Jump to content

Arbitrary Code Injection


leg3nd
 Share

Recommended Posts

Description: This is a basic implementation of a ruby HTTP proxy with the ability to inject arbitrary code into a web pages response. This allows for a multitude of attack vectors which will soon be released in my JasagerPwn script, but you can use your imagination and create your own vectors with this.

Some basic attack vectors you can play with (they will also be automated in my script): beef hook injection, java applet injection, browser/plugin exploit injection.

Feature Set:

  • Installer - Install the dependencies in order to run the ruby script.
  • Proxy Log Output - Displays the log standard output that is generated by Digininja's proxy script.
  • Attacker (single address) filter - Pretty self explanitory, this adds a '! -s attacker_ip' in the iptables rule so you do not inject code into your own browsing sessions.
  • Injection Code EDitor - Allows you to enter in any arbitrary code into the text editor. Note, if you have an attack running and modify this code - you need to restart the attack.
  • Auto Refresh
  • Enable/Disable and Logging in Small Tile


Screenshot (Interface):
codeinject_largetile.jpg

Screenshot (Basic Alert Pop-up):
alert_example.jpg

Edited by leg3nd
Link to comment
Share on other sites

start it, post the results of "iptables -S -t nat ; ps aux | grep ruby ; netstat -antp"

It should have a rule that redirects traffic from br-lan to port 8888. Note that I've only tested this with using an attached wireless card for ICS, but it should work for other configurations.

Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...