4 min
Haxmas
12 Days of HaXmas: Improvements to jsobfu
This post is the third in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
Several months ago, Wei sinn3r [https://twitter.com/_sinn3r] Chen and I landed
some improvements to Metasploit's Javascript obfuscator, jsobfu. Most notably,
we moved it out to its own repo [https://github.com/rapid7/jsobfu] and gem
[https://rubygems.org/gems/jsobfu], wrapped it in tests, beefed up its AV
resilience, and
5 min
Exploits
Exploiting CSRF under NoScript Conditions
CSRFs -- or Cross-Site Request Forgery
[https://www.rapid7.com/fundamentals/cross-site-request-forgery/]
vulnerabilities -- occur when a server accepts requests that can be “spoofed”
from a site running on a different domain. The attack goes something like this:
you, as the victim, are logged in to some web site, like your router
configuration page, and have a valid session token. An attacker gets you to
click on a link that sends commands to that web site on your behalf, without
your knowledge
4 min
Haxmas
12 Days of HaXmas: Exploiting (and Fixing) RJS Rails Info Leaks
This post is the fifth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements in the Metasploit Framework over the course of
2013.
Several weeks ago, Egor Homakov wrote a blog post
[http://homakov.blogspot.com/2013/11/rjs-leaking-vulnerability-in-multiple.html]
pointing out a common info leak vulnerability in many Rails apps that utilize
Remote JavaScript. The attack vector and implications can be hard to wrap your
head around, so in this post I'll explain ho
4 min
Apple
Abusing Safari's webarchive file format
tldr: For now, don't open .webarchive files, and check the Metasploit module,
Apple Safari .webarchive File Format UXSS
[https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb]
Safari's webarchive format saves all the resources in a web page - images,
scripts, stylesheets - into a single file. A flaw exists in the security model
behind webarchives that allows us to execute script in the context of any domain
(a Universal Cross-site S