[blog.rayfoo] Infosec, DFIR, tech geekery, thoughts and whatnot

11Mar/100

IE zero-day flaw leaks out; Exploit code published

Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code. The exploit code, which provides a clear roadmap to launch drive-by download attacks against IE 6 and IE 7 users, is being fitted into the Metasploit point-and-click tool.

Another case that shows how difficult it is for reasonable and informative disclosure, yet not giving away the attack like this.

On a side note, am looking forward to trying this out from Metasploit... :D

[via ZDNet]

Tagged as: , , No Comments
5Feb/100

Installing Ubuntu 7.04 server in VirtualBox

As part of the fiddling around with Metasploit, there came the need to install a victim box to test things on (we don't want to be attacking a live site don't we?  Especially one that we don't own...), so here's a modification of the instructions found at Offensive Security's walkthrough for our needs.

I wanted to run the victim machines in VirtualBox instead of VMware Player, and after some experimentation and Googling around with the crashing issue, here're the instructions on how to get things up and running.

Host OS: Ubuntu 9.10
VirtualBox 3.1.2
Guest OS: Ubuntu 7.04 Server

Tagged as: , , , , , , Continue reading
   

Subscribe

Downloads

Links

Social

Most Active Tags

APT books brute forcing BTPC Christian Christian living CLI data mining data visualization DNS Downloads drama education fun funny hardening HOWTO information gathering Japanese linux log analysis lyrics mathematics network nginx OpenVPN picture programming project Python random RSnake security server administration spam Splunk SSH TED thoughts tools Ubuntu web application web server wifi WordPress

Recent Comments

Recent Posts