0

I visited http://www.andlabs.org/tools/jsrecon.html and it is allowing to do port-scan over the client network using web-socket. I am getting confused about this technology because if someone is scanning your network without including xss vulnerability to the website. Then why can't we install any Trojan or any customizable .exe to the client side using cmd?

Correct me if i am wrong here.

Amit Pal
  • 10,604
  • 26
  • 80
  • 160

1 Answers1

0

I don't understand your question regarding "Trojan" or ".exe", but you probably need to understand that this website instructs your browser to do something in the local network, there is no remote party involved in "network scanning".

This website does a very simple thing: it provides some JavaScript (JS) code that is executed locally (i.e. by the browser displaying this website). The JS code is (mis)using the Browser's websocket (and other) technologies for 'scanning' the local network (whatever this should mean, I did not dig into the details of the code).

Dr. Jan-Philip Gehrcke
  • 33,287
  • 14
  • 85
  • 130
  • It's true that this website is instructing browser to run the command and this is `XSS` (controlling the browser). If we can do this then why can't we instruct the browser to make `meterpreter` connection ? – Amit Pal Jan 16 '14 at 20:28
  • It seems you should understand more about security / network technology, before digging into metasploit. XSS is *cross* site scripting, i.e. when you trust *one* website, which executes -- without you knowing it -- code coming from another website (or domain). In the moment you load andlabs.org and allow **it's** JS code to execute, you trust this website, like you trust Google, Facebook, and your favorite news magazine. It would be XSS if you loaded foo.com which would then (kind of secretly) load code from bar.com and execute it. – Dr. Jan-Philip Gehrcke Jan 17 '14 at 09:15