EXPLOITATION - XSS VULNS

EXPLOITING XSS

  • Run any javascript code.
  • Beef framework can be used to hook targets.
  • Inject Beef hook in vulnerable pages.
  • Execute code from beef.

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

https://github.com/beefproject/beef

Start the BeEF service.

Login the DVWA website, then open the XSS Stored page. Sign one record on the guestbook. (Modify the maxlength if necessary)

Open the DVWA web site on the victim PC. Then login to the BeEF Control Panel. You can find the information about the hooked PC.

Create Alert Dialog and execute it.

Python Ethical Hacking - VULNERABILITY SCANNER(6)的更多相关文章

  1. Python Ethical Hacking - VULNERABILITY SCANNER(9)

    Automatically Discovering Vulnerabilities Using the Vulnerability Scanner 1. Modify the run_scanner ...

  2. Python Ethical Hacking - VULNERABILITY SCANNER(7)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  3. Python Ethical Hacking - VULNERABILITY SCANNER(4)

    Extracting & Submitting Forms Automatically Target website:http://10.0.0.45/dvwa/vulnerabilities ...

  4. Python Ethical Hacking - VULNERABILITY SCANNER(2)

    VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possibl ...

  5. Python Ethical Hacking - VULNERABILITY SCANNER(8)

    Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully ...

  6. Python Ethical Hacking - VULNERABILITY SCANNER(3)

    Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env python impo ...

  7. Python Ethical Hacking - VULNERABILITY SCANNER(1)

    HTTP REQUESTS BASIC INFORMATION FLOW The user clicks on a link. HTML website generates a request(cli ...

  8. Python Ethical Hacking - VULNERABILITY SCANNER(5)

    EXPLOITATION - XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript cod ...

  9. Python Ethical Hacking - BACKDOORS(8)

    Cross-platform hacking All programs we wrote are pure python programs They do not rely on OS-specifi ...

随机推荐

  1. cb52a_c++_STL_堆排序算法make_push_pop_sort_heap

    cb52a_c++_STL_堆排序算法make_push_pop_sort_heapheapsort堆排序算法make_heap()-特殊的二叉树,每一个节点都比根小,根就是最大的数.大根堆,也可以做 ...

  2. WINCC 应用与提高(78讲15.98G)视频教程网盘下载

    收集与网络,供参考. https://blog.csdn.net/txwtech/article/details/94225748

  3. Shiro简单加密服务

    编码/加密 在涉及到密码存储问题上,应该加密 / 生成密码摘要存储,而不是存储明文密码.比如之前的 600w csdn 账号泄露对用户可能造成很大损失,因此应加密 / 生成不可逆的摘要方式存储. Sh ...

  4. Jedis操作Redis实例

    简介 Jedis Client是Redis官网推荐的一个面向java客户端,库文件实现了对各类API进行封装调用. Jedis源码工程地址:https://github.com/xetorthio/j ...

  5. MyBatis一对多嵌套list返回结果集以及分页查询问题处理

    这两天在整理原有系统接口时,遇到后端的人员-角色-菜单的权限接口没有进行连表的关联查询操作,前端拿数据非常不方便,现在将接口相关sql进行修改并让前端可以一次性拿到想要的数据 原有的单表简单sql: ...

  6. Maven全局配置文件settings.xml详解(转)

    Maven全局配置文件settings.xml详解   目录 一.概要 1.settings.xml的作用2.settings.xml文件位置3.配置的优先级 二.settings.xml元素详解 1 ...

  7. weblogic高级进阶之ssl配置证书

    1.首先需要明白ssl的原理 这里我们使用keytool的方式为AdminServer配置ssl证书 配置证书的方式如下所示: C:\Users\Administrator\Desktop\mykey ...

  8. DNS注册信息

    DNS注册信息查询可以查到注册时留下的信息,比如姓名,联系邮箱等等. 直接在命令行输入whois sina.com直接就可以看到sina.com的注册信息: Domain Name: SINA.COM ...

  9. 【转载】npx 真香

    npx 主要提供了一些便捷操作: 调用项目安装的模块 避免全局安装模块 使用不同版本的 node 执行 GitHub 源码 原文地址:http://www.ruanyifeng.com/blog/20 ...

  10. IDEA 使用jebel热部署插件启动失败

    在使用Jebel热部署插件开发springmvc时,启动会出现内存溢出错误.可在配置Tomcat时增加JVM参数解决. -Xms768m -Xmx768m -XX:PermSize=64M -XX:M ...