Re: Metasploit Decloak Project v2

[Jon <scream@xxxxxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roc Admin wrote:
> I just noticed that HDMoore re-released his decloak engine.
>
> http://metasploit.com/data/decloak
>
> He's improved some of the attacks from before like java, flash, and
> DNS in pretty interesting ways.  There's also a test for Microsoft
> Office documents which I thought was interesting.  From the page:
>
>     When Microsoft Office is installed and configured to
>     automatically open documents, a file can be returned which
>     automatically downloads an image from the internet. This can
>     bypass proxy settings and expose the real DNS servers of the user.
>
>
> It doesn't seem like there are any new attack vectors but I wanted
> to pass it along to see if anyone had comments.
>
> -ROC Tor Admin
Seems the way to guard against this is to reconfigure the DNS lookup
to execute via tor at a system level.  Easily done with the network
configuration tools of Windows and Linux flavors.

Jon-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAklFucoACgkQk8jp5ZVximL+fACgnTijon0ymXpas8d5EpGZ68/K
XbIAn21naTJaCf7fQ8vWTxhq1/ES7+oL
=qCXm
-----END PGP SIGNATURE-----