Jump to content
Fi8sVrs

XSS Attack - Busting Browsers to Root!

Recommended Posts

  • Active Members

This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.

1) We will use a cross-site scripting vulnerability as the initial attack vector

2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)

3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access

4) Elevate our privileges to system-level

5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer

Video: XSS Attack - Busting Browsers to Root! on Vimeo

CREDITS

Attack Demo by: Qjax - securitystreetknowledge.com

XSSF Framework by: Lodovic Courgnaud - CONIX Security

Putty Password Dump by: Colin Ames @ David Kerb

Music by: x1machine

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...