I am moving to a new domain using custom
made blog software, it will be set up soon
at the domain: fazed-darkstar.co.uk
I am also setting up a site at: darkstar.me.uk
07/11/07
Blog Moved..
Moodle Phishing
Iframes really are evil..
at college we have a system called
moodle for handling all our assignments
and email etc. anyway they use iframes
who's content is set by a GET variable,
now if you read back a bit you will
see that this can lead to a phishing
attack as the user trusts the domain they
are on. this can also lead to XSS attacks
through the use of either the javascript:
protocol or the data: protocol (firefox)
02/11/07
Intelligent Retail XSS
hmm just went looking over the intelligent
retail CMS again and found anouther XSS:
POC
Im not even going to bother looking any more
there must be so many holes in this system.
Firefox Data:
Ok i know this is on GnuCitizen today
but it is actually very interesting. at the moment I am in
college but I liked the implications of this so much that
I am posting asap.
Anyways, Firefox uses the data: protocol to handle
data that is passed from the site to the browser,
you can then create your own data that will be
executed on the current site like so:
Proof Of Concept
you can do this widouth the base64 encoded text
and have it in plain text instead but that is easier
for people to see what you are doing.
heres a funny one to do to people:
Proof Of Concept
you could expand this much more.
28/10/07
Firefox/Opera Plugin Enumeration
This simple Script will test a web browser
for different browser plugins.
this information can then be used to do
OS fingerprinting and/or to launch an attack
against the client.
The main problem is that this doesn't
accept varibles and so it has to
be repeted loads of times.
you can test this script:
<html><head><title>Plugin Enumeration</title></head>
<script>
function enum(){
xs = '';
try { xs += "<br>" + navigator.plugins[0].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[1].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[2].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[3].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[4].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[5].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[6].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[7].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[8].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[9].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[10].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[11].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[12].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[13].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[14].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[15].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[16].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[17].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[18].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[19].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[20].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[21].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[22].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[23].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[24].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[25].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[26].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[27].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[28].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[29].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[30].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[31].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[32].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[33].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[34].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[35].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[36].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[37].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[38].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[39].name; } catch(e) { xs += ""; }
try { xs += "<br>" + navigator.plugins[40].name; } catch(e) { xs += ""; }
document.write(xs);
}
</script>
<body>
<!-- Plugin Enumeration
Created By [fazed] --!>
<small>Plugin Emumeration<br>By [fazed]</small><div id='plugs'><a href="javascript: enum();"><button>Go</button></a></div>
27/10/07
Mobile Attack Suite v1r1
I have just thrown together a few of
my tools I have created over the years
to end up with a toolkit that will run
from a windows mobile/CE device with an
internet connection.
First you will need pythonCE:
http://www.sourceforge.net/projects/pythonce
Install that to your mobile device and on your
computer create a .txt file called attackSuite.txt
the source for the Suite is
(please dont use this url to often as it uses up
our bandwidth.)
upload this file somewhere.
in python on the mobile device run
the following commands:
from urllib import *
sh = urlopen("http://host/attackSuite.txt")
fh = open("attacksuite.py", "w")
fh.write(sh.read())
fh.close()
sh.close()
now you can load the suite by typing:
from attacksuite import *
to get more help from within the application
type: helper()
25/10/07
CSRF Video.
Subscribe to:
Posts (Atom)
