Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by wh1t3halcy0n on Sat Feb 20, 2010 2:43 pm
([msg=35427]see Re: Please ask questions ONLY in this topic.[/msg])

Gautham R wrote:guys, can anyone post a link where can i get a good tutorial for this xss and c**k** s***l**g...
I am not able to get any material where i can do it without a webpage of my own...


Actually the site that helped me the most wasn't a security site. It was just a basic tutorial site surprisingly.... Read about javascript and the variable window to be specific.

http://www.infimum.dk/HTML/JSwindows.html
wh1t3halcy0n
New User
New User
 
Posts: 42
Joined: Wed Feb 17, 2010 3:09 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Gautham R on Sat Feb 20, 2010 3:28 pm
([msg=35435]see Re: Please ask questions ONLY in this topic.[/msg])

wh1t3halcy0n wrote:
Gautham R wrote:guys, can anyone post a link where can i get a good tutorial for this xss and c**k** s***l**g...
I am not able to get any material where i can do it without a webpage of my own...


Actually the site that helped me the most wasn't a security site. It was just a basic tutorial site surprisingly.... Read about javascript and the variable window to be specific.

http://www.infimum.dk/HTML/JSwindows.html


Thanks...that was quite useful
Have completed the mission now:)
Gautham R
New User
New User
 
Posts: 5
Joined: Wed Feb 17, 2010 12:22 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by HNicolai on Sat Mar 13, 2010 8:17 am
([msg=36671]see Re: Please ask questions ONLY in this topic.[/msg])

haha01haha01 wrote:i know how to use XSS, i tried already about 200 different cookie stealing scripts, and i even know how to clean the logs, but it wont accept my cookie stealer!

can one of the people who finished this give us hints on how is the script supposed to look like? (e.g. do you need to write language="JavaScript" after <script)

EDIT: done. for those who are still trying, heres a hint (since really, this has NOTHING to do with hacking\programming). you need to use window instead of document. if someone thinks that this is a spoiler tell me and i will remove it, but i think it isnt because in an actual site both would work.

THANKS! I've been trying lot's of XXS attacks, but none for them worked because I've used "docuemt." and not "window."

Also heres some "hints" (not really "hints" but more some "tips"):
  • The "demo" program is crap, you don't need it... And it does not really work, so don't worry
  • You don't need to setup a cookiestealer, just image you own the host "hts.com" and a file called "c.php" exist on the host.
HNicolai
New User
New User
 
Posts: 4
Joined: Sat Jul 05, 2008 7:30 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by goodwillwins on Sun Mar 14, 2010 7:27 am
([msg=36720]see Re: Please ask questions ONLY in this topic.[/msg])

Looks like mcrap is gone on a holiday.....................

:(

-- Sun Mar 14, 2010 6:09 pm --

ok i thinks he's back......... :D

haha01haha01 wrote:....................



Thanks Man.
goodwillwins
New User
New User
 
Posts: 6
Joined: Sat Mar 13, 2010 11:59 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by darthyutsi1 on Sat Apr 03, 2010 5:04 pm
([msg=37675]see Re: Please ask questions ONLY in this topic.[/msg])

I don't have a website that allows me to upload files to the server, anyone know of a free one, and if so point me to a tutorial on how to put php code in a website?
darthyutsi1
New User
New User
 
Posts: 4
Joined: Tue Feb 09, 2010 10:55 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by sanddbox on Sat Apr 03, 2010 5:23 pm
([msg=37676]see Re: Please ask questions ONLY in this topic.[/msg])

darthyutsi1 wrote:I don't have a website that allows me to upload files to the server, anyone know of a free one, and if so point me to a tutorial on how to put php code in a website?

There is no website needed.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Algorithm Crypt on Fri Jun 25, 2010 1:03 am
([msg=40779]see Re: Please ask questions ONLY in this topic.[/msg])

hmmm so quick roundup on all the hints on this forum just to make sure I`ve got this down pat. and to help all the Others. ^_^
1.do not need to download demo
2. do not need a host website for the cookie stealer
3. languages used are Xss, Javascript. (possibly others?)
4. does not require a lengthy script (learned it just now :) )
5. to create the cookie stealer, it needs to have and XSS but also has the javascript "window()" function.

about the cookie stealer, my problem is my code I believe, but I sent it to the boss (m-****) through his email, correct?
sooo... the script has 3-4 lines of code including the
Code: Select all
<language identifier></language identifier>
.
it seems logical but obviously its not the correct one.
is it possible (to use only 3-4 lines of code to use in the script?) or do I need more code?

again heres an outline of the code that I am utilizing
(not spoiling I hope )
Code: Select all
<script>
//javascript that  includes the window() function and the get cookie command
</script>


oh yes, do I send the boss the script by mail? or some other way? I have mostly done it through mail.
Algorithm Crypt
New User
New User
 
Posts: 2
Joined: Wed Jun 16, 2010 10:49 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Narphet on Sat Jun 26, 2010 5:30 pm
([msg=40834]see Re: Please ask questions ONLY in this topic.[/msg])

XSS isn't a language.

Can someone point me to where exactly I'm supposed to send the c****e? The only ways I can see are the PMs and the Contact page... but javascript can't send POST requests without resorting to really lengthy code so PMs seem to be out of the question... do I have to use the Contact page, then?
Narphet
New User
New User
 
Posts: 30
Joined: Tue Jun 22, 2010 4:42 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sat Jun 26, 2010 7:19 pm
([msg=40839]see Re: Please ask questions ONLY in this topic.[/msg])

Narphet wrote:XSS isn't a language.

Can someone point me to where exactly I'm supposed to send the c****e? The only ways I can see are the PMs and the Contact page... but javascript can't send POST requests without resorting to really lengthy code so PMs seem to be out of the question... do I have to use the Contact page, then?


Think simple, my friend. As far as I remember, the simplest way will give you what you're looking for.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Narphet on Sun Jun 27, 2010 7:29 am
([msg=40849]see Re: Please ask questions ONLY in this topic.[/msg])

...ok, I've got it now. Never even thought of using m*****.
Narphet
New User
New User
 
Posts: 30
Joined: Tue Jun 22, 2010 4:42 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 9) CrappySoft

Who is online

Users browsing this forum: No registered users and 0 guests