.

Expoits from a web page?

<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 621

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Oct 16, 2011 3:03 pm

Expoits from a web page?

So I am just remembering when I was testing out Metasploit that there were exploits that would be hosted by the framework on a generic web page. Now my question is, could I create a public web site, and have the framework host a page on that site with the exploit code? i.e, create a page with links (hosted on a public webserver (www.test.lon.com) and then all the links go to a subpage on that site (www.test.lon.com/exploitmenow)?

Also, how do hackers get exploit code on to public websites? I assume they compromise the webserver and literally place the code into a script or whatnot on the webserver?

A third question, when I hosted those pages through metasploit, were they world accessible? Or only accessible by machines on the LAN? I dont remember much from the old web dev days, but I thought you had to get domain space in order to host a publicly accessible web site.
sectestanalysis.blogspot.com/‎
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1695

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Oct 16, 2011 3:42 pm

Re: Expoits from a web page?

It literally depends on the website, and your goal.  

The hackers / pentesters would have to first find a vulnerability and place their code there, yes (in the case of putting code onto another public server, like the one I mentioned in my malware post, where my clients had code inserted into their static webpages.)

As for your own server, accessibility is determined by the victim's need to reach your server.  So if you're on the LAN with the victim, then it'd need to be reachable from other machines on the LAN / subnet.  If your target is remote, then obviously your box needs to be reachable from wherever the target is.

If you're out to try to 'exploit the world,' then you'd need to be on a publicly-visible IP address / webserver.

So for your specific requests:

Paragraph 1 - yes, in the sense that you'd create the page with Metasploit, then upload onto the server

Paragraph 2 - yes, unless you're up to some XSS or other attacks.  But for your purpose, as explained in your post, for straight exploits on hosted pages, you'd exploit first, then place your code.

Paragraph 3 - Depends on the IP, and accessibility from the public side, that you have assigned to your Metasploit host machine.


In short, your post basically seems to ask if you could use MSF to create publicly-accessible and usable exploits, hosted on public websites.

Yep!  

Also...  (sorry for edits...)

As far as obtaining hosting space - nah.  You could register your address with dyndns, port-forward from your router to your MSF box, and wholla!  You're hosting a page, which you could either use directly, or link to from someone else's page.
Last edited by hayabusa on Sun Oct 16, 2011 3:51 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

millwalll

Post Mon Oct 17, 2011 3:33 am

Re: Expoits from a web page?

Agree for example you might have file upload that does not do any validation on the file.You can upload a reverse shell giving you access with nc .Then from this you can try find way to compromise the box  this could be uploading additional  exploits.

I does really depends on what web site and what is running.
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 621

Joined: Sat Apr 17, 2010 12:12 pm

Post Mon Oct 17, 2011 10:00 am

Re: Expoits from a web page?

Thanks guys, i'll have to look into this when I get back home, and can try this in the lab. Might have some more questions when I do.
sectestanalysis.blogspot.com/‎
<<

Ignatius

Jr. Member
Jr. Member

Posts: 91

Joined: Sun Mar 22, 2009 9:51 am

Post Mon Oct 17, 2011 1:01 pm

Re: Expoits from a web page?

SephStorm wrote:Thanks guys, i'll have to look into this when I get back home, and can try this in the lab. Might have some more questions when I do.


Please feed back with your experience.  This is something that I might also try in the lab.
<<

ev0wpnz

Newbie
Newbie

Posts: 5

Joined: Tue Nov 08, 2011 10:05 am

Post Tue Nov 08, 2011 10:01 pm

Re: Expoits from a web page?

Attackers typically compromise sites and use something called an exploit kit. These 'kits' allow the attackers to try a variety of different browser/flash/pdf exploits against the target to get it to download malicious software.

Information about the current exploit packs can be found here:
http://contagiodump.blogspot.com/2010/0 ... pdate.html
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu Nov 10, 2011 7:25 pm

Re: Expoits from a web page?

Talking about Exploit Packs, check out this research:  ;D
http://forum.intern0t.net/offensive-gui ... ddies.html

I know it's old, but it's for example not only interesting to see so many share the same vulnerabilities, but also that most of them use the same code.
I'm an InterN0T'er

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software