Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

This lesson is about discovering XSS using NMAP which is script that posts specifically crafted strings to every form it discovers.

Video Transcription

00:04
All right. Now we've discovered across the scripting with
00:08
Iraq Ni.
00:11
Let's discuss, um, Crossing scripted with and Matt.
00:14
So what we're gonna do is and map tak p 80. So it's telling and map to scam Port 80
00:19
with this script. Here, it's Tak tak script http stored excess s that an s e. And then afterwards you put the target. This script will post specifically crafted strings to every form of discovers.
00:32
Let's go check it out. All right, here we are in our Callie environment,
00:37
and
00:39
we're gonna do Ah,
00:41
a test here for stored cross site scripting first. So do em. Attack p 80. Support 80
00:48
and then we do tactics. Script
00:50
http. Stored excess s
00:54
and then we're gonna add the tack tack script are GSE. Http Spider Max Page, count 200. We're gonna put our target the end of that.
01:03
Remember, we put this script, our eggs, Http, spider that way it crawls the web page and finds all the possible links for it.
01:11
We're gonna hit next enter here and see what it gets us.
01:18
All right. So I couldn't find any stored cross a scripting. However, there's some other forms of cross site scripting that could be found and exploited, such as Dom based and PHP
01:30
cross site scripting as well. So we're gonna run those scans and see what we get back from them.
01:37
So how we do that is
01:40
we do the same exact command as you did
01:42
before, except instead of http stored excess you're gonna put Dom based excess s instead so D o m b
01:55
a s e d Down based.
01:57
We're gonna head out there, see what we get back from da based.
02:00
All right.
02:02
And it has found a potential
02:07
Don based cross a scripting attack,
02:09
which is fantastic. So
02:13
now we have a potential target page here to start trying to craft an attack.
02:20
But
02:21
is there more?
02:22
Then
02:23
let's check Check out PHP Self
02:29
and ah, Strayer us on an attack. Well, a check
02:34
for this type of cross a script, and let's see if we get a bit more back.
02:38
All right, so it has found
02:43
a
02:45
and vulnerable and exploitable vulnerability here. So if we if you look down here, we can see the page
02:53
that it was used that the page that was vulnerable and you could see
03:00
that They created a script here
03:02
and caused an alert prompt to pop up
03:07
with the number one and the alert prompt. And when they closed the script here.
03:13
So if you wanted to go manually, do this. You could dio and attempt this exploit yourself using this proof of concept link, which is very handy, that they actually give this
03:27
proof of concept link here and and show, you know, that this is actually vulnerable rather than just saying,
03:36
Hey, it's vulnerable. They actually show you that it's vulnerable to show you how to
03:42
view that it's vulnerable, which is very handy. All right, let's move on to our next tool.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor