Thursday, 8 January 2015

Function related vulnerability in Hackerone

Hi guys this is my first writeup, I just don't know weather it's a vulnerability or not but i hope you people enjoy this:-

Website: Hackerone

Vulnerability type:- Disabled account can't be enabled at all.

How to reproduce this:-

Step1:Create an account with Hackerone.
Step2: Disable your account.
Step3: Reset your password.
Step4: Now try to login to Hackerone.
Step5: Booom u have completely messed yo with your account and now you can't enable your account again and can't be enabled again.



Current status:- Reported/Not Fixed, you can happily messup :p

Response from Hackerone team:-

Hi Konka,

We decided that this is a functional bug with a low priority because this isn't the normal flow for disabling and enabling your account again..

-- Martijn

"Mostly nothing would be found if we follow normal flow of the application"

Michiel Prins (HackerOne)
Jan 08 06:12 AM

Hi Karthik,
We appreciated that you brought this functional problem to our attention and will get that fixed. It is just not a security vulnerability, and you should never expect a bounty for non-security related problems.
Thank you,
Michiel
 

Suggestions/ comments are always welcomed.

Tuesday, 7 October 2014

Facebook completes its pricely Whatsapp acquisition


Well, that was quick: It's been couple of days since Facebook cleared the last, decidedly European hurdle for closing its $19 billion Whatsapp acquisition (which is now worth closer to $22 billion thanks to FB's surging stock price), and it's already made things official with the SEC. Regulators in the United States and Europe were concerned about the effects the deal would have on competition in the rough-and-tumble messaging realm (though Google is apparently gearing up to give the combine social giant a run for its money), but the other major concern was making sure user data stays private. Jessica Rich, director of the FTC's Bureau of Consumer Protection, put it bluntly back in April (PDF warning): to hear her tell it, "WhatsApp has made a number of promises about the limited nature of the data it collects, maintains, and shares with third parties – promises that exceed the protections currently promised to Facebook users." Facebook apparently managed to ease those fears, but with the deal now closed it's time to see what the folks at 1 Hacker Way actually do with Whatsapp. Our guess? Nothing too great.

Thursday, 17 October 2013

10 Ways to Hack a Facebook Account




Facebook is one of the most widely used social networking site with more than 750 million users, as a reason if which it has become the number 1 target of hackers have , I have written a couple of post related to facebook hacking here. I mentioned the top methods which were used by hackers to hack facebook accounts, however lots of things have changed in 2013, Lots of methods have went outdated or have been patched up by facebook and lots of new methods have been introduced, So in this post I will write the top 10 methods how hackers can hack facebook accounts.



10 Ways How Hackers Can Hack Facebook Accounts?


So here are the top 10 methods which have been the most popular in 2012:

1. Session Hijacking?







Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection, In a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and uses to it to access victims account, Session hijacking is widely used on Lan’s.

2. Sidejacking With Firesheep?



Sidejacking attack went common in late 2010, however it’s still popular now a days, Firesheep is widely used to carry out sidejacking attacks, Firesheep only works when the attacker and victim is on the same wifi network. A sidejacking attack is basically another name for http session hijacking, but it’s more targeted towards wifi users.

3. Mobile Phone Hacking ?


Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.


4. DNS Spoofing?





If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.


5. USB Hacking?

If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser.


6. Man In the Middle Attacks?


If the victim and attacker are on the same lan and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between, ARP Poisoning which is the other name for man in the middle attacks is a very broad topic and is beyond the scope of this article.


7. Botnets? 




Botnets are not commonly used for hacking facebook accounts, because of it’s high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.


8. Stealers?



Almost 80% percent people use stored passwords in their browser to access the facebook, This is is quite convenient but can sometimes be extremely dangerous, Stealers are software’s specially designed to capture the saved passwords stored in the victims browser, Stealers once FUD can be extremely powerful.


