Archive for Client Side Attacks
Oct
23

Own With An iPhone

Something a little bit different here… You expect to see all hackers with a laptop right….? Think again!. Tweet

Oct
15

Real World Pen Testing Demonstration

A recent hacking presentation I gave in London for 7Safe demonstrating client side exploits, pivot attacks using Metasploit. Tweet

Sep
10

Client Side Adobe Acrobat PDF 9.3.4 Cooltype Exploit (0day)

The very latest Adobe Acrobat Reader 9.3.4 (as of today 10th September 2010) is vulnerable (plus earlier versions) to this cooltype sing exploit. No fix as yet. Tweet

Sep
3

DLL Hijacking Client Side Exploit

There has been lots of recent press relating to DLL hijacking. I have tested this out and created a video demonstration to help clear this up as slightly confusing. This is a client side exploit so the user must browse the SMB share or the HTTP server. There is no so called patch from Microsoft […]

Sep
3

Apple Quicktime Client Side Exploit (0day)

A nice little client side exploit here. Download the very latest Quicktime version from Apple.com 7.67.75.0 (3rd Sept 2010) and check for updates to ensure you have the latest version….It is fully exploitable!. Within Metasploit it creates a webserver that the client must browse to, once the client browses it exploits a vulnerability within Quicktime. […]

Aug
2

Microsoft LNK Exploit – MS10-046

Great little client side exploit. It exploits a vulnerability in the LNK process and uses Webdav to run the exploit. Patch released (August 2nd 2010) MS10-046 – CVE-2010-2568 http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx Affected Operating Systems: Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 […]

Jul
19

Client Side Aurora I.E Exploit

Client side exploit Internet Explorer 6 on Windows XP using Metasploit. MS10-002. Tweet

Jul
19

Client Side PDF Exploit

Target system Windows XP SP3 running Adobe Acrobat PDF Reader V9. Metasploit is packed with great PDF exploits. Most A.V pick this up (but not all). Also try the web URL PDF exploits that work by just browsing to a URL. Just shows how important it is to update things like PDF, Java etc into […]