Jump to content
Fi8sVrs

XSS Attack - Busting Browsers to Root!

By Fi8sVrs, in Tutoriale video

Recommended Posts

  • Active Members
Fi8sVrs Rookie

Fi8sVrs

Posted
  • Active Members
Posted

This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.

1) We will use a cross-site scripting vulnerability as the initial attack vector

2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)

3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access

4) Elevate our privileges to system-level

5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer

Video: XSS Attack - Busting Browsers to Root! on Vimeo

CREDITS

Attack Demo by: Qjax - securitystreetknowledge.com

XSSF Framework by: Lodovic Courgnaud - CONIX Security

Putty Password Dump by: Colin Ames @ David Kerb

Music by: x1machine

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...