lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060813191448.41FD.0@paddy.troja.mff.cuni.cz>
Date: Sun, 13 Aug 2006 19:30:06 +0200 (CEST)
From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz>
To: H D Moore <fdlist@...italoffense.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Re[2]: JavaScript get Internal Address (thanks
	to DanBUK)

On Sat, 12 Aug 2006, H D Moore wrote:

> 1) Create a metasploit payload for communicating with shell/meterpreter 
> via DNS queries and replies. This will not be a 'small' payload by any 
> means, but should be feasible for all DCERPC and browser bug exploits.

nstx code fits into 20 kB. Not small but not too huge either.

And you can probably bootstrap it with a tiny loader downloading the rest 
of code via DNS. In fact data download over DNS is much simpler than full 
bidirectional communication, and you can take advantage of DNS caching to 
save bandwidth during mass attacks against targets within a single 
network. <g>

> * Privacy concerns regarding the initial DNS request to msf.metasploit.com 
> for the NS record of the attacker. Technically, this could violate a NDA 
> if used on a penetration test.

> * Really easy to signature if it always uses *.metasploit.com requests.

The solution is easy: do not hardwire the domain, make it configurable, 
and let people (who care) set up their own servers with their own domain 
names.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