[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Metasploit Decloak Project v2



It works against me running linux, tor, and using firefox IF I elect to open 
the document directly via Openoffice.  

praedor

On Sunday 14 December 2008 21:08:45 Freemor wrote:
> On Sun, 14 Dec 2008 18:57:18 -0600
>
> "Roc Admin" <onionroutor@xxxxxxxxx> wrote:
> > I just noticed that HDMoore re-released his decloak engine.
> >
> > http://metasploit.com/data/decloak
> >
> > He's improved some of the attacks from before like java, flash, and
> > DNS in pretty interesting ways.  There's also a test for Microsoft
> > Office documents which I thought was interesting.  From the page:
> >
> > When Microsoft Office is installed and configured to automatically
> > open
> >
> > > documents, a file can be returned which automatically downloads an
> > > image from the internet. This can bypass proxy settings and expose
> > > the real DNS servers of the user.
> >
> > It doesn't seem like there are any new attack vectors but I wanted to
> > pass it along to see if anyone had comments.
> >
> > -ROC Tor Admin
>
> Well I must be doing something right...
> the only IP it showed for me was:
>
> External Address 	204.13.236.244
>
> all the rest showed as "unknown". and the above is definitely not my IP
>
> Still good to have something to test my config against tho.

-- 
"Moral indignation is jealousy with a halo."
--H.G. Wells

Attachment: signature.asc
Description: This is a digitally signed message part.