Government Security
Network Security Resources

Jump to content

Photo

Browser Exploit


  • Please log in to reply
3 replies to this topic

#1 victor43

victor43

    Private

  • Members
  • 3 posts

Posted 18 April 2011 - 02:29 PM

Hello all.

I would like to learn whether its possible to exploit either of these current browser through the use of buffer overflow and remote code execution just by surfing the internet. Browser version 3.6.15 for Firefox and IE7. However the catch is that the browser vulnerability does not crash or freeze the browser in any way that gives away of the exploit attempt. I have searched the internet and so far have only found sites that report browser crashes when the exploit takes place.

Do these exploits exist today and where may I find some source code on how this can be done. The catch again is that this process does not freeze or crash the browser in any way that signifies that something is wrong deterring the user from being suspicious.

Thanks in advance

Victor

#2 Marts McFly

Marts McFly

    Second Lieutenant

  • Second Lieutenant
  • 591 posts

Posted 18 April 2011 - 04:11 PM

Better way to think about such 'client side attacks' is with what the browser can access. Exploits are found for browsers all the time. But even more so than that, exploits for things like flash and Java are even more common.

Common java code exploits which can attack you once you click on a link can bypass all up to date Operating System, Browser and AV protection provided that version of Java has an exploit available (or not up to date).

You can test this out using BackTrack. Metasploit has these javasploit modules for you to play with. I found SET (social engineers tollkit) which comes on BackTrack a good place to play around with such browser based/client side attacks.
Certified Information Systems Security Professional (CISSP)

T: http://twitter.com/Marts_McFly

B: http://www.backtosecurity.com

#3 victor43

victor43

    Private

  • Members
  • 3 posts

Posted 19 April 2011 - 09:28 AM

Better way to think about such 'client side attacks' is with what the browser can access. Exploits are found for browsers all the time. But even more so than that, exploits for things like flash and Java are even more common.

Common java code exploits which can attack you once you click on a link can bypass all up to date Operating System, Browser and AV protection provided that version of Java has an exploit available (or not up to date).

You can test this out using BackTrack. Metasploit has these javasploit modules for you to play with. I found SET (social engineers tollkit) which comes on BackTrack a good place to play around with such browser based/client side attacks.


Thanks for the reply.

Can you tell me if its possible that if neither flash player or java is executed on the client side then how can the remote attacker succeed in infecting one's system ? In other words is it possible that Firefox and IE each have different exploits that have yet to be detected and can be executed discretely without alerting the user ? Thanks for the above information as I have downloaded Metasploit . I am aware that these remote code execution can by pass AV and firewall technology very easily hence my interest in this area.

Victor

#4 Marts McFly

Marts McFly

    Second Lieutenant

  • Second Lieutenant
  • 591 posts

Posted 19 April 2011 - 11:27 PM

Well considering a browser (Firefox) is an application, anything that will exploit it will have to be opened with it. So for example a link, or telling the browser to open a certain type of file.

As I said, there are browser exploits out there (be them old and perhaps not all that reliable) but the application (on the victim) still needs to open that file or click that link. And if you can do this remotely, then you don't need to be exploiting the browser (because you would already have access to their box, right?). The whole point of exploiting anything to do with the victim's browser is so you CAN get access to their machine. So the whole concept of 'what can i do to get them to open something/click with their browser without them knowing anything bad has happened?'. And I think that is where you need to look. Social engineering and a bit of creativity comes in play here. Have a quick read of http://backtosecurit...hishing-attack/ <- In here you will see an example of using Backtrack to mimic a legitimate website and trick people into clicking it, in return exploiting their browser :)
Certified Information Systems Security Professional (CISSP)

T: http://twitter.com/Marts_McFly

B: http://www.backtosecurity.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users