XSSER – From XSS to RCE

From XSS to RCE 2.5 – Black Hat Europe Arsenal 2016

Demo

Necessities

  • Python (2.7.*, model 2.7.11 was once used for construction and demo)
  • Gnome
  • Bash
  • Msfconsole (available by the use of setting variables)
  • Netcat (nc)
  • cURL (curl) [NEW]
  • PyGame (apt-get set up python-pygame) [NEW]

Payload Compatibility

  • Chrome (14 Nov 2015) – This must nonetheless paintings.
  • Firefox (04 Nov 2016) – Examined are living at Black Hat Arsenal 2016

WordPress Lab

WordPress Exploit

Joomla Lab

Joomla Exploit

Directories

  • Audio: Incorporates remixed audio notifications.
  • Exploits: Incorporates DirtyCow (DCOW) privilege escalation exploits.
  • Joomla_Backdoor: Incorporates a pattern Joomla extension backdoor which may also be uploaded as an administrator and therefore used to execute arbitrary instructions at the gadget with gadget($_GET[‘c’]).
  • Payloads/javascript: Incorporates the JavaScript payloads. Incorporates a brand new “upload new admin” payload for Joomla.
  • Shells: Incorporates the PHP shells to inject, together with a reasonably changed model of pentestmonkey’s shell that connects again by the use of wget.

Evolved By means of

  • Hans-Michael Varbaek
  • Sense of Safety

Credit

  • MaXe / InterN0T

Marshmallow

Marshmallow Man, AppMarsh.com blog spiritual leader, has strived to make AppMarsh an independent and free blog from world monetary system. He and his followers are exiled by Google monster.