[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Metasploit Decloak Project v2
- To: or-talk@xxxxxxxxxxxxx
- Subject: Metasploit Decloak Project v2
- From: "Roc Admin" <onionroutor@xxxxxxxxx>
- Date: Sun, 14 Dec 2008 18:57:18 -0600
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 14 Dec 2008 19:57:23 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=iTz1+rvZpTGNu/knLlGQUg5SsTDdhwRf2rDntIcWhSw=; b=TDz2z08tZ7AC7WcYeeMf32TTNH5k930kDidxJAosqu7IFiEgms1ovD/Oseartjzl1v icEbij5fG6QoHozshLZd85NaKiCxXP0sR814tkcPFVd4MaMdASmaxO7WOthVVvRvh/mm eAiwURUQ+VzYgCQ3ebNm2CnajTCDGDLIfw3G4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=g5ecD61QupcQgUJpjoYK9CKW3Tg29f3cbJfQsB/3s6uI3RuaJ/Z/6OCWVPsnLm8/mu gM4jDyf92y/qUfeZVROb7gyRaoGM3OHfEB93zbfOpiwBEXmi87GKB3+TgLei4NQ4ZJx5 aBA6KzU0Nw4K8c5/z9U4bO2w9dHuJsDhnvRIs=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
I just noticed that HDMoore re-released his decloak engine.
http://metasploit.com/data/decloak
He's improved some of the attacks from before like java, flash, and DNS in pretty interesting ways. There's also a test for Microsoft Office documents which I thought was interesting. From the page:
When Microsoft Office is installed and configured to automatically open documents, a file
can be returned which automatically downloads an image from the internet. This can bypass
proxy settings and expose the real DNS servers of the user.
It doesn't seem like there are any new attack vectors but I wanted to pass it along to see if anyone had comments.
-ROC Tor Admin