Pentest XSS Attack To SSH
Situation :
- Admin Panel infected with xss and uploading any file converted to pdf.
P0c from (https://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html):
<script> x=new XMLHttpRequest; x.onload=function() { document.write(this.responseText) }; x.open("GET","file:///etc/passwd"); x.send(); </script>
Explaining it in images:
Next Download the pdf :
Reading /etc/passwd success , next try to read /home/user/.ssh/rsa_id
and :
Making local id_rsa and chmod it 700.. then try to ssh !