Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: flow_depth and WMF exploit

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Wed, 04 Jan 2006 15:37:58 +1300
Interesting to note that the Metasploit Project (www.metasploit.com) has
come out with a sample engine for creating WMF exploits - and it runs as
it's own Web server. You configure it with the exploit you want (e.g.
install a VNC server on the client), and it creates a Web server that
when connected to will attempt to download a WMF file to do just that...

The interesting bit is that the HTTP response is filled with randomly
generated data in the form of Cookies to fill the first 300-400 bytes of
the response with junk... Gee - I wonder what they were trying to bypass...

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: