XSSER – From XSS to RCE

XSSER XSSER -  From XSS to RCE Technology

From XSS to RCE 2.5 – Black Hat Europe Arsenal 2016
https://www.youtube.com/playlist?listing=PLIjb28IYMQgqqqApoGRCZ_O40vP-eKsgf ^(https://www.youtube.com/playlist?list=PLIjb28IYMQgqqqApoGRCZ_O40vP-eKsgf)

  • Model 2.5 – 2016: https://www.youtube.com/playlist?listing=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj ^(https://www.youtube.com/playlist?list=PLRic6PgcrsWGkgacL6WFnSQKVRZIoofRj)
  • Necessities

    • Python (2.7.*, model 2.7.11 was once used for construction and demo)
    • Gnome
    • Bash
    • Msfconsole (available by the use of setting variables)
    • Netcat (nc)
    • cURL (curl) [NEW]
    • PyGame (apt-get set up python-pygame) [NEW]

    Payload Compatibility

    • Chrome (14 Nov 2015) – This must nonetheless paintings.
    • Firefox (04 Nov 2016) – Examined are living at Black Hat Arsenal 2016

    WordPress Lab

    • WordPress http://wordpress.org/ ^(http://wordpress.org/)
    • Higher WP Safety 3.5.3 http://www.exploit-db.com/wp-content material/subject matters/exploit/packages/c6d6beb3c11bc58856e15218d512b851-better-wp-safety.3.5.3.zip ^(http://www.exploit-db.com/wp-content/themes/exploit/applications/c6d6beb3c11bc58856e15218d512b851-better-wp-security.3.5.3.zip)
    • Not obligatory: WPSEO https://yoast.com/wordpress/plugins/web optimization/ ^(https://yoast.com/wordpress/plugins/seo/)

    WordPress Exploit

    • http://www.exploit-db.com/exploits/27290/ ^(http://www.exploit-db.com/exploits/27290/)

    Joomla Lab

    • Joomla https://www.joomla.org/ ^(https://www.joomla.org/)
    • SecurityCheck 2.8.9 https://www.exploit-db.com/apps/543ccd00b06d24be139d7e18212a0916-com_securitycheck_j3x-2.8.9.zip ^(https://www.exploit-db.com/apps/543ccd00b06d24be139d7e18212a0916-com_securitycheck_j3x-2.8.9.zip)

    Joomla Exploit

    • https://www.exploit-db.com/exploits/39879/ ^(https://www.exploit-db.com/exploits/39879/)

    Directories

    • Audio: Incorporates remixed audio notifications.
    • Exploits: Incorporates DirtyCow (DCOW) privilege escalation exploits.
    • Joomla_Backdoor: Incorporates a pattern Joomla extension backdoor which may also be uploaded as an administrator and therefore used to execute arbitrary instructions at the gadget with gadget($_GET[‘c’]).
    • Payloads/javascript: Incorporates the JavaScript payloads. Incorporates a brand new “upload new admin” payload for Joomla.
    • Shells: Incorporates the PHP shells to inject, together with a reasonably changed model of pentestmonkey’s shell that connects again by the use of wget.

    Evolved By means of

    • Hans-Michael Varbaek
    • Sense of Safety

    Credit

    • MaXe / InterN0T

    Obtain XSSER ^(https://github.com/Varbaek/xsser)

    yWz4fri42hA XSSER -  From XSS to RCE Technology

    Marshmallow

    Marshmallow Man, AppMarsh.com blog spiritual leader, has strived to make AppMarsh an independent and free blog from world monetary system. He and his followers are exiled by Google monster.