Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/varbaek/xsser

From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras
https://github.com/varbaek/xsser

xss xss-attacks xss-exploitation xss-injection xss-poc

Last synced: 11 days ago
JSON representation

From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017 + Extras

Host: GitHub
URL: https://github.com/varbaek/xsser
Owner: Varbaek
License: other
Created: 2015-11-15T16:25:18.000Z (almost 9 years ago)
Default Branch: master
Last Pushed: 2020-02-18T19:57:19.000Z (over 4 years ago)
Last Synced: 2024-08-01T09:24:31.588Z (3 months ago)
Topics: xss, xss-attacks, xss-exploitation, xss-injection, xss-poc
Language: Python
Homepage:
Size: 812 KB
Stars: 420
Watchers: 31
Forks: 101
Open Issues: 2
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG
- License: LICENSE

Awesome Lists containing this project

README

XSSER
==========

### Presentation
* From XSS to RCE 2.75 - Black Hat Europe Arsenal 2017

### Demo
* Version 2.0 - 2015: https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZ_O40vP-eKsgf
* Version 2.5 - 2016: https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj
* Version 2.75 - 2017: None Currently Available

Requirements
------------
* Python (2.7.*, version `2.7.14` was used for development and testing)
* Msfconsole (accessible via environment variables)
* Netcat (nc)
* PyGame (pip install pygame)
* jsmin (new dependency - pip install jsmin)
* xterm (previously gnome and bash)

To install the Python dependencies, you can run the following command:

`pip install -r requirements.txt`

If you're using a virtual environment, then you may need to use the full list:

`pip install -r requirements-all-libraries-used.txt`

For installation instructions on Ubuntu 16.04.1 LTS, please refer to the wiki: https://github.com/Varbaek/xsser/wiki

Removed Dependencies:
------------
* Gnome (switched to xterm)
* Bash (only tested in bash, but should work in other terminals)
* cURL (switched to native python requests)

Payload Compatibility
------------
* Chrome (2018) - Tested live at Black Hat Arsenal 2017 and during extras development.
* Firefox - Untested - Should still work as available JS features are almost the same.

WordPress Lab
------------------
* WordPress http://wordpress.org/
* Better WP Security 3.5.3 http://www.exploit-db.com/wp-content/themes/exploit/applications/c6d6beb3c11bc58856e15218d512b851-better-wp-security.3.5.3.zip
* Optional: WPSEO https://yoast.com/wordpress/plugins/seo/

WordPress Exploit
------------------
* http://www.exploit-db.com/exploits/27290/

Joomla Lab
------------------
* Joomla https://www.joomla.org/
* SecurityCheck 2.8.9 https://www.exploit-db.com/apps/543ccd00b06d24be139d7e18212a0916-com_securitycheck_j3x-2.8.9.zip

Joomla Exploit
------------------
* https://www.exploit-db.com/exploits/39879/

Directories
------------
* Audio: Contains remixed audio notifications.
* Exploits: Contains DirtyCow (DCOW) privilege escalation exploits.
* Hello_Shell: Contains a Joomla extension backdoor, which can be uploaded as an administrator and
subsequently used to execute arbitrary commands on the system with ?c=ls or ?c64=base64_here.
This directory was originally placed in "Joomla_Backdoor".
* Payloads/javascript: Contains the JavaScript payloads.
* Received_Data: Empty directory which will be used in future versions.
* Shells: Contains the PHP shells, including a slightly modified version of pentestmonkey's shell that
connects back via wget to send the attacker a notification of success.

Developed By
------------
* Hans-Michael Varbaek
* VarBITS

Special Credits
------------
* MaXe / InterN0T
* Sense of Security (Versions 2.0 - 2.5)

Code Design
-----------
* It works! (Again!)
* Still spaghetti code, but now with almost complete `PEP8` and possible refactoring in the future.
* Just-In-Time for Black Hat Europe 2017