hey welcome to watch guard cables first-ever v-log post I’m Corey and today I’d like to revisit a cable berth from last week last Tuesday I wrote a berth about two brand-new zero-day flaws and Internet Explorer one involved at activex animation control and the second involved the action Internet Explorer parses vector markup communication or vml well unfortunately the vml employ has increased significantly in the past few epoches for instance researchers have recently been publicly released three new exploits for this vulnerability including one that allows an attacker to get a shell on your machine on top of that investigate syndicates like beaches have noticed ecards in the mad that actually take advantage of this vml exploit ultimately a researcher worded Aviv raff found that it’s easy to modify these manipulates so they get past most antivirus merchants signatures so to actually illustrate how bad this shortcoming could be I figured would take a look at one of those three employs and indicate you what it could really do I’ll start by heading to a very popular exploit archive website announced mill snake tranquilize this site has the three recent vml employs I’ll go ahead and select the one that works on XP with service pack 2 a immediate glance at this code tells me right away that it’s a perl script if i scroll down a little i right away encounter something called shellcode shellcode is the malevolent code and intruder attaches to his exploit to get it to do something bad in this case the employ applies a very popular shell code from the metasploit fabric parcel called relate eggshell attach husk opens a listening port on the victims computer so that an attacker can connect to it in amplification command-line restraint in such cases bine husk attaches to port 5555 the rest of this perl script really consists of code that generates a malevolent web page and administers that shellcode into it so if i close these windows and look at these files you can see here is the exploit perl script and if I feed the pearl piece it creates employ HTML which is our malevolent web page now I simply have to start a network server on this computer to host my malicious web page now let’s switch to the victim’s machine so the victim is going to open up Internet Explorer and go to dub dub dub add site com this is the URL of the malicious entanglement server I set up earlier when I go there it appears that nothing’s happening nonetheles behind the scenes that malicious web page is injecting the shellcode onto my scapegoats machine so at this time if my eggshell code was successful the victim machine is now listening on port 5555 before we are moving forward off the victim machine I’d like to draw your attention to the enters on the desktop they’ll become important later now we’re back to the attacker machine with the victims machine in the top right-hand corner apply a command-line instruction i’m going to telling it to the victims machine on port 5555 this is the port my husk code should be listening on when we do this we actually get a windows command prompt our manipulate wreaked we owned the victim PC employ a directory listing command I can be found in the data that reside on the victims desktop furthermore I are truly delete them watch the desktop as they disappear so as you can see our publicly liberated vml employ code acted flawlessly simply by inspect our malicious website the victim lost total control of his pc now that you’ve seen how bad this vulnerability can be in real life I’m sure you’re dying to know how to protect yourself from this threat well there’s good news Microsoft has done the unusual and liberated an out of cycle patch to fix this vulnerability they listed under ms 060 55 you should download test and invest it as soon as you can if you’re alive certificate or soul security and onetime customer will affix more information about this shortly we’ll continue to post these V enters from time to time so if you’re interested watch the watchguard wire thanks
Related posts
-
C# Tutorial For Beginners – Learn C# Basics in 1 Hour
Hi! Thank you for taking my C# tutorial for beginners. Let me quickly give you an... -
WordPress Tutorial: Build Your Affiliate Marketing Sales Funnel
Hi Kevin Barham now and in this shorttutorial I’m gonna show you how to build an... -
Python OOP Tutorial 1: Classes and Instances
Hey, everybody. How’s going in this streaks of videos? We’ll be learning how to create and...