Tutorial:
Download : http://www.portcullis-security.com/tools/free/XSSShell039.zip
* This method is very interesting as no matter what browser, OS , anything the Person viewing the page becomes infected! They dont have to download a single thing! Just view the page! This is Undetectable by AVs too! And can get 1000s of hits in minutes. So this is some good shit im releasing here Big Grin. This can be used to gleam passwords, DDOS Sites, Keylogging, Get IP address, Get URL History of Victims, Crach Victims browser, Execute code on the victim and change the page they are viewing. This can also be used to hack websites if the admin views the page. This will probably take about 20mins to set up. The out put is a screen with a list of zombies at your control that viewed your page
* Set up a free webhosting forexample on 7host or something, im not going to explain that now as it will take to long and there easy to set up. Okay so once you have your host, download a FTP client like FileZilla and connect to your host, Copy the xssshell folder to your webserver, and modify the password in db.asp to one that suits you, the default is w00t, this is just so other people cant control your zombies.
* Next Open xssshell.asp and edit the details to match your server , each http://www.yourhost.com/xssshell (you will find it when you open the file, make sure all the variables are the correct settings. Upload all the files to the server and use the link to xssshell.asp in your XSS VUlns so when people click it you have control.
No comments:
Post a Comment