Articles by "Tricks"
Showing posts with label Tricks. Show all posts

Simply put, XSS is an underrated vulnerability. Well, there are a couple of good reasons:

xss

  • It’s a client side vulnerability
  • White hats just need that popup for POC (most of the times)
  • Most of the blacks hats don’t understand enough JS to create money out of XSS

I mean you'll be able to virtually impersonate the user, its superb. There square measure heaps of stuff you will do with XSS which can additionally cause you to look cool on the web. I don’t know much but I have listed a few things here to give you an idea.

  • Ad-Jacking - If you manage to urge keep XSS on a web site, simply inject your ads in it to create cash ;)
  • Click-Jacking - You can create a hidden overlay on a page to hijack clicks of the victim to perform malicious actions.
  • Session Hijacking - HTTP cookies can be accessed by JavaScript if the HTTP ONLY flag is not present in the cookies.
  • Content Spoofing - JavaScript has full access to shopper facet code of an internet app and thence you'll be able to use it show/modify desired content.
  • Credential Harvesting - The most fun part. You can use a elaborate popup to reap credentials. WiFi firmware has been updated, enter your credentials to authenticate.
  • Forced Downloads - that the victim isn’t downloading your malicious flash player from absolutely-safe.com? Don’t worry, you will have more luck trying to force a download from the trusted website your victim is visiting.
  • Crypto Mining - yes, you'll use the victim’s CPU to mine some bitcoin for you!
  • Bypassing CSRF protection - you'll be able to build POST requests with JavaScript, you'll be able to collect and submit a CSRF token with JavaScript, what else does one need?
  • Keylogging - You all know what this is.
  • Recording Audio - It needs authorization from the user however you access victim’s electro-acoustic transducer. Thanks to HTML5 and JavaScript.
  • Taking photos - It needs authorization from the user however you access victim’s digital camera. Thanks to HTML5 and JavaScript.
  • Geo-location - It requires authorization from the user but you access victim’s Geo-location. Thanks to HTML5 and JavaScript. Works better with devices with GPS.
  • Stealing HTML5 internet storage information - HTML5 introduced a brand new feature, web storage. Now a web site will store information within the browser for later use and after all, JavaScript will access that storage via window.localStorage() and window.webStorage()
  • Browser & System procedure - JavaScript makes it a bit of cake to search out your browser name, version, put in plugins and their versions, your operating system, architecture, system time, language and screen resolution.
  • Network Scanning - Victim’s browser is abused to scan ports and hosts with JavaScript.
  • Crashing Browsers - Yes! You can crash browser with flooding them with….stuff.
  • Stealing info - Grab info from the webpage and send it to your server. Simple!
  • Redirecting - you'll be able to use javascript to send users to a webpage of your selection.
  • Tab-napping - Just a fancy version of redirection. For example, if no keyboard or mouse events are received for quite a second, it could mean that the user is afk and you can sneakily replace the current webpage with a fake one.
  • Capturing Screenshots - due to HTML5 once more, now you can take screenshot of a webpage. Blind XSS detection tools are doing this before it absolutely was cool.
  • Perform Actions - you're dominant the browser, can’t you feel the power? Got XSS on a social media site? You can send messages, modify information and…..you get the idea.

Next time you discover associate XSS vulnerability, try submitting an exploit to steal data or stuff as a POC. I am not a bug hunter and that i don’t apprehend if which will get you paid a lot of however i believe it ought to.

GENERAL INFORMATION


VPN:
I will forever suggest a VPN even supposing you will have already got socks this adds additional security to your system, the simplest method of doing this is often connecting to your VPN and once connected then connect with your socks this offers a double defence wall.

There area unit several VPN suppliers some area unit low-cost some area unit dear this all goes all the way down to preference, in person i take advantage of GoCryptic as they provide each open port and closed port accounts and better of all you'll be able to get a lifetimeaccount with unlimited use for underneath $50, use the link below to see them out.
https://www.gocryptic.com/

SOCKS
Like VPN socks area unit simply found however they'll price loads from supplier to supplier, I extremely advocate VIP72 as you'll be able to get an infinite account for $33 per month and that they have 1000’s on there able to go and there computer code is admittedly simple to use. please realize the link below to see them out.
http://vip72.asia/

PIDGIN + OTR INSTALL (ICQ JABBER ETC)
Having artificial language with the add-on known as OTR put in is one in every of the simplest ways in which of instant electronic messaging trickery keeping custard apple (ICQ JABBER ETC), several vendors among the markets and forums can use this IM for them reasons, i'll guide you thru the install of each artificial language and OTR,if you're unsure however it works,dont worry by the time you've got finished following my step by step you'll have a completely operating artificial language and OTR with no unseaworthy informatics you'll realize the step by step guide later within the guide.,please realize each links below
https://www.pidgin.im/
https://otr.cypherpunks.ca/index.php#downloads

MAC ADDRESS CHANGER (SPOOF ER)
This is particularly necessary once carding or doing any “illegal” activity on the web however not solely that i take advantage of it additionally to stay off the microwave radar for sites I don’t actually need chase Pine Tree State. the simplest mackintosh Address Changer in my opinion is “Technitium mackintosh Address Changer” AKA “Tmac” this is often a

simple one click answer which needs no expertise thus makes it particularly sensible for people that don’t understand a lot of once it involves this, that's why I even have enclosed this in my guide, please realize the link below
http://www.technitium.com/tmac/

DISTRIBUTED BY AllAboutCarding 

For Credit Cards,Paypal Accounts,Bank Accounts and a lot of tutorials check up on my store

 Evolution market: http://k5zq47j6wd3wdvjq.onion/store/34615

CCLEANER
CCLEANER may be a one click browser cookie and history remover this {can be} a paid computer code however can be found on torrent sites for gratis, removing cookies and history from your computer may be a

MUST DO
 operation, by not doing this makes it really easy for your system to leak your informatics, i like to recommend doing this everytime you head to modification your informatics i'll be explaining a lot of later within the guide, I even have not enclosed a link however if you're not comfy finding torrents be at liberty to PM Pine Tree State and that i can transfer a duplicate to Anonfiles for you.

HDD SERIAL variety SPOOFER
Some sites really will see this, like Paypal thus for additional security I even have additionally enclosed this within the guide, this is often another straightforward one step answer computer code, please realize the link below.
https://www.raymond.cc/blog/download/did/1092/

CMD (COMMAND PROMPT) WINDOWS
If your mistreatment windows then prompt is extremely usefull once dynamical your informatics, i'll get thereto later within the guide.
SETTING UP artificial language + OTR (ICQ / JABBER)

SETTING UP A ICQ ACCOUNT
This is really quite sure bet steps below

1.   Head over to

http://www.icq.com/join/en

2.   Enter any first and surname (always use fake)

3. it'll raise you to enter a signal

BYPASS
this by clicking “I do not have a itinerant number”do not enter one however, unless you are doing have a custard apple email if you are doing not then follow step four

4. currently open a brand new tab in your browser and head over to
http://www.fakemailgenerator.com/

 enter any random email address try and keep it particular and write the e-mail down in an exceedingly txt file (just for future use) however don't shut fakemailgenerator tab you'll want this in an exceedingly moment

5.   Enter the faux email within the ICQ signup, enter a positive identification and capture then press register, Associate in Nursing email can currently be sent thereto faux email

6. return over to the Fakemailgenerator tab and you'll see a email show informed there, click to substantiate and you're currently done, it'll direct you to a page were it says you'll be able to transfer ICQ

DO NOT transfer we'll be employing a totally different instant traveler later within the guide

7. within the prime right corner you'll see the name you accustomed produce the account, click that and you'll see “ICQ No.” Copy the ICQ variety and therefore the positive identification you used for the account into the document were you saved the e-mail.

8.   You currently have Associate in Nursing ICQ account fitting A JABBER ACCOUNT

This is additionally a straightforward method, there area unit several Jabber suppliers except for this guide i'll be mistreatment the supplier i take advantage of.

1.   Head over to https://lsd-25.ru:5280/register/new

2.   Enter the username you want

3. underneath the username box you'll see “server:” copy this all the way down to a document you'll want this.

4.   Enter a positive identification

5.   Enter your positive identification once more for “Password Verification:”

6.   Enter the capture

7.   Press Register

8.   You currently have a Jabber account

We will be putting in artificial language and OTR within the next a part of the guide, then adding our ICQ and JABBER account to that.

SETTING UP artificial language + OTR + ADDING ACCOUNTS
I will currently be showing you the way to setup artificial language with the OTR plugin, to be used with each your ICQ and your JABBER account, most vendors and members on the Darkweb use ICQ and JABBER however can solely speak to you if you've got the OTR plugin put in. The OTR plugin permits a safer encrypted speech that is unquestionably required once act with persons from the Darkweb or perhaps any conversations that area unit “sensitive” . Please additionally note that artificial language will leak your informatics if you're not mistreatment once connected to a VPN/or Socks

INSTALLING artificial language + OTR
Firstly we'll install then i'll guide you thru the settings once put in

1.   Head over to https://www.pidgin.im/  and transfer the most recent version of artificial language

2.   Once downloaded run and follow on screen directions and end the install and shut

3. currently head over tohttps://otr.cypherpunks.ca/index.php#downloads and transfer the most recent                  version of OTR

4.   Run the install and follow on screen directions and shut

5. currently head to programs and run artificial language

6.   A window can come back up asking if you'd wish to add Associate in Nursing account simply press shut we'll be            doing that later , currently that the window has closed you'll be at the most screen for artificial language

7. currently at the highest, there's a menu, click on Tools - Plugins

8.  The plugin window can currently air the screen, this {can be} were all the plugins for artificial language can be activated and deactivated, by default plugins you put in won't be activated this includes the OTR plugin that is one in every of the most reasons for folks asking Pine Tree State “I have put in OTR however appears to be not operating in Pidgin” Scroll down on the list and realize “Off-the-record Messaging” and tick the box on the paw facet, this may currently activate OTR.

 currently its time to feature the ICQ and/or JABBER account

9.   On the highest menu click Accounts - Manage Accounts

10. a brand new window can appear, this is often were your listed accounts would be once you've got additional                them, except for currently click “Add..”

11. Please solely follow this step if your adding Associate in Nursing ICQ account

A new window can open known as “Add Account”

1. you'll see “Login Options”  .... we have a tendency to area unit adding a ICQ thus on the Protocol change posture menu please

     select ICQ.

2. currently enter your Username that is your ICQ variety you wrote down on a document after you             signed up.

3. currently enter the positive identification, this is often the one used on check in

4. currently you've got the choice to save lots of the positive identification or not, in person I ne'er save passwords unless its      a laptop i do know no one else uses however this bit is entirely up to you, except for the aim of                 security don't choose to save lots of your positive identification

5. currently press “Add”

 you've got currently setup your ICQ account

12. Please solely follow this step if you're adding a JABBER account

 a brand new window can open known as “Add Account” one, you'll see “Login Options”  .... we have a tendency to area unit               adding a JABBER thus on the Protocol change posture menu please

 choose “XMPP”

2. currently enter the “Username” this is often the one from after you signed up

3. currently enter the “Domain” this is often the “Server” you wrote down from after you  signed up

4. currently enter the “Resource” this is often additionally the “Server” same because the “Domain”

5. currently enter the “Password” from after you signed up

6. currently you've got the choice to save lots of the positive identification or not, in person I ne'er save passwords unless its      a laptop i do know no one else uses however this bit is entirely up to you, except for the aim of                   security don't

 choose to save lots of your positive identification

7. currently press “Add”

You have currently setup your JABBER account

13. Thats it you currently have artificial language put in with OTR that is currently totally safe for reprimand vendors etc please

REMEMBER
Pidgin will leak your informatics thus continually connect with a VPN or Socks before running.

TO USE OTR in an exceedingly speech

To use OTR is admittedly straightforward open a contact you would like to talk to, there window can open, at the highest menu

click OTR then choose “Start personal Conversation” this may currently be personal.

SETTING UP PGP
PGP is Associate in Nursing encrypted message answer, not for conversations except for times after you have to be compelled to provide sensitive

information, like Associate in Nursing address to a merchandiser.

INSTALL
1. take off by downloading GPG4win

http://www.gpg4win.org/

2. currently run the setup

3. choose the language

4.   Click next and next once more

5.   Unselect everything however Klepatora,GPA,GpgEX

6. currently choose your destination folder

7. end the installation

You have currently put in GPG4win currently its time to induce setup

SETTING UP YOUR KEY
So currently we've put in the computer code, we have a tendency to area unit attending to be mistreatment measure thus follow the steps below

1. head to programs and run measure

2. you'll currently be asked if you wish to make a “Private Key” if this box didn't come back up for you head to the

menu at the highest and choose  Keys - New Key.

3. a brand new window can have opened known as “Generate Key” asking your for a reputation simply place any name you wish

even a nickname (please note it's to be a minimum of five characters) then press forward

4. it'll currently raise you to insert Associate in Nursing email, simply insert a faux one and press forward

5. you'll currently be asked if you'd wish to create a backup choose produce backup then click forward

6. you'll currently be asked to enter a passphrase enter one you'll not forget however it should not be simple (write a

backup of your passphrase somewhere simply inclose , it'll show you the way sturdy the passphrase is

7. you'll currently be asked to get into you passphrase

8. currently a brand new window can open known as “Backup Key To File” choose anyplace (I advocate a USB pen)

then click save, your backup has been saved

9.   The computer code could freeze and shut, don’t worry this is often quite traditional and you'll not have lost your key and

will still be setup

You have currently set-up your PGP Key

FINDING YOUR PUBLIC KEY and the way TO USE
A “Public Key” is that the key you provide out thus folks will send you messages

To get your Public Key, open pad then drag and drop the “Backup File” you saved from after you setup

your key, once you've got the file open you'll see “-----BEGIN PGP PUBLIC KEY BLOCK-----” and a load

of random letters etc then you'll see “-----END PGP PUBLIC KEY BLOCK-----” this is often your “Public Key”

copy and paste all of it and put it aside in an exceedingly new file thus you've got quick access to your “Public Key” for instance

when you have to be compelled to provides it someone or simply copy and paste to your profile on the Forum or Market.

DECRYPTING A MESSAGE mistreatment YOUR KEY
The whole purpose in having GPG is so you'll be able to “Send and Receive” messages that solely you and therefore the

Recipient/Sender will read, thus however are you able to read them ? Follow the steps below...

1.   Open GPA

2. choose “Clipboard”

3.   Paste the received message into “Clipboard”

4.   Press “Decrypt”

5. sort in your “Passphrase”

You will currently be ready to see the encrypted message.

SENDING USERS ENCRYPTED MESSAGES
Sending encrypted messages is ideal for “sensitive” knowledge like your address for receiving merchandise you

have purchased from a merchandiser, to try to to that please follow the steps below

1. realize the users Public PGP key it's nearly always within the profile if not simply raise them and replica it

2.   Open GPA

3.   Press CTRL + V the key ought to currently show within the list

4.   Click on writing board

5.   Enter the knowledge you would like to send

6.   Press “Encrypt”

7. choose users Key

8.   Press ok

9. it'll raise you if you “Really wish To Use The Key” simply choose “Yes”

10. you'll see writing board opened once more with a “-----BEGIN PGP MESSAGE-----” simply copy everything and

send it to the one that the message is for

Thats it you've got sent a Encrypted message to someone

HOW TO BECOME custard apple OR seem in an exceedingly

SPECIFIC LOCATION
So one in every of the most things once turning into “ANON” is dynamical your location this may be done by with success

changing your informatics,Mac Address, Keyboard language and geographical zone Settings (Some websites like Paypal will

even see you HDD serial number)

IP’s is modified with VPN’s and proxies as mentioned at the beginning of the Guide there area unit several places to induce

these thus before beginning the steps below please check that you've got a VPN or Socks service and knowledge the

software works, I cannot tell you via the guide the way to use the VPN or Sock computer code because it all depends on

provider to supplier some use open supply computer code like “OpenVPN” and a few use there own computer code.

Please even have the subsequent computer code put in as these are required

CCLEANER
TMAC

So the below steps area unit the precise method I do my security once desperate to explode the microwave radar for namelessness or if

Carding/Paypal then you'll be employing a specific location no matter you reasons area unit its all setup a similar.

STEP BY STEP

1.   Run Ccleaner and clean all of your browsers etc have everything designated it should take a couple of minutes however you

do not wish something that will leak your previous informatics

2.   Open prompt

3.   Enter the subsequent

1. Ipconfig /release (Press enter)

2. Ipconfig /renew (Press enter)

3. Ipconfig /flushdns (Press enter)

4. currently shut prompt

5. currently open your VPN or Socks and connect with a location/Server

If you wish to use each then connect with your VPN then connect with a Sock

6. currently open TMAC and alter your mackintosh Address

7.   If you're employing a country that's totally different to it slow Zone then modification it slow Zone and Keyboard

8.settings to the country you've got used.

Head to

http://check2ip.com/

 this may check if there's any leaks etc if you've got followed the on top of then

you should haven't any issues if you've got any issues it'll tell you what has to be mounted.

IF you're DOING ANY WORK WITH PAYPAL THEN additionally USE A HDD SERIAL variety

SPOOF/CHANGER I even have suggested ONE AT the beginning OF THE GUIDE additionally

PAYPAL will SEE YOUR computer ACCOUNT NAME thus A VMWARE MACHINE WOULD BE

RECOMMENDED

DO THE on top of anytime you alter YOUR IP!!!!! otherwise you can GET LEAKS!!

Thats it you've got currently become custard apple if you've got any issues occur trickery doing the on top of then simply provide Pine Tree State a

message and that i can assist you out.

USEFUL STUFF to grasp (EXTRAS)

● IF you simply wish TO BROWSE the online custard apple THEN TOR will ACT AS YOUR VPN however

DO NOT USE THIS FOR the other REASON like MARKET PLACES, CARDING ETC

YOU WOULD positively want higher SECURITY like VPN AND SOCKS

● I RECOMMEND FIREFOX TO BE YOUR darling selection BROWSER once DOING

CARDING OR ANY criminality I even have detected THIS ONE TO BE the simplest TO

CLEAN (VIA CCLEANER)

● GOOGLE CHROME STILL HAS COOKIES although you've got RAN IT THROUGH

CCLEANER (MANUAL CLEAN IS REQUIRED)

I don't advocate CHROME ANYWAY

● VIP72 HAS SOCKS THAT come back AND GO OFFLINE for instance DAYTIME within the Britain

THERE area unit different Britain thusCKS however in the dark THEY call in loads SO continually strive

TO HIT THE COUNTRY you wish IN THERE “DAYTIME” HOURS

● PAYPAL’S SECURITY will SEE the subsequent

IP - geographical zone - KEYBOARD LANGUAGE - HDD SERIAL - computer ACCOUNT NAME

I hope my guide will assist you and has gave you the knowledge you've got been trying to find, i actually hate it

see posts on the forums were noobs area unit requesting the only recommendation and facilitate and bound members take the piss out of this by charging them for a five minute job. when