Nov 28, 2013

Tools: Automatic MITM(ARP Poisoning) Shell Script

Automatic MITM (arp poisoning) shell script that features tools like sslstrip, dsniff and ettercap. The script collects all packets, including SSL traffic collected with sslstrip and logs all the URLs using uslsnarf from dsniff collection. You are welcome to submit bugs, feature requests and improvements.


Source: http://www.n0where.net/automatic-mitm/



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Wireless Attack Toolkit (WAT) - ARM Device

This project is designed to run on Embedded ARM platforms (specifically v6 and RaspberryPi but I'm working on more).
It provides users with automated wireless attack tools that air paired with man-in-the-middle tools to effectively and silently attack wireless clients.

Some of the tools included in the kit are:

Custom regex-based DNS Server
DHCP
Aircrack-ng suite
Browser Exploitation Framework (Preconfigured for metasploit)
Metasploit
Python-based Transparent Injection Proxy
Pushbutton configuration
"Limpet Mine" mode for attacking existing networks

You basically answer three questions in the start script, wait a bit, then log into the BEEF console to start attacking clients


Source: http://sourceforge.net/projects/piwat/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Nov 24, 2013

Google Gmail IOS Mobile Application - Persistent / Stored XSS

A persistent / stored XSS vulnerability is detected in the official Google Gmail IOS Mobile Application. The vulnerability allows remote attackers to inject own malicious script code to a vulnerable module on application-side (persistent) via mail attachment feature. All iPad/iPhone users are affected directly with this vulnerability.
  
  
During the testing it was discovered that .html files can be attached to outgoing emails. Viewing these attachments directly from your iphone/ipad device results in successful execution of malicious script code. The application does not seem to perform secure parsing in this case. Attackers can use this feature to exploit Gmail IOS users by injecting malicious iframes and redirecting users to external domains.
 
Vulnerable Module(s):
  
  
[+] Compose Mail > Attach Files
  
  
Proof of Concept:
=================
  
  
1) Open any text editor and paste the payload and save the file as a payload.html
2) Compose your email with any mail service provider and attach HTML file via attachment feature.
3) Open the recived email on your Gmail IOS application.
4) Click on attachment file.
5) The iframe can be see on the Gmail IOS application proving the existence of this vulnerability.
  
Payload:
========
  
  
'%3d'>"><iframe src="http://vulnerability-lab.com" onmouseover=alert(document.cookie)></iframe>/927
 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |