Informative Information for the Uninformed | ||||||||||||||
|
||||||||||||||
Next: Automation with Scripting
Up: Post-Exploitation on Windows using
Previous: HTTP Tunneling ActiveX Control
  Contents
Potential Uses and Enhancements
The PassiveX payload has the ability to be used for a wide array of
things regardless of whether or not an HTTP tunnel is even used. The
ability for a payload to inject an untrusted ActiveX control into an
Internet Explorer instance without any user interaction at all is
enough to give an attacker full control over the machine without the
attacker so much as typing a single command. The ways in which such
a thing could be accomplished could be through the development of a
robust and feature-filled ActiveX control that may or may not make
use of an HTTP tunnel between the target host and the attacker. This
abstract concept will be discussed alongside other more concrete
uses for this technique in the sections of this chapter.
Subsections |