PARTS:
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Part 23
Part 24
Part 25
Part 26
SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Prev | Current Page 208 | Next

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"

As a quick preview, client-side vulnerabilities are vulnerabilities
in client software such as web browsers, e-mail applications, and media players.
PART II
Chapter 4: Using Metasploit
83
The idea is to lure a victim to a malicious website or to trick him into opening a malicious
file or e-mail. When the victim interacts with attacker-controlled content, the
attacker presents data that triggers a vulnerability in the client-side application parsing
the content. One nice thing (from an attacker??™s point of view) is that connections are initiated
by the victim and sail right through the firewall.
Metasploit includes several exploits for browser-based vulnerabilities and can act as a
rogue web server to host those vulnerabilities. In this next example, we??™ll use Metasploit
to host an exploit for the Internet Explorer VML parsing vulnerability fixed by Microsoft
with security update MS06-055.
msf > show exploits
Exploits
========
Name Description
---- -----------
...
windows/browser/aim_goaway AOL Instant Messenger goaway
Overflow
windows/browser/apple_itunes_playlist Apple ITunes 4.7 Playlist
Buffer Overflow
windows/browser/apple_quicktime_rtsp Apple QuickTime 7.1.3 RTSP URI
Buffer Overflow
windows/browser/ie_createobject Internet Explorer COM
CreateObject Code Execution
windows/browser/ie_iscomponentinstalled Internet Explorer
isComponentInstalled Overflow
windows/browser/mcafee_mcsubmgr_vsprintf McAfee Subscription Manager
Stack Overflow
windows/browser/mirc_irc_url mIRC IRC URL Buffer Overflow
windows/browser/ms03_020_ie_objecttype MS03-020 Internet Explorer
Object Type
windows/browser/ms06_001_wmf_setabortproc Windows XP/2003/Vista Metafile
Escape() SetAbortProc Code Execution
windows/browser/ms06_013_createtextrange Internet Explorer
createTextRange() Code Execution
windows/browser/ms06_055_vml_method Internet Explorer VML Fill
Method Code Execution
windows/browser/ms06_057_webview_setslice Internet Explorer
WebViewFolderIcon setSlice() Overflow
.


Pages:
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220
The Art of Agile Development (page 45) Absalom's Hair (page 166) Absolute Surrender and Other Addresses (page 4)