XSS and bypassing an Imperva WAF with JSFuck
TLDR – Create sudo user in Kali Linux, so Google Chrome works with sandbox mode enabled
I’m a Windows guy! I used Windows, administered Windows, developed on Windows – Windows is how I pay my bills. I also touch Linux and some security stuff, and as you know these two things cross over quite a bit.
At least once a month, I have to run open-vas scans on our internal network and see how many 10.0 threats we managed to reduce on our network.
Not many is normally the answer! So I have like more cyber people and hobbyist etc, have a Kali Linux VM or live CD kicking around!
A lot of people, me included typically use it out of the box, running as the Root user. As my VM grows, I add tools and useful scripts and files that I find useful etc all running as the root user!
I’ve added the cisco anyconnect client and other tweaks, but it’s not my main daily OS, so I don’t really care about it.
I’ve never really been much of a Firefox fan. As you will know Firefox is the default browser that is installed in Kali, and if you anything like me. I am horrible at remembering syntax and things. I always have a google search page open.
Me being me, decided, that I would throw Chrome on there so I have access to all my book marks and saved site passwords from my $dayjob machine. I also prefer the inspection features of google chrome and Dom explorer etc. This is just a personal preference.
What I thought would be a 2 min install turned in a 5 min install!
Meh! Annoying – nothing complex and nothing needing the google machine to fix! But was still annoying and made me Grumpy so I decided to blog about it! I don’t normally blog on Linux stuff. I might in future expand away and do more post like this way from PowerShell and Windows. So this is short and sweet!
So installing Google Chrome on Kali was this..
I downloaded the .deb file and install it! Simple simple simple!
Initially I use Firefox to go to the Google chrome download page and download the file! Simple
Throw open a shell prompt and use
dpkg -ito install the file from the download location.
Done…. oh… not quite a bit or work to do! Missing my .exe/msi install method right about now!
Looks like it is missing some dependency! Dam, lucky it tells us what is missing so we can install it! There a lot of reading which makes me Grumpy!
so lets do an
apt-get install libappindicator1
Done…. wtf…. meh! Still more
Again Linux is quite helpful and tells us what to type in to fix this!
Let’s run our
google-chrome application and get some web surfing done! Job done! Easy wasn’t it…. Oh wait….
Doh! An error as we are running as root not a normal user!
Ok then – lets do what it says and run with the
yippy – working…coffee time ish! But let’s have a think about things a moment….
If we running as root without the sandbox features doesn’t that mean if I hit a nasty site, which I might do especially if browsing tutorials and help files on hacker tools… would that make it easy for them black hat types to gain root on my pen testing box through some browser exploit?
With the laptop holding the results of internal scans, and all the tools and connectivity to internal systems. While useful tool for security and doing risky stuff like running as root and using a browser with no sandboxing is perhaps giving them bad guys the keys to the kingdom on a silver plate!
So what is the better way of doing this…. The answer is to stop being a Lazy Grumpy Admin and create a normal user and use SUDO!
It’s not hard and it’s like one of the first things a newish Linux administrator learns to do! 30/45 seconds and the security posture of the VM and the work processes have been improved!
So let’s do that quickly
passwd our new user named Hazzy of course
usermod -a -G sudo hazzy
Assign a shell and we are done!
chsh -s /bin/bash hazzy
As with most things in Grumpy Admins world – lets test it out and confirm that it works!
sudo -u hazzy bash
Right lets logout of the root account
And login as our new user hazzy and let’s launch our chrome browser from the apps panel, start menu thingy – just cause I’m too lazy to type! Google-chrome in a shell prompt
And let’s navigate somewhere so we know it works!
Simple, new user, chrome installed – bit safer now when using my Kali Linux install. See what I mean, it didn’t take long a fast typist can do this in less than 30/45 seconds! Also
sudo -i works as expected
PS… in Windows I just double click an .exe and I’m done….