Description: This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.
1) We will use a cross-site scripting vulnerability as the initial attack vector
2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)
3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access
4) Elevate our privileges to system-level
5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer
GAME OVER!
Tags: XSS , Cross-site scripting , attack , hacking , web security , cybercrime , computer , technology , owasp , browsers , exploit , attackresearch , metasploit qjax securitystreetknowledge dvwa vulnerability javascript ethical hacker csdetectives ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
nice vid mate would have been better if you were talking in the video but good none the less
Very nice. I do agree, a voice over would be nice.
OBJBOX35 and GTKlondike, thanks for your comments. I will keep that in mind for the next video I post.
I assume you would rather me explain certain steps so that it is clear what I am doing and why? For instance, why did I use the java_signed_applet as the browser exploit? Could I have used something else? If I were to remake this with a voice over what would you like to here?
Again, thanks for the comments and just like all others who post here, Security Tube is a great way for security professionals to share what we have learned and then turn around and give back in return.
just really ur thought process as ur doing the exploit as opposed to the text on the doc. its always better to have it explained plus u can express so much more verbally than you can in a work doc. i think anyway.
still enjoyed the video though
Qjax,
talking/voice is much better than highlighting pieces and hoping the audience gets it. I look forward to your next video. Keep up the good work :)
Qjax a request if you could help in with a voice over video explaining the concepts ... would really help a lot ... nice tutorial but couldn't get the concepts clear enough ...
waiting for a rep :)
I have a rough voice over that I still need to edit/filter some stuff out. It is a bit longer than the original so I am thinking about posting it as a separate video if there is a strong enough interest. Maybe call it "The Making of - Busting Browsers to Root!". I hope to have this completed soon - Stay Tuned!
...and Snypter you should really screw your head back on. :-)
Good one!