Hi, today we'll prepare a 'simple scenario for "Red Team" attacks' I decided to try after one of the "last meetings"... ;) Below you'll find more details about it. Here we go...
Today we'll start here:
TL;DR: "scenario" (in one of my 'super ideal scenario-cases' described before;)) looks like this:
"It was a normal Monday in the (home) office..."
- <me>: hi, sup br0?
- <M$TeamzChat> : sup y0...
- <me>: check the <blabla>_meeting_file while we're waiting for the rest of the team
- <me>: <sending...>
- <M$TeamzChat> : ok, checking...
Ok: time for a little spoiler alert (aka. "it's not a bug it's a feature!111";)) I believe you're ready:
Quick description:
*(1): here I tried to play a bit with extensions (original one was XLSX; I changed it to XML during one of the "Repeater's requests" ;) btw: maybe (because of the error-icon) it'll be even easier to trick the victim this way to 'try via SharePoint'... anyway...)
*(2): as you can see here we'll have a 2 'links' (or resources) we can redirect our (victim) "meeting user". One of them seems to be the 'rootdir' path/link the other one - the link to the 'file'.
*(3): I decided to change both ;] to 'the same page' - 'root page' (of some random internet page I can see "downloaded" when user is trying to 'view the file using SharePoint').
So:
(...)
- <M$TeamzChat> : ok, checking...
- <me>: <popcorn.gif> ;]
(...)
- <M$TeamzChat> : hm...
- <M$TeamzChat> : <sending screen>
- <me>: hm... try to open it via SharePoint (right corner on the screen below), maybe that helps...
- <M$TeamzChat> : ok, wait...
- <me>: sure ;]
...and...
Your (victim... I mean a)meeting-users will be redirected to whatever webpage you'd (like to URLencode in (3a) and (3b)) send/serve them. ;)
Enjoy the meeting then! ;)
Brak komentarzy:
Prześlij komentarz