切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
205 重写 xssf 1 安装[复制链接]
发表于 2012-10-4 22:14:02 | 显示全部楼层 |!read_mode!
  1. root@Dis9Team:/tmp# mkdir xssf
  2. root@Dis9Team:/tmp# cd xssf/
  3. root@Dis9Team:/tmp/xssf# wget http://xssf.googlecode.com/files/XSSF-2.2.zip
  4. root@Dis9Team:/tmp/xssf# unzip XSSF-2.2.zip
  5. root@Dis9Team:/tmp/xssf# rm XSSF-2.2.zip
  6. root@Dis9Team:/tmp/xssf# cp -rf * /pen/msf3/
复制代码
更新MSF 启动METASPLOIT 连接数据库 载入插件
  1. msf > load xssf
  2. [-] Your Ruby version is 1.9.2. Make sure your version is up-to-date with the last non-vulnerable version before using XSSF!



  3. ____  ____   ______    ______   ________  
  4. |_  _||_  _|.' ____ \ .' ____ \ |_   __  |
  5.   \ \  / /  | (___ \_|| (___ \_|  | |_ \_|
  6.    > `' <    _.____`.  _.____`.   |  _|   
  7. _/ /'`\ \_ | \____) || \____) | _| |_     
  8. |____||____| \______.' \______.'|_____| Cross-Site Scripting Framework 2.2
  9.                                           Ludovic Courgnaud - CONIX Security


  10. [+] Please use command 'xssf_urls' to see useful XSSF URLs
  11. [*] Successfully loaded plugin: xssf
  12. msf >
复制代码

查看信息
  1. msf > xssf_urls
  2. [+] XSSF Server          : 'http://10.0.3.15:8888/'                 or 'http://<PUBLIC-IP>:8888/'
  3. [+] Generic XSS injection: 'http://10.0.3.15:8888/loop'         or 'http://<PUBLIC-IP>:8888/loop'
  4. [+] XSSF test page         : 'http://10.0.3.15:8888/test.html' or 'http://<PUBLIC-IP>:8888/test.html'

  5. [+] XSSF Tunnel Proxy        : 'localhost:8889'
  6. [+] XSSF logs page        : 'http://localhost:8889/gui.html?guipage=main'
  7. [+] XSSF statistics page: 'http://localhost:8889/gui.html?guipage=stats'
  8. [+] XSSF help page        : 'http://localhost:8889/gui.html?guipage=help'
  9. msf >
复制代码

WEB界面:http://localhost:8889/gui.html?guipage=main
xss地址:http://10.0.3.15:8888/test.html
WEB界面需要
1.root@Dis9Team:/pen/msf3# gem install json
2.root@Dis9Team:/tmp/xssf# apt-get install flashplugin-installer




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-1 19:47

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部