[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001f01c6be35$3eb8cb40$0600a8c0@hpa>
Date: Sat, 12 Aug 2006 20:32:11 +0300
From: "nikolay" <hijacker@...um.net>
To: "H D Moore" <fdlist@...italoffense.net>,
<full-disclosure@...ts.grok.org.uk>
Cc:
Subject: Re: JavaScript get Internal Address (thanks
toDanBUK)
this one is cool one!
----- Original Message -----
From: "H D Moore" <fdlist@...italoffense.net>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Saturday, August 12, 2006 8:09 PM
Subject: Re: [Full-disclosure] JavaScript get Internal Address (thanks
toDanBUK)
> Hello,
>
> I worked on something similar, it uses Java in the same way, but also uses
> a custom DNS server to obtain even more information:
>
> Demo:
> http://metasploit.com/research/misc/decloak/
>
> Code:
> http://metasploit.com/research/misc/decloak/HelloWorld.java
>
> -HD
>
> On Saturday 12 August 2006 03:55, pdp (architect) wrote:
>> http://www.gnucitizen.org/projects/javascript-address-info
>> http://f-box.org/~dan/jstest.html
>>
>> The following technique was brought to me by DanBUK
>> (http://f-box.org/~dan/). Dan managed to find the internal IP address
>> of the visiting client by establishing a socket between local host and
>> the remote web server. Upon success the socket populates its structure
>> with all kinds of useful information among some of which are the
>> internal IP address and the hostname.
>>
>> http://www.gnucitizen.org/projects/javascript-address-info/addressinfo.
>>js
>>
>> This technique requires Java, however I think that It should be
>> possible to achieve similar result by invoking special ActionScript
>> methods from Flash.
>>
>> POC can be found on the url above.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists