Chapter 12  ■ Attacking Other Users

■■

Performing port scans of other hosts (which may be on a private net-

work accessible by the compromised user browser), and sending the

results to the attacker.

■■

Attacking other web applications accessible via the compromised user’s

browser, by forcing the browser to send malicious requests.

■■

Brute forcing the user’s browsing history and sending this to the

attacker.

One example of a sophisticated browser exploitation framework is BeEF,

which was developed by Wade Alcon and implements the preceding func-

tionality. Figure 12-13 shows BeEF capturing information from a compromised

user, including computer details, the URL and page content currently dis-

played, and keystrokes entered by the user.

Figure 12-13:  Data captured from a compromised user by BeEF

Figure 12-14 shows BeEF performing a port scan of the victim user’s own

computer.

Figure 12-14:  BeEF performing a port scan of a compromised user’s computer

Download 5,76 Mb.

Do'stlaringiz bilan baham: