Wednesday, January 04, 2006

Opera Browser - Saving the 0 days

The current hottest security topic would be Windows Metafile Exploit, it is still considered 0 days since Microsoft hasn't released any patches until 10th of Jan. Considering all the windows users in the dangerous zone now especially those users who totally have no idea and lack of awareness.

HD Moore has released the exploit and I think it's worth to give it a try, I know there are people saying HD Moore is totally irresponsible and not suppose to release it. However the name says it all - Metasploit, it just do it right :P.

Surprisingly I able to use Metaploit on OpenBSD without any problem, just download the latest Metasploit snapshot and untar it, everything is working properly and I just launched the web base Metasploit - msfweb and there will be port 55555 listenning on localhost. Then I connect to http://127.0.0.1:55555 and choose the windows metafile exploit, upload the the exploit code to localhost port 8080.

Msf Web launching .....

There are connections from victims .....

Since my Ip is 192.168.0.233 on the evil host that running Metasploit, in the victim host, I just use my Mozilla Firefox browser to connect to http://192.168.0.233:8080. You may see the funny strings in the browser and it is executed without prompting any message. I have tried using Internet explorer and apparently I have same result as Firefox browser.

However when I use Opera Browser to connect to http://192.168.0.233:8080, it prompts you the message and asking whether you want to save or open the wmf file, this seems safer for novice user since the file name is weird as well, ain't it :]

It warns that the file is executable and you may save the file first before using it, this is apparently useful since you can scan it using your antivirus later if you have one.

There are unofficial patches available out there, but normally users or corporate just choose to wait for the official patch from Microsoft. As a security or system administrator, you should send out notice to all the users to notify them since there will be worms in a wild before patch arrives.

2 comments:

Anonymous said...

I have recommended this browser since they released the latest free version, but who wants to listen to me?

IE, Firefox Sx, but I still have to use it when I am working. ;)

Anonymous said...

I used opera in 8 years back. That time it is already very fast but the page rendering sucks. However, nowadays it is getting better and better.