{"id":13539228,"url":"https://github.com/varbaek/xsser","last_synced_at":"2025-04-02T06:30:37.186Z","repository":{"id":74804127,"uuid":"46225578","full_name":"Varbaek/xsser","owner":"Varbaek","description":"From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras","archived":false,"fork":false,"pushed_at":"2020-02-18T19:57:19.000Z","size":831,"stargazers_count":423,"open_issues_count":2,"forks_count":101,"subscribers_count":30,"default_branch":"master","last_synced_at":"2024-11-03T04:32:21.530Z","etag":null,"topics":["xss","xss-attacks","xss-exploitation","xss-injection","xss-poc"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Varbaek.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2015-11-15T16:25:18.000Z","updated_at":"2024-09-01T20:23:17.000Z","dependencies_parsed_at":null,"dependency_job_id":"8146a570-48ce-48e5-8674-19e16f57a4ac","html_url":"https://github.com/Varbaek/xsser","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Varbaek%2Fxsser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Varbaek%2Fxsser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Varbaek%2Fxsser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Varbaek%2Fxsser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Varbaek","download_url":"https://codeload.github.com/Varbaek/xsser/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246767552,"owners_count":20830511,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["xss","xss-attacks","xss-exploitation","xss-injection","xss-poc"],"created_at":"2024-08-01T09:01:22.079Z","updated_at":"2025-04-02T06:30:36.772Z","avatar_url":"https://github.com/Varbaek.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["\u003ca id=\"5d7191f01544a12bdaf1315c3e986dff\"\u003e\u003c/a\u003eXSS\u0026\u0026XXE"],"readme":"XSSER\n==========\n\n\u003ca href=\"https://www.blackhat.com/eu-15/arsenal.html\"\u003e\u003cimg alt=\"Black Hat Arsenal\" src=\"https://github.com/Varbaek/xsser/blob/master/Graphics/badges/blackhat-europe-2015.svg\" /\u003e\u003c/a\u003e\n\n\u003ca href=\"https://www.blackhat.com/eu-16/arsenal.html\"\u003e\u003cimg alt=\"Black Hat Arsenal\" src=\"https://github.com/Varbaek/xsser/blob/master/Graphics/badges/blackhat-europe-2016.svg\" /\u003e\u003c/a\u003e\n\n\u003ca href=\"https://www.blackhat.com/eu-17/arsenal.html\"\u003e\u003cimg alt=\"Black Hat Arsenal\" src=\"https://github.com/Varbaek/xsser/blob/master/Graphics/badges/blackhat-europe-2017.svg\" /\u003e\u003c/a\u003e\n\n\u003ca href=\"https://www.blackhat.com/eu-18/arsenal/schedule/index.html\"\u003e\u003cimg alt=\"Black Hat Arsenal\" src=\"#Not_Available_Yet\" /\u003e\u003c/a\u003e\n\n### Presentation\n* From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017\n\n### Demo\n* Version 2.0  - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZ_O40vP-eKsgf\n* Version 2.5  - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj\n* Version 2.75 - 2017: None Currently Available \n\nRequirements\n------------\n* Python (2.7.*, version `2.7.14` was used for development and testing)\n* Msfconsole (accessible via environment variables)\n* Netcat (nc)\n* PyGame (pip install pygame)\n* jsmin (new dependency - pip install jsmin)\n* xterm (previously gnome and bash)\n\nTo install the Python dependencies, you can run the following command:\n\n`pip install -r requirements.txt`\n\nIf you're using a virtual environment, then you may need to use the full list:\n\n`pip install -r requirements-all-libraries-used.txt`\n\nFor installation instructions on Ubuntu 16.04.1 LTS, please refer to the wiki: https://github.com/Varbaek/xsser/wiki\n\nRemoved Dependencies:\n------------\n* Gnome (switched to xterm)\n* Bash (only tested in bash, but should work in other terminals)\n* cURL (switched to native python requests)\n\nPayload Compatibility\n------------\n* Chrome (2018) - Tested live at Black Hat Arsenal 2017 and during extras development.\n* Firefox - Untested - Should still work as available JS features are almost the same.\n\nWordPress Lab\n------------------\n* WordPress http://wordpress.org/\n* Better WP Security 3.5.3 http://www.exploit-db.com/wp-content/themes/exploit/applications/c6d6beb3c11bc58856e15218d512b851-better-wp-security.3.5.3.zip\n* Optional: WPSEO https://yoast.com/wordpress/plugins/seo/\n\nWordPress Exploit\n------------------\n* http://www.exploit-db.com/exploits/27290/\n\nJoomla Lab\n------------------\n* Joomla https://www.joomla.org/\n* SecurityCheck 2.8.9 https://www.exploit-db.com/apps/543ccd00b06d24be139d7e18212a0916-com_securitycheck_j3x-2.8.9.zip\n\nJoomla Exploit\n------------------\n* https://www.exploit-db.com/exploits/39879/\n\nDirectories\n------------\n* Audio: Contains remixed audio notifications.\n* Exploits: Contains DirtyCow (DCOW) privilege escalation exploits.\n* Hello_Shell: Contains a Joomla extension backdoor, which can be uploaded as an administrator and \n               subsequently used to execute arbitrary commands on the system with ?c=ls or ?c64=base64_here.\n               This directory was originally placed in \"Joomla_Backdoor\".\n* Payloads/javascript: Contains the JavaScript payloads.\n* Received_Data: Empty directory which will be used in future versions.\n* Shells: Contains the PHP shells, including a slightly modified version of pentestmonkey's shell that \n          connects back via wget to send the attacker a notification of success.\n\nDeveloped By\n------------\n* Hans-Michael Varbaek\n* VarBITS\n\nSpecial Credits\n------------\n* MaXe / InterN0T\n* Sense of Security (Versions 2.0 - 2.5)\n\nCode Design\n-----------\n* It works! (Again!)\n* Still spaghetti code, but now with almost complete `PEP8` and possible refactoring in the future.\n* Just-In-Time for Black Hat Europe 2017\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvarbaek%2Fxsser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvarbaek%2Fxsser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvarbaek%2Fxsser/lists"}