Download Remote Human Exploitation: Attack a Forum using Cross Site Scripting | ECPE 178 and more Lab Reports Cryptography and System Security in PDF only on Docsity! LAB #12 Your assignment, should you choose to accept it… 12/20/2007 1LAB 12 If any of your force be killed or captured, the secretary will disavow any knowledge of your actions...this tape will self destruct in 5 seconds... Good Luck, Jim Remote/human exploitation: Attack a forum using cross-site scripting (XSS) LAB #12 Scenario You have a remote target, a popular forum website that your human targets use to post comments to one another. Your task is to use XSS to modify that site in a way that tricks your targets into giving you information. Barring that, at least let the site owner there’s a problem by inserting an alert popup. 12/20/2007 2LAB 12 Choose your target: http://www.jkandtc.com/blog everyone shares, fighting each other! or http://www.jkandtc.com/n/blog yours to do whatever! Where n – your laptop number (01, 02, 03, etc.) Log into: www.jkandtc.com/<pc-num> For example: www.jkandtc.com/01 Then click on “Blog” 12/20/2007 5LAB 12 Inserting Javascript that creates a pop-up… e] ee RCC ELC ee oy mea a CLM La eed Clg
File Edit View Favorites Tools Help
Qesk . © . [x] (2) @ po search sii Favorites &) (A py 3
Address €) http: (wai. jkandte.com/blog/index, asp
Microsoft Internet Explorer Ed
dA You've been hacked!
The pop-up...
€) wee BM tternet
12/20/2007 LAB 12 6
12/20/2007 7LAB 12 What appears after the pop- up is closed Let’s be Sysadmin 12/20/2007 10LAB 12 Here, we insert the login page at the attacker’s website – if the victim falls for it, the attacker gets the blog visitor’s username and password….
POH a Luce isnt: ac ment a cea ee) ence
File Edit view
G axk eI QO |x] E Ga - Search she Favorites © (a Re =] 3%
Address |] hetp:{/www.jkandtc, com/blogjindex.asp »| Eco tints
Favorites Tools Help
Visitor Comments
Sysadmin wrote
There has been an error! You must re-enter your
username and password!
YOU MUST BE A REGISTERED USER qi
TO ACCESS THIS RESTRICTED PAGE!
User Login
Usemice [|
|
@® internet
12/20/2007 LAB 12 11