Full Disclosure mailing list archives
Re: JavaScript get Internal Address (thanks toDanBUK)
From: "nikolay" <hijacker () oldum net>
Date: Sat, 12 Aug 2006 20:32:11 +0300
this one is cool one!----- Original Message ----- From: "H D Moore" <fdlist () digitaloffense net>
To: <full-disclosure () lists grok org uk> Sent: Saturday, August 12, 2006 8:09 PMSubject: Re: [Full-disclosure] JavaScript get Internal Address (thanks toDanBUK)
Hello, I worked on something similar, it uses Java in the same way, but also uses a custom DNS server to obtain even more information: Demo: http://metasploit.com/research/misc/decloak/ Code: http://metasploit.com/research/misc/decloak/HelloWorld.java -HD On Saturday 12 August 2006 03:55, pdp (architect) wrote:http://www.gnucitizen.org/projects/javascript-address-info http://f-box.org/~dan/jstest.html The following technique was brought to me by DanBUK (http://f-box.org/~dan/). Dan managed to find the internal IP address of the visiting client by establishing a socket between local host and the remote web server. Upon success the socket populates its structure with all kinds of useful information among some of which are the internal IP address and the hostname. http://www.gnucitizen.org/projects/javascript-address-info/addressinfo. js This technique requires Java, however I think that It should be possible to achieve similar result by invoking special ActionScript methods from Flash. POC can be found on the url above._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- JavaScript get Internal Address (thanks to DanBUK) pdp (architect) (Aug 12)
- Re: JavaScript get Internal Address (thanks to DanBUK) Martin Dipo Zimmermann (Aug 12)
- Re: JavaScript get Internal Address (thanks to DanBUK) pdp (architect) (Aug 12)
- Re: JavaScript get Internal Address (thanks to DanBUK) H D Moore (Aug 12)
- Re[2]: JavaScript get Internal Address (thanks to DanBUK) Thierry Zoller (Aug 12)
- Re: Re[2]: JavaScript get Internal Address (thanks to DanBUK) H D Moore (Aug 12)
- Re[4]: JavaScript get Internal Address (thanks to DanBUK) Thierry Zoller (Aug 12)
- Re: Re[2]: JavaScript get Internal Address (thanks to DanBUK) Pavel Kankovsky (Aug 13)
- Re: JavaScript get Internal Address (thanks to DanBUK) Alexander Sotirov (Aug 14)
- Re[2]: JavaScript get Internal Address (thanks to DanBUK) Thierry Zoller (Aug 12)
- Re: JavaScript get Internal Address (thanks toDanBUK) nikolay (Aug 12)
- Re: JavaScript get Internal Address (thanks to DanBUK) Martin Dipo Zimmermann (Aug 12)