Mike Nichols, Keith McCammon, & Shawn Smith – Paul’s Security Weekly #577

Mike Nichols is the VP of Product Management at Endgame, and he manages the Endgame endpoint protection platform. Keith McCammon is the Chief Security Officer and Co-Founder of Red Canary, and he runs Red Canary’s Security Operation Center. Shawn Smith is the IT Security Manager at Panhandle Educators Federal Credit Union. They discuss the problems […]
The post Mike Nichols, Keith McCammon, & Shawn Smith – Paul’s Security Weekly #577 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/ZfMMHVP8Jrk/

JShell – Get A JavaScript Shell With XSS

JShell – Get a JavaScript shell with XSS.UsagesRun shell.pyand JShell will automatically try to detect your IP address, default LPORT is 33.As you can see the payload has been generated and now all you have to do is to deliver this payload to the victim.As soon as you do that, you will get a JS shell over netcat where you can execute your JavaScript code in victim’s browser as soon as the injected page is open.Here’s a screenshot:Credits, Disclaimer & LicenseThis script uses the method demostrated by Rodolfo AssisDownload JShell

Link: http://feedproxy.google.com/~r/PentestTools/~3/eN791WCJA-Q/jshell-get-javascript-shell-with-xss.html