Results 1 to 4 of 4

Thread: Browser exploit research

  1. #1
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    5

    Question Browser exploit research

    what is the best metasploit module or mixed packet to apply to position (4) on the picture bellow .



    I have made kind of a research about this .
    metasploit aux/browser_aoutopwn - 1,5 % success
    metasploit expl/ms10/help_center - 3,0 % success

    any other suggestions ?
    Last edited by n37w4lk3r; 11-02-2010 at 10:57 AM.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Browser exploit research

    That picture isn't exactly very clear. Would you like to explain the scenario in words? Maybe mentioning what is happening during each of those steps, as well as what the overall goal is.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Re: Browser exploit research

    Yes, you need to (at the very least) explain what the overall goal is, also like Lupin says the picture is not the clearest. Are you trying to pivot from an infected computer, through the network?
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  4. #4
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    5

    Question Re: Browser exploit research


    ok i agree that it's not so clear , and the steps are not exactly wright .
    well my friends here is the scenario .

    let's have one infected pc , running metsvc_bind_tcp on port 31337 , so we can control it . On that box we deploy metasploit. so we can run metasploit through that host. On that same host i used to run metasploit modules like aux/browser_autopwn and expl/ms10_help_center (or something like this it was) . Thew are set on that host to listen on port 80 , and exploit victims that are coming to it thanks to my dns spoof that i run earlier on my local network for example .

    The question is , simple . Is there any better method for us to use for browser exploiting in that same scenario using java or php ? Or it is very personal , i mean we have to choose every individual we want to test , by examining what browser and version he is runnig and than choose exploit specially for that . and if so what to do if there is no sploit for that particular version of browser ?

Similar Threads

  1. private research - setting up a malware lab
    By brtw2003 in forum Experts Forum
    Replies: 3
    Last Post: 03-14-2011, 11:49 AM
  2. Websites for open source research and pen-testing
    By theprez98 in forum OLD Pentesting
    Replies: 7
    Last Post: 09-26-2009, 05:53 PM
  3. My Rainbow Table Research....
    By >Dart> in forum OLD Pentesting
    Replies: 9
    Last Post: 09-10-2008, 09:56 PM
  4. Wireless Card Research.
    By crashreb0ot in forum OLD Newbie Area
    Replies: 3
    Last Post: 07-04-2007, 05:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •