PDA

Bekijk Volledige Versie : IEHK Project



Valgasu
22/01/03, 01:51
The past months (years ?) several people found a lot of methods and/or
vulnerabilities on Internet Explorer which could be exploit for silent
delivery
and arbitrary program execution. This people are well known :
Jelmer, Malware, SandBlad, Guninski, GreyMagic, Thor Larholm,
Liu Die Yu, ...

When I saw all of this stuff I decided to centralize and try a maximum of
this methods and proofs of concept with this main goals :

* Show basic concepts like HTA, CHM or showHelp()

* Make this public proofs of concepts more simple

* Categorize this methods and proofs of concept

* Provide simple tools (perl scripts) to facilitate implementation of
exploit

* Start to explain and list methods for silent delivery (HTML tag,
ActiveX,...)
and program execution (CHM and Shortcut, OBJECT and codebase)

So it's the goal of Internet Explorer Hacking Kit (IEHK) project. You can
download it here : http://valgasu.rstack.org

I launched this basic project to centralize knowledge about IE security
problems
and give it to security community. So I hope that a lot of people will want
to
participate in this project with tips and tricks, others advanced proofs of
concept,
tools, behavior on different IE/Windows version, firewall and anti-virus
return on
experience (vbs run and createtextfile method detection for example)...

Any good idea is welcome !

-- Valgasu --
valgasu@rstack.org