Metasploit mailing list archives
MoAxB in the MSF world: target OS detection with JavaScript
From: jerome.athias at free.fr (Jerome Athias)
Date: Mon, 21 May 2007 09:17:19 +0200
Sure, you should have to choose the good offset for each target to align your exploit. Attached is an example of how to do it (change the myoffset values as needed) and use the GiveMeRET() JavaScript function. (Note that the returned value is now unescaped ;-)) Enjoy /JA Kurt Grutzmacher wrote :
In some of my activex exploit code I've built a 2K and XP encoded buffer and used this: "var #{version}=navigator.userAgent.toLowerCase();\n" + "if (#{version}.indexOf(\"windows nt 5.0\")!=-1) {\n"+ " #{strname} = unescape(\"#{encw2buf}\");\n"+ "} else {\n"+ " #{strname} = unescape(\"#{encxpbuf}\");\n"+ "}\n"+
-------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: nctaudiofile2_setformatlikesample.rb URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070521/e24c0b05/attachment.asc>
Current thread:
- MoAxB in the MSF world: target OS detection with JavaScript Jerome Athias (May 18)
- MoAxB in the MSF world: target OS detection with JavaScript Kurt Grutzmacher (May 18)
- MoAxB in the MSF world: target OS detection with JavaScript Jerome Athias (May 21)
- MoAxB in the MSF world: target OS detection with JavaScript Nicob (May 21)
- MoAxB in the MSF world: target OS detection with JavaScript Jerome Athias (May 21)
- MoAxB in the MSF world: target OS detection with JavaScript Jerome Athias (May 21)
- MoAxB in the MSF world: target OS detection with JavaScript Kurt Grutzmacher (May 18)
- <Possible follow-ups>
- MoAxB in the MSF world: target OS detection with JavaScript Mike Whitehead (May 18)
- MoAxB in the MSF world: target OS detection with JavaScript Jerome Athias (May 18)