echo "0xHat Security"

Hello , While Penetration Testing I found out one interesting thing .  If you use external scripts from other domain then you should be careful and cautious about the http cookie access. Certain time it can happen that you need to include scripts from other domain. But if you are not  taking  enough  care of security practices, then other users account can be compromised by session hijacking and session fixation even if your website is not vulnerable .  Confused ? Okay I will make it easy. What will happen if the web server from where you are including the external JS scripts is compromised ? Well you may think that's not a big deal because that's not the server where the developer is hosting the website.  But what if I modify that external JS script of the compromised server ?   Anyway I wont speak much and will give you a small demo instead. Here is the source code of the external JS file located at 192.168.42.145. This code return a random quote from an array.

DNS Part 2 - Linux and Windows Command Line Utilities to query DNS Server Now we are going to deal with some command line utility  1. Host  Purpose - Dns Lookup Utility Platform : linux Usage :  $ host google.com 2. Nslookup  Purpose - Query Internet NameServers Interactively Platform : Windows , Linux (does not support some features like ls) Usage : $ nslookup >set type=A  >google.com Similarly you can try out to query other record type by replacing set type = A to set type=NS  $nslookup >set type=NS >google.com 3. Dig  Purpose - Advanced Dns Lookup Utility Platform : Linux Usage Please note by default dig uses A type record querying  $ dig google.com If you want to query all types of records at once then use this command . $dig ANY google.com Hope you enjoyed this tutorial . In the next part  DNS Part 3 we will learn about some hacking techniques to query the dns server like zone transfers

Hello friends, I am back again with some more tutorials . The whole tutorial is going to be divided in 4 parts .  Part 1 - Basics of DNS Part 2 - Linux and Windows Commandine Utilties to query dns Part 3 - Advanced Tools - Dnsdict6 , Fiere , theHarvester  Part 4 - Bash Scripting to Automate DNS Queries and Security Issues in DNS  Well what is DNS ? DNS stands for Domain Name System. It is used to resolve host name to IP Address and vice-versa. A simple overview of its working It is not possible to remember all the ip address of the system. DNS helps to give a hostname i.e a meaningful name for an ip address since it is easy to remember a name instead of a series of numbers. So when I want to browse any site say google.com I put that address in the address bar. After that the system using DNS query queries the dns server to resolve the ip address of google.com. Say it responds with an answer 74.125.236.41 . Now the browser will intiate a TCP connection to 74.125.236.41 a