EvilZone

Common guys why is so hard to teach someone something new? This is the tutorial section and are ment to spread knowledge.

What's the point of having a tutorial section if we are going to criticize every one that makes a question?

I really don't understand how can you infect someone by giving the link that contains localhost's address. There should be an advanced configuration I think. It's not that easy
.

It's not that hard. When you start up BeeF directly connected to the internet, having an external IP associated to your network card (check it out with ifconfig and make sure to know what's the difference between an internal IP and a external IP), BeeF should give you URI with your external IP.

After you have this Script on the outside you could include it on a phishing, hack a site and put it into an iframe, create a domain with a fake site and spread it, or just raise an Apache in the same IP with a simple HTML with beef embedded and pass your IP with a http:// to a friend of yours to test this tool.

Of course you could learn a lot of Javascript, that would be pretty useful for you but this is a very complete suite for attacks and it saves a lot of time. There's no need to reinvent the wheel.

Perhaps the best would be that you spend hours, days, weeks, years reading and reading but this can be a fun way to learn asking yourself "Why this works like this?" "Why it isn't working?" and such.

Cheers

ok, since this topic is here, i always have a question about it.

I made a page like this before ( 4 testing ) and was wondering how to change the PHP code to make it take the users input and pass it to the real website to log in and redirect the user after that to the website  "after logging in" ?

I think we will need to make him has a cookies with that credential, but how ?

That will make him a lot less suspicious after the redirection .

Curl can make that for you: http://php.net/manual/en/book.curl.php

• Check how Facebook do the login POST request
• Config a POST with the $user and $pass vars
• A cookiejar could be used to store the generated cookie
• Use mail function to send the login to an account of your choice

Not sure about the cookiejar but CURL will make your life easier to make request either using regular HTTP or HTTPS
 

You guys might wanna check out this project: https://github.com/alfred-gw/torirc

No you dont do it automatically with scanners/tools.
No tool exists that can find an 0day for you. ¿

There are tool for finding 0days actually such as:


RIPS: http://sourceforge.net/projects/rips-scanner/
SWAT:https://www.owasp.org/index.php/Category:OWASP_SWAAT_Project


Among others which performs an static analysis (Code Review).


Of course you can't compare it with a manual static/dynamic analysis of a Web Application.


There are logic flaws which would be impossible for a Tool to find out. And regular vulnerabilities which have to be exploited in some other kind of way since it's not always matching the defined heuristic.

Wanna learn how to find 0days in Web Apps?

• Learn to code
• Learn how to code secure
• Learn how do static and dynamic analysis

Check OWASP for references

0-days in web apps are easy, but usually not really interesting. A CSRF vulnerability in a WordPress plugin is not interesting at all. An arbitrary code execution in the base WordPress system is interesting

Interest depends on how far your imagination can go. A CSRF attack well performed can create an administrator in a sensitive blog.

The xmlrpc in Wordpress didn't seem to have a great usage, but when you combine it with a small botnet you could have 90% of the Wordpress Blogs (at least when it was realeased) performing a DDoS attack at some target of your choice