9. Facebook Phishing?


Phishing still is the most popular attack vector used for hacking facebook accounts, There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims “Email Address” and “Password” is stored in to a text file, The hacker then downloads the text file and get’s his hands on the victims credentials.


10.Keylogging? 


Keylogging, according to me is the easiest way to hack a facebook password.
NOTE: Guys if u have any queries just comment them below.

Monday, 14 October 2013

Keyboard Lights Dancing


How to make your Keyboard lights dancing(blinking)?

1.Open Notepad in your computer.

2.Copy the below code in to your notepad.

Set wshShell =wscript.CreateObject("WScript.Shell")
 do
 wscript.sleep 100
 wshshell.sendkeys "{CAPSLOCK}"
 wshshell.sendkeys "{NUMLOCK}"
 wshshell.sendkeys "{SCROLLLOCK}"
 loop

3.Copy the above code in to your Notepad and save it with extension as(example:anything.vbs) .vbs

4.save the file on your desktop or at your specified location then a new file would be created with the name with which you saved the file.

5.Just open the file by double clicking the file which has been created.

6.You are done your keyboard lights starts blinking.

How to disable Blinking Led ?

       1. First open Task manager [ctrl+alt+del ]
       2. Then Go to process tab.
       3. Select wscript.exe
       4. Click on End process.

