Jump to content

Search the Community

Showing results for tags 'Javascript'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 18 results

  1. I have discovered that the Javascript converter doesn't work properly with Firefox. While it seems to do the conversion properly, it won't let the user save the payload (the download box doesn't open). I tried it on both Windows and Linux, with and without add-ons enabled and it doesn't change anything. I checked the debug console and nothing seems to be out of the ordinary as it returns that everything is OK. I also checked with Chrome and there it works flawlessly. Too bad 'cause I want to avoid using Chrome. I tried it with Edge. Same problem as Firefox. And In
  2. Hello everyone just though I would say my JavaScript network scanner project here : https://github.com/DarrenRainey/JavaScript-Network-Scanner Currently I it will scan and fingerprint devices based upon what files exist or don't exist on the device and once it fingerprints or can connect to a device it sends a post request with the fingerprint such as the routers model, the internal ip address and the user-agent from the victims PC. This code could be embedded into any website and sent a victim for recon. Currently it only scans a few predefined ip address's in the test.html file b
  3. Hi all. I'm a newcomer on Hak5 forum but have been following the channel on Youtube for a little while now. I'm a (moderate) fan. I've been an IT person for about 20 years now and all aspects of security do matter to me. In a previous job I was watching the network security and providing users with common good practices. Although I'm no expert I try my best to act as responsibly as can be, leaving room for improvement — I guess there's plenty of it... For several years now the growing number of security flaws, exploits, vulnerabilities and hacks that have been reported through t
  4. So I have a question. How do I reverse enginer a Javascript file? The problem comes from my previous thread: The goal is to get the request headers the website has so I can scrape data from the website. The problem is that the website uses a javasricpt to download the request headers and can therefore not be seen in chrome. In the script that the website uses, headers.js does someother mean things. It replaces the http connection with a websocket one: getURL().replace(/^http/,"ws") So I want to run the javascript file so I can print out the final url that it creates complete with
  5. Hi, i have gone through the tutorials for the evilportal module, and now wanted to create a portal on my own for my needs.... I followed the tutorial from frozenjava (which was posted in the forums quite some time ago...), but im having trouble "bending" the code for my needs (basiclly im trying to: get input from "user" and "pass" text field from index.php and print it to a file in /www )... code in index.php: <snip> code in capture.php: <?php $user = $_GET["user"]; $pass = $_GET["pass"]; $redir = $_GET["redir"]; $file = fopen("stored.tx
  6. Hey, I am trying to download a folder (not a .zip) from a GitHub repository and save it the contents to a local folder from inside PHP/JavaScript. The contents are other folders and text files. I know how to download specific files or zips from GitHub but downloading a folder that has other folders in it...Would be easier to just download the .zip of it but unfortunately it is a folder, not a .zip. Any possible way anyone can think of to achieve this? Would be great :)
  7. Is there a way to get verbose errors whilst debugging javascript? I had written an application in C++ and I'm porting it to javascript the only thing is javascript doesn't like some of the strings and just wants to throw an error. I looked up how to remove non-English characters a bunch of different ways. Not really sure what I'm doing wrong. It just says SyntaxError: missing ; before statement It links the line and thats all well and good but it's a string array with about 14,000 strings and where that missing ; is supposed to be I'm really not sure. Is the
  8. Hey guys. After having fun with the LAN Turtle and WiFi Pineapple Nano I took a break and started working on my own project. It's called BrowserBackdoor. It's an Electron application that includes a JavaScript WebSocket backdoor that connects to my Ruby listener. The Electron application runs in the background with no user interface and is basically Chromium so it hasn't been flagged by any Anti Viruses I've tested it against. The Ruby listener can send commands or modules to the Electron application for it to execute and send the results back. Here are the mo
  9. The game is a foot! ......no, actually it's a game. I've been doing some sleuthing and thought this might be fun to share. I have a few crashes on my user base's PC's and it looks to me like exploitation attempts. I'm also hoping some of you my be able to help me focus on the right stuff. I'm not 100% sure what I'm looking at, but I know this isn't the usual DMP output because I see Jscript in my crash dump stack! For this post I will be analyzing crashdump files from the C:\users\%username%\appdata\local\crashdumps In the past month the performance monitoring software we use is showing IE
  10. Quick question. Why does this not save when var fileLoc is set to a network location, but works fine when I put C:\somewhere? <html> <head> <script language="javascript"> function WriteToFile(passForm) { var fso = new ActiveXObject("Scripting.FileSystemObject"); var fileLoc = "\\SERVERNAME\Folder 1\Folder 2\data.csv"; var file = fso.CreateTextFile(fileLoc, true); file.writeline(passForm.FirstName.value + ',' + passForm.LastName.value); file.Close(); alert('File created successfully at locati
  11. I reading up on this JS Browser. I'm thinking to myself it's javascript so you could embed it into a webpage and visit it remotely. It would make proxying pretty easy. I'm thinking someone will come up with a way to exploit a client and use their browser as a proxy pretty quickly. Here's the source code: https://github.com/MicrosoftEdge/JSBrowser/ I don't have a lot of time to explore this as I'm in the midst of some other work. But I thought I would go ahead and share the source code.
  12. Hello everyone. So I've been playing around with DNS spoof for a few weeks now, and I developed a page that runs some simple javascript and jQery elements. When I run DNS Spoof from the pineapple I have been running into a weird problem. If I edit my DNSSpoof configurations to say. 172.16.42.1 example.com. Then run example.com from browser the page loads up perfectly and all the Javascript and JQery elements loads and runs perfectly. However if I edit my DNSSpoof configurations to say. 172.16.42.1 *.* or 172.16.42.1 * Then run any website from IE or Firefox the page loads pe
  13. Description: This infusion will inject HTML code into a response from a server. The issue with ettercap and other proxies is that they cannot inject into SSL sessions as a result of the encryption. This infusion takes Moxie's SSLstrip and uses that as the proxy that injects code. This architecture provides 2 main benefits: Strip SSL from sessions before injecting code which allows for a larger attack surface. An asynchronous, non-blocking socket proxy provided by twisted-web gives much better performance from the client's point of view. The attacks that can be implemented from this are endl
  14. hi all, finally got my PAmarkV yesterday.. started to play and looking for the right and simple way for my tests. how can I inject a javascript code /html to a current page requested by a mac address for specific web page. for example I want that only my android device will be infected by JavaScript code when it request a specific web page. for example is mac address XXX requested cnn.com than pineapple will return it the cnn.com webpage plus the evil java script code. the only seem to be related infusion is the split-n-inject but could not see how can I achieve that with it. I want all
  15. I am performing a security assessment on a website and have discovered a potential XSS vulnerability. I am able to exploit it if I use Burp Suite by supplying my script in place of a parameter in the query string. However, I if I try injecting the code into a URL and clicking on it, the server strips out my JavaScript. I have attempted to use numerous differnet types of encoding with no success. Is there anyway to bypass server side validation? The specific JavaScript unpacker being used is jsunpack. Thanks for any advice in advance.
  16. Description: This is a basic implementation of a ruby HTTP proxy with the ability to inject arbitrary code into a web pages response. This allows for a multitude of attack vectors which will soon be released in my JasagerPwn script, but you can use your imagination and create your own vectors with this. Some basic attack vectors you can play with (they will also be automated in my script): beef hook injection, java applet injection, browser/plugin exploit injection. Feature Set: Installer - Install the dependencies in order to run the ruby script. Proxy Log Output - Displays the log sta
  17. Would this be possible? I can see how it would be, but i just wanted to see if one of the DEV's could confirm the complexity of it. It seems simple enough, i think... Find and run the commands that the HTML/JS ui calls, wait till it executes correctly and exits, then execute the next module fetch/get command, wait till completion, so on so forth. For my purposes, a simple static script would work fine. But it would be nice if it could somehow parse a list of availible modules, their install scripts/commands, etc and then prompt the user to choose which modules they want, and then the use
  18. So is anyone here started or is going to be, developing metro apps for windows 8 in javascript html5 & css? i know I am :D
×
×
  • Create New...