Paid Advertising is
ha.ckers sla.cking
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS Attack - Busting Browsers to Root!
Posted by: qreck
Date: July 25, 2011 11:27PM

This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.
1. We will use a cross-site scripting vulnerability as the initial attack vector

2. Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)

3. Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access

4. Elevate our privileges to system-level

5. Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer


Options: ReplyQuote

Sorry, only registered users may post in this forum.