0

I am testing a lot of Flash exploits for variouse versions of Flash on Virtual Machines with Windows 7. Id say that 90% of the exploits I tested (on the correct version and correct browser) made the browser crash before the payload could be triggered.

I mainly used IE with versions 8 and 11 and Windows 7 (64bit).

Anyone having an idea or comment about this? Like... settings... or... I dont know :/

oguz ismail
  • 1
  • 16
  • 47
  • 69
Max Kossatz
  • 1
  • 2
  • **Why** are you testing these in the first place? Professional curiosity, or are you expecting SO users to be complicit in a shady activity? – Clint Jul 20 '15 at 09:13
  • 1
    @Clint haha white hat stuff: I am actually running exploits against an exploit detection system of an anti-virus companies software. Things where going well until I got to the Flash exploits: the detection system detects the triggering of the payload, but if I turn the detection system off, the payload cant trigger completely, because the browser crashes... I would guess that it is the exploit, which is unstable, BUT since this appears for A LOT of exploits, I guess i am doing something wrong. – Max Kossatz Jul 20 '15 at 09:36
  • Without knowing the exploits and implementation details (I'm certainly no expert) I'd say it's possible you're upsetting the browser process significantly enough to cause an exception (e.g. writing to memory the browser needs to run) – Clint Jul 20 '15 at 11:40
  • Yes thats what I thought as well, but this happens with all Flash exploits in the metasploit exploit DB and if this is the case, then MSF messed up when testing xD – Max Kossatz Jul 21 '15 at 12:17

0 Answers0