Fun with lnk files

Posted by scriptjunkie in Exploits, Metasploit on October 16, 2010

Stuxnet used an 0day .lnk icon dll-loading vulnerability to own its targets via thumb drives. But if you don’t have a fancy 0day, chances are, you can still get someone to open a link. Link files are great because they often escape the scrutiny of executable .exe files or batch scripts since they don’t directly […]

2 Comments

Command stagers in Windows

Posted by scriptjunkie in Exploits, Metasploit on September 27, 2010

Update: these command stagers have been integrated into metasploit Command injection/execution bugs are a relatively common vulnerability. For example, Internet Explorer, Google Chrome, and Mozilla Firefox have all had these problems, at least including common add-ons. (see http://www.securityfocus.com/archive/1/archive/1/499570/100/0/threaded, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5045, etc.) Many server-side scripts in webapps also suffer from the same issues. Against a Linux target, […]

, , , , , , ,

No Comments

Team metasploit and msfgui on Windows

Posted by scriptjunkie in /dev/urandom, Metasploit on September 21, 2010

First, in answer to a common question, the new msfgui can be run on Windows if Java is installed by double-clicking (starting in your program files directory) MetasploitFramework3msf3dataguimsfgui.jar so make a shortcut to that and place it on your desktop. Next think about the fact that Metasploit has more features and runs with less memory […]

No Comments

Sessionthief linux

Posted by scriptjunkie in Uncategorized on September 14, 2010

In response to a number of questions about how to get sessionthief running on linux, here are the steps to get it working on Ubuntu: First, I apologize, because if anyone tried, the compilation failed due to a case-mismatch on a filename. I had not noticed because I had stored the files on a FAT-formatted […]

14 Comments

Insecure service permission privilege escalation

Posted by scriptjunkie in Exploits, Metasploit on August 22, 2010

A number of metasploit modules already exist to escalate privileges based on insecurely installed services, such as the HP PML driver. But other services also suffer from the same problems and it is not worth making a new script for every obscure service; it would be easier to have one that could scan for such […]

No Comments

Screwing with Nmap

Posted by scriptjunkie in /dev/urandom on August 20, 2010

It is always interesting to me to see what defense can be put up against tools used by attackers/pen testers. I don’t believe there are any public exploits against Nmap (Secunia is not aware of any at least) and I doubt I could find a useful one against a basic scan. On the other hand, […]

No Comments

PXE exploitation

Posted by scriptjunkie in /dev/urandom, Exploits, Metasploit on July 30, 2010

Update: This complete attack, including the DHCP server, has been incorporated into Metasploit. Update and enjoy. The module is auxiliary/server/pxexploit PXE booting has been around for over a decade and is supported by most system BIOSs. And I have also seen it left on in production environments. Although it is very convenient for mass OS […]

No Comments

Sessionthief

Posted by scriptjunkie in /dev/urandom on July 17, 2010

Another little project I put together a couple of years ago is sessionthief. When I need to quickly demonstrate the insecurity of open wireless networks, this is my first choice, as it has the ability to immediately hack into most websites another user on the same LAN is logged into. It performs HTTP session cloning […]

8 Comments

msfgui – now in metasploit

Posted by scriptjunkie in Metasploit on July 16, 2010

The new msfgui is now in metasploit; svn up your msf3/ directory to get it. There is also a good review at http://www.darkoperator.com/blog/2010/7/14/metasploit-new-gui.html Initial reception has been good, although a few bugs have popped up. It supports most scripts and most options on them via a right-click menu on a meterpreter session, generates a basic […]

No Comments

New msfgui

Posted by scriptjunkie in Metasploit on May 27, 2010

Edit: the new gui has been integrated into metasploit. Update and enjoy. Edit: screenshots here: msfgui/ The old msfgui has fallen out of repair, and no longer works on many installs since the right ruby libraries are hard to get and are no longer maintained. But for a number of reasons I still think it’s […]

7 Comments