Want some online Browser Testing?

Discussion in 'other security issues & news' started by sowhat, Jan 15, 2006.

Thread Status:
Not open for further replies.
  1. sowhat

    sowhat Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    31
    Just found it...
    very extensive in online Proof of Concepts:

    http://umbrella.name/computer/originalvuln/

    Check also:
    http://umbrella.name/computer/0daymon/
    In a sidenote,if you download and extract the PoC in this last page,
    don't start complaining about your anti-virus screaming continuously,
    that 's what it is supposed to.If not,you better replace it...

    (Edit:Maybe this post should be moved in the "Other Security Issues" forum?)
     
    Last edited: Jan 15, 2006
  2. StevieO

    StevieO Guest

    Exploits tests and Solutions App

    This caught my eye today, from a link that member sowhat posted here

    https://www.wilderssecurity.com/showthread.php?t=115880

    He asks if the thread should be moved to Other Security Issues, but maybe privacy & other anti-malware software might be more suitable ?

    I tried the example below in Usage. I pasted this ( mms://google.com/ ) no quotes, into IE and MS Media Player launched with ZA asking for permission out. mms = Multimedia System. What occurred to me, is that malware or some dodgy link somewhere, could use this principal to run others things too. Whether or not some people would always notice, depends i suppose on their security set up etc, and also what was attempting to be run !

    Try it yourself with maybe a different prefix other that mms, and see what you can get to run. By the way it doesn't need to be Google in there, i tried others and they worked also.

    . . .


    WinBlox Intro

    http://umbrella.name/computer/winblox/readme/

    http://umbrella.name/computer/winblox/


    http://umbrella.name/computer/winblox/free_microsoft_visual_c_building_environment/

    . . .

    I havn't tried any of the above, except the mms test, so can't vouch for it. If anybody has or does, then please let us know how it performs.


    StevieO
     
    Last edited by a moderator: Jan 15, 2006
  3. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    well I saw the links from sowhat last night, went to site, **tried** to dl the zips, KAV alerted me, refused to budge on the zips, that was good enough for me, I did not proceed any further, so obviously the fact I got alerts tells me there is trouble in paradise. :ouch:

    Here is one of the alerts. Several different problems, first zip was 'HTML Drap Drop' infection...

    TAS
     

    Attached Files:

    • 111a.jpg
      111a.jpg
      File size:
      37.9 KB
      Views:
      303
  4. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    When I try to download the zip´s with Firefox, I get this message: "Dir.zip.part could not be saved, because the source file could not be read. Try again later or contact the server administrator" Two files do get downloaded to my harddrive. The first is namned "dir.zip" and is 0 byte and the other is named "dir.zip.part different sizes depending on which zip I try to download.


    When I download with IE NOD32 stops the access to the file complaining it is a trojan and nothing gets downloaded.

    I guess these are IE based malware? or have it done something behind my back in with firefox? If so it passed Ghost security suite.
     

    Attached Files:

    Last edited: Jan 15, 2006
  5. StevieO

    StevieO Guest

    Ok i see we're all in here after all, but it's been moved to OSS which is good, so thanks for doing that !

    I also had concerns about the other exploit tests, apart from the MSS one i tried. The thread starter ( sowhat ) did post this warning though.

    "In a sidenote,if you download and extract the PoC in this last page, don't start complaining about your anti-virus screaming continuously, that's what it is supposed to. If not, you better replace it..."

    Since i last posted i noticed a few of you had attempted to DL the test files, but understandably had problems due to your AV etc. So i scanned all the available tests at jottis.

    Mismatched Content-Type launches HTA.zip

    Msits Mhtml Redirection.zip

    Msits Mhtml Redirection.zip

    Media Bar Injection and Stream.zip

    HHCTRL Injection II.zip

    Drop to STARTUP Folder.zip

    Drop to STARTUP Folder II.zip

    http://img40.imageshack.us/img40/4900/umjottis15xf.png

    But we have been pre warned by the OP that this could happen as they are exploit tests. I tried a few, but as expected they didnt work, as they are for a different OS to mine.

    My main interest though, which i felt some of you might like to have a deeper look at, was WinBlox. This is a Free tool for hardening the security of Windows systems. I can't try it myself for the same OS reasons as above. I wonder if it's similar in some way to Samuri etc ?


    StevieO
     
  6. sowhat

    sowhat Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    31
    Sorry for not having replied earlier,but i just...
    didn't expected so much interest in this post!
    Actually,i was searching in SourceForge site for Sql injection testing utils,
    when i saw this:http://genxe.sourceforge.net,
    a proof-of-concept application for generating basic html-based exploits:
    that 's where i found the "umbrella.name" site.
    It caught my attention not because the exploits are ready to run,
    without the need to search for required libraries,compile etc.,
    but because almost all of them are browser-based,and,as their authors say,
    a lot of them are actually supposed to have been resolved by Microsoft 's updates...

    I just thought i should post it in here,
    so that simple daily users stop having illusions about updated Internet Explorer versions,
    or Mozilla-based browsers...
    i think there's a lot of people who believe that by simply switching to firefox,
    they pretty much solved their problems...
    if you ask me,the Mozilla Foundation did a very good advertizement on this last year,
    but this is just not the case...furthermore,the latest months we've pretty much seen that on action...
     
    Last edited: Jan 16, 2006
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,024
    Location:
    The Netherlands
    The problem with this site is that it doesn´t give any good info on what an exploit can exactly achieve and if the exploit worked or not. But I think with an hardened IE none of the exploits should work. :)
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Hi All,

    I have found the following website to be quite interesting about testing browsers if you want to know what can be found out from your browser online: Browser Spy: http://gemal.dk/browserspy/

    Online tests only, i.e. no downloads.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.