Upgrade to Pro — share decks privately, control downloads, hide ads and more …

XSSER: From XSS to RCE 3.0

Hans-Michael Varbaek
March 28, 2019
Technology
0
140

XSSER: From XSS to RCE 3.0

OWASP Copenhagen

Hans-Michael Varbaek

March 28, 2019
Tweet

More Decks by Hans-Michael Varbaek

See All by Hans-Michael Varbaek
Attack & Defense Methods
varbaek
0
37
Attack and Defense Methods for Traffic Light Systems
varbaek
0
22
So you want to be a pentester?
varbaek
2
1.4k
From XSS to RCE 2.5 - Alt33c3
varbaek
0
180
XSSing Your Way to Shell
varbaek
2
2k
Botnets of the Web – How to Hijack One
varbaek
1
230

Other Decks in Technology

See All in Technology
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
750
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
Platform Engineering for Software Developers and Architects
syntasso
1
520
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
Adopting Jetpack Compose in Your Existing Project - GDG DevFest Bangkok 2024
akexorcist
0
110
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
The Role of Developer Relations in AI Product Success.
giftojabu1
0
130
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
280
Application Development WG Intro at AppDeveloperCon
salaboy
0
190
障害対応指揮の意思決定と情報共有における価値観 / Waroom Meetup #2
arthur1
5
480
Zennのパフォーマンスモニタリングでやっていること
ryosukeigarashi
0
100

Featured

See All Featured
Code Reviewing Like a Champion
maltzj
520
39k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Embracing the Ebb and Flow
colly
84
4.5k
A designer walks into a library…
pauljervisheath
204
24k
Bash Introduction
62gerente
608
210k
The Cult of Friendly URLs
andyhume
78
6k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
720
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
Into the Great Unknown - MozCon
thekraken
32
1.5k
We Have a Design System, Now What?
morganepeng
50
7.2k
Building Adaptive Systems
keathley
38
2.3k

Transcript

  1. XSSER: From XSS to RCE 3.0 OWASP Copenhagen Chapter 28

    March 2019

  2. About me ➢ ISP Red Team – Copenhagen ➢ Presented

    at Black Hat Europe, Kiwicon, Hack in the Box, etc. ➢ Full-time security consultant career began in Sydney, Australia

  3. Shodan: port:80

  4. How many web servers globally? ➢ 85 million approximately (Shodan

    – Port:80) How many of them run PHP? ➢ 8.1 million approximately (Shodan – PHP) However..

  5. What about virtual hosting? ➢ 1.4 billion websites ➢ 232

    million unique domains ➢ 27 million websites running WordPress That’s a lot more attack surface for adversaries (Netcraft March 2019 Survey)

  6. Classic XSS Attacks ➢ Cookie Stealing ➢ Prevented by “HttpOnly”

    flag ➢ Defacements ➢ Phishing ➢ Session Hijacking (e.g. BeEF, XSSER, etc.)
  7. None
  8. None
  9. None
  10. None

  11. XSSER

  12. XSSER What and why? ➢ Can automate XSS attacks to

    obtain RCE ➢ Meant for educational purposes ➢ Fully open source and available on GitHub

  13. Demo

  14. References https://github.com/Varbaek/xsser https://shodan.io https://news.netcraft.com/archives/cat egory/web-server-survey/

  15. Questions?