XSSER
Presentation
- From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017
Demo
Requirements
- Python (2.7.*, version
2.7.14
was used for development and testing)
- Msfconsole (accessible via environment variables)
- Netcat (nc)
- PyGame (pip install pygame)
- jsmin (new dependency - pip install jsmin)
- xterm (previously gnome and bash)
To install the Python dependencies, you can run the following command:
pip install -r requirements.txt
If you're using a virtual environment, then you may need to use the full list:
pip install -r requirements-all-libraries-used.txt
For installation instructions on Ubuntu 16.04.1 LTS, please refer to the wiki: https://github.com/Varbaek/xsser/wiki
Removed Dependencies:
- Gnome (switched to xterm)
- Bash (only tested in bash, but should work in other terminals)
- cURL (switched to native python requests)
Payload Compatibility
- Chrome (2018) - Tested live at Black Hat Arsenal 2017 and during extras development.
- Firefox - Untested - Should still work as available JS features are almost the same.
WordPress Lab
WordPress Exploit
Joomla Lab
Joomla Exploit
Directories
- Audio: Contains remixed audio notifications.
- Exploits: Contains DirtyCow (DCOW) privilege escalation exploits.
- Hello_Shell: Contains a Joomla extension backdoor, which can be uploaded as an administrator and
subsequently used to execute arbitrary commands on the system with ?c=ls or ?c64=base64_here.
This directory was originally placed in "Joomla_Backdoor".
- Payloads/javascript: Contains the JavaScript payloads.
- Received_Data: Empty directory which will be used in future versions.
- Shells: Contains the PHP shells, including a slightly modified version of pentestmonkey's shell that
connects back via wget to send the attacker a notification of success.
Developed By
- Hans-Michael Varbaek
- VarBITS
Special Credits
- MaXe / InterN0T
- Sense of Security (Versions 2.0 - 2.5)
Code Design
- It works! (Again!)
- Still spaghetti code, but now with almost complete
PEP8
and possible refactoring in the future.
- Just-In-Time for Black Hat Europe 2017
Open Source Agenda is not affiliated with "Varbaek Xsser" Project. README Source:
Varbaek/xsser