XSS Shell, backdooring the web...

I downloaded it and set it up following the directions in the readme. The promblem I am having is that with debugging on I can see the client connect in the debugger but it never shows up in the admin panel as a victim.

In debug screen you should see a request to commands.asp. URL is correct? Db folder has write permissions? Copy that URL and try it, is it working? Should be related with that.

in readme.txt :
Now open your admin interface from your browser,
To test it, just modify "sample_victim/default.asp" source code and replace " http://attacker:81/release/xssshell.js" URL with your own XSS Shell URL. Open "sample_victim" folder in some other browser and may be upload in to some other server.

q:
i can't see any " http://attacker:81/release/xssshell.js" in "sample_victim/default.asp" source code

Not xssshell.js should be http://attacker:81/xssshell.asp

Where did the great demo go to?!

Demo (they are lurking)
- http://ferruh.mavituna.com/xssshell/demo/
- http://ferruh.mavituna.com/xssshell/demo/wide/

Installition and Setup Checklist,

- Do steps in readme.txt to setup
- Check database permissions
- Check paths
- Check IP Addresses
- Server should support ASP
- ASP files are working by making requests to them from browser
- Don't use free webservers which are adding extra HTML code (this will break XSS Shell because of JS errors)
- Open DEBUG from xssshell.asp to see what's going on and what's the problem.

Still you got a problem?
- Install Firebug extension for Firefox and check repsonses for server-side errors and check Javascript errors.

You can send me these errors if you can't figure out.

what make me confuse is that in the "xssshell.asp", under the variable "SERVER", i need to set it to, say i create a virtual server to the "xssshell" folder (not "xssshell" directory that includes the "db", "sample_victim" folders ???), " http://myhost/xssshell", and the value for the variable "ME" is set by SERVER + "xssshell.asp?p=1<%=vicAdd%>" which give the value of ME as " http://myhost/xssshell/xssshell.asp?p=1<%=visAdd%>". How can the "xssshell.asp" exists in the "xssshell" folder or do we need to copy it to "xssshell" folder?? By default setting, same thing happens to the variables CONNECTOR and COMMANDS_URL which both have the value " http://myhost/xssshell/xssshell/connector.asp" and " http://myhost/xssshell/xssshell/commands.asp" respectively.

i still not able to set it correctly, anyone can help ??

thanks in advance,

i got this error "$A is not defined" in prototype.js when accessing the xssshell.asp

regards,

Here are core variables. If you want you can just hardcode them instead of useing SERVER variable.

SERVER
Server is your xssshell URL which is goes like http://www.yoursite.com style

ME
xssshell.asp full URL. This should point to your xssshell.asp file.

CONNECTOR
This should point to your connector listener, connector.asp (by default connector is under xssshell folder)

COMMANDS_URL
This should point to your commands pusher, commands.asp (by default connector is under xssshell folder)

in "xssshell.asp" if i set the SERVER to the " http://myhost/xssshell/" where my xssshell:

xssshellv039----------
|
-----xssshell
|
-----db
|
-----sample_victim
|
-----xssshell.asp
then, by default the variables for CONNECTOR & COMMANDS_URL would be " http://myhost/xssshell/xssshell/connectors.asp" and " http://myhost/xssshell/xssshell/commands.asp". isn't it this is invalid url ??

i know i can set the variables for CONNECTOR & COMMANDS_URL by removing the prefix "xssshell", but anyone can explain how to set it correctly n wat value should i set for the SERVER assuming i setup the virtual server to "xssshell" folder and not the "xssshellv039" ???

i spend ald a day for setting up this, i can only see the XSS Shell admin but the testing victim always failed :(

thanks in advance,

what make me confuse is that in the "xssshell.asp", under the variable "SERVER", i need to set it to, say i create a virtual server to the "xssshell" folder (not "xssshell" directory ...

If you mean "virtual directory" which, it's same and you can use it just like normal folder. So if you open xssshell virtual folder yes it will be translate into http://localhost/xssshell/xssshell.asp and your commands.asp will be in http://localhost/xssshell/xssshell/commands.asp
It should work well.

If you mean virtual host, this is invisible to application so it should just work again.


Second issue,
i got this error "$A is not defined" in prototype.js when accessing the xssshell.asp

Unfortunately this is one of the stupid errors from 3rd party AJAX libraries. Just ignore it. It shouldn't affect anything. But check for request responses in Firebug if there is an ASP error in there, that would be the reason.

i'm still not able to connect it correctly and when i test the sample_victim [ http://localhost/xssshell/victim/], i got the following error :

[Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIXMLHttpRequest.status]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: http://nofear0720/xssshell/js/moo.ajax.js :: anonymous :: line 27" data: no]

i think my setting for xssshell.asp is no problem, but i still can't connect the the admin shell using the sample victim.

any help given will be appreicated.....

thanks in advance,

i keep getting this error when i connect to the admin shell from victim's page:

syntax error
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" " http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

in the "headers.asp" page, can anyone helps ???

thanks in advance,

I don't know why it seems so complicated. Maybe because of xssshell folder name.

Put all files to webserver it's going to work change http://attacker/ to server address.

If you don't put into root then you just need change SERVER variable;


// You XSSShell Server
var SERVER = " http://attacker/";

Change to;


// You XSSShell Server
var SERVER = " http://attacker/YOURFOLDERNAME/";

syntax error
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[w] http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

There shouldn't be syntax error in there possibly you are getting an error from ASP. Try to checkout full response from Firebug.

maybe you are right, the folder name had confused me before, but i'd tried all possible configuration of setting up (even with your last comments).

perhaps there is some problem with my web server (iis5), and maybe i should try on linux platform during my free time.

this is first ever "simple" task that i fail to achive so far.

anyway, Ferruh, thanks for your patience and attentions .. :D

The script works on Windows XP Professional SP2? I've tried to make the sscript work but i don't received any ip. I have IIS installed on my Win Xp Professional.

how do you make the DB file read/write? I always use apache, never used IIS before. Do I just right click the 'db' folder and uncheck read-only?

Could some please tell me if ive done this right;
I download a web server program (netserve webserver), and i put all the xss shell file in to a directory, i changed the server url, when i go to 127.0.0.1:81/xssshell, it just lists all the files in the directory. It doesn't show the graphical interface like in the video. What am i doing wrong?

hi i cannot get this to work, how do i setup the ms access stuff? can i not use flat file more info please the readme doesnt explain enough

yes i have the same problem like zidane i can see the files in the directory and not like in video demo

somebody cand help me help us :) make a video how to install if somebody can....

I Have this errors:


Microsoft JET Database Engine (0x80004005)

/xss/xssshell/fmlibrary/fmlibraryv3.asp, line 193

# Tipo de error:
Microsoft JET Database Engine (0x80004005)
Error no especificado
/xss/xssshell/fmlibrary/fmlibraryv3.asp, línea 193

# Tipo de explorador:
Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1

# Página:
GET /xss/xssshell/Default.asp