Updated How to write a browser exploit using BrowserExploitServer (markdown)
This commit is contained in:
sinn3r
@@ -11,6 +11,8 @@ Hint: In the module, you can check the :source key in the profile to determine w
|
||||
|
||||
### Setting Exploitable Requirements
|
||||
|
||||
Being able to set browser requirements is an important feature of the mixin. It allows your attack to be smarter, more targeted, and prevents accidents. Here's a scenario: Say you have a vulnerability against Internet Explorer that only affects a specific range of MSHTML builds, you can set the :os_name, :os_flavor, :ua_name, :ua_ver, and :mshtml_build to make sure it doesn't blindly exploit against anything else. The :mshtml_build requirement can be found in "Product version" under MSHTML's file properties.
|
||||
|
||||
Exploitable browser requirements are defined under "BrowserRequirements" in the module's metadata. Here's an example of defining a vulnerable target running some ActiveX control:
|
||||
|
||||
```ruby
|
||||
|
||||
Reference in New Issue
Block a user