Learn more Log in Social login does not work in incognito and private browsers. Please log in with your username or email to continue. No account yet? Create an account. Edit this Article. We use cookies to make wikiHow great. By using our site, you agree to our cookie policy. Cookie Settings. Learn why people trust wikiHow. Download Article Explore this Article methods. Sample Cookie Catcher Code. Tips and Warnings. Related Articles. Author Info Last Updated: December 4, Method 1.
Find a vulnerable site where you can post content. A message board is a good example. Remember, if the site is not vulnerable to a cross-site scripting attack, then this will not work. Go to create a post. You will need to type some special code into the "post" which will capture the data of all who click on it. You'll want to test to see if the system filters out code. Create and upload your cookie catcher. The goal of this attack is to capture a user's cookies, which allows you access to their account for websites with vulnerable logins.
You'll need a cookie catcher, which will capture your target's cookies and reroute them. Upload the catcher to a website you have access to and that supports PHP and is vulnerable to remote code execution via upload.
An example cookie catcher code can be found in the sample section. Post with your cookie catcher. Say I have a website www. Under the website directory there is a page secret. It can be accessed directly like www. Is it possible to discover this page, or will it remain hidden from outside world? If you have directory listing disabled in your webserver, then the only way somebody will find it is by guessing or by finding a link to it.
That said, I've seen hacking scripts attempt to "guess" a whole bunch of these common names. Usually, web servers disable directory listing, so if there is really no link to the page, then it cannot be found. BUT: information about the page may get out in ways you don't expect. For example, if a user with Google Toolbar visits your page, then Google may know about the page, and it can appear in its index.
That will be a link to your page. Yes, you can, but you need a few tools first. You need to know a little about basic coding, FTP clients, port scanners and brute force tools, if it has a.
If not just try tgp. You'll hit a file after a few tries then work off that. Yahoo has a site file viewer too: you can try to scan sites file indexes. Alternatively, try brutus aet, trin00, trinity.
DirBuster is such a hacking script that guesses a bunch of common names as nsanders had mentioned. Sign up, Add your site and Start receiving votes! It only takes 10 seconds! Share this Top Site List. Add a site to the list Browse list members List Stats sites 3, votes , hits.
Login with one of these social networks Vote Comments. The Home of Carders We give free Credit cards dump, bank accounts, paypal. A web application aka website is an application based on the client-server model. The server provides the database access and the business logic. It is hosted on a web server. The client application runs on the client web browser. Web applications are usually written in languages such as Java, C , and VB. Most web applications are hosted on public servers accessible via the Internet.
This makes them vulnerable to attacks due to easy accessibility. The following are common web application threats.
0コメント