Comments on: Hacking without 0days: Drive-by Java

By: goblert

goblert — Mon, 02 Jun 2008 20:02:26 +0000

It is possible to make the applet download and run a executable. I have seen it with my own eyes. Its a very effective way to infect someone.

By: Drive-by Download: Where Network Security Meets WebAppSec | Code in my Bug!!!

Sun, 27 Apr 2008 17:40:13 +0000

[...] post was due since the Bank of India hack incident, and was fueled by PDP’s Drive-by Java post, which is a very simple, yet a well thought of extension (sort of) to the Drive-by Download attack. [...]

By: kbnet

kbnet — Sun, 20 Jan 2008 10:18:52 +0000

Sorry, didn’t post the URL:
http://www.aboulton.blogspot.com

By: kbnet

kbnet — Sun, 20 Jan 2008 08:28:36 +0000

This guy has a very interesting blog, he has a video which shows an applet patching a binary. Very nice!

By: Drive-by Download: Where Network Security Meets WebAppSec « Hey! There is Code in my BUG!

Fri, 02 Nov 2007 13:17:01 +0000

[...] on November 2nd, 2007 This post was due since the Bank of India hack incident, and was fueled by PDP’s Drive-by Java post, which is a very simple, yet a well thought of extension (sort of) to the Drive-by Download attack. [...]

By: mogano

mogano — Tue, 30 Oct 2007 22:24:36 +0000

I’ve already done s.th. but not on Applets.
Therefore I asked because I don’t think that they has increased the level of system rights.

Does someone know that writing (binary) files in (signed )Applets work???

By: pdp

pdp — Tue, 30 Oct 2007 19:49:36 +0000

diesl0w, indeed!

mogano, DA BOMB? should we watch out for it?

By: mogano

mogano — Tue, 30 Oct 2007 19:38:51 +0000

we call it: DA BOMB! ;)

By: diesl0w

diesl0w — Tue, 30 Oct 2007 18:33:39 +0000

Sounds like someones trying to compile a download/execute payload :)

By: sid

sid — Tue, 30 Oct 2007 17:38:52 +0000

Some of us at Indiana University tried out this type of re-signing and modifying applets in a realistic scenario last year… you’re right, it works very well. People don’t care about whether or not they should trust an executable; if they expect it, they will click yes no matter what.

Check out our results:
http://www.indiana.edu/~phishing/verybigad/

By: pdp

pdp — Tue, 30 Oct 2007 16:54:49 +0000

:) what are u building man?

By: mogano

mogano — Tue, 30 Oct 2007 16:22:59 +0000

Still only one question from me:

How do I download a File using a signed applet?

greetz,
mogano

By: jayjwa

jayjwa — Tue, 30 Oct 2007 14:07:26 +0000

Works for Linux too, as long as the app. exists (ln -s xcalc calc for this example). It does put up a warning box and ask for confirmation that is obvious enough for me, but I can see how some people would click away without checking. Oddly, Firefox (2.0.0.7) also pops up an authenticaion box (bug?).

By: mogano

mogano — Tue, 30 Oct 2007 14:02:55 +0000

how do I download a file for example??

By: LiquidBrain

LiquidBrain — Tue, 30 Oct 2007 13:37:02 +0000

Actually you can execute any command on system… start service, download file… you can do anything…

By: mogano

mogano — Tue, 30 Oct 2007 12:54:10 +0000

what can I do with signed Applets??

Also stuff like execute arbitary code (from outside)?
(if so, how?)

By: pdp

pdp — Tue, 30 Oct 2007 11:23:36 +0000

mogano, I am not sure what u are trying to say!

By: mogano

mogano — Tue, 30 Oct 2007 09:42:46 +0000

Don’t know that you get an attack working. How for example you can get some binary stuff (shellcode) running?? Thats only a exec command! Other things are not possible like write binfile or ???

By: Technocrat

Technocrat — Tue, 30 Oct 2007 02:46:22 +0000

Good stuff pdp.

The weakest link in security is the human element. Clearly things could be changed to better protect non-informed users from themselves…but in the end, the only solution is education.

By bringing issues like this into the light, you are helping educate people….nice work.

By: pdp

pdp — Mon, 29 Oct 2007 19:49:16 +0000

Richard Moore, it is different when it comes to ActiveX controllers.

rezn, absolutely!

G-Brain, point taken! :)