metasploit-framework July 2010 archive
Main Archive Page > Month Archives  > metasploit-framework archives
metasploit-framework: Re: [framework] Convert browser type explo

Re: [framework] Convert browser type exploit into fileformat type

From: Spring Systems <korund_at_nospam>
Date: Fri Jul 16 2010 - 13:50:57 GMT
To: <framework@spool.metasploit.com>

Hello,
 
about Aurora exploit: saved exploit contains this line:
 
<span id="dsTJCFotQZBieQmgrLsQjsvZWakcQ"><iframe src="/lqsGBZObdISHwpzuUT.gif" onload="xOoXIISyao(event)" /></span>
 
what is id="dsTJCFotQZBieQmgrLsQjsvZWakcQ", and where to find "lqsGBZObdISHwpzuUT.gif" image?
 
Best Regards,
Alex

________________________________
> From: atul@secfence.com
> Date: Thu, 15 Jul 2010 15:29:29 +0530
> Subject: Re: [framework] Convert browser type exploit into fileformat type
> To: korund@hotmail.com
> CC: framework@spool.metasploit.com
>
> Hello,
>
> You can convert *almost* all browser based exploits to fileformat ones. As you would have already guessed, you would then be needing to send the html file to exploit, instead of pointing the link.
>
> The general guideline is to start the browser based exploit, and save the page using wget (or anything similar) with appropriate user-agent(s). But ofcourse, this can have some complications as (for ex.) iepeers browser exploit on metasploit launches IE6 and IE7 exploits based on the useragent. So you will have to change user-agent appropriately and save all the variations it has to offer.
>
>
>
> Another complication could be the fact that an in order to exploit a vuln, loading more than HTML or JS is needed. Take for instance, the Aurora exploit, which required the browser to render an external media (metasploit used gif, I think) for successful exploitation. In order to *convert* that exploit to fileformat, you will have to save that file too.
>
>
>
> Hope that helped.
>
> Thanks,
> Atul Agarwal
> Secfence Technologies
> www.secfence.com
>
>
>
>
> On Thu, Jul 15, 2010 at 3:18 PM, Spring Systems> wrote:
>
>
>
>
> Hello,
>
>
>
> how to convert browser type exploit into "fileformat" type to save it in html or php form?
>
> for example
>
>
>
> http://www.metasploit.com/modules/exploit/windows/browser/ms08_041_snapshotviewer
>
>
>
> have no fileformat version. How to save exploit with payload in html ot php form?
>
>
>
>
>
> Regards,
>
> Alex
>
>
>
> _________________________________________________________________
>
> The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
>
> http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
>
>
>
> _______________________________________________
>
> https://mail.metasploit.com/mailman/listinfo/framework
>
>
                                               
_________________________________________________________________
Hotmail is redefining busy with tools for the New Busy. Get more from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework