.

XSS Attack - Busting Browsers to Root!

<<

t0rh4cker

Newbie
Newbie

Posts: 10

Joined: Fri Jan 21, 2011 2:44 pm

Post Sat Jul 23, 2011 8:22 am

XSS Attack - Busting Browsers to Root!

This video will demonstrate how a simple XSS vulnerability can be leveraged to gain complete control of your web-browser and eventually lead to a complete system compromise.

1) We will use a cross-site scripting vulnerability as the initial attack vector
2) Exploit XSS by redirecting the user’s browser to the Evil_IP with a JavaScript loop (every 2 secs)
3) Exploit the victim’s browser to gain system ‘root’ or ‘shell’ access
4) Elevate our privileges to system-level

QUIZ: There is at least 6 security controls that could prevent several steps in the video including vulnerabilities or user errors.  Can you spot them all? 

FREEBIE: DVWA web server & IE8 browser security settings allow unencrypted XSS attack string to be sent during an SSL session.  "Submit non-encrypted form data- ENABLED"
What else? ???

http://vimeo.com/26751019
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sat Jul 23, 2011 1:24 pm

Re: XSS Attack - Busting Browsers to Root!

t0rh4cker wrote:QUIZ: There is at least 6 security controls that could prevent several steps in the video including vulnerabilities or user errors.  Can you spot them all? 

FREEBIE: DVWA web server & IE8 browser security settings allow unencrypted XSS attack string to be sent during an SSL session.  "Submit non-encrypted form data- ENABLED"
What else? ???

http://vimeo.com/26751019




I didn't watch the video yet, however now I'm just guessing the security controls, I get free cookies if I win right?  ;D

Security Controls / Applications Preventing XSS:
- NoScript (Browser Addon)
- Anti-Virus System (Some detects and blocks XSS payloads)
- HIPS (Host-based Intrusion Prevention System, similar to an Anti-Virus system somewhat.)
- Patch Management (Staying updated and patched from known vulnerabilities.)
- Other browsers with Sandboxes (e.g. Chrome), or sandboxing a browser.
- Virtual Machines / Jailing (Using a browser in a virtual machine that is only used for that.)
- Enforced Proxy (Filters malicious data, similar to an IPS system somewhat.)
- SPI Firewall (Can detect and remove malicious data.)

And so forth.. Just a few ideas I had  :)
I'm an InterN0T'er
<<

t0rh4cker

Newbie
Newbie

Posts: 10

Joined: Fri Jan 21, 2011 2:44 pm

Post Sat Jul 23, 2011 8:48 pm

Re: XSS Attack - Busting Browsers to Root!

ding! ding! ding! and Maxe the cyborg takes the lead!

#2 - Patch Management (Staying updated and patched from known vulnerabilities.)

Updating to the latest browser versions like IE8 has a built-in XSS filter.  It was disabled for the video.

#3 - Enforced Proxy (Filters malicious data, similar to an IPS system somewhat.)
Use the proxy to block outbound access to a known "Evil_IP" or Egress Filtering? So technically your proxy server answer should do the trick.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Jul 24, 2011 2:06 pm

Re: XSS Attack - Busting Browsers to Root!

t0rh4cker wrote:ding! ding! ding! and Maxe the cyborg takes the lead!

#3 - Enforced Proxy (Filters malicious data, similar to an IPS system somewhat.)
Use the proxy to block outbound access to a known "Evil_IP" or Egress Filtering? So technically your proxy server answer should do the trick.


I laughed IRL, and yeah that's what I meant about the proxy server too.  :)
I'm an InterN0T'er
<<

jonas

Newbie
Newbie

Posts: 46

Joined: Mon Jun 08, 2009 9:04 pm

Post Sun Jul 24, 2011 3:15 pm

Re: XSS Attack - Busting Browsers to Root!

Great Video! Thanks.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software