XSSER – From XSS to RCE

XSSER - From XSS to RCE

From XSS to RCE 2.5 – Black Hat Europe Arsenal 2016

Demo

Necessities

  • Python (2.7.*, model 2.7.11 was once used for construction and demo)
  • Gnome
  • Bash
  • Msfconsole (available by the use of setting variables)
  • Netcat (nc)
  • cURL (curl) [NEW]
  • PyGame (apt-get set up python-pygame) [NEW]

Payload Compatibility

  • Chrome (14 Nov 2015) – This must nonetheless paintings.
  • Firefox (04 Nov 2016) – Examined are living at Black Hat Arsenal 2016

WordPress Lab

WordPress Exploit

Joomla Lab

Joomla Exploit

Directories

  • Audio: Incorporates remixed audio notifications.
  • Exploits: Incorporates DirtyCow (DCOW) privilege escalation exploits.
  • Joomla_Backdoor: Incorporates a pattern Joomla extension backdoor which may also be uploaded as an administrator and therefore used to execute arbitrary instructions at the gadget with gadget($_GET[‘c’]).
  • Payloads/javascript: Incorporates the JavaScript payloads. Incorporates a brand new “upload new admin” payload for Joomla.
  • Shells: Incorporates the PHP shells to inject, together with a reasonably changed model of pentestmonkey’s shell that connects again by the use of wget.

Evolved By means of

  • Hans-Michael Varbaek
  • Sense of Safety

Credit

  • MaXe / InterN0T

XSSER - From XSS to RCE