[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Metasploit Decloak Project v2
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Metasploit Decloak Project v2
- From: Freemor <freemor@xxxxxxxxx>
- Date: Sun, 14 Dec 2008 22:08:45 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 14 Dec 2008 21:09:10 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:face:mime-version :content-type; bh=ufM+s3XuzmMhNlBEa8mZK9RCKK/W7XbedvST/q3C4Ak=; b=JfQ3ytE9dd1GDHN8IFxqUr8Mmavko9rsuKONoc4G7Qt0WHdJr+qXMxDbtM6CuCAZQz MZ+RJ3D2c3EWYeMK9XlyKGqlUZ/zQz1OoS0jaZ9KtQ7TKtJAxtOeAcydhQafwR7iJMx1 pWp4aO6VsCEpCvSIXC88BHVMtHf2Rb+sHKad0=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :face:mime-version:content-type; b=rtYyZ87mV36LqAZ4KQtANbAIWQwLMZ5QQyLgCO9rED6mhbTd0OFrz3ZLRtliJI4Co5 WnjJO+cSCf9eEgFKk12M4kpUpUExQ0HYmiD1QtDlUtrLYuYKWg79dswehV4PXk9GMV8k 8t0YQnU5+YMpjWfvdZNRO09l7HHaOPUsVS0qY=
- Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEXn2K356bi4xY5EMR+GuGqSkWzK+eFKflhGAAABqElEQVQ4jY3SzW7bMAwAYEqbexZToGdXiXseyvg+LG7Pjg32nGSr3v8RSlLyT4NmKAEDBr+QtKjA6ymlhp5SSlFehlTiHzx9DQnS/+Cd0i24WfGqr3epmgEKvKV0AkQfp7QDqTGozygRLB9WcMEcXvIIAFigdwWCVq4BJwB9ZhgfF3BaUODCeAWuwLACWMNxBV7xK4Bwo8JAQiHNHwU1TGHgtqTzw0jUL/CQTu7oSc5+37sQJzgLnDGddIdhEwFDyO1QdzCM9AzgWVrxUMYobIbLD2Lmu7RtmeNSgfxOkmne/gr3PoOts2F65hwDQD/DBmLkx4eGo+YlfIwZXGyiO1dNjDWC93HXdQbVMUgGsRlq2YmmZ5Csm5ZleYNgUG43+G4GqDRZRbuuUtDZkiu7WrBmYOlDZ1/XLHeOudNhX8AF+XQ5MYaYO5EepmY+5j+TzN5NUEst86/PnXT4n58KrZMmjUyvrkD/o9oq8Ay/M7S5U9VeV5AdYjPSArsMNl6udg0vCjIet7SCTqAVIPm1xDJDHquY4lvQrYH2stoJRvocGQ57uo69wAeDBdMp0Qij8AAAAABJRU5ErkJggg==
- In-reply-to: <50e60b790812141657s5ae465ccmf2da81ad8f0bd044@xxxxxxxxxxxxxx>
- References: <50e60b790812141657s5ae465ccmf2da81ad8f0bd044@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Sun, 14 Dec 2008 18:57:18 -0600
"Roc Admin" <onionroutor@xxxxxxxxx> wrote:
> I just noticed that HDMoore re-released his decloak engine.
>
> http://metasploit.com/data/decloak
>
> He's improved some of the attacks from before like java, flash, and
> DNS in pretty interesting ways. There's also a test for Microsoft
> Office documents which I thought was interesting. From the page:
>
> When Microsoft Office is installed and configured to automatically
> open
> > documents, a file can be returned which automatically downloads an
> > image from the internet. This can bypass proxy settings and expose
> > the real DNS servers of the user.
>
>
> It doesn't seem like there are any new attack vectors but I wanted to
> pass it along to see if anyone had comments.
>
> -ROC Tor Admin
Well I must be doing something right...
the only IP it showed for me was:
External Address 204.13.236.244
all the rest showed as "unknown". and the above is definitely not my IP
Still good to have something to test my config against tho.
--
freemor@xxxxxxxxx
freemor@xxxxxxxx
This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )
Attachment:
signature.asc
Description: PGP signature