Please ask questions ONLY in this topic.

[wh1t3halcy0n]

guys, can anyone post a link where can i get a good tutorial for this xss and c**k** s***l**g...
I am not able to get any material where i can do it without a webpage of my own...

Actually the site that helped me the most wasn't a security site. It was just a basic tutorial site surprisingly.... Read about javascript and the variable window to be specific.

http://www.infimum.dk/HTML/JSwindows.html

[Gautham R]

guys, can anyone post a link where can i get a good tutorial for this xss and c**k** s***l**g...
I am not able to get any material where i can do it without a webpage of my own...

Actually the site that helped me the most wasn't a security site. It was just a basic tutorial site surprisingly.... Read about javascript and the variable window to be specific.

http://www.infimum.dk/HTML/JSwindows.html

Thanks...that was quite useful
Have completed the mission now:)

[HNicolai]

i know how to use XSS, i tried already about 200 different cookie stealing scripts, and i even know how to clean the logs, but it wont accept my cookie stealer!

can one of the people who finished this give us hints on how is the script supposed to look like? (e.g. do you need to write language="JavaScript" after <script)

EDIT: done. for those who are still trying, heres a hint (since really, this has NOTHING to do with hacking\programming). you need to use window instead of document. if someone thinks that this is a spoiler tell me and i will remove it, but i think it isnt because in an actual site both would work.

THANKS! I've been trying lot's of XXS attacks, but none for them worked because I've used "docuemt." and not "window."

Also heres some "hints" (not really "hints" but more some "tips"):

• The "demo" program is crap, you don't need it... And it does not really work, so don't worry
• You don't need to setup a cookiestealer, just image you own the host "hts.com" and a file called "c.php" exist on the host.

[goodwillwins]

Looks like mcrap is gone on a holiday.....................



-- Sun Mar 14, 2010 6:09 pm --

ok i thinks he's back.........

....................

Thanks Man.

[darthyutsi1]

I don't have a website that allows me to upload files to the server, anyone know of a free one, and if so point me to a tutorial on how to put php code in a website?

[sanddbox]

I don't have a website that allows me to upload files to the server, anyone know of a free one, and if so point me to a tutorial on how to put php code in a website?

There is no website needed.

[Algorithm Crypt]

hmmm so quick roundup on all the hints on this forum just to make sure I`ve got this down pat. and to help all the Others. ^_^
1.do not need to download demo
2. do not need a host website for the cookie stealer
3. languages used are Xss, Javascript. (possibly others?)
4. does not require a lengthy script (learned it just now )
5. to create the cookie stealer, it needs to have and XSS but also has the javascript "window()" function.

about the cookie stealer, my problem is my code I believe, but I sent it to the boss (m-****) through his email, correct?
sooo... the script has 3-4 lines of code including the

Code: Select all

<language identifier></language identifier>

.
it seems logical but obviously its not the correct one.
is it possible (to use only 3-4 lines of code to use in the script?) or do I need more code?

again heres an outline of the code that I am utilizing
(not spoiling I hope )

Code: Select all

<script>
//javascript that  includes the window() function and the get cookie command
</script>


oh yes, do I send the boss the script by mail? or some other way? I have mostly done it through mail.

[Narphet]

XSS isn't a language.

Can someone point me to where exactly I'm supposed to send the c****e? The only ways I can see are the PMs and the Contact page... but javascript can't send POST requests without resorting to really lengthy code so PMs seem to be out of the question... do I have to use the Contact page, then?

[conscience]

XSS isn't a language.

Can someone point me to where exactly I'm supposed to send the c****e? The only ways I can see are the PMs and the Contact page... but javascript can't send POST requests without resorting to really lengthy code so PMs seem to be out of the question... do I have to use the Contact page, then?

Think simple, my friend. As far as I remember, the simplest way will give you what you're looking for.

[Narphet]

...ok, I've got it now. Never even thought of using m*****.