Metasploit mailing list archives
MoAxB in the MSF world: target OS detection with JavaScript
From: grutz at jingojango.net (Kurt Grutzmacher)
Date: Fri, 18 May 2007 10:38:21 -0500
On Fri, May 18, 2007 at 02:11:33PM +0200, Jerome Athias wrote:
giveMeRET() function in an exploit, it will retrieve the Windows version and locale of the target and return a good ret address.
That's awesome. Adding other locales and OS variations would continue to keep exploits usable! In some of my activex exploit code I've built a 2K and XP encoded buffer and used this: "var #{version}=navigator.userAgent.toLowerCase();\n" + "if (#{version}.indexOf(\"windows nt 5.0\")!=-1) {\n"+ " #{strname} = unescape(\"#{encw2buf}\");\n"+ "} else {\n"+ " #{strname} = unescape(\"#{encxpbuf}\");\n"+ "}\n"+ Which worked but is kind of a kludge.
To obfuscate the exploit code, people should use both the rand_text_alpha() and obfuscate_js() functions. [Ref4]
...and sometimes an SEH isn't just an SEH! -- ..:[ grutz at jingojango dot net ]:.. GPG fingerprint: 5FD6 A27D 63DB 3319 140F B3FB EC95 2A03 8CB3 ECB4 "There's just no amusing way to say, 'I have a CISSP'." -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 191 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070518/030d80f4/attachment.pgp>
Current thread:
- MoAxB in the MSF world: target OS detection with JavaScript Jerome Athias (May 18)
- MoAxB in the MSF world: target OS detection with JavaScript Kurt Grutzmacher (May 18)
- MoAxB in the MSF world: target OS detection with JavaScript Jerome Athias (May 21)
- MoAxB in the MSF world: target OS detection with JavaScript Nicob (May 21)
- MoAxB in the MSF world: target OS detection with JavaScript Jerome Athias (May 21)
- MoAxB in the MSF world: target OS detection with JavaScript Jerome Athias (May 21)
- MoAxB in the MSF world: target OS detection with JavaScript Kurt Grutzmacher (May 18)
- <Possible follow-ups>
- MoAxB in the MSF world: target OS detection with JavaScript Mike Whitehead (May 18)
- MoAxB in the MSF world: target OS detection with JavaScript Jerome Athias (May 18)