Re: Convert browser type exploit into fileformat type

[Atul Agarwal <atul () secfence com>]

Hello,

You can convert *almost* all browser based exploits to fileformat ones. As
you would have already guessed, you would then be needing to send the html
file to exploit, instead of pointing the link.

The general guideline is to start the browser based exploit, and save the
page using wget (or anything similar) with appropriate user-agent(s). But
ofcourse, this can have some complications as (for ex.) iepeers browser
exploit on metasploit launches IE6 and IE7 exploits based on the useragent.
So you will have to change user-agent appropriately and save all the
variations it has to offer.

Another complication could be the fact that an in order to exploit a vuln,
loading more than HTML or JS is needed. Take for instance, the Aurora
exploit, which required the browser to render an external media (metasploit
used gif, I think) for successful exploitation. In order to *convert* that
exploit to fileformat, you will have to save that file too.

Hope that helped.

Thanks,
Atul Agarwal
Secfence Technologies
www.secfence.com



On Thu, Jul 15, 2010 at 3:18 PM, Spring Systems <korund () hotmail com> wrote:

> Hello,
>
> how to convert browser type exploit into "fileformat" type to save it in
> html or php form?
> for example
>
>
> http://www.metasploit.com/modules/exploit/windows/browser/ms08_041_snapshotviewer
>
> have no fileformat version. How to save exploit with payload in html ot php
> form?
>
>
> Regards,
> Alex
>
> _________________________________________________________________
> The New Busy is not the too busy. Combine all your e-mail accounts with
> Hotmail.
>
> http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework