XSSER – From XSS to RCE

XSSER XSSER -  From XSS to RCE Technology

From XSS to RCE 2.5 – Black Hat Europe Arsenal 2016
https://www.youtube.com/playlist?listing=PLIjb28IYMQgqqqApoGRCZ_O40vP-eKsgf ^(https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZ_O40vP-eKsgf)

  • Model 2.5 – 2016: https://www.youtube.com/playlist?listing=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj ^(https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj)
  • Necessities

    • Python (2.7.*, model 2.7.11 was once used for construction and demo)
    • Gnome
    • Bash
    • Msfconsole (available by the use of setting variables)
    • Netcat (nc)
    • cURL (curl) [NEW]
    • PyGame (apt-get set up python-pygame) [NEW]

    Payload Compatibility

    • Chrome (14 Nov 2015) – This must nonetheless paintings.
    • Firefox (04 Nov 2016) – Examined are living at Black Hat Arsenal 2016

    WordPress Lab

    • WordPress http://wordpress.org/ ^(http://wordpress.org/)
    • Higher WP Safety 3.5.3 http://www.exploit-db.com/wp-content material/subject matters/exploit/packages/c6d6beb3c11bc58856e15218d512b851-better-wp-safety.3.5.3.zip ^(http://www.exploit-db.com/wp-content/themes/exploit/applications/c6d6beb3c11bc58856e15218d512b851-better-wp-security.3.5.3.zip)
    • Not obligatory: WPSEO https://yoast.com/wordpress/plugins/web optimization/ ^(https://yoast.com/wordpress/plugins/seo/)

    WordPress Exploit

    • http://www.exploit-db.com/exploits/27290/ ^(http://www.exploit-db.com/exploits/27290/)

    Joomla Lab

    • Joomla https://www.joomla.org/ ^(https://www.joomla.org/)
    • SecurityCheck 2.8.9 https://www.exploit-db.com/apps/543ccd00b06d24be139d7e18212a0916-com_securitycheck_j3x-2.8.9.zip ^(https://www.exploit-db.com/apps/543ccd00b06d24be139d7e18212a0916-com_securitycheck_j3x-2.8.9.zip)

    Joomla Exploit

    • https://www.exploit-db.com/exploits/39879/ ^(https://www.exploit-db.com/exploits/39879/)

    Directories

    • Audio: Incorporates remixed audio notifications.
    • Exploits: Incorporates DirtyCow (DCOW) privilege escalation exploits.
    • Joomla_Backdoor: Incorporates a pattern Joomla extension backdoor which may also be uploaded as an administrator and therefore used to execute arbitrary instructions at the gadget with gadget($_GET[‘c’]).
    • Payloads/javascript: Incorporates the JavaScript payloads. Incorporates a brand new “upload new admin” payload for Joomla.
    • Shells: Incorporates the PHP shells to inject, together with a reasonably changed model of pentestmonkey’s shell that connects again by the use of wget.

    Evolved By means of

    • Hans-Michael Varbaek
    • Sense of Safety

    Credit

    • MaXe / InterN0T

    Obtain XSSER ^(https://github.com/Varbaek/xsser)

    yWz4fri42hA XSSER -  From XSS to RCE Technology

    appmarsh

    Marshmallow Android, AppMarsh.com digital technology leader.