| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200608121209.56932.fdlist@digitaloffense.net> Date: Sat, 12 Aug 2006 12:09:56 -0500 From: H D Moore <fdlist@...italoffense.net> To: full-disclosure@...ts.grok.org.uk Subject: Re: JavaScript get Internal Address (thanks to DanBUK) Hello, I worked on something similar, it uses Java in the same way, but also uses a custom DNS server to obtain even more information: Demo: http://metasploit.com/research/misc/decloak/ Code: http://metasploit.com/research/misc/decloak/HelloWorld.java -HD On Saturday 12 August 2006 03:55, pdp (architect) wrote: > http://www.gnucitizen.org/projects/javascript-address-info > http://f-box.org/~dan/jstest.html > > The following technique was brought to me by DanBUK > (http://f-box.org/~dan/). Dan managed to find the internal IP address > of the visiting client by establishing a socket between local host and > the remote web server. Upon success the socket populates its structure > with all kinds of useful information among some of which are the > internal IP address and the hostname. > > http://www.gnucitizen.org/projects/javascript-address-info/addressinfo. >js > > This technique requires Java, however I think that It should be > possible to achieve similar result by invoking special ActionScript > methods from Flash. > > POC can be found on the url above. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists