lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 12 Aug 2006 20:32:11 +0300
From: "nikolay" <hijacker@...um.net>
To: "H D Moore" <fdlist@...italoffense.net>,
	<full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: Re: JavaScript get Internal Address (thanks
	toDanBUK)

this one is cool one!

----- Original Message ----- 
From: "H D Moore" <fdlist@...italoffense.net>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Saturday, August 12, 2006 8:09 PM
Subject: Re: [Full-disclosure] JavaScript get Internal Address (thanks 
toDanBUK)


> Hello,
>
> I worked on something similar, it uses Java in the same way, but also uses
> a custom DNS server to obtain even more information:
>
> Demo:
> http://metasploit.com/research/misc/decloak/
>
> Code:
> http://metasploit.com/research/misc/decloak/HelloWorld.java
>
> -HD
>
> On Saturday 12 August 2006 03:55, pdp (architect) wrote:
>> http://www.gnucitizen.org/projects/javascript-address-info
>> http://f-box.org/~dan/jstest.html
>>
>> The following technique was brought to me by DanBUK
>> (http://f-box.org/~dan/). Dan managed to find the internal IP address
>> of the visiting client by establishing a socket between local host and
>> the remote web server. Upon success the socket populates its structure
>> with all kinds of useful information among some of which are the
>> internal IP address and the hostname.
>>
>> http://www.gnucitizen.org/projects/javascript-address-info/addressinfo.
>>js
>>
>> This technique requires Java, however I think that It should be
>> possible to achieve similar result by invoking special ActionScript
>> methods from Flash.
>>
>> POC can be found on the url above.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