Merge branch 'dev' into main

GuillaumeDorschner · Nov 23, 2023 · 967c5bf · 967c5bf
2 parents d6fa6cc + 99b0748
commit 967c5bf
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 6 deletions.
diff --git a/Documentation/hack/ddos.md b/Documentation/hack/ddos.md
@@ -36,4 +36,5 @@ A typical DDoS scenario involves an attacker controlling a botnet to send more r
 ## How to do it ?
 
 - [MHDDoS](https://github.com/MatrixTM/MHDDoS)
-- [JMeter](https://jmeter.apache.org/)
+- [JMeter](https://jmeter.apache.org/)
+- Create your own botnet to spam the target
diff --git a/Documentation/hack/lack-of-rate-limiting.md b/Documentation/hack/lack-of-rate-limiting.md
diff --git a/Documentation/hack/session-hijacking.md b/Documentation/hack/session-hijacking.md
@@ -1,4 +1,4 @@
-# Session Hijacking
+# Session / Cookie Hijacking
 
 ## Definition
 
@@ -28,7 +28,7 @@ To prevent session hijacking:
 
 ## Example Scenarios
 
-A common example is when an attacker intercepts a user's session cookie through an unsecured Wi-Fi network and then uses it to access the user's account on a web application.
+A common example is when an attacker intercepts a user's session cookie through an unsecured Wi-Fi network [(see http)](./http.md) and then uses it to access the user's account on a web application.
 
 ## References
 
@@ -37,4 +37,8 @@ A common example is when an attacker intercepts a user's session cookie through
 
 ## How to do it ?
 
-DO ...
+1. **See http** : [http](./http.md#how-to-do-it-)
+2. **Find the Cookie**: Locate the `Set-Cookie` header in the HTTP response packet.
+3. **Copy the Cookie**: Copy the value of the `Set-Cookie` header.
+4. **Use the Cookie**: Use the cookie to impersonate the user and gain access to their account.
+5. **Log in as the User**: Log in as the user whose cookie you stole.
diff --git a/Documentation/hack/xss.md b/Documentation/hack/xss.md
@@ -25,7 +25,7 @@ To prevent XSS attacks:
 
 ## Example Scenarios
 
-Injection with the script
+Injection with the script does this:
 ```js
 {
       id: 1,
@@ -56,4 +56,10 @@ Please replace the links with the correct URLs where the images are hosted. If t
 
 ## How to do it ?
 
-DO .....
+You need to write a blog post with a comment section. The comment section must be vulnerable to XSS. like this:
+
+![image](https://github.com/GuillaumeDorschner/HackMe/assets/44686652/38ef205f-2891-4ded-acb9-9adf5e00ad63)
+
+then all the users will exec you script when they will read your post. Example:
+
+![image](https://github.com/GuillaumeDorschner/HackMe/assets/44686652/6762aef5-8adf-4e36-a5ec-f70a4c7c3564)