Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSSER: From XSS to RCE 3.0
Search
Hans-Michael Varbaek
March 28, 2019
Technology
0
120
XSSER: From XSS to RCE 3.0
OWASP Copenhagen
Hans-Michael Varbaek
March 28, 2019
Tweet
Share
More Decks by Hans-Michael Varbaek
See All by Hans-Michael Varbaek
Attack & Defense Methods
varbaek
0
32
Attack and Defense Methods for Traffic Light Systems
varbaek
0
20
So you want to be a pentester?
varbaek
2
1.3k
From XSS to RCE 2.5 - Alt33c3
varbaek
0
180
XSSing Your Way to Shell
varbaek
2
2k
Botnets of the Web – How to Hijack One
varbaek
1
230
Other Decks in Technology
See All in Technology
インシデントレスポンスのライフサイクルを廻すポイントってなに / Pinpoints of Incidentresponse Lifecycle for Operation
sakaitakeshi
1
300
エンタープライズ環境下での Active Directory の運用 TIPS
tamaiyutaro
1
1.6k
マルチアカウント環境への発見的統制の導入
ch1aki
1
1.3k
Postman v10リリース後を振り返る
nagix
0
130
HEXA OSINT CTF V3 作戦会議
meow_noisy
0
110
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
340
ユーザーストーリーのレビューを自動化したみたの
bun913
1
320
ChatGPT for IT Service Management (IT Pro)
dahatake
2
150
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.5k
小さな開発会社がWebサービスを作る理由
polidog
PRO
1
160
0→1開発における技術選定において一番大切なこと
bicstone
1
330
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
190
Featured
See All Featured
ReactJS: Keep Simple. Everything can be a component!
pedronauck
658
120k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
1
1.3k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
The Illustrated Children's Guide to Kubernetes
chrisshort
29
46k
Building Your Own Lightsaber
phodgson
98
5.7k
Become a Pro
speakerdeck
PRO
10
4.5k
Large-scale JavaScript Application Architecture
addyosmani
503
110k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
Building a Modern Day E-commerce SEO Strategy
aleyda
16
6.4k
Into the Great Unknown - MozCon
thekraken
10
980
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3k
Fireside Chat
paigeccino
20
2.6k
Transcript
XSSER: From XSS to RCE 3.0 OWASP Copenhagen Chapter 28
March 2019
About me ➢ ISP Red Team – Copenhagen ➢ Presented
at Black Hat Europe, Kiwicon, Hack in the Box, etc. ➢ Full-time security consultant career began in Sydney, Australia
Shodan: port:80
How many web servers globally? ➢ 85 million approximately (Shodan
– Port:80) How many of them run PHP? ➢ 8.1 million approximately (Shodan – PHP) However..
What about virtual hosting? ➢ 1.4 billion websites ➢ 232
million unique domains ➢ 27 million websites running WordPress That’s a lot more attack surface for adversaries (Netcraft March 2019 Survey)
Classic XSS Attacks ➢ Cookie Stealing ➢ Prevented by “HttpOnly”
flag ➢ Defacements ➢ Phishing ➢ Session Hijacking (e.g. BeEF, XSSER, etc.)
None
None
None
None
XSSER
XSSER What and why? ➢ Can automate XSS attacks to
obtain RCE ➢ Meant for educational purposes ➢ Fully open source and available on GitHub
Demo
References https://github.com/Varbaek/xsser https://shodan.io https://news.netcraft.com/archives/cat egory/web-server-survey/
Questions?
varbaek
sakaitakeshi
tamaiyutaro
ch1aki
nagix
meow_noisy
yasumuusan
bun913
dahatake
visional_engineering_and_design
polidog
bicstone
maroon1st
pedronauck
eileencodes
robhawkes
chrisshort
phodgson
speakerdeck
addyosmani
schacon
aleyda
thekraken
kastner
paigeccino
