Adobe Flash Hacks

[twocs]

So I've been reading with interest the news stories about various hacks that you can do with Adobe Flash. First of all there's clipboard jacking, which relies on some code like System.setClipboard();

Next I've been interested in so-called clickjacking, meaning that you make a button or link that looks like it does one thing, but actually it does another. we can read a little about this at ha.ckers.org/blog/20080915/clickjacking/, which reveals that there are serious vulnerabilities in all browsers and websites that are not easy to fix. But I'm stymied in my attempts to share my work easily. What I'd like to do is to just insert a swf file into my forum post just like I'd post a jpg.

Would it be so bad to allow me to post swfs on this site? Until that time, here's my new one... clickjacker

If you click on the link that appears to say Hak5, a download dialogue will open. I'd like to embed the clickjacker here to appear like an ordinary hyperlink, but unfortunately hak5.org doesn't allow <object> tags. Maybe if there could be a special way to allow embedding swf files only in a certain place???

[DingleBerries]

Gay. And the site doenst work so thats even gayer. I mean its alright and all, i guess it would work on EXTREMELY noobish people.. but if some randumb download box come up and i didnt click it.. im not going to download it.. Ive seen some really good examples of flash hacks, the windows safari one, but this is the noobs balls.

GAY II

One more strike and your out sir.

[twocs]

Gay. And the site doenst work so thats even gayer. I mean its alright and all, i guess it would work on EXTREMELY noobish people.. but if some randumb download box come up and i didnt click it.. im not going to download it.. Ive seen some really good examples of flash hacks, the windows safari one, but this is the noobs balls.

GAY II

One more strike and your out sir.

I would try to make the link look exactly like www.hak5.org does in this link, although no different URL appearing in the status bar to tip off the unsuspecting. It's kind of idiotic, right, but the thing to notice is that there is nothing to notice that could alert you to the hazards of clicking on the seemingly safe link, and <3 kb file size. Are we going to put noscript on every browser to ward off those with desires to hack others? But I'm not trying to do it with any malicious intent. By the way, if the download box opens, it could be a kind of misdirection... Perhaps I could have already had my way with your computer, and you didn't even notice!

If you thought that it was not good, then I wonder what you wold think of the other one:ClipboardJackr.

[DingleBerries]

I understand.. but all you did was hijack my clip board. so now instead of pasting kittenwars.com im pasting hak5.org.. its funny and all but why? I know that the adobe suite has all type of potential for cross platform vulnerabilities, OSX hack, but theres not enough fuel on that front atm.. But yeah, good start.

[twocs]

So the previous hacks didn't impress you. And my IP address is already blocked for the swf host I was using. But I persist nonetheless: With a new host and an innocuous little message with a link: lucky numbers for the curious.

Flash's clock function. This one demonstrates that the browsers try but they are not smart... On Firefox the counter will just keep going up and up to infinity and beyond, and IE will bleat beeps incessantly. If you're trying with Safari: Don't. The only browser to beat my timer was Opera.

[DingleBerries]

So the previous hacks didn't impress you. And my IP address is already blocked for the swf host I was using. But I persist nonetheless: With a new host and an innocuous little message with a link: lucky numbers for the curious.

Flash's clock function. This one demonstrates that the browsers try but they are not smart... On Firefox the counter will just keep going up and up to infinity and beyond, and IE will bleat beeps incessantly. If you're trying with Safari: Don't. The only browser to beat my timer was Opera.

Now that one was pretty neat, I can see a few uses with that on combined with the click jacking. Touche good sir

[DingleBerries]

Here is a really neat clickjacking exploit http://blogs.zdnet.com/security/?p=2005

[twocs]

Here is a really neat clickjacking exploit http://blogs.zdnet.com/security/?p=2005

There's been an update on the clickjacking. A list of about 8 vulnerabilities:

http://ha.ckers.org/blog/20081007/clickjacking-details/

By the way, the term is "clickjacking" but reading the Flash specs you realize that it's not exactly clicking that's required. The security of Flash prevents actions like going to a new site without mouse action, which includes clicking, but isn't limited to it. If you simply place a long movie somewhere and the mouse rolls over it, then you have a mouse action and you are good to go! Rick roll away!

I'll take a look at the video cam jacking... I can't figure out how they bypassed the usual dialogue that pops up asking for the user to give the okay for using the webcam. Apparently they show white space in front of the dialogue, and entice the user to click there?

[DingleBerries]

There's been an update on the clickjacking. A list of about 8 vulnerabilities:

http://ha.ckers.org/blog/20081007/clickjacking-details/

By the way, the term is "clickjacking" but reading the Flash specs you realize that it's not exactly clicking that's required. The security of Flash prevents actions like going to a new site without mouse action, which includes clicking, but isn't limited to it. If you simply place a long movie somewhere and the mouse rolls over it, then you have a mouse action and you are good to go! Rick roll away!

I'll take a look at the video cam jacking... I can't figure out how they bypassed the usual dialogue that pops up asking for the user to give the okay for using the webcam. Apparently they show white space in front of the dialogue, and entice the user to click there?

I think that the webcam/mic monitoring was fixed in flash 10, but there are still a few others that i see that seem interesting, and until adobe patches it and users update it seems like a fun playground.