-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Module: Detect Unsafe ActiveX
Nbblrr edited this page Dec 20, 2012
·
3 revisions
- Objective : This module will check if IE has been insecurely configured. It will test if the option Initialize and script ActiveX controls not marked as safe for scripting is enabled.The setting can be found in: Tools Menu -> Internet Options -> Security -> Custom level -> "Initialize and script ActiveX controls not marked as safe for scripting"
- Date: January 2012
- Authors: Wade, bcoles
- Browser: IE
- Code
This module try to load the ActiveX object WbemScripting.SWbemLocator :
try {
test = new ActiveXObject("WbemScripting.SWbemLocator");
} catch (e) {
unsafe = false;
}
if (unsafe) {
result = "Browser is configured for unsafe ActiveX";
} else {
result = "Browser is NOT configured for unsafe ActiveX";
}- IE6: Unsafe by default (tested on IE6.0.2900.5512 on Win XPSP3)
- Configuration
- Interface
- Information Gathering
- Social Engineering
- Network Discovery
- Metasploit
- Tunneling
- XSS Rays
- Persistence
- Creating a Module
- Geolocation
- Using-BeEF-With-NGROK