Learn Penetration Testing And Ethical Hacking Online.


  • Facebook
  • Popular Posts

    Showing posts with label Tricks. Show all posts
    Showing posts with label Tricks. Show all posts
    21 things you can do with XSS

    Simply put, XSS is an underrated vulnerability. Well, there are a couple of good reasons:


    • It’s a client side vulnerability
    • White hats just need that popup for POC (most of the times)
    • Most of the blacks hats don’t understand enough JS to create money out of XSS

    I mean you'll be able to virtually impersonate the user, its superb. There square measure heaps of stuff you will do with XSS which can additionally cause you to look cool on the web. I don’t know much but I have listed a few things here to give you an idea.

    • Ad-Jacking - If you manage to urge keep XSS on a web site, simply inject your ads in it to create cash ;)
    • Click-Jacking - You can create a hidden overlay on a page to hijack clicks of the victim to perform malicious actions.
    • Session Hijacking - HTTP cookies can be accessed by JavaScript if the HTTP ONLY flag is not present in the cookies.
    • Content Spoofing - JavaScript has full access to shopper facet code of an internet app and thence you'll be able to use it show/modify desired content.
    • Credential Harvesting - The most fun part. You can use a elaborate popup to reap credentials. WiFi firmware has been updated, enter your credentials to authenticate.
    • Forced Downloads - that the victim isn’t downloading your malicious flash player from absolutely-safe.com? Don’t worry, you will have more luck trying to force a download from the trusted website your victim is visiting.
    • Crypto Mining - yes, you'll use the victim’s CPU to mine some bitcoin for you!
    • Bypassing CSRF protection - you'll be able to build POST requests with JavaScript, you'll be able to collect and submit a CSRF token with JavaScript, what else does one need?
    • Keylogging - You all know what this is.
    • Recording Audio - It needs authorization from the user however you access victim’s electro-acoustic transducer. Thanks to HTML5 and JavaScript.
    • Taking photos - It needs authorization from the user however you access victim’s digital camera. Thanks to HTML5 and JavaScript.
    • Geo-location - It requires authorization from the user but you access victim’s Geo-location. Thanks to HTML5 and JavaScript. Works better with devices with GPS.
    • Stealing HTML5 internet storage information - HTML5 introduced a brand new feature, web storage. Now a web site will store information within the browser for later use and after all, JavaScript will access that storage via window.localStorage() and window.webStorage()
    • Browser & System procedure - JavaScript makes it a bit of cake to search out your browser name, version, put in plugins and their versions, your operating system, architecture, system time, language and screen resolution.
    • Network Scanning - Victim’s browser is abused to scan ports and hosts with JavaScript.
    • Crashing Browsers - Yes! You can crash browser with flooding them with….stuff.
    • Stealing info - Grab info from the webpage and send it to your server. Simple!
    • Redirecting - you'll be able to use javascript to send users to a webpage of your selection.
    • Tab-napping - Just a fancy version of redirection. For example, if no keyboard or mouse events are received for quite a second, it could mean that the user is afk and you can sneakily replace the current webpage with a fake one.
    • Capturing Screenshots - due to HTML5 once more, now you can take screenshot of a webpage. Blind XSS detection tools are doing this before it absolutely was cool.
    • Perform Actions - you're dominant the browser, can’t you feel the power? Got XSS on a social media site? You can send messages, modify information and…..you get the idea.

    Next time you discover associate XSS vulnerability, try submitting an exploit to steal data or stuff as a POC. I am not a bug hunter and that i don’t apprehend if which will get you paid a lot of however i believe it ought to.
    Continue Reading
    Carding best noop trutorial 2020



    I will forever suggest a VPN even supposing you will have already got socks this adds additional security to your system, the simplest method of doing this is often connecting to your VPN and once connected then connect with your socks this offers a double defence wall.

    There area unit several VPN suppliers some area unit low-cost some area unit dear this all goes all the way down to preference, in person i take advantage of GoCryptic as they provide each open port and closed port accounts and better of all you'll be able to get a lifetimeaccount with unlimited use for underneath $50, use the link below to see them out. https://www.gocryptic.com/


    Like VPN socks area unit simply found however they'll price loads from supplier to supplier, I extremely advocate VIP72 as you'll be able to get an infinite account for $33 per month and that they have 1000’s on there able to go and there computer code is admittedly simple to use. please realize the link below to see them out. http://vip72.asia/


    Having artificial language with the add-on known as OTR put in is one in every of the simplest ways in which of instant electronic messaging trickery keeping custard apple (ICQ JABBER ETC), several vendors among the markets and forums can use this IM for them reasons, i'll guide you thru the install of each artificial language and OTR,if you're unsure however it works,dont worry by the time you've got finished following my step by step you'll have a completely operating artificial language and OTR with no unseaworthy informatics you'll realize the step by step guide later within the guide.,please realize each links below


    This is particularly necessary once carding or doing any “illegal” activity on the web however not solely that i take advantage of it additionally to stay off the microwave radar for sites I don’t actually need chase Pine Tree State. the simplest mackintosh Address Changer in my opinion is “Technitium mackintosh Address ChangerAKA “Tmac” this is often a simple one click answer which needs no expertise thus makes it particularly sensible for people that don’t understand a lot of once it involves this, that's why I even have enclosed this in my guide, please realize the link below

    DISTRIBUTED BY AllAboutCarding 

    For Credit Cards,Paypal Accounts,Bank Accounts and a lot of tutorials check up on my store

    Evolution market:


    CCLEANER may be a one click browser cookie and history remover this {can be} a paid computer code however can be found on torrent sites for gratis, removing cookies and history from your computer may be a


    operation, by not doing this makes it really easy for your system to leak your informatics, i like to recommend doing this everytime you head to modification your informatics i'll be explaining a lot of later within the guide, I even have not enclosed a link however if you're not comfy finding torrents be at liberty to PM Pine Tree State and that i can transfer a duplicate to Anonfiles for you.


    Some sites really will see this, like Paypal thus for additional security I even have additionally enclosed this within the guide, this is often another straightforward one step answer computer code, please realize the link below.


    If your mistreatment windows then prompt is extremely usefull once dynamical your informatics, i'll get thereto later within the guide. SETTING UP artificial language + OTR (ICQ / JABBER)


    This is really quite sure bet steps below

    1. Head over to


    2. Enter any first and surname (always use fake)

    3. it'll raise you to enter a signal


    this by clicking “I do not have a itinerant number”do not enter one however, unless you are doing have a custard apple email if you are doing not then follow step four

    4. currently open a brand new tab in your browser and head over to
    enter any random email address try and keep it particular and write the e-mail down in an exceedingly txt file (just for future use) however don't shut fakemailgenerator tab you'll want this in an exceedingly moment

    5. Enter the faux email within the ICQ signup, enter a positive identification and capture then press register, Associate in Nursing email can currently be sent thereto faux email

    6. return over to the Fakemailgenerator tab and you'll see a email show informed there, click to substantiate and you're currently done, it'll direct you to a page were it says you'll be able to transfer ICQ

    DO NOT transfer we'll be employing a totally different instant traveler later within the guide

    7. within the prime right corner you'll see the name you accustomed produce the account, click that and you'll see “ICQ No.” Copy the ICQ variety and therefore the positive identification you used for the account into the document were you saved the e-mail.

    8. You currently have Associate in Nursing ICQ account fitting A JABBER ACCOUNT

    This is additionally a straightforward method, there area unit several Jabber suppliers except for this guide i'll be mistreatment the supplier i take advantage of.

    1. Head over to https://lsd-25.ru:5280/register/new

    2. Enter the username you want

    3. underneath the username box you'll see “server:” copy this all the way down to a document you'll want this.

    4. Enter a positive identification

    5. Enter your positive identification once more for “Password Verification:”

    6. Enter the capture

    7. Press Register

    8. You currently have a Jabber account

    We will be putting in artificial language and OTR within the next a part of the guide, then adding our ICQ and JABBER account to that.

    SETTING UP artificial language + OTR + ADDING ACCOUNTS

    I will currently be showing you the way to setup artificial language with the OTR plugin, to be used with each your ICQ and your JABBER account, most vendors and members on the Darkweb use ICQ and JABBER however can solely speak to you if you've got the OTR plugin put in. The OTR plugin permits a safer encrypted speech that is unquestionably required once act with persons from the Darkweb or perhaps any conversations that area unit “sensitive” . Please additionally note that artificial language will leak your informatics if you're not mistreatment once connected to a VPN/or Socks

    INSTALLING artificial language + OTR

    Firstly we'll install then i'll guide you thru the settings once put in

    1. Head over to https://www.pidgin.im/ and transfer the most recent version of artificial language

    2. Once downloaded run and follow on screen directions and end the install and shut

    3. currently head over tohttps://otr.cypherpunks.ca/index.php#downloads and transfer the most recent version of OTR

