My Journey to Professional Pentester

For the past few weeks, I have focused exclusively on cross site scripting (XSS) attacks. This week is no different. The past posts were meant to demonstrate these types of attacks from a high level. This week, I will show how these attacks can be used more maliciously. The tools used to conduct the tests this week are similar to the tools used in the past. For starters, Kali Linux ( https://www.kali.org/downloads/ ) was used and as always, was installed on a virtual machine using VirtualBox ( https://www.virtualbox.org/wiki/Downloads ). I also used Metasploitable 2 ( https://information.rapid7.com/metasploitable-download.html ) and a virtual instance of Windows 10. To get a copy of Windows 10 to use for testing purposes, simply visit  https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ . Finally, I also used the Browser Exploitation Framework (BeEF) which can be downloaded as a standalone program from  https://github.com/beefproject/beef  or can be used via Kali Linux as

DOM based cross site scripting (XSS) is similar to both reflected and stored XSS. That is, they can be discovered and exploited similarly. The main difference  is simply that DOM based XSS attacks occur entirely on the client side, meaning the payload is never sent to the server. The benefit to these types of attacks is that there are no logs, filters, and there is no server side protection to prevent them. According to OWASP, DOM based XSS "is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment" (https://www.owasp.org/index.php/DOM_Based_XSS). For this lab, the only tool used was a simple

Last post focused on exploiting reflected cross site scripting (XSS) attacks. To refresh, a reflected XSS attack is  when the malicious code only run when a target users visits a specific URL crafted or written by an attacker. This post focuses on the more dangerous stored XSS attack.  A stored XSS attack occurs when the  JavaScript code gets stored into the database so anytime someone accesses that specific page, the code will be executed. This type of attack is also known as persistent XSS. For this lab, I used Kali Linux ( https://www.kali.org/downloads / ) installed on an Oracle VirtualBox ( https://www.virtualbox.org/wiki/Downloads ). I also used Metasplotable (https://information.rapid7.com/metasploitable-download.html) which comes with the Damn Vulnerable Web Application (DVWA) used to conduct this lab already installed. Lastly, I used the a vulnerable application by Google called Gruyere ( https://google-gruyere.appspot.com/ ) to show different tactics that could be success

According to the Open Web Application Security Project's (OWASP) Top 10 list for 2017, cross site scripting (XSS) is a major security concern ( https://www.owasp.org/index.php/Top_10_2017-Top_10 ).  OWASP defines XSS as flaws that "occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user supplied data using a browser API that can create JavaScript. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites ( https://www.owasp.org/index.php/Top_10_2017-Top_10 ). Essentially, XSS allows an attacker to inject JavaScript code into a page. JavaScript is a client-side scripting language. With XSS, the JavaScript code is executed when the page loads and is executed on the client machine not the server. There are three types of XSS attacks: Stored XSS Attacks - These types of attacks are als