Description: This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.
1) We will use a cross-site scripting vulnerability as the initial attack vector
2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)
3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access
4) Elevate our privileges to system-level
5) Dump the memory contents from an active SSH session and steal the SSH password from the victim’s computer
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Extra tut! :)
Great tutorial!
Just one issue..I tried to load the xssf plugin into Metasploit-4.2.0 in backtrack 5r2 but with the procedure ends with this error:
msf > load xssf
[-] Failed to load plugin from /opt/metasploit-4.2.0/msf3/plugins/xssf: uninitialized constant Msf::Xssf::XssfMaster
Can you help me here? thanks a lot!