[framework] MoAxB in the MSF world: target OS detection with JavaScript
Nicob
nicob at nicob.net
Mon May 21 14:53:25 CDT 2007
Le lundi 21 mai 2007 à 09:17 +0200, Jerome Athias a écrit :
> case request['User-Agent']
> when /Windows (NT |)4\.0/
> myoffset = 4116
> when /Windows (NT |)5\.0/
> myoffset = 4116
> when /Windows (NT |)5\.1/
> myoffset = 4116
> when /Windows (NT |)5\.2/
> myoffset = 4116
> when /Windows (NT |)6\.0/
> myoffset = 4116
> else
> [send 404]
> end
Why this code ? Is it automatically created ? I would prefer trying
"myoffset = 4116" even if the User-Agent doesn't match a known one. A
vulnerable ActiveX in a customized browser should still be exploitable.
Nicob
More information about the framework
mailing list