1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Generic Metasploit Browser Exploit Info Disclose

Web Attack: Generic Metasploit Browser Exploit Info Disclose

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts of leveraging BrowserExploitServer module of Metasploit which could lead to sensitive information leak.

Additional Information

The BrowserExploitServer mixin of Metasploit is the only mixin specially designed for browser exploitation.

It automatically collects the browser information, including things like: OS name/flavor/version, browser name/version, whether a proxy is used, Java plugin version, Microsoft Office version, etc, etc. If the browser doesn't have Javascript enabled, then it collects less info. All the info gathered will be stored in a profile managed by the mixin.
The mixin will then tag the browser to track the session. It will also use the same tag to retrieve the profile when needed.
Before the mixin decides if it should serve the exploit to the browser, it will check with the module for any exploitable requirements. If the requirements aren't met, it will send a 404 to the browser, and the operation bails.

Metasploit browser exploits leverages this module to determine if feasible to exploit further.

Affected

  • vary.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube