Want some online Browser Testing?

Just found it...
very extensive in online Proof of Concepts:

http://umbrella.name/computer/originalvuln/

Check also:
http://umbrella.name/computer/0daymon/
In a sidenote,if you download and extract the PoC in this last page,
don't start complaining about your anti-virus screaming continuously,
that 's what it is supposed to.If not,you better replace it...

(Edit:Maybe this post should be moved in the "Other Security Issues" forum?)

 

Exploits tests and Solutions App

This caught my eye today, from a link that member sowhat posted here

https://www.wilderssecurity.com/showthread.php?t=115880

He asks if the thread should be moved to Other Security Issues, but maybe privacy & other anti-malware software might be more suitable ?

I tried the example below in Usage. I pasted this ( mms://google.com/ ) no quotes, into IE and MS Media Player launched with ZA asking for permission out. mms = Multimedia System. What occurred to me, is that malware or some dodgy link somewhere, could use this principal to run others things too. Whether or not some people would always notice, depends i suppose on their security set up etc, and also what was attempting to be run !

Try it yourself with maybe a different prefix other that mms, and see what you can get to run. By the way it doesn't need to be Google in there, i tried others and they worked also.

. . .


WinBlox Intro

http://umbrella.name/computer/winblox/readme/

http://umbrella.name/computer/winblox/

http://umbrella.name/computer/winblox/free_microsoft_visual_c_building_environment/

. . .

I havn't tried any of the above, except the mms test, so can't vouch for it. If anybody has or does, then please let us know how it performs.


StevieO

 

well I saw the links from sowhat last night, went to site, **tried** to dl the zips, KAV alerted me, refused to budge on the zips, that was good enough for me, I did not proceed any further, so obviously the fact I got alerts tells me there is trouble in paradise.

Here is one of the alerts. Several different problems, first zip was 'HTML Drap Drop' infection...

TAS

 

When I try to download the zip´s with Firefox, I get this message: "Dir.zip.part could not be saved, because the source file could not be read. Try again later or contact the server administrator" Two files do get downloaded to my harddrive. The first is namned "dir.zip" and is 0 byte and the other is named "dir.zip.part different sizes depending on which zip I try to download.


When I download with IE NOD32 stops the access to the file complaining it is a trojan and nothing gets downloaded.

I guess these are IE based malware? or have it done something behind my back in with firefox? If so it passed Ghost security suite.

 

Ok i see we're all in here after all, but it's been moved to OSS which is good, so thanks for doing that !

I also had concerns about the other exploit tests, apart from the MSS one i tried. The thread starter ( sowhat ) did post this warning though.

"In a sidenote,if you download and extract the PoC in this last page, don't start complaining about your anti-virus screaming continuously, that's what it is supposed to. If not, you better replace it..."

Since i last posted i noticed a few of you had attempted to DL the test files, but understandably had problems due to your AV etc. So i scanned all the available tests at jottis.

Mismatched Content-Type launches HTA.zip

Msits Mhtml Redirection.zip

Msits Mhtml Redirection.zip

Media Bar Injection and Stream.zip

HHCTRL Injection II.zip

Drop to STARTUP Folder.zip

Drop to STARTUP Folder II.zip

http://img40.imageshack.us/img40/4900/umjottis15xf.png

But we have been pre warned by the OP that this could happen as they are exploit tests. I tried a few, but as expected they didnt work, as they are for a different OS to mine.

My main interest though, which i felt some of you might like to have a deeper look at, was WinBlox. This is a Free tool for hardening the security of Windows systems. I can't try it myself for the same OS reasons as above. I wonder if it's similar in some way to Samuri etc ?


StevieO

 

Sorry for not having replied earlier,but i just...
didn't expected so much interest in this post!
Actually,i was searching in SourceForge site for Sql injection testing utils,
when i saw this:http://genxe.sourceforge.net,
a proof-of-concept application for generating basic html-based exploits:
that 's where i found the "umbrella.name" site.
It caught my attention not because the exploits are ready to run,
without the need to search for required libraries,compile etc.,
but because almost all of them are browser-based,and,as their authors say,
a lot of them are actually supposed to have been resolved by Microsoft 's updates...

I just thought i should post it in here,
so that simple daily users stop having illusions about updated Internet Explorer versions,
or Mozilla-based browsers...
i think there's a lot of people who believe that by simply switching to firefox,
they pretty much solved their problems...
if you ask me,the Mozilla Foundation did a very good advertizement on this last year,
but this is just not the case...furthermore,the latest months we've pretty much seen that on action...

 

The problem with this site is that it doesn´t give any good info on what an exploit can exactly achieve and if the exploit worked or not. But I think with an hardened IE none of the exploits should work.

 

Hi All,

I have found the following website to be quite interesting about testing browsers if you want to know what can be found out from your browser online: Browser Spy: http://gemal.dk/browserspy/

Online tests only, i.e. no downloads.

-- Tom