Category Archives: Website Hacking

Download this tool and you win!!

Learn an easy and exceptional way to automate open redirects for fun and profit $$$

Read more

How to earn your first bounty in bug bounty hunting

If you are interested in bug bounty hunting and want to learn about it and earn your first bounty, well please read this.   Bigger Scopes Matter Try to choose programs that have a larger scope, the reason for this is because you have more sub domains to work with and find vulnerabilities. Mentors on Twitter A lot of professional

Read more

TomTom Website Hacked With XSS | krypt0mux

Story I have been spidering my way through some websites checking for xss vulnerabilities until I came across one in tomtom.com This vulnerability was such an easy one because burpsuite detected it almost instantly.   What is XSS? cross site scripting or xss for short is an injection attack where by an attacker can insert malicious javascript code into the

Read more

How Cyber Criminals Fish For Passwords From Their Phone

What is Phishing? A Phishing attack is an attack vector used by cyber criminals to clone a legit site that has malicious code injected into it that steals a users password. Once the victim clicks on the link they are sent to the hackers website when the victim types in there password, it is then hijacked by the attacker.  

Read more

XSStrike Intelligent XSS Discovery & Exploitation Tool

What is XSS? Cross site scripting is an injection attack where an attack can injection malicious scripts into a web application such as, parameters and form fields. The attacker can also hijack someones browser and steal someones session with these kind of vulnerabilities, stealing someones session is also know as session fixation.   Why Choose XSStrike? Every XSS (Cross-Site-Scripting) scanner

Read more

How to Install OSIF Inside Termux

OSIF is an accurate facebook account information gathering, all sensitive information can be easily gathered even though the target converts all of its privacy to (only me), though the data will still be easy to collect. Sensitive information about residence, date of birth, occupation, phone number and email address. Installation and Using OSIF $ apt-get update $ apt-get upgrade $

Read more

Using SQLmap To Take Over Databases

Sqlmap Sqlmap is one of the most popular and powerful sql injection automation tool out there. Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. It can even read and write files on the remote file system under

Read more

Extract Email, Phone Numbers of Facebook friends with OSIF Tool | Kali Linux

Facebook is one of the biggest companies with a huge user database and that is why it is the first choice for hackers to gather information about a person. Many people on Facebook do not care about privacy and that is the golden point for hackers. The users put their phone numbers, E-mails and make them public. This makes easier

Read more

Phishing For Passwords Using Ngrok & EvilPhisher

What is Phishing? Phishing is where a malicious person clones a website and injects a malicious php script that allows them to capture the post request which contains the username/password. How Complex is it? Phishing is such an easy way to steal someones password and the complexity is really low, but it requires a lot of social engineering. There are

Read more

Cross Site Scripting Discovery With XSSPwn

Today, I will be showing you how to automatically test for Cross-Site-Scripting vulnerabilities with a tool I made called xsspwn. How does it work? Xsspwn is a Cross-Site-Scripting Testing tool, It will attempt to Inject payloads into a parameter for testing and when the scan finishes it will output all the potential Injections found. Scan output Brute forcing Sometimes, you need

Read more
« Older Entries