Description: Inter-protocol Exploitation removes browser-based attacks from being dependent upon browser vulnerabilities. It increases the number of potential exploits to include many service vulnerabilities throughout the internal corporate network. This includes whatever service can be contacted via a browser request.
Multiple protocols like IMAP, SMTP, POP, SIP, IRC and others are "tolerant" to errors, and they don't reset the connection with the client if they receive data that is not compliant with the protocol grammar. This leads to the possibility of interacting with such protocols with HTTP requests, even without the need of a SOP bypass.
During the talk, we will see a demonstration on how to compromise an IMAP server that sits in the victim's internal network through its browser hooked in BeEF.
This will include disabling the browser's PortBanning, identifying the victim's internal network IP and the live hosts in the subnet, followed by a port scan and finally sending the custom BeEF Bind shellcode after the IMAP service has been localized.
For More Information please visit : - https://appsec.eu/
Tags: securitytube , hacking , hackers , information security , convention , computer security , OWASP-AppsecEU13 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.