Part 4 - Discovering XSS

Video Activity

This lesson offers step by step instructions in how to use to ARACHNI tool to do a XSS check using the Kali tool.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

This lesson offers step by step instructions in how to use to ARACHNI tool to do a XSS check using the Kali tool.

Video Transcription
00:04
And next we're gonna do a cross. A scripting check with Iraq Night. Fantastic tool. All right, we're on the Cali box again
00:12
and do a quick Alice issue. We're sitting. We're gonna do a CD to change directory over the desktop.
00:21
We're gonna CD over to Iraq and I
00:26
cd into Ben
00:33
on. Then we're going to start a wreck. My web with a dot ford slash
00:39
a wreck, and I underscore web.
00:42
Give it a second to start up here.
00:50
All right. And Iraq and I has started on look close at port 9 to 9 to
00:56
So you're about lice, weasel.
01:00
We're gonna go
01:03
thio local host
01:07
49 to 9 to
01:10
it was signing with admin at admin dot admin with a password of administrator.
01:23
And we have successfully logged in to Iraq night.
01:27
Now we're gonna come up here scans and started new scam
01:32
on our target. You are all we want to
01:34
that 1680 dy 11. Remember, You have to put the http colon forward slash four. Selection of fried.
01:41
We drop down here and select cross site scripting global,
01:48
and we will want to d'oh
01:51
direct now You can
01:55
increase the instances, multiple instances will achieve higher efficiency levels,
02:01
and, uh, you will have
02:06
decreased scan times.
02:07
Um, however,
02:09
were you running a scanner against a Web application?
02:14
He don't necessarily want to throw too much at the Web application at once. I have ran scans against Web applications for cos I've worked with, and
02:24
they have had pages that have been very brittle, and as the scanners hit those pages, it just completely breaks them
02:34
and causes the entire server to crash.
02:37
So you don't want to overload a Web page necessarily, um,
02:42
in a practice range. Like the pen tester labs, which are
02:45
built and designed to be able to be scanned heavily
02:50
by all means. At the instance. Count to knock out the scans as quick as you want,
02:53
but
02:54
and
02:55
a really world environment. Keep businesses is down. Run one kind of vulnerability skin a time, meaning go through sequel injection and then, after sequel injection Hit that. Cross it scripting and l if I
03:10
director of reversal, whatever,
03:14
do them one at a time. Because if something crashes, if something breaks or something fails, you want to be able to identify what type of test broke it.
03:23
You're running everything at the same exact time. You necessarily can't pinpoint exactly what broke that page. So you want to do it step by step by step by step.
03:35
All right, so we're gonna run a scan now,
03:40
and we're gonna let Iraq not here do its thing.
03:53
All right, The skin is complete. That was a quick scan.
03:58
If you're running on a larger website
04:01
that has more code going for it, those scans will not be that quick.
04:06
So here
04:09
we see the cross site scripting, and we see cross site scripting in script context.
04:16
So we have two different types of cross site scripting vulnerabilities
04:20
that have been found.
04:25
So let's come up here. Let's take a look. At example, one here
04:30
was awaiting our review.
04:31
You come down here,
04:33
see the seed that was injected
04:36
for this cross site scripting,
04:40
and we could see the request down here.
04:43
And so it gives us back, gives us our request. It was sent.
04:46
And then if you come further down, you see the response, and we see here in the HTML code hacker,
04:53
some dangers, input
04:56
and all these numbers.
04:58
Now, in this response back we're seeing. It's an HTML code, which means that most likely there was a prompt of some sort that had
05:06
popped up
05:09
due to this cross. A scripting attack.
05:13
So
05:14
now we've found it.
05:15
Discovered it here. With this tool,
05:18
you can go in and
05:20
again. Taylor, your attack.
Up Next