Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tunneling Shellcode with ActiveX

Posted by Zonk on from the who-needs-proxies? dept.

hdm writes "In the first issue of the Uninformed Journal, skape describes a method for using ActiveX as a transport mechanism for shellcode. The implementation, dubbed 'PassiveX', can be used to tunnel an interactive command shell or full VNC session over the HTTP protocol. PassiveX takes advantage of the Internet Explorer settings to pass through web proxies and escape restrictive outbound firewalls."

11 comments

  1. Old news, but nice explanation. by TripMaster+Monkey · · Score: 2, Interesting


    Tunneling other protocols through HTTP is certainly nothing new, and hackers have been using the technology to establish secure communications channels with compromised machines through firewalls as long as the technique has been around.

    That being said, I was impressed with the in-depth coverage of this particular type of exploit. A fascinating read...www.uninformed.org is definitely bookmarked.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  2. Something usefull by ravenII · · Score: 1

    I just went through the article and the other links. Seems a seed for a new project, albeit windows. But I need something like this for one of my management projects.THX HDM and ZONK

  3. www.uninformed.org? by Suppafly · · Score: 1

    Perhaps they should change it to www.informed.org

    1. Re:www.uninformed.org? by sycotic · · Score: 1

      *shakes head*

      --
      -- If I were a fish, I'd be wet
  4. A Good Proxy by Anonymous Coward · · Score: 0

    will prevent this.

    1. Re:A Good Proxy by Anonymous Coward · · Score: 0

      With HTTPS "CONNECT", how could you block/prevent this?

  5. Huh? by Anonymous Coward · · Score: 0

    Correct me if I'm wrong, but isn't shellcode the term used for the code you overflow a buffer with in order to get the shell? This seems to be talking about the commands you give to the shell after you have transmitted the shellcode through other means.

  6. Interesting, but not all that new. by Nonesuch · · Score: 1
    There have been a limited number of malicious applications (keyloggers, spyware) which have been able to take advantage of the IE proxy settings and standard explorer DLL's to "phone home" in an environment where outbound access is restricted.

    This paper appears to document the same basic problem, and is strictly a difference of degree, not kind.

    --

    I do not deploy Linux. Ever.
  7. Feature or Bug? by Flinx_ca · · Score: 1

    So would you call this an intended 'feature' of IE/ActiveX/Windows or an unintended 'bug'?

  8. Is there really any need by LP_Tux · · Score: 1

    For another exploit? With the vulnerabilities in IE itself, in RPC, and in ActiveX, who needs another entry hole? Of course it would be better if MS didnt deny the existence of bugs for months before being bothered to fix them...

    --
    Open-Source > *