Full Disclosure mailing list archives
Re: Re[2]: JavaScript get Internal Address (thanks to DanBUK)
From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Sun, 13 Aug 2006 19:30:06 +0200 (CEST)
On Sat, 12 Aug 2006, H D Moore wrote:
1) Create a metasploit payload for communicating with shell/meterpreter via DNS queries and replies. This will not be a 'small' payload by any means, but should be feasible for all DCERPC and browser bug exploits.
nstx code fits into 20 kB. Not small but not too huge either. And you can probably bootstrap it with a tiny loader downloading the rest of code via DNS. In fact data download over DNS is much simpler than full bidirectional communication, and you can take advantage of DNS caching to save bandwidth during mass attacks against targets within a single network. <g>
* Privacy concerns regarding the initial DNS request to msf.metasploit.com for the NS record of the attacker. Technically, this could violate a NDA if used on a penetration test.
* Really easy to signature if it always uses *.metasploit.com requests.
The solution is easy: do not hardwire the domain, make it configurable, and let people (who care) set up their own servers with their own domain names. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- JavaScript get Internal Address (thanks to DanBUK) pdp (architect) (Aug 12)
- Re: JavaScript get Internal Address (thanks to DanBUK) Martin Dipo Zimmermann (Aug 12)
- Re: JavaScript get Internal Address (thanks to DanBUK) pdp (architect) (Aug 12)
- Re: JavaScript get Internal Address (thanks to DanBUK) H D Moore (Aug 12)
- Re[2]: JavaScript get Internal Address (thanks to DanBUK) Thierry Zoller (Aug 12)
- Re: Re[2]: JavaScript get Internal Address (thanks to DanBUK) H D Moore (Aug 12)
- Re[4]: JavaScript get Internal Address (thanks to DanBUK) Thierry Zoller (Aug 12)
- Re: Re[2]: JavaScript get Internal Address (thanks to DanBUK) Pavel Kankovsky (Aug 13)
- Re: JavaScript get Internal Address (thanks to DanBUK) Alexander Sotirov (Aug 14)
- Re[2]: JavaScript get Internal Address (thanks to DanBUK) Thierry Zoller (Aug 12)
- Re: JavaScript get Internal Address (thanks toDanBUK) nikolay (Aug 12)
- Re: JavaScript get Internal Address (thanks to DanBUK) Martin Dipo Zimmermann (Aug 12)