PDA

View Full Version : Evil grade style exploit, replace the binary data of a file during download...



BigMac
10-11-2012, 12:27 PM
this could be a man in the middle style exploit, if a client on the network is surfing websites looking for executable files to download, this proxy can modify the binary data on the fly...

its just proof of concept... i never finished it because i became overwhelmed with the amount of work needed just to build a stable proxy that can handle all kinds of traffic, ftp, ssh, http, https etc...

Proxy source
pastebin.com/n7AHi5Ny
i now understand that i need to build a proxy framework that can handle each protocal then the exploits will come later but i need help doing this...

my life is busy and this is just a hobby and I LOVE RUBY ,-)
if you like youtube...
https://vimeo.com/51230425
[REMOVED YOUTUBE (http://www.backtrack-linux.org/forums/showthread.php?t=40169) VIDEO]

M00kaw
10-22-2012, 11:39 PM
It is really really a nice POC !
I would love to play around with it..

I know a little bit of ruby, and it's so cool that you released the code.

edit:

what ruby version ?

BigMac
10-23-2012, 06:05 PM
It is really really a nice POC !
I would love to play around with it..

I know a little bit of ruby, and it's so cool that you released the code.

edit:

what ruby version ?

I made this about a year ago, i started from scratch about 6 times with ruby sockets and eventmachine... after making this thread i found arp_poisining.rb in the metasploit frame work and another arp_spoofit.rb on github, both these could be the bare bones for this kind of exploit...

http://metasploit.com/modules/auxiliary/spoof/arp/arp_poisoning.rb (http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/spoof/arp/arp_poisoning.rb) i have been messing around with this module and maybe i can get some help here...
I just need to get my ruby finger tips on the data 'from the client' and 'to the client'
im sure its so simple and this frustrates me :mad:

it drives me crazy because all day i think about the ruby i will write once i can get in controle of the data flow :cool:

in the end im sure ill just have to write some ugly ettercap filters and then save the packet to a file, execute ruby script to modify the data then inject it... but that sounds so lame to me and every one loves metasploit

Im reading document packetfu! maybe the place to learn