Thursday, 26 September 2013

Windows CMD Command Line






A
   ADDUSERS Add or list users to/from a CSV file
   ADmodcmd Active Directory Bulk Modify
   ARP      Address Resolution Protocol
   ASSOC    Change file extension associations•
   ASSOCIAT One step file association
   ATTRIB   Change file attributes
B
   BCDBOOT  Create or repair a system partition
   BITSADMIN Background Intelligent Transfer Service
   BOOTCFG  Edit Windows boot settings
   BROWSTAT Get domain, browser and PDC info
C
   CACLS    Change file permissions
   CALL     Call one batch program from another•
   CD       Change Directory - move to a specific Folder•
   CHANGE   Change Terminal Server Session properties
   CHKDSK   Check Disk - check and repair disk problems
   CHKNTFS  Check the NTFS file system
   CHOICE   Accept keyboard input to a batch file
   CIPHER   Encrypt or Decrypt files/folders
   CleanMgr Automated cleanup of Temp files, recycle bin
   CLEARMEM Clear memory leaks
   CLIP     Copy STDIN to the Windows clipboard
   CLS      Clear the screen•
   CLUSTER  Windows Clustering
   CMD      Start a new CMD shell
   CMDKEY   Manage stored usernames/passwords
   COLOR    Change colors of the CMD window•
   COMP     Compare the contents of two files or sets of files
   COMPACT  Compress files or folders on an NTFS partition
   COMPRESS Compress individual files on an NTFS partition
   CON2PRT  Connect or disconnect a Printer
   CONVERT  Convert a FAT drive to NTFS
   COPY     Copy one or more files to another location•
   CSCcmd   Client-side caching (Offline Files)
   CSVDE    Import or Export Active Directory data 
D
   DATE     Display or set the date•
   DEFRAG   Defragment hard drive
   DEL      Delete one or more files•
   DELPROF  Delete user profiles
   DELTREE  Delete a folder and all subfolders
   DevCon   Device Manager Command Line Utility 
   DIR      Display a list of files and folders•
   DIRUSE   Display disk usage
   DISKPART Disk Administration
   DISKSHADOW Volume Shadow Copy Service
   DNSSTAT  DNS Statistics
   DOSKEY   Edit command line, recall commands, and create macros
   DriverQuery Display installed device drivers
   DSACLs   Active Directory ACLs
   DSAdd    Add items to active directory (user group computer) 
   DSGet    View items in active directory (user group computer)
   DSQuery  Search for items in active directory (user group computer)
   DSMod    Modify items in active directory (user group computer)
   DSMove   Move an Active directory Object
   DSRM     Remove items from Active Directory
E
   ECHO     Display message on screen•
   ENDLOCAL End localisation of environment changes in a batch file•
   ERASE    Delete one or more files•
   EVENTCREATE Add a message to the Windows event log
   EXIT     Quit the current script/routine and set an errorlevel•
   EXPAND   Uncompress files
   EXTRACT  Uncompress CAB files
F
   FC       Compare two files
   FIND     Search for a text string in a file
   FINDSTR  Search for strings in files
   FOR /F   Loop command: against a set of files•
   FOR /F   Loop command: against the results of another command•
   FOR      Loop command: all options Files, Directory, List•
   FORFILES Batch process multiple files
   FORMAT   Format a disk
   FREEDISK Check free disk space (in bytes)
   FSUTIL   File and Volume utilities
   FTP      File Transfer Protocol
   FTYPE    File extension file type associations•
G
   GETMAC   Display the Media Access Control (MAC) address
   GLOBAL   Display membership of global groups
   GOTO     Direct a batch program to jump to a labelled line•
   GPRESULT Display Resultant Set of Policy information
   GPUPDATE Update Group Policy settings
H
   HELP     Online Help
I
   iCACLS   Change file and folder permissions
   IF       Conditionally perform a command•
   IFMEMBER Is the current user a member of a Workgroup
   IPCONFIG Configure IP
K
   KILL     Remove a program from memory
L
   LABEL    Edit a disk label
   LOCAL    Display membership of local groups
   LOGEVENT Write text to the event viewer
   LOGMAN   Manage Performance Monitor
   LOGOFF   Log a user off
   LOGTIME  Log the date and time in a file
M
   MAPISEND Send email from the command line
   MBSAcli  Baseline Security Analyzer
   MEM      Display memory usage
   MD       Create new folders•
   MKLINK   Create a symbolic link (linkd)
   MODE     Configure a system device
   MORE     Display output, one screen at a time
   MOUNTVOL Manage a volume mount point
   MOVE     Move files from one folder to another•
   MOVEUSER Move a user from one domain to another
   MSG      Send a message
   MSIEXEC  Microsoft Windows Installer
   MSINFO32 System Information
   MSTSC    Terminal Server Connection (Remote Desktop Protocol)
   MV       Copy in-use files
N
   NET      Manage network resources
   NETDOM   Domain Manager
   NETSH    Configure Network Interfaces, Windows Firewall & Remote access
   NETSVC   Command-line Service Controller
   NBTSTAT  Display networking statistics (NetBIOS over TCP/IP)
   NETSTAT  Display networking statistics (TCP/IP)
   NOW      Display the current Date and Time 
   NSLOOKUP Name server lookup
   NTBACKUP Backup folders to tape
   NTRIGHTS Edit user account rights
o
   OPENFILES Query or display open files
P
   PATH     Display or set a search path for executable files•
   PATHPING Trace route plus network latency and packet loss
   PAUSE    Suspend processing of a batch file and display a message•
   PERMS    Show permissions for a user
   PERFMON  Performance Monitor
   PING     Test a network connection
   POPD     Return to a previous directory saved by PUSHD•
   PORTQRY  Display the status of ports and services
   POWERCFG Configure power settings
   PRINT    Print a text file
   PRINTBRM Print queue Backup/Recovery
   PRNCNFG  Display, configure or rename a printer
   PRNMNGR  Add, delete, list printers set the default printer
   PROMPT   Change the command prompt•
   PsExec     Execute process remotely
   PsFile     Show files opened remotely
   PsGetSid   Display the SID of a computer or a user
   PsInfo     List information about a system
   PsKill     Kill processes by name or process ID
   PsList     List detailed information about processes
   PsLoggedOn Who's logged on (locally or via resource sharing)
   PsLogList  Event log records
   PsPasswd   Change account password
   PsService  View and control services
   PsShutdown Shutdown or reboot a computer
   PsSuspend  Suspend processes
   PUSHD    Save and then change the current directory•
Q
   QGREP    Search file(s) for lines that match a given pattern
   Query Process    Display processes (TS/Remote Desktop)
   Query Session    Display all sessions (TS/Remote Desktop)
   Query TermServer List all servers (TS/Remote Desktop)
   Query User       Display user sessions (TS/Remote Desktop)
R
   RASDIAL  Manage RAS connections
   RASPHONE Manage RAS connections
   RECOVER  Recover a damaged file from a defective disk
   REG      Registry: Read, Set, Export, Delete keys and values
   REGEDIT  Import or export registry settings
   REGSVR32 Register or unregister a DLL
   REGINI   Change Registry Permissions
   REM      Record comments (remarks) in a batch file•
   REN      Rename a file or files•
   REPLACE  Replace or update one file with another
   Reset Session  Delete a Remote Desktop Session
   RD       Delete folder(s)•
   RMTSHARE Share a folder or a printer
   ROBOCOPY Robust File and Folder Copy
   ROUTE    Manipulate network routing tables
   RUN      Start | RUN commands
   RUNAS    Execute a program under a different user account
   RUNDLL32 Run a DLL command (add/remove print connections)

S
   SC       Service Control
   SCHTASKS Schedule a command to run at a specific time
   SCLIST   Display Services
   SET      Display, set, or remove session environment variables•
   SETLOCAL Control the visibility of environment variables•
   SETX     Set environment variables
   SFC      System File Checker 
   SHARE    List or edit a file share or print share
   ShellRunAs Run a command under a different user account
   SHIFT    Shift the position of batch file parameters•
   SHORTCUT Create a windows shortcut (.LNK file)
   SHOWGRPS List the Workgroups a user has joined
   SHOWMBRS List the Users who are members of a Workgroup
   SHUTDOWN Shutdown the computer
   SLEEP    Wait for x seconds
   SLMGR    Software Licensing Management (Vista/2008)
   SOON     Schedule a command to run in the near future
   SORT     Sort input
   START    Start a program, command or batch file•
   SU       Switch User
   SUBINACL Edit file and folder Permissions, Ownership and Domain
   SUBST    Associate a path with a drive letter
   SYSTEMINFO List system configuration
T
   TAKEOWN  Take ownership of a file
   TASKLIST List running applications and services
   TASKKILL Remove a running process from memory
   TIME     Display or set the system time•
   TIMEOUT  Delay processing of a batch file
   TITLE    Set the window title for a CMD.EXE session•
   TLIST    Task list with full path
   TOUCH    Change file timestamps    
   TRACERT  Trace route to a remote host
   TREE     Graphical display of folder structure
   TSSHUTDN Remotely shut down or reboot a terminal server
   TYPE     Display the contents of a text file•
   TypePerf Write performance data to a log file
U
   USRSTAT  List domain usernames and last login
V
   VER      Display version information•
   VERIFY   Verify that files have been saved•
   VOL      Display a disk label•
W
   WAITFOR  Wait for or send a signal
   WHERE    Locate and display files in a directory tree
   WHOAMI   Output the current UserName and domain
   WINDIFF  Compare the contents of two files or sets of files
   WINMSDP  Windows system report
   WINRM    Windows Remote Management
   WINRS    Windows Remote Shell
   WMIC     WMI Commands
   WUAUCLT  Windows Update
X
   XCACLS   Change file and folder permissions
   XCOPY    Copy files and folders

 

Visitors Info.

You are from
%%v_FLG%% %%v_IP%%
%%v_CR%% ,%%v_RG%%, %%v_CI%%
%%v_OS_IMG%% %%v_OS%%
%%v_BRW_IMG%% %%v_BRW%%
%%v_I_RESO%% %%v_RESO%% %%v_I_CLR%% %%v_CLR%%
DMCA.com
hackerkonka.blogspot.in Webutation Creative Commons License
Hacker Konka by Konka Karthik is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
Back To Top