Part 11 - XSS Lab

Video Activity

This lesson discusses the XSS lab. The lab will cover: • XSS discovery • XSS Exploitation • XSS Exploitation (bonus section)

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson discusses the XSS lab. The lab will cover: • XSS discovery • XSS Exploitation • XSS Exploitation (bonus section)

Video Transcription
00:03
>> Welcome to Cybrary. I'm Raymond Evans
00:03
and I will be your subject matter expert for
00:03
>> Cybrary's web application penetration testing course.
00:03
>> In this video, we'll be discussing
00:03
>> the cross-site scripting lab.
00:03
>> There's a total estimate time
00:03
>> of 30 minutes to complete this lab.
00:03
>> What will be covered?
00:03
Your cross-site scripting discovery challenge,
00:03
the cross-site scripting exploitation challenge,
00:03
and then a bonus challenge.
00:03
Either using Vega or ZAP,
00:03
>> scan the web for pen tester's web page
00:03
>> for cross-site scripting vulnerability.
00:03
>> Once that vulnerability is found,
00:03
using a manual script,
00:03
create an alert window and test out to see
00:03
>> whether or not you can actually exploit that page.
00:03
>> Once you identify a successfully exploitable page,
00:03
generate a BeEF link using the exploitable page.
00:03
Once the link is generated,
00:03
browse to the generated link and using the BeEF tools,
00:03
take a snapshot of the host machine through BeEF.
00:03
For bonus work, set up a second VM.
00:03
From that second VM,
00:03
browse to that same malicious link that you generated.
00:03
Using the BeEF tools,
00:03
enumerate data about that new host
00:03
and also your local network.
00:03
>> What was covered?
00:03
>> Cross-site scripting discovery,
00:03
cross-site scripting exploitation lab,
00:03
and your cross-site scripting exploitation lab bonus.
00:03
Happy hack, everyone.
Up Next