Drive-by Download: Where Network Security Meets WebAppSec

by Bipin 3 Upadhyay • November 2, 2007 • demo, education, hack, loophole, security, webappsec • 5 Comments

DEMO

This post was due since the Bank of India hack incident, and was fueled by PDP’s Drive-by Java post, which is a very simple, yet a well thought of extension (sort of) to the Drive-by Download attack. This post is aimed to provide a clearer understanding of the Drive-by Download attack (via a demo).

Citing Wikipedia, Any download that happens without knowledge of the user can be referred to as Drive-by Download (DBD). Pretty obviously, an attacker downloads (or uploads, depending on the perspective) malwares, viruses etc., especially in case of a zero-day. Now, I should also specify that by the sub-title “network security meets web application security”, I simply wish to point that viruses, malwares, worms are not really a concern of WebAppSec. Please note that these exclude the Javascript payloads.

Here is the video of Bank of India Hack, showing DBD in action.

Here is my demo of DBD in action.
All files downloaded to your system are 0 (zero) KB and are completely harmless. You’ve my word.

dada

f*** it, your blog has spam!!! hehe
http://projectbee.org Bipin 3~ Upadhyay

My mistake.
Removed ‘em now. Thanks
Bob

Hi!

i just like to know if the drive by download demo could be done using asp.net?

http://bipinu.myopenid.com/ Bipin Upadhyay

Bob,
Server side code (asp.net or otherwise), doesn’t have anything to do with drive-by download attacks. All it takes is HTML tags like iframe, img etc.
e.g.;

Bob

ok.. i want to make recreate the demo that u do. how to do it? i copy ur source code and redesign it. but the 4 file doesnt appear at the temporary file. why?

Code in my Bug!

Drive-by Download: Where Network Security Meets WebAppSec

by Bipin 3 Upadhyay • November 2, 2007 • demo, education, hack, loophole, security, webappsec • 5 Comments

DEMO

About Bipin 3 Upadhyay