/xsser

From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016

Primary LanguagePythonOtherNOASSERTION

XSSER

Black Hat Arsenal

Black Hat Arsenal

Presentation

  • From XSS to RCE 2.5 - Black Hat Europe Arsenal 2016

Demo

Requirements

  • Python (2.7.*, version 2.7.11 was used for development and demo)
  • Gnome
  • Bash
  • Msfconsole (accessible via environment variables)
  • Netcat (nc)
  • cURL (curl) [NEW]
  • PyGame (apt-get install python-pygame) [NEW]

Payload Compatibility

  • Chrome (14 Nov 2015) - This should still work.
  • Firefox (04 Nov 2016) - Tested live at Black Hat Arsenal 2016

WordPress Lab

WordPress Exploit

Joomla Lab

Joomla Exploit

Directories

  • Audio: Contains remixed audio notifications.
  • Exploits: Contains DirtyCow (DCOW) privilege escalation exploits.
  • Joomla_Backdoor: Contains a sample Joomla extension backdoor which can be uploaded as an administrator and subsequently used to execute arbitrary commands on the system with system($_GET['c']).
  • Payloads/javascript: Contains the JavaScript payloads. Contains a new "add new admin" payload for Joomla.
  • Shells: Contains the PHP shells to inject, including a slightly modified version of pentestmonkey's shell that connects back via wget.

Developed By

  • Hans-Michael Varbaek
  • Sense of Security

Credits

  • MaXe / InterN0T

Code Design

  • It works! (Again!)
  • Spaghetti code
  • Just-In-Time for Black Hat Europe 2016