Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Javascript Exploitation

297 views

Published on

  • Be the first to comment

  • Be the first to like this

Javascript Exploitation

  1. 1. Exploit Kits – Exploitation via JS Rashid Feroz & Krishnendu Paul
  2. 2. About us! • Information security enthusiasts. • Love to break into things! • A college grad and an Industry veteran.
  3. 3. What Are Exploit Kits? • A toolkit that automates the exploitation of client-side vulnerabilities. • Usually targets browsers and programs that a website can invoke through the browser. • The attacker doesn’t need to know how to create exploits to benefit from infecting systems. • It provides a user-friendly web interface that helps the attacker track the infection campaign.
  4. 4. Famous Exploit Kits • Blackhole • FlashPack • Magnitude • Rig • Nuclear • Angler • Sweet Orange • Neutrino Exploit Kits
  5. 5. Exploit Kit distribution
  6. 6. Most commonly used vulnerable 3rd party software • Oracle Java Runtime environment • Adobe Acrobat Reader • Adobe Flash Player / Plugin • Apple Quicktime
  7. 7. From sale to infection • The buyer would license a copy of a kit from the creator. • The victim opens a spam email link or loads an infected web page. • The page contains JavaScript that determines vulnerabilities of the victim’s computer and notifies the kit user of what files the victim’s computer held. • If the kit found a usable exploit, the malicious payload would be loaded onto the victim's computer.
  8. 8. Phases • Compromised site • Redirector • Landing page • Post-infection traffic Phases
  9. 9. Compromised sites • LFI in RevSlider plugin of Wordpress – http://[compromised.com]/wp-admin/admin- ajax.php?action=revslider_show_image&img=../wp-config.php • XSS in Simple Security Wordpress plugin – http://[compromised.com]/wp- admin/users.php?page=access_log&datefilter=%27%22%3E%3C script%3Ealert%28/HACKED/%29;%3C/script%3E • Drupal Sql Injection • CDN reference compromise (Eg. Operation Poisoned Helmand) • Iframe Injectors Compromised sites
  10. 10. Demo time
  11. 11. Demo  Beef framework(JS hook)  Payload delivery via Social Engineering  Antivirus evasion(FUD)  Get a meterpreter shell back
  12. 12. Virus scan results
  13. 13. How to stay safe? • Stay up to date with security patches on your desktop machine. • There are several specialized tools which identify vulnerabilities in systems, install patches, and validate those patches. Use a 3rd party utility or software to constantly update your system. • Make sure that your browser, operating system, and browser’s plugins are all up to date. • Install a good host-based intrusion prevention system (HIPS) to monitor for suspicious activity on your computer.
  14. 14. References • https://heimdalsecurity.com/blog/nuclear-exploit-kit-flash-player/ • http://www.slideshare.net/SafeBytesSoftware/exploit-kits-and-your- computers-vulnerability. • https://heimdalsecurity.com/blog/exploit-kits-service-automation- changing-face-cyber-crime/
  15. 15. Thanks 

×