Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: JavaScript get Internal Address (thanks to DanBUK)

From: H D Moore <fdlist () digitaloffense net>
Date: Sat, 12 Aug 2006 12:09:56 -0500
Hello,

I worked on something similar, it uses Java in the same way, but also uses 
a custom DNS server to obtain even more information:

Demo:
http://metasploit.com/research/misc/decloak/

Code:
http://metasploit.com/research/misc/decloak/HelloWorld.java

-HD

On Saturday 12 August 2006 03:55, pdp (architect) wrote:

http://www.gnucitizen.org/projects/javascript-address-info
http://f-box.org/~dan/jstest.html

The following technique was brought to me by DanBUK
(http://f-box.org/~dan/). Dan managed to find the internal IP address
of the visiting client by establishing a socket between local host and
the remote web server. Upon success the socket populates its structure
with all kinds of useful information among some of which are the
internal IP address and the hostname.

http://www.gnucitizen.org/projects/javascript-address-info/addressinfo.
js

This technique requires Java, however I think that It should be
possible to achieve similar result by invoking special ActionScript
methods from Flash.

POC can be found on the url above.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: