Recent

Cross site scripting attack-Kali Linux.

In this article i am covering what xss is and how XSS attacks are executed.

Requirements

  1. Understanding of Html and javascript
  2. Basic understanding of server side languages like php,jsp.
  3. Kali linux
  4. DVWA If you have not go ahead and install DVWA first.Without DVWA you will not be able to test xss attack.

Cross site scripting commonly known as the XSS attacks are very dangerous.In xss hackers injects malicious scripts or payload into web applications.Xss is a very common vulnerability.

In most cases malicious javascript codes are injected into vulnerable web applications.

With a xss vulnerable website Hackers do crafty stuff like making a fake login pages,session hijacking etc to steal credentials.

What hackers can do with xss attacks

With xss hackers can steal cookies,redirect to another website,session hijacking ,spread malware and can even cause Website defacement and more.So you can imagine how much damage hackers can do with xss attacks.

Type of xss.

There are two types of xss attacks.

  1. Stored Xss attack
  2. Reflected xss attack

Reflected xss attack

Reflected Attack are most common xss attacks.In reflected attacks hacker's script must be the part of the url.

More specifically hackers send http requests to the server and reflects back in a manner that http response includes the evil script and gets executed.Let's do it with some real examples.It will not much time to understand.

So we will be using DVWA for demonstrations.DVWA is tool where we can practice our skills on our local server in legal environment.Open your terminal and start DVWA.

Before starting DVWA we have to start apache2 and mysql services.

root@seven:~# service apache2 start

Start mysql services.

root@seven:~# service mysql start

Now open your web browser and paste the following http://localhost/dvwa/login.php enter your credentials and login.

Once you are logged in you have to change security level in DVWA by default it is impossible we have to change it to low .

change security level

Change security level to low.As shown in the below picture

chang value

Now select reflected attack from the menu

reflected selection

Now we are ready to test.write down some java script code as shown in below image and submit


alert down


another alert

When you hit submit it should return an alert box if it returns the output(In this case alert box) of your code not the code that you submitted so that means website is vulnerable to xss.Here you saw we got an alert box in return.

Now check the URL you will see that code has been added to url.

name is vulnerable

Now you can see code is integrated to URL .That's because name paramter is vulnerable to xss attack.Now you can write some evil code like making a fake login page etc. And send to the victims.

Before sending links you should encode url to hexa or some other form so human can't read it. use your social engineering skills to send and make you victims click.

XSS Stored Attack

As the name suggest stored attack.It works where you can submit data.You can actually inject or store your evil code into a website's database. In this way when users visit to website(where you injected your code) does not even know that he is forced to use the code.

Stored attacks are mostly implemented by comment box. Through comment box you can insert your evil code into a vulnerable website's database.

Now switch to XSS store from the menu

change to store


Now fill the form with name and Message .Inside the message-box enter your evil javascript code instead of regular text and see what happen.

finally attack

When you input the code i showed in the picture You will be be prompted with an alert box.

Now you can put whatever code you want inside the message-box. And It will be stored into the database.If you have javascript skills just try to make exploits,redirection pages.It's not that difficult to make some useful payloads. Now you can write write

Now you must have realised by now that how dangerous xss attacks even more than SQL injections. Sql injection can be prevented easily.But it's hard to prevent xss attacks.Even though if your are using blogging platforms like wordpress and google bloggers they take care of xss attacks.Specially with latest versions of wordpress it's really hard to xss wordpress.

That was just an introduction of xss.I will write some advance articles on xss in future.Enjoy

More article on web pentesting are coming soon..