lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 25 Aug 2010 14:10:03 -0500
From: matt <matt@...ackvector.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Method to encode DLL payloads for hijacking
	purposes.

Hey..

Yesterday I wrote a post describing how to exploit these vulnerabilities
using the "webdav_dll_hijacker" Metasploit module, but it requires you to
jump through some hoops in order to get your victim to browse to the rogue
share.  So, here's a new article that doesn't use the "webdav_dll_hijacker"
module and details how to encode a payload into a DLL using "msfpayload",
which allows you to put the exploit files on any share that you'd like.

http://www.attackvector.org/alternative-dll-hijacking-method/

Enjoy.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