Hack the girlfriend

Cross-site scripting

Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript code in another user's browser. The attacker does not directly target his victim. Instead, he exploits a vulnerability in a website that victim visits, in order to get the website to deliver the malicious JavaScript code to him.

How the malicious JavaScript is injected?

The only way for the attacker to run his malicious JavaScript code in the victim's browser is to inject it into one of the pages that the victim visits. This can happen if the website directly includes user input in its pages, because the attacker can then insert a string that will be treated as code by the victim's browser.

XSS Attacks

In general, an XSS attack involves three actors: the website, the victim, and the attacker.

The website serves HTML pages to users who request them. The victim is a normal user of the website who requests pages from it using his browser. The attacker is a malicious user of the website who intends to launch an attack on the victim by exploiting an XSS vulnerability in the website.

Types of XSS

While the goal of an XSS attack is always to execute malicious JavaScriptc ode in the victim's browser, there are few fundamentally different ways of achieving that goal. XSS attacks are often divided into three types:

Persistent XSS
Reflected XSS
DOM-based XSS

Let's introduce each of them to you.

Persistent Cross-site scripting

Persistent XSS occurs when the developer stores the user input data into database server or simply writes it in the file without a proper filtration, then sends them again to the client browser.

We provide you simple example, which you can try yourself. Let's say that you have come to our social site and you want to execute XSS which pops out alert with some text every time user comes to website.

You can do this by posting comment similar to the one on the image:

After you post such a comment, everytime when somebody clicks on home tab, the alert pops out:

Reflected Cross-site scripting and DOM-based Cross-site scripting

Reflected Cross-site Scripting (XSS) occur when an attacker injects browser executable code within a single HTTP response. The injected attack is not stored within the application itself; it is non-persistent and only impacts users who open a maliciously crafted link or third-party web page. The attack string is included as part of the crafted URI or HTTP parameters, improperly processed by the application, and returned to the victim.

DOM Based XSS is an XSS attack where in the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.

In our game you are going to use the persistent XSS. If you are interested in other examples, you can check links at the bottom of the page later, when you won't be in hurry.

--------------------------------------------------------------------------------------

BeEF - The Browser Exploitation Framework

Beef is going to be main tool which you will use in second as well as in the third level. We will try to make a brief introduction to this tool.
It is a penetration testing tool that focuses on the web browser.

How to start Beef?

You can start Beef in terminal. Just change working directory to Beef installation directory and type "./beef"
After executing the command you shoud go to the Beef web server (address of a web server is in the output produced by the command)
You will see the login page:

The home page look like this :

You can't do much now because you do not have any browser hooked. You need to figure out how to hook social site by yourself (it is also your task in this level).
After a successful hook, you will see hooked browser under the Online browsers:

After you click on the hooked browser, you will see information about the browser or the hooked page.