PRABHAT TECHVISION

Articl by: *Mr.Prabhat *Cross-site scripting* (XSS) is an attacking technique which forces the Web application to forward the executable attack code to the user, which then loads in the user's Web browser and executes. Attack code is often written by using the JavaScript scripting language, but also other programming languages which are supported by the user's Web browser: VBScript, ActiveX, Java and Flash. When the attacker manages to encourage the user's Web browser to carry out the execution of the attack code, this code will run within the security zone of the Web application. By using this privilege, the attack code will be able to read, modify or forward the confidential data given to the Web browser. Thus, this attacking method can be used for stealing accounts (cookies), directing the Web browser to other sites and forwarding malicious content by Web application. Thus, cross-site scripting attacks also jeopardize the confidential relationship between the user...

DISCLAIMER: This tutorial is purely for educational purpose Hackempire is not responsible for any blackhat act of any subscriber.With that said lets start the tut. Sql injection: SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS). Types of Sql injection. 1-Union-Based SQL Injection It is the most popular type of SQL injection. This type of attack uses the UNION statement, which is the integration of two select statements, to obtain data from the database. 2-Error-Based SQL Injection An error-based SQL injection is the simplest type; but, the only difficulty with this method is that it runs only with MS-SQL Server. In this attack, we cause an application to show an error to extract the database. Normally, you ask a question to the database, an...

Ethical Hacking - ARP Spoofing. Address Resolution Protocol (ARP) is a stateless protocol used for resolving IP addresses to machine MAC addresses. All network devices that need to communicate on the network broadcast ARP queries in the system to find out other machines’ MAC addresses. ARP Poisoning is also known as ARP Spoofing. Here is how ARP works: ✓ When one machine needs to communicate with another, it looks up its ARP table. ✓ If the MAC address is not found in the table, the ARP_request is broadcasted over the network. ✓ All machines on the network will compare this IP address to MAC address. ✓ If one of the machines in the network identifies this address, then it will respond to the ARP_request with its IP and MAC address. ✓ The requesting computer will store the address pair in its ARP table and communication will take place. #script kiddies

HOW TO RECOVER DELETED MESSAGES ON ANDROID Step 1. First of all in your windows PC download and install the tool Android Data Recovery. Step 2. Now you have to enable USB debugging in your android for that you have to go to Settings -> About Phone -> Build Number and tap on it 7-10 times. Now you will see developer option in your settings and tap on it and scroll down and enable USB Debugging Step 3. Now launch the tool that you installed in your PC and from there select your android version and proceed by connecting your android to your PC via USB cable. Now select the messages at the recovery section and then simply click on next. Step 4. Now the Android Data Recovery software will ask you to Allow/Grant/ Authorize the access in order to get the privilege to scan SMS data. simply allow it Step 5. Now after the scan gets completed you will see all the deleted text messages from the android device, click on the items you want to restore and then click on “Recover” butt...

📌CC TO WESTERN UNION CASHOUT METHOD😊🎊 📌 ʏᴏᴜ ᴀʀᴇ ɢᴏɪɴɢ ᴛᴏ ɴᴇᴇᴅ ᴛʜᴇ ғᴏʟʟᴏᴡɪɴɢ ᴛᴏᴏʟs ʙᴇғᴏʀᴇ ʏᴏᴜ ɢᴏ ᴛᴏ ᴡᴇsᴛᴇʀɴᴜɴɪᴏɴ.ᴄᴏᴍ ᴀɴᴅ ᴛʀᴀɴsғᴇʀ ᴍᴏɴᴇʏ. 📌1. ᴀ ᴄᴏᴍᴘʟᴇᴛᴇ ʙᴀᴄᴋɢʀᴏᴜɴᴅ ᴄʜᴇᴄᴋ ᴏғ ᴛʜᴇ ᴄᴀʀᴅ ʜᴏʟᴅᴇʀ ᴛʜɪs ɪs ʙᴇᴄᴀᴜsᴇ ɪғ ʏᴏᴜ ᴀʀᴇ ɢᴏɪɴɢ ᴛᴏ ᴛʀʏ ᴀɴᴅ ᴛʀᴀɴsғᴇʀ ᴀɴʏᴛʜɪɴɢ ᴏᴠᴇʀ $100 ᴅᴏʟʟᴀʀs ᴜsᴅ ᴛʜᴇʏ ᴡɪʟʟ ᴀsᴋ ʏᴏᴜ ᴠᴀʀɪᴏᴜs ǫᴜᴇsᴛɪᴏɴs sᴜᴄʜ ᴀs ʏᴏᴜʀ ᴘʀᴇᴠɪᴏᴜs ᴀᴅᴅʀᴇss, sᴏᴄɪᴀʟ sᴇᴄᴜʀɪᴛʏ ɴᴜᴍʙᴇʀ, ᴅᴀᴛᴇ ᴏғ ʙɪʀᴛʜ, ᴍᴏᴛʜᴇʀs ᴍᴀɪᴅᴇɴ ɴᴀᴍᴇ, ᴡʜᴀᴛ ʏᴏᴜʀ ᴍɪᴅᴅʟᴇ ɴᴀᴍᴇ ɪs, ᴡʜᴀᴛ ʙᴀɴᴋ ɪssᴜᴇᴅ ʏᴏᴜ ʏᴏᴜʀ ᴄʀᴇᴅɪᴛ ᴄᴀʀᴅ, ᴇᴛᴄ. ɪɴ ᴏʀᴅᴇʀ ᴛᴏ ɢᴇᴛ ᴛʜᴀᴛ ᴋɪɴᴅ ᴏғ ɪɴғᴏᴍᴀᴛɪᴏɴ ʏᴏᴜ ᴡɪʟʟ ɴᴇᴇᴅ ᴛᴏ ɢᴏ ᴛᴏ ᴀ sɪᴛᴇ ʟɪᴋᴇ ᴘᴇᴏᴘʟᴇғɪɴᴅᴇʀs.ᴄᴏᴍ ᴀɴᴅ ɪᴛ ᴄᴏsᴛs ᴀʙᴏᴜᴛ $60 ғᴏʀ ᴛʜᴇ ɪɴғᴏᴍᴀᴛɪᴏɴ ʏᴏᴜ ᴍɪɢʜᴛ ɴᴇᴇᴅ ғᴏʀ ᴡᴇsᴛᴇʀɴ ᴜɴɪᴏɴ. 📌2. ᴘʜᴏɴᴇ sᴘᴏᴏғᴇʀ/ᴠᴏɪᴄᴇ ᴄʜᴀɴɢᴇʀ ʏᴏᴜ ᴡɪʟʟ ɴᴇᴇᴅ ᴛʜɪs ʙᴇᴄᴀᴜsᴇ ᴡᴇsᴛᴇʀɴ ᴜɴɪᴏɴ ᴡɪʟʟ ᴛʜɪɴᴋ ʏᴏᴜ ᴀʀᴇ ᴀ ғʀᴀᴜᴅsᴛᴇʀ ɪғ ʏᴏᴜ ᴀʀᴇɴᴛ ᴄᴀʟʟɪɴɢ ғʀᴏᴍ ᴛʜᴇ ᴄᴀʀᴅ ʜᴏʟᴅᴇʀs ᴘʜᴏɴᴇ ɴᴜᴍʙᴇʀ sᴏ ʏᴏᴜ ᴍᴜsᴛ ᴜsᴇ ᴀ ᴘʜᴏɴᴇ sᴘᴏᴏғᴇʀ sᴇʀᴠɪᴄᴇ ᴛᴏ ᴍᴀᴋᴇ ᴛʜᴇ ᴄᴀʟʟᴇʀ ɪᴅ ᴀᴛ ᴡᴇsᴛᴇʀɴ ᴜɴɪᴏɴ ᴄᴏᴍᴇ ᴜᴘ ᴡɪᴛʜ ᴛʜᴇ ᴄᴀʀᴅ ʜᴏʟᴅᴇʀs ᴘʜᴏɴᴇ ɴᴜᴍʙᴇʀ. ʙᴀsɪᴄᴀʟʟʏ ᴛʀɪᴄᴋ ᴡᴇsᴛᴇʀɴ ᴜɴɪᴏɴ ɪɴᴛᴏ ᴛʜɪɴᴋɪɴɢ ʏᴏᴜʀ ᴄᴀʟʟɪɴɢ ғʀᴏ...

🎥 *Hacker's News* 📰 Article By: PRABHAT TECHVISION *Microsoft Offers $100,000 Bounty for Finding Bugs in Its Identity Services* Microsoft today launched a new bug bounty program for bug hunters and researchers finding security vulnerabilities in its "identity services." Hacking into networks and stealing data have become common and easier than ever but not all data holds the same business value or carries the same risk. Since new security today depends on the collaborative communication of identities and identity data within, and across domains, digital identities of customers are usually the key to accessing services and interacting across the Internet. Microsoft said the company has heavily invested in the "creation, implementation, and improvement of identity-related specifications" that encourage "strong authentication, secure sign-on, sessions, API security, and other critical infrastructure tasks." Therefore, to further bolster...

~*_SSL_*~ So in this we are going to see about SSL! Lets dive in topic! _*What is Secure Sockets Layer (SSL)?*_ and _*How it Works?*_ Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server. Most of us are familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages. When we see this, we may wonder what’s the difference between http and https.  In simple words, a HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a “Secure communication”. *How Secure Sockets Layer Works?* Before we understand the concept of SSL, let us first learn what a “Secure Communication” means. Suppose there exists two communicating parties: Say A (client) and B (server).  *_Working of HTTP:_* When A sends a message to B, the message is sent as a plain text in an unencrypted manner. This is acceptable in normal situati...

▶️HOW TO HIDE FILES IN A JPG Set up: 1. Must have a .zip or .rar compressor. 2. Willingness to learn. Steps: 1. Save the picture of choice to your desktop. 2. Make a new .rar or .zip folder on your desktop. 3. Add the files you want to hide into the .zip or .rar 4. Click start menu, run, cmd. 5. In Command Prompt type cd "desktop" with the quotation marks. 6. Now type in copy /b picturename.jpg + foldername.rar outputfilename.jpg ( If you use .zip then: copy /b picturename.jpg + foldername.zip outputfilename.jpg) 7. Now there should be the outputed file name with a .jpg extension on the desktop. ( Do not close Command Prompt just yet ) 8. Double click it to open the picture and check it out. 9. When your done looking, and want to view the hidden files Type: ren outputfilename.jpg outputfilename.rar or zip Now you're done! A quick info-fact: With this technique of hiding files in a jpg you can send this to anyone and they just have to rename the file...

🎥 *Hacker's News* 📰 Article By: *PRABHAT TECHVISION *Google Tracks Android, iPhone Users Even With 'Location History' Turned Off* Google tracks you everywhere, even if you explicitly tell it not to. Every time a service like Google Maps wants to use your location, Google asks your permission to allow access to your location if you want to use it for navigating, but a new investigation shows that the company does track you anyway. An investigation by Associated Press revealed that many Google services on Android and iPhone devices store records of your location data even when you have paused "Location History" on your mobile devices. Disabling "Location History" in the privacy settings of Google applications should prevent Google from keeping track of your every movement, as its own support page states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored." However,...

🎥 *Hacker's News* 📰 Article By: *Prabhat Techvision *Chrome Bug Allowed Hackers to Find Out Everything Facebook Knows About You* With the release of Chrome 68, Google prominently marks all non-HTTPS websites as 'Not Secure' on its browser to make the web a more secure place for Internet users. If you haven't yet, there is another significant reason to immediately switch to the latest version of the Chrome web browser. Ron Masas, a security researcher from Imperva, has discovered a vulnerability in web browsers that could allow attackers to find everything other web platforms, like Facebook and Google, knows about you—and all they need is just trick you into visiting a website. The vulnerability, identified as CVE-2018-6177, takes advantage of a weakness in audio/video HTML tags and affects all web browsers powered by "Blink Engine," including Google Chrome. *This Worldhackerclub Article by The ~Mr.Prabhat Kumar Agrawal~* To illustrate the ...

*Information theft:* There are some cyber threats been raised day-by-day in this cyber world! This post helps you know about some major cyber threat, and keeps you away from those threat! One of those threat is *Information theft!* *_Information theft:_* Information theft is nothing but a information of  someone got stealed by attackers (hackers)! Here the information which is someone’s personal data! You already know what I am convey to you! Yeah it’s your Name, email address, Date Of Birth, Contact Number, security questions sometimes the encrypted password too.. This threat can also be called as Identity theft. _*What they do with your Identity:*_ Hackers uses this personal data for his own personal benefit! Hacker uses this personal data for his planned cyber attack. So if police traces the guy who done cyber attack then, there victim will only be caught still hacker is in safe zone! _*Is it good idea to be using someone’s identity of personal data?...

🎥 *Hacker's News* 📰 News Source: Google Article By: PRABHAT TECHVISION *New PHP Code Execution Attack Puts WordPress Sites at Risk* Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of thousands of web applications open to remote code execution attacks, including websites powered by some popular content management systems like WordPress and Typo3. PHP unserialization or object injection vulnerabilities were initially documented in 2009, which could allow an attacker to perform different kinds of attacks by supplying malicious inputs to the unserialize() PHP function. If you are unaware, serialization is the process of converting data objects into a plain string, and unserialize function help program recreate an object back f...

Hacking Tool information THC Hydra Password Cracking Tool Cost of Tool: Free We’ve purposely placed THC Hydra underneath John The Ripper because they often go ‘hand-in’hand’. THC Hydra (we’ve abbreviated to simply ‘Hydra’ throughout our site) is a hugely popular password cracker and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use dictionary or brute-force attacks to try various password and login combinations against an log in page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH. Take a look at John the Ripper as well. OWASP Zed Web Vulnerability Scanner Cost of Tool: Free The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects. The fact that you’ve reached this page means that you are likely already a relatively seasoned cybersecurity professional so it’s highly likely that you are very famil...

https://youtu.be/XpnqPxnk6Pk In this video I tell that How WPA2 security works and how can we break it

How to recover deleted image or video from android (internal storage) without root ? STEP 1: DOWNLOAD AND INSTALL JIHOSOFT ANDROID PHONE RECOVERY AT YOUR COMPUTER. You could download the Windows version at: Android Recovery , download Mac version at: Android Recovery for Mac . After download, you will be lead to install the app at your computer. STEP 2: SELECT DATA GENRE THAT YOU NEED TO SCAN After installation, run the app at your PC. You will see the interface show you four options: “Mul”, “Database”, “WhatsApp”, “All”. Tap One of it according to your own demand. STEP 3: IDENTIFY ANDROID PHONE OR TABLET BY COMPUTER. First, connect your android device to computer via USB cable. Then, turn on USB debugging at android equipment. If the app failed to identify your equipment, install related USB driver at your computer. STEP 4: SCAN ANDROID DEVICE AND EXPECT THE RESULT After identification, click "Start" for scanning. Please be patient about the pr...

Hack Facebook Account Password Using Brute Force First lets know something about Brute force attacks, “A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.” But, In our case I’ll be using a Python script and a Long Dictionary Of passwords. Requirements A Kali Machine / Or Any Python Engine Will work! Facebook.py ( v1 or v2 ) A FaceBook id CrackStation Word List! Which I'll upload shortly. STEPS Step 1. Install Python-mechanize using command mention below ~#apt-get install python-mechanize Step 2. Add facebook.py using the command below ~# chmod +x facebook.py [*] ~# python facebook.py Step 3. Now enter |Email| or |Phone number| or |Profile ID number| or |Username| of the victim,                ...