Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

JavaScript Lazy Authorization Forcer and Visited Link Scaner

from [pdp (architect)] Network Security [Permanent Link]
Subject: JavaScript Lazy Authorization Forcer and Visited Link Scaner
Date: Tue, 15 Aug 2006 22:55:52 +0100 
Lazy Authorization Forcer
http://www.gnucitizen.org/projects/javascript-authorization-forcer/

This is an idea I am still developing but here you go POC is available
and it works. The malicious JavaScript presented here will try to
guess URLs that contain credentials. It is sort of Basic
Authentication/FTP Authentication bruteforcer.

The POC works well in IE6, IE7, Firefox and Opera. I wasn't able to
suppress the Basic Authentication dialog when trying to create Basic
Authentication Bruteforcer. However, I came up with this lazyForce
implementation. A typical attack vector will be as the following:

1. The attacker discovers your internal IP
2. Based on your IP a class C range is enumerated using the Port
Scanning or Visited Link Scanning technique.
3. Once a target is discovered a large enough dictionary is used to
find valid credentials associated with each IP.

In order to make IE work a style sheet that is embeded inside the
current document needs to be reused. Read the provided source code for
more information.

Visited Link Scanner
http://www.gnucitizen.org/projects/javascript-visited-link-scanner/

This is a technique that I've learned from Jeremiah Grossman
(http://jeremiahgrossman.blogspot.com/) and his presentation on
JavaScript malware. Please, keep all the credits for this finding to
Jeremiah.

http://www.gnucitizen.org/projects/javascript-visited-link-scanner/visitedlinkscanner.js
The POC presented here is my improved version of the POC presented in
BlackHat. I made it work well in IE6, IE7, Firefox and Opera. IE6 has
very nasty disabilities when dealing with dynamically generated style
sheets. However, these can be easy sorted out by reusing the current
style sheet. If you are interested how it works just read the provided
source code.

Well, this is it.

--
pdp (architect)
http://www.gnucitizen.org

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  (somewhat) breaking the same-origin policy by undermining dns-pinning, Martin Johns
Next by Date:  [Full-disclosure] Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner, mikeiscool
Previous by Thread:  (somewhat) breaking the same-origin policy by undermining dns-pinning, Martin Johns
Next by Thread:  [Full-disclosure] Re: JavaScript Lazy Authorization Forcer and Visited Link Scaner, mikeiscool
Indexes:  [Date] [Thread] [Top] [All Lists]