Active Members Fi8sVrs Posted August 2, 2011 Active Members Report Share Posted August 2, 2011 This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.1) We will use a cross-site scripting vulnerability as the initial attack vector2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access4) Elevate our privileges to system-level5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computerVideo: XSS Attack - Busting Browsers to Root! on VimeoCREDITSAttack Demo by: Qjax - securitystreetknowledge.comXSSF Framework by: Lodovic Courgnaud - CONIX Security Putty Password Dump by: Colin Ames @ David KerbMusic by: x1machine Quote Link to comment Share on other sites More sharing options...
bt.ionut Posted August 2, 2011 Report Share Posted August 2, 2011 Foarte frumos. Quote Link to comment Share on other sites More sharing options...