• 7,603
  • 91
  • +419
  • 427
XSS Attack: 8 Steps How to use and Set up XSS Shell

XSS Attack: 8 Steps How to use and Set up XSS Shell

Bookmark

Today we will continue the XSS attack series 8 Steps how to use and set up XSS shell. This tutorial will cover how to upload the XSS Shell and how to make sure the XSS Shell working properly.

What is XSS Shell:

XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by "XSS-Proxy – http://xss-proxy.sourceforge.net/". Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page.

You can steal basic auth, you can bypass IP restrictions in administration panels, you can DDoS some systems with a permanent XSS vulnerability etc. Attack possibilities are limited with ideas. Basically this tool demonstrates that you can do more with XSS.

Download the XSS Shell Aplication:

Download

 

8 Steps How to use and Set up XSS Shell:

1. Download the XSS Shell application from the link above and extract the content.

2. Find and register for free ASP hosting. I use jabry.net in this example.

3. Edit xssshell.asp. (see the picture below)

XSS Attack: 8 Steps How to use and Set up XSS Shell

change the SERVER address with your ASP server hosting address.

4. We need to find and get the asp current working directory, you can use the script below :

<%= Server.MapPath(Request.ServerVariables("PATH_INFO" ))%>

save as cwd.asp and upload to your ASP hosting inside the db folder.

XSS Attack: 8 Steps How to use and Set up XSS Shell

5. Access cwd.asp in your browser. It will look like this:

XSS Attack: 8 Steps How to use and Set up XSS Shell

6. Open "admin" folder and open db.php file. We need to edit the DATABASE configuration from the data in step 5.

XSS Attack: 8 Steps How to use and Set up XSS Shell

to edit the password for log in to admin section:

XSS Attack: 8 Steps How to use and Set up XSS Shell

7. Here is my xsshell folder content preview.

XSS Attack: 8 Steps How to use and Set up XSS Shell

8. Now lets try to access the admin folder in our browser, the password to log in to admin section you can find and change in step 6.

XSS Attack: 8 Steps How to use and Set up XSS Shell

Our XSS Shell has been set up successfully! :-)

Notes: You need to find the suitable ASP hosting to upload this script if not work in some free hosting provider.

Upcoming tutorial we will continue the xss attack series tutorial about XSS tunnel. Subscribe now and get update directly on your email.

Subscribe Now To Get the Hacking-Tutorial.com Update on Your E-Mail

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com