java script code in to the browser. like we have tested above the web page executes the alert command in through the search box.

2.XSS Stored

XSS stored or Persistent XSS occurs when the webpage saves the malicious javascript in to its database and most of the time the comment are vulnerable to XSS stored vulnerability. When attacker injects his malicious javascript in the comment box then the malicious javascript will be saved into the server’s database and when the victim opens the injected  web page at that time the malicious javascript will be executed !! and using this kind of attack attacker can redirect the user to the phishing website or he can hijack the sessions of the victims.

The information provided in the article is for matter of interest and educational purpose only.If you have any question about the XSS attack then feel free to ask !!

Promote your blog/website/product with Hack For Security

Hello everyone now we are giving you the opportunity to promote your blog/website/product with hack for security.

Why you should promote with us ?

We have 4500 average page views daily

Hack for security gets 4500 average page views daily and 90% users are comes from the search engine and 10% users comes from the social networking sites. So your advertisement will have at least 4500 impressions/day.

We have 2800+ Feed burner subscribers !

 Hack for security have 2800+ feed burner subscribes so when the new post get published at that time 2800+ people will get the message in to their inbox !

We have 7000+ facebook fans 

Hack for security have 7000+ facebook fans so when we promote our posts on facebook pages then it will increase the visits and it will also increase the impressions of the ads.

We have just two advertisement block in the right sidebar 300X250 so hurry up !!! Contact us for more information about the advertisement !

How to setup your own LAB for Sql injection and XSS #Ethical hacking

Hey after long time today I am going to share one awesome article and yes you may have learned the sql injection from HFS and now today we are going to learn how to setup own security lab for more practice and to take a grip on the sql injection. so, follow the simple steps to create your own security lab.
1. Download xampp server
2. Now install the xampp server (It hardly take 10 min. for the installation process.)
3. Now download Damn Vulnerable Web Application 
4. Extract the rar file on the desktop 
5. Now open the xammp and start all the services

6. Now go to C:\xampp\htdocs and delete all the folders and paste our dvwa folder there.
7. And just open firefox or google chrome and type “local host” in the address bar and click on dvwa (default id and password of the dvwa is admin and password ) And you have done !! (if you are confused then simply watch the bellow video for installation)

 

Using damn vulnerable web application you can learn many other things too like xss, File Inclusion,CSRF.Brute Force attack,Command Execution and many more things. You can also change the security levels to high, medium and low.

Questions ??

If you have any question then feel free to ask

We have lunched our new blog !!

Surprise!!!!  we have lunched our new blog, hello everyone today i am very happy to share one news that we have lunched our new blog named Photoshop cs zone. In that blog i will share the best Photoshop tutorials and effects. Stay connected with Photoshop Cs Zone.

Photoshop Cs Zone

Block your website from scanners

Hackers uses the scanners to scan the website and to find the security vulnerability. And today I am going to share one trick to block all the scanners to scan your website. Here I am sharing one script Just add that script in to the .htaccess of your website and it will block all the security scanners like Acunetix, nessus, Openvas etc.

 

 

 

RewriteEngine On
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR]
RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR]
RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SF [OR]
RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR]
RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR]
RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR]
RewriteCond %{HTTP:Acunetix-Product} ^WVS
RewriteRule ^.* http://127.0.0.1/ [R=301,L]
</IfModule>

Just add above code in to the .htaccess of your website and all the security scanners will be blocked

Collection of Top 10 Deface page

What is deface page ?

After getting admin access in the website hacker will upload his own control penal that’s called the shell and with the help of the shell hacker will Edit the index page of the website and he will change the index page coding so that website can be called the defaced website. And the index page is called the deface page. And the deface page is coded in the simple html language.

 

 

Top 10 deface pages

You don’t have enough time to code the deface page ? well here I am sharing the top 10 deface pages ever.

1- Happy Birthday Deface Page

When you want to wish Happy birthday to some special people then you can use this deface page.
Live Demo : Download

2- Deface Page For Long Messages + Video
When you have to send the long message then you can use this deface page, this is a pro. deface page Designed By Ffessxt Prince Indishell.
Live Demo : Download

3- #opFreedom Palestine,
Deface page with free Palestine message, Designed by The Hackers army
Live Demo : Download

4- Lovely deface Page for Your Girlfriend or loved one
This deface page is designed by the MInhal for his Girlfriend  you can use it for your loved one :D
Live Demo : Download

 

5-Multi color deface page
This is just awesome deface page I liked this deface page personally.
Live Demo : Download

 

6- Simple Black Deface Page
Designed by Hax root
Live Demo : Download

7-Matrix Style Deface Page
Designed by ShOrTy420
Live Demo : Download

8- Awesome  #opFreedom Palestine Page with New Functions
this page designed by Syakila Daniel
Live Demo : Download

9- Awesome Matrix style Deface Page
Designed by coded32 
Live Demo : Download

10- Romantic deface Page with Roses
designed by Deepak  Carpenter
Live Demo : Download

All the deface pages are shared in the pastebin and you can easily edit it and save it index.html and anything you like .html.

credit:devilscafe.in

Improve Backtrack5

Backtrack is specially designed for the security researcher and hackers. Its most awesome operating system with lots of the tools but in this operating system we have to add some of the basic application to improve the performance of the operating system. We have to install some of the basic application to use backtrack5 daily. There are 12 basic applications to install in the backtrack5. Now just open your backtrack terminal because in this operating system we have to enter the commands to install the applications.

1. Software Center

Software Center helps you to manage the applications and to search the applications to install Software Center enter the following command in your backtrack terminal.

apt-get install software-center

This command will install Ubuntu software center using that you can search your installed application and you can also install application with just a single click.

 

2. Messenger

To install Messenger in the backtrack enter the bellow command in the terminal and hit enter

apt-get install empathy && apt-get install pidgin

Using this messenger you can be connected with yahoo, Facebook etc.

 

3. Screen Recorder

xvidcap is best screen recorder for the backtrack I have used it for 5-6 time and I personally liked it.
To install screen recorder just enter the following command in the terminal.

apt-get install xvidcap

 

4.Team Viewer

You have to download it from their official website and you have to add the following command to install the team viewer.

root@bt:~# cd Downloads
root@bt:~/Downloads# dpkg -i teamviewer_linux*.deb

5. For archive extraction

Install ark archive in the backtrack5 by adding the following command in the terminal

apt-get install ark

 

6. FTP client

To install FTP client into the backtrack add the following command in the terminal

apt-get install filezilla

 

7. PDF Reader

Install PDF reader into the backtrack 5 add the following command in the terminal

apt-get install xpdf

And now you have done ! now you can easily use Backtrack daily base :)

Top 3 Penetration test E-book

After publishing many tutorials on hacking today I am going to share my three fav. Penetration test E-book named Metasploit Penetration, Nmap cook-Book, Net cut Power tools. you can download these books from the bellow links.

 Metasploit Penetration | Nmap cook-Book | Net cut Power tools