Re: Re[2]: JavaScript get Internal Address (thanks to DanBUK)

[Pavel Kankovsky <peak () argo troja mff cuni cz>]

On Sat, 12 Aug 2006, H D Moore wrote:

> 1) Create a metasploit payload for communicating with shell/meterpreter 
> via DNS queries and replies. This will not be a 'small' payload by any 
> means, but should be feasible for all DCERPC and browser bug exploits.

nstx code fits into 20 kB. Not small but not too huge either.

And you can probably bootstrap it with a tiny loader downloading the rest 
of code via DNS. In fact data download over DNS is much simpler than full 
bidirectional communication, and you can take advantage of DNS caching to 
save bandwidth during mass attacks against targets within a single 
network. <g>

> * Privacy concerns regarding the initial DNS request to msf.metasploit.com 
> for the NS record of the attacker. Technically, this could violate a NDA 
> if used on a penetration test.

> * Really easy to signature if it always uses *.metasploit.com requests.

The solution is easy: do not hardwire the domain, make it configurable, 
and let people (who care) set up their own servers with their own domain 
names.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/