latest articles

Exploiting XSS for Full System Access: Beef Exploitation Framework


Today we will discuss that how we can exploit XSS for full system access or for running command on a victim computer.

Their are two main types of XSS reflected and stored.

Stored XSS means where we can store XSS vector permanently on server such as in database or message forums. Then the malicious script is executed when user tries to retrieve the information.

Reflected XSS  are those where the injected script is reflected off the web server, such as in an error message, search result. Reflected attacks are delivered to victims via some other methods, such as in an e-mail message, or on some other web site. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a "trusted" server.

Lets start exploiting it.

In the exploitation we will use the a tools which comes is Major linux distribution know as BEEF exploitation framework.

If this tools is not currently installed on your system give this command in terminal to install it 

>>>sudo apt-get install beef

It will install it in seconds and then you are ready to exploiting the XSS.
Now start beef exploitation framework UI in your browser. You can easily type beef in your terminal to know where the UI is situated but if you can do this you have and alternate option beef framework always works on port no 3000 so just check your ip address with command 
>>> ifconfig

copy the ip address and visit this link 

Now it will take you to the login panel of beef framework it will look like this

Default Username:Password is beef:beef

Now login to this and it will take to to this page

here click where i located with small arrow mark 
it will take to the url like this 

copy this and create a XSS vector like this 

Now Store this XSS vector or if you are exploiting the reflected XSS then short the whole url using any url shorten service like 

After storing the XSS or in reflected when user click the XSS vector link 
It will show you his ip address the many information about his browser and pc 
like this 

Now click on the command portion and you can run command on victim computer

Now you can do what you want 

Hope You enjoyed this post this post if you have any suggestion please let me know
fell free to comment

Jitendra K Singh and Sooraj Shekhar

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Read more

Bypassing Password requirement during closing of account: Shopify Bug

Hi Ck lover

Today I am sharing how I bypassed the password requirement during closing of shop which have a trial account on Shopify.

Shopify requires password for closing of shop and once you closed the shop you have to buy a existing plan to reopen it.

So if you navigate to account > close shop it will ask for a password to close it.
after entering the password it takes a survey why I closed my shop after that survey the shop is deleted.
But after submitting the survey a plain request goes without password to delete the account.
There is not validation there.
the request looks like this 

POST /admin/account HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: <redacted>
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 216

You can see there is method=delete in this request but there is not validation of password here so i can grab a authenticity token by saving any of my account detail and capturing the request with burp then craft this request using you cookie and forward the request it will delete the account without any password requirement.

You can find more details here

This issue is now patched and they awarded my 500$ for reporting this issue

Jitendra K Singh (Team Computer-Korner)

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Read more

TheHarvester: An Information Gathering Tool

Today we will discuss how we can use TheHarvester tools which comes inbuilt in Kali Linux and in many leading linux distributions like Backbox

What is TheHarvester?

TheHarvester is a information gathering tools which can gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

Using TheHarvester :-

1. Open terminal of Backbox and type theharvester and press enter 

2. Now there is some option you can use for this tools.

-b = This is used for specifying the search engine you want to use for your finding 
-d = This is used to specifying the domain for which you want to gather the information 
-l = This is used to limit the number of search
-f = This is used for saving the information in an html file.

3. Now lets start using it 

type this is command terminal 
backbox@backox:~$ theharvester -d -b google -l 200

here as i specified above i am searching for via google search engine and limited the search result to 200 

there are some other option you can use 

-v = This is used to verify the host name via DNS resolution and then it will search for virtual hosts
-n = Perform a DNS reverse query for all the ranges discovered.
-c = Brute force for the domain name.
-e = You can specify a DNS server for use by this 

You can get more information by typing 
theharvester -help

thats all for today hope you enjoyed it 

Jitendra K Singh & Sooraj Shekhar (Team Computer Korner)

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Read more

Scapy: More with sending and receiving packets

Hi dear followers ,
Sorry for the delay in this post but here it is as I discussed in the last post that how can we send more complicated packets with Scapy now as I told you earlier that we will talk about a port scanning technique via Scapy and how can we specify more then 1 dport so lets start today's Post.

So what are ports?

In networking field port refers to the endpoints of operating system which helps us in communicating with servers via many protocols.
Like there is USB ports in computer these port are also same like them but they are not physical they are virtual.
Each port have a specific protocol running on it like on port 80 http protocol is running if a computer connects to a service with a specific protocol then this dedicated port handles the request of receiving and sending data packets.

What is Port Scanning ?

By port scanning we can know which virtual ports are opened on a specific machine like if port 80 is opened there or not and can gather many other info via port scanning.

TCP connect :-

TCP connect is a 3 way handshake between the user also known as client and server. If the three way handshake has been taken place the communication has been established between user and the server.

IF port is open:-

Let suppose we want to connect to port 80 so this three way handshake will take place like this.
first of all client will try to make a connection with the port by sending a TCP packet to port 80 or where it wants to connect with SYN flag set and port specified.
Now if the port is open then the server will reply with a SYN-ACK flag set TCP packet.
Now the client will send a ACK RST flag set packet in the final handshake.

If port is closed:-

Now in other hand if a client sent a SYN flag set TCP packet with port and the server replied with a RST flag set packet then the port is closed.

How We can Specify more than one port in Scapy ?

In Scapy specifying more than one port is easy we use "[ ]" for specifying more than one port in dport. lets take a example.

Begin emission:
.**Finished to send 3 packets.
Received 4 packets, got 3 answers, remaining 0 packets

Now if we look at the result using ans.summary command then it gives output like this 


P / TCP 192.168.XX.XX:ftp_data >192.168.XX.XX :telnet S ==> IP / TCP > 192.168.XX.XX:ftp_data
RA / Padding
IP / TCP 192.168.XX.XX:ftp_data > 192.168.XX.XX:http S ==> IP / TCP 192.168.XX.XX:http > 192.168.XX.XX:ftp_data SA /
IP / TCP 192.168.XX.XX:ftp_data > 192.168.XX.XX:domain S ==> IP / TCP 192.168.XX.XX:domain >
192.168.XX.XX:ftp_data SA / Padding

So here you can look that there is two values SA/Padding and RA/Padding
SA= SYN ACK flag set
RA= RST ACK flag set 

Now you can easily determine which ports are opened and closed
So now you look that the scapy has worked like a port scanner as well.

Defining source port and Flag Set:-

Basically Scapy works on port 22 but we can also specify the  source port and flag set with  scapy.
You can specify source port with any number you want let specify it with flag set


here flag="S" specifies that SYN packets will be sent by scapy.
and you can specify the sport to any of your desired value.

I think  its too much for today.

Wait for next post i will write it as soon as i get time. till then stay tuned and suggestion are welcome feel free to comment.

Jitendra Santram Singh  & Sooraj Shekhar (team Computer Korner and I-HOS)

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Read more

Scapy: Sending and Receiving Crafted Packets


So you are now able to move forward in you packet manipulation tutorials with Scapy.
In previous tutorials we learnt how to create a simple packet and after that how to add more values to it since Scapy uses default values if they are not added there.

So in this tutorial we will learn about how to send and receive packets using Scapy.
In Scapy we use three functions for sending and receiving packets. these are 

sr(): This is used for layer 3 protocols by using this function we can send packets and receive their answers. this returns a couple of packet their answers and unanswered packets.

sr1(): By using this function it it returns only one packet that answered the sent packet.

srp(): this function does the same which sr() and sr1() do but for layer 2 packets.

So now lets sends a simple packet.

Begin emission:
.Finished to send 1 packets.

Received 2 packets, got 1 answers, remaining 0 packets

here I want to elaborate some more info like i told you in the previous post if you have a crafted packet before you can send the same using this command

>>>response=sr(packet_name) or 

Now if you use sr1() function I told you above it will show you the first answered packet.

Now if you want to look at your packet simply type

here "packet" is name of packet we given to the crafted packet.

So now lets try to add more to packet and sending that using our own payload

>>>packet=sr(IP(dst="192.168.XX.XX")/TCP()/"hello admin")

here packet is the name of packet

so you can add your own payload and sent the packet to its destination.

and now lets try specifying the port number to the destination IP address so lets do it

>>>packet=sr(IP(dst="192.168.XX.XX")/TCP(dport=80)/"hello admin")

so here I specified the port number on the destination IP which this it will be received.

lets try specifying Source IP address

>>>packet=sr(IP(dst="192.168.XX.XX", src="192.168.XX.XX")/TCP()/"hello admin")

here I specified the source IP address with src fuction. It will add the source IP to the crafted packet

Now lets specify the TTL (time to live) value in the packet

>>>packet=sr(IP(dst="192.168.XX.XX", src="192.168.XX.XX",ttl="128")/TCP()/"hello admin")

Thats all for this post.

