[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Method to encode DLL payloads for hijacking purposes.

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Method to encode DLL payloads for hijacking purposes.
From: matt <matt@xxxxxxxxxxxxxxxx>
Date: Wed, 25 Aug 2010 14:10:03 -0500

Hey..

Yesterday I wrote a post describing how to exploit these vulnerabilities
using the "webdav_dll_hijacker" Metasploit module, but it requires you to
jump through some hoops in order to get your victim to browse to the rogue
share.  So, here's a new article that doesn't use the "webdav_dll_hijacker"
module and details how to encode a payload into a DLL using "msfpayload",
which allows you to put the exploit files on any share that you'd like.

http://www.attackvector.org/alternative-dll-hijacking-method/

Enjoy.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] BlastChat Chat Client Component version 3.3 <= Cross Script Scripting (XSS) Vulnerability
Next by Date: [Full-disclosure] Joomla! Component com_bcaccount Persistent Cross Script Scripting (XSS) Vulnerability
Previous by thread: [Full-disclosure] BlastChat Chat Client Component version 3.3 <= Cross Script Scripting (XSS) Vulnerability
Next by thread: [Full-disclosure] Joomla! Component com_bcaccount Persistent Cross Script Scripting (XSS) Vulnerability
Index(es):
- Date
- Thread