    4. Run the install and follow on screen directions and shut

    5. currently head to programs and run artificial language

    6. A window can come back up asking if you'd wish to add Associate in Nursing account simply press shut we'll be doing that later , currently that the window has closed you'll be at the most screen for artificial language

    7. currently at the highest, there's a menu, click on Tools - Plugins

    8. The plugin window can currently air the screen, this {can be} were all the plugins for artificial language can be activated and deactivated, by default plugins you put in won't be activated this includes the OTR plugin that is one in every of the most reasons for folks asking Pine Tree State “I have put in OTR however appears to be not operating in Pidgin” Scroll down on the list and realize “Off-the-record Messaging” and tick the box on the paw facet, this may currently activate OTR.

    currently its time to feature the ICQ and/or JABBER account

    9. On the highest menu click Accounts - Manage Accounts

    10. a brand new window can appear, this is often were your listed accounts would be once you've got additional them, except for currently click “Add..”

    11. Please solely follow this step if your adding Associate in Nursing ICQ account

    A new window can open known as “Add Account”

    1. you'll see “Login Options” .... we have a tendency to area unit adding a ICQ thus on the Protocol change posture menu please

    select ICQ.

    2. currently enter your Username that is your ICQ variety you wrote down on a document after you signed up.

    3. currently enter the positive identification, this is often the one used on check in

    4. currently you've got the choice to save lots of the positive identification or not, in person I ne'er save passwords unless its a laptop i do know no one else uses however this bit is entirely up to you, except for the aim of security don't choose to save lots of your positive identification

    5. currently press “Add”

    you've got currently setup your ICQ account

    12. Please solely follow this step if you're adding a JABBER account

    a brand new window can open known as “Add Account” one, you'll see “Login Options” .... we have a tendency to area unit adding a JABBER thus on the Protocol change posture menu please
    choose “XMPP”

    2. currently enter the “Username” this is often the one from after you signed up

    3. currently enter the “Domain” this is often the “Server” you wrote down from after you signed up

    4. currently enter the “Resource” this is often additionally the “Server” same because the “Domain”

    5. currently enter the “Password” from after you signed up

    6. currently you've got the choice to save lots of the positive identification or not, in person I ne'er save passwords unless its a laptop i do know no one else uses however this bit is entirely up to you, except for the aim of security don't

    choose to save lots of your positive identification

    7. currently press “Add”

    You have currently setup your JABBER account

    13. Thats it you currently have artificial language put in with OTR that is currently totally safe for reprimand vendors etc please


    Pidgin will leak your informatics thus continually connect with a VPN or Socks before running.

    TO USE OTR in an exceedingly speech

    To use OTR is admittedly straightforward open a contact you would like to talk to, there window can open, at the highest menu

    click OTR then choose “Start personal Conversation” this may currently be personal.


    PGP is Associate in Nursing encrypted message answer, not for conversations except for times after you have to be compelled to provide sensitive

    information, like Associate in Nursing address to a merchandiser.


    1. take off by downloading GPG4win


    2. currently run the setup

    3. choose the language

    4. Click next and next once more

    5. Unselect everything however Klepatora,GPA,GpgEX

    6. currently choose your destination folder

    7. end the installation

    You have currently put in GPG4win currently its time to induce setup


    So currently we've put in the computer code, we have a tendency to area unit attending to be mistreatment measure thus follow the steps below

    1. head to programs and run measure

    2. you'll currently be asked if you wish to make a “Private Key” if this box didn't come back up for you head to the

    menu at the highest and choose Keys - New Key.

    3. a brand new window can have opened known as “Generate Key” asking your for a reputation simply place any name you wish
    even a nickname (please note it's to be a minimum of five characters) then press forward

    4. it'll currently raise you to insert Associate in Nursing email, simply insert a faux one and press forward

    5. you'll currently be asked if you'd wish to create a backup choose produce backup then click forward

    6. you'll currently be asked to enter a passphrase enter one you'll not forget however it should not be simple (write a backup of your passphrase somewhere simply inclose , it'll show you the way sturdy the passphrase is

    7. you'll currently be asked to get into you passphrase

    8. currently a brand new window can open known as “Backup Key To File” choose anyplace (I advocate a USB pen) then click save, your backup has been saved

    9. The computer code could freeze and shut, don’t worry this is often quite traditional and you'll not have lost your key and will still be setup You have currently set-up your PGP Key


    A “Public Key” is that the key you provide out thus folks will send you messages

    To get your Public Key, open pad then drag and drop the “Backup File” you saved from after you setup

    your key, once you've got the file open you'll see “-----BEGIN PGP PUBLIC KEY BLOCK-----” and a load

    of random letters etc then you'll see “-----END PGP PUBLIC KEY BLOCK-----” this is often your “Public Key

    copy and paste all of it and put it aside in an exceedingly new file thus you've got quick access to your “Public Key” for instance

    when you have to be compelled to provides it someone or simply copy and paste to your profile on the Forum or Market.


    The whole purpose in having GPG is so you'll be able to “Send and Receive” messages that solely you and therefore the

    Recipient/Sender will read, thus however are you able to read them ? Follow the steps below...

    1. Open GPA

    2. choose “Clipboard”

    3. Paste the received message into “Clipboard”

    4. Press “Decrypt”

    5. sort in your “Passphrase” You will currently be ready to see the encrypted message.


    Sending encrypted messages is ideal for “sensitive” knowledge like your address for receiving merchandise you have purchased from a merchandiser, to try to to that please follow the steps below

    1. realize the users Public PGP key it's nearly always within the profile if not simply raise them and replica it

    2. Open GPA

    3. Press CTRL + V the key ought to currently show within the list

    4. Click on writing board

    5. Enter the knowledge you would like to send

    6. Press “Encrypt”

    7. choose users Key
    8. Press ok

    9. it'll raise you if you “Really wish To Use The Key” simply choose “Yes”

    10. you'll see writing board opened once more with a “-----BEGIN PGP MESSAGE-----” simply copy everything and send it to the one that the message is for Thats it you've got sent a Encrypted message to someone

    HOW TO BECOME custard apple OR seem in an exceedingly


    So one in every of the most things once turning into “ANON” is dynamical your location this may be done by with success

    changing your informatics,Mac Address, Keyboard language and geographical zone Settings (Some websites like Paypal will even see you HDD serial number)

    IP’s is modified with VPN’s and proxies as mentioned at the beginning of the Guide there area unit several places to induce
    these thus before beginning the steps below please check that you've got a VPN or Socks service and knowledge the

    software works, I cannot tell you via the guide the way to use the VPN or Sock computer code because it all depends on

    provider to supplier some use open supply computer code like “OpenVPN” and a few use there own computer code. Please even have the subsequent computer code put in as these are required



    So the below steps area unit the precise method I do my security once desperate to explode the microwave radar for namelessness or if
    Carding/Paypal then you'll be employing a specific location no matter you reasons area unit its all setup a similar.


    1. Run Ccleaner and clean all of your browsers etc have everything designated it should take a couple of minutes however you

    do not wish something that will leak your previous informatics

    2. Open prompt

    3. Enter the subsequent

    1. Ipconfig /release (Press enter)

    2. Ipconfig /renew (Press enter)

    3. Ipconfig /flushdns (Press enter)

    4. currently shut prompt

    5. currently open your VPN or Socks and connect with a location/Server If you wish to use each then connect with your VPN then connect with a Sock

    6. currently open TMAC and alter your mackintosh Address

    7. If you're employing a country that's totally different to it slow Zone then modification it slow Zone and Keyboard

    8.settings to the country you've got used. Head to http://check2ip.com/ this may check if there's any leaks etc if you've got followed the on top of then you should haven't any issues if you've got any issues it'll tell you what has to be mounted. IF you're DOING ANY WORK WITH PAYPAL THEN additionally USE A HDD SERIAL variety

    SPOOF/CHANGER I even have suggested ONE AT the beginning OF THE GUIDE additionally



    DO THE on top of anytime you alter YOUR IP!!!!! otherwise you can GET LEAKS!!

    Thats it you've got currently become custard apple if you've got any issues occur trickery doing the on top of then simply provide Pine Tree State a message and that i can assist you out.

    USEFUL STUFF to grasp (EXTRAS)

    ● IF you simply wish TO BROWSE the online custard apple THEN TOR will ACT AS YOUR VPN however


    YOU WOULD positively want higher SECURITY like VPN AND SOCKS


    CARDING OR ANY criminality I even have detected THIS ONE TO BE the simplest TO




    VIP72 HAS SOCKS THAT come back AND GO OFFLINE for instance DAYTIME within the Britain

    THERE area unit different Britain thusCKS however in the dark THEY call in loads SO continually strive


    PAYPAL’S SECURITY will SEE the subsequent

    IP - geographical zone - KEYBOARD LANGUAGE - HDD SERIAL - computer ACCOUNT NAM

    I hope my guide will assist you and has gave you the knowledge you've got been trying to find, i actually hate it see posts on the forums were noobs area unit requesting the only recommendation and facilitate and bound members take the piss out of this by charging them for a five minute job. when
    Continue Reading