| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 13 Aug 2006 19:30:06 +0200 (CEST) From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz> To: H D Moore <fdlist@...italoffense.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Re[2]: JavaScript get Internal Address (thanks to DanBUK) On Sat, 12 Aug 2006, H D Moore wrote: > 1) Create a metasploit payload for communicating with shell/meterpreter > via DNS queries and replies. This will not be a 'small' payload by any > means, but should be feasible for all DCERPC and browser bug exploits. nstx code fits into 20 kB. Not small but not too huge either. And you can probably bootstrap it with a tiny loader downloading the rest of code via DNS. In fact data download over DNS is much simpler than full bidirectional communication, and you can take advantage of DNS caching to save bandwidth during mass attacks against targets within a single network. <g> > * Privacy concerns regarding the initial DNS request to msf.metasploit.com > for the NS record of the attacker. Technically, this could violate a NDA > if used on a penetration test. > * Really easy to signature if it always uses *.metasploit.com requests. The solution is easy: do not hardwire the domain, make it configurable, and let people (who care) set up their own servers with their own domain names. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists