Monday, 23 January 2017

Cross Site Scripting XSS-4 (hack username and password)

XSS video tutorial

Steps and instructions - 

In this tutorial we will hack username and password with setoolkit from a target website using redirected XSS.

In the previous tutorial I have shown you guys in brief. But today we will conduct a full pen test.

Some terminologies - 

XSS - Cross Site Scripting is a process of adding malicious code in a website for exploitation.

Website cloning - Making the exact same duplicate website.

Setoolkit - Social engineering attacking tools set.

Requirements - 

* Firefox browser

* A target website to practice the test 

Steps -

* Open a terminal and type "setoolkit" to make a cloned website

You will get the Setoolkit console.

* Choose social engineering attack by typing 1

* Choose website attack vectors by typing 2

* Choose 3 as we are harvesting the credentials 

* Now we choose site cloner as we want to clone our target. Type 2

You will get a screen like this 

* Setoolkit is asking for your IP address to make a fake website

 Type in ifconfig in a new terminal to know your IP address and enter that IP in the Set console

Then it will ask us for which website it should clone.

I have a lab running called DVWA which will be my target website today.

* Copy the target url and paste it 

This is the target website

After entering the URL, set will start cloning and will ask you to run the apache server. Say "y" ie yes.

The cloning process is done.

* Now we want to insert our malicious codes to do XSS. This will be a redirect XSS.

I will insert my code in sign book. You can add the code anywhere like comment box or a search tab.

This is my insert section ie the sign book

Add the code in the comment box -



<script> - to start the script

window.location - is to redirect - your IP address which you had given in setoolkit

</script> - to close the script

Add this exact code in the message tab or comment tab of your target website

As I was adding my code, it wont let me add more characters then 50.

The limit is 50 keys in the comment box.

You will have some website restricting the user to 50 character limit.

We have to bypass this now.

I will right click in the comment tab, you will get the option to "inspect element"

After clicking on the "inspect element" you will get some codes in the sidebar like this.

And as you can see that here it says that maxlength="50"

We will change it to maxlenght="100"

Then after hitting enter you can add 100 characters in the comment tab.

This is rare. But in some websites these are to be found.

There is an alternate method to bypass this. Using Burpsuite.... We can intercept the packets and requests.

I have made a separate tutorial on it. You can find it here 

Moving on...

Enter the complete script 

* When we hit enter, we will be redirected to our cloned website with our IP address.


When a user of this website visits and tries to access the the website, he will be redirected to our fake duplicate server site.

When he enters the username and password, like i did 

Username - hacking

Password - monks

The password will be saved in the setoolkit folder.

To access the file containing username and password, browse through - computer/var/www/html

Her in this folder you will get the harveter.txt file.

Open that file 

Boom baby

That's it for this tutorial guys.

If you have missed the XSS basics, catch them here and here and here

See you guys in the next hack.

But, untill then "Have a safe hack"

You may want to see more tuts - 


  1. nice am aspiring ethical hacker

    1. Great Article Cloud Computing Projects

      Networking Projects

      Final Year Projects for CSE

      JavaScript Training in Chennai

      JavaScript Training in Chennai

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  2. Perhaps the best understood of the hack classes, the pleasure hack judges how quiet and calm a horse is. The theory is that a pleasure horse should be a pleasure to ride. Walking War Robots Hack

  3. Many people are under the feeling that cell phone voice message is just open from the cell phone itself and some may even trust that messages are put away on the to hack text messages

  4. Does the word hacking scare you? Ironically it is hacking but legal hacking that is doing us good.Learn Ethical Hacking

  5. Those who run an online business, or work with computers in some other capacity, are at risk from unscrupulous hackers. But what if you were able to step in and stop them?BluePortal

  6. What good does that do a hacker? You certainly cannot do much in the way of identity theft with just their mailing address.Musically fans hack

  7. My friends suggested me to read this post and I am extremely happy that they did that. This proreviewly post is one of the most brilliant posts that I have read in my life. The information I gathered from this was very special and it helped my work out a lot. If you would continue to provie more posts like this one, then that'd be great.

  8. A 'white hat' hacker is a moral hacker who runs penetration testing and intrusion testing.chaturbate token currency hack

  9. I was reading some of your content on this website and I conceive this internet site is really informative ! Keep on putting up.
    adult chat

  10. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much.
    vr webcam couples

  11. Keep it up; keep posting more n more n more.
    ohmibod webcams

  12. This is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here keep up the good work live adult chat

  13. For what reason must you play with other individuals just to utilize undermine them roblox jailbreak hack

  14. Blue Portal offers one of the most powerful Facebook hack tools available on the World Wide Web.

  15. The composition of this blog is basic yet so effective and solid.
    paypal money hack

  16. Thanks for a wonderful share. Your article has proved your hard work and experience you have got in this field. Brilliant .i love it reading. geile weiber

  17. Good website! I truly love how it is easy on my eyes it is. I am wondering how I might be notified whenever a new post has been made. I have subscribed to your RSS which may do the trick? Have a great day! virtual reality cam

  18. If this is your first article on hacking then surely you will get some potential insight on hacking after reading this. My article gives a simple overview on ethical hackers.YeahHub Hacking Tutorials

  19. This is such a great resource that you are providing and you give it away for free. vr cams

  20. Thank you so much for sharing this great blog.Very inspiring and helpful too.Hope you continue to share more of your ideas.I will definitely love to read. vr adult cam

  21. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info.
    adult site

  22. This is such a great resource that you are providing and you give it away for free. I love seeing websites that understand the value of providing a quality resource for free. It is the old what goes around comes around routine.
    adult site

  23. I wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. adult site

  24. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. adult chat

  25. Almost all will agree success in internet marketing will often hinge around whether or not a decent website is employed as a promotional tool. Most do understand the necessity of creating an excellent website. whatsapp status videos download

  26. A blog that mushroomed from visual illumination.
    Life Hacks and Tips

  27. We have sell some products of different custom is very useful and very low price please visits this site thanks and please share this post with your friends. bongacam

  28. This is a great inspiring article.I am pretty much pleased with your good work.You put really very helpful information. Keep it up. Keep blogging. Looking to reading your next post.

  29. This is very interesting content! I have thoroughly enjoyed reading your points and have come to the conclusion that you are right about many of them. You are great. ไวอากร้า

  30. Why go somewhere else when you’ve got such a beautiful blog right in front of you.

  31. Cybersex fixation fortifies a non-hint, non-social, and non-requesting sexual experience - an isolates, separated physical excitement equipped to the self-immersed distraction run of the mill of addictive sexual conduct.หนังโป๊เกาหลี

  32. We need more such articles that we can read with such enthusiasm.
    Instaport password hacker

  33. I know your expertise on this. I must say we should have an online discussion on this. Writing only comments will close the discussion straight away! And will restrict the benefits from this information. visit site

  34. I real glad to uncover this web internet site on bing, just what I was searching for.

  35. Great post i must say and thanks for the information. Education is definitely a sticky subject. However, is still among the leading topics of our time. I appreciate your post and look forward to more home cleaning new york vpn veteran

  36. Wow, What a Excellent post. I really found this to much informatics. It is what i was searching for.I would like to suggest you that please keep sharing such type of info.Thanks chatbate

  37. I was surfing net and fortunately came across this site and found very interesting stuff here. Its really fun to read. I enjoyed a lot. Thanks for sharing this wonderful information. internetprivatsphare

  38. I am extremely delighted in for this web journal. Its a useful subject. It help me all that much to take care of a few issues. Its chance are so awesome and working style so rapid.

  39. I like your post. It is good to see you verbalize from the heart and clarity on this important subject can be easily observed... chaterbate