In this post You have learnt how to send and receive packets and also sending some complimated crafted packet.
So in next post we will learn about how we can add more values to our packet and can make it more complicated packets like specifying source port adding and how to specify port ranges ( this is how a port scanner works)

Stay tuned

Jitendra & Sooraj Shekhar (Team Computer Korner) 

Special Thanks Gurpreet Singh

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Read more

More Fun with Scapy


Somedays ago I posted about manipulating data packets with Scapy. That was a simple packet but lets see how we can add more to it like src address and ttl value.
So lets start

1. So lets craft a packet first open terminal start Scapy by typing Scapy.
2. Now craft a simple packet again

>>> packet=IP(dst="192.111.XX.XX")/TCP(dport=80)/"hello world"

This was a simple packet now lets make it more complicated by adding the source IP and Time to Live value(TTL) value.
First we will add the Source IP

>>>packet=IP(src="192.168.XX.XX", dst="192.168.XX.XX")/TCP(dport=80)/"hello world"

here I used a new term src. src refers to the source IP address from which the packet has been sent to the destination IP.
this is very important to add a crafted source IP if you dont to want to reveal the real source IP.

Now lets  make it more complicated by adding TTL value

What TTL means ?
TTL is a timer value included with the packet sent over TCP/IP based networks which tells the recipients how long to whether use hold it and use it before discarding the packet.

You can also determine the OS running on host computer with TTL value like windows OS have the TTL value 128.

Lets craft the packet with TTL value, We will use ICMP(Internet Control Message Protocol ) protocol for this.

>>>packet=IP(src="192.168.XX.XX", dst="192.168.XX.XX", ttl="128")/ICMP()/"hello world"

So you can easily craft data packets using the src and ttl  value.

So in this tutorial we learnt how we can modify our packets. This is very important because if you are not modifying the packet scapy will use the default values to before sending a packet you have to modify it with your own modification

So do you having more fun with Scapy

I will be doing more posts about crafting more complicated packets.

But before We will talk about how you can send the packets.

If you need help feel free to comment.

Sooraj Shekhar (Team Computer Korner)

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Read more

Clarification about the hack on Oxigen Wallet

We have a clarification about a post posted some time ago the post was about oxigen website hack.

We want to clarify wallet is safe.
As we are also oxigen wallet user. We have just came to know that it was just an webpage attack and it does not relate with oxigenwallet secured servers. So we would like to update that a  small temporary attack on a website page by attackers does not cause wallet users to suffer any loss or damage and that their money is safe and secured in Oxigen WalletThe internet pages are vulnerable to attacks despite best security measures/standards; responsible online companies do prepare for such intrusion and build security measures not to compromise the data/information/assets of their customer. Oxigen Services (India) Private Limited (“Oxigen”) too has built in such measures. The wallet money does not rest on a website page nor with the company and they are secured by way of cautious deposit with appropriate banks/other modes. Access to mobile wallet is an ultra secured access. Web site page attack does not cause any impact on wallet security.

" A small temporary attack on website page by attackers doesn't cause wallet users to suffer any loss or damage and that there money is safe and Secured in Oxigen wallet "

We want to apologies for that 

Thank you 
Team CK

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Read more

Scapy: Art of Crafting and Manipulating Data Packets

Hi there

After my post on Securing WordPress I am here again with a new topic called crafting and Manipulating data packets with Scapy.

What is Scapy and why it is used ?

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).

It comes pre-installed in most linux distributions but you can also install it manually if it is not pre- installed.
1. Install python the version of python should be higher then 2.5.
2. Download and install Scapy
3.You have to run it with root privileges because some command may not work with simple privileges.

First Look that if python is installed or not use this command I am using Backbox OS here
backbox@backbox:~$ Python -V
Python 2.7.3

if it is not installed use this to install it
backbox@backbox:~$ sudo apt-get install python

Now after installing python you can run Scapy easily. So lets start packet crafting.

1. Run scapy with root privileges
backbox@backbox:~$ sudo scapy

It will show you response like in the image

2. For available Protocol support you can type command  ls() and press enter it will show you all available protocols

3. To know more about a specific protocol just type ls(protocol) lets take example of ARP protocol shown in the image type ls(ARP) press enter it will show you the available commands of that protocol.

So after these lets start Crafting data packets. Now type this command to craft your first packet

>>> packet=IP(dst="xx.xx.xx.xx")/TCP(dport=80)/"Hello world"

and press enter it will . What does several components of this command means

IP=The type of packet you want to create I am creating and IP packet here.
dst=  It contains IP address of destination where you want to send the packet.
/TCP= You are creating a TCP packet with default values of scapy
dport= Destination port 
/"hello world": The payload of packet.

So after crafting the packet if you want to know the details of packet simply type ls(packet)
it will show you a response like this
 here src= source IP 
dst= destination IP

Now there are two more option for packet details 
Just type packet  OR type packet.summary 
It will produce a result like this

So congratulation you successfully crafted a packet

Stay tuned for more

Thanks You
Jitendra K Singh

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Read more