Testing with WebRTC extension in Chrome, code credits Christian Frichot (3 days old)
Firefox code changed for Chrome and Chrome API, run in Tampermonkey.
Interesting results as Vegan does not protect all.
BeEF is becoming a growing concern in my view,
Malware Script Detector v.0.2b detects all BeEF injection attampt and blocks accordingly.
polonus
Check for http://website/3000/ui/panel (dork)
you will get a page not found but also that site.
Example - BeEF …
"error": {
"message": "An access token is required to request this resource.",
"type": "OAuthException",
"code": 104
}
}]/code] -> ?welcome :o or continue to the frontpage of website..
resulting in
var googletag = googletag || {};
googletag.cmd = googletag.cmd || ;
(function() {
var gads = document.createElement(‘script’);
gads.async = true;
gads.type = ‘text/javascript’;
var useSSL = ‘https:’ == document.location.protocol;
gads.src = (useSSL ? ‘https:’ : ‘http:’) +
‘//www.googletagservices.com/tag/js/gpt.js’;
var node = document.getElementsByTagName(‘script’)[0];
node.parentNode.insertBefore(gads, node);
})();
googletag.cmd.push(function() {
googletag.defineSlot(‘/51960304/banner_header’, [468, 60], ‘div-gpt-ad-1369080985555-0’).addService(googletag.pubads());
googletag.defineSlot(‘/51960304/leaderboard_frontpage’, [728, 90], ‘div-gpt-ad-1369080985555-1’).addService(googletag.pubads());
googletag.defineSlot(‘/51960304/leaderboard_generic’, [728, 90], ‘div-gpt-ad-1427107760956-0’).addService(googletag.pubads());
googletag.defineSlot(‘/51960304/rectangle_detail’, [336, 280], ‘div-gpt-ad-1369080985555-3’).addService(googletag.pubads());
googletag.defineSlot(‘/51960304/square_sidebar’, [250, 250], ‘div-gpt-ad-1369088001681-0’).addService(googletag.pubads());
googletag.pubads().collapseEmptyDivs();
googletag.pubads().enableSingleRequest();
googletag.enableServices();
});
Read: https://stackoverflow.com/questions/19329560/how-do-i-target-which-ads-id-like-to-refresh-with-gpt
polonus
Interesting shodan search results: https://www.shodan.io/search?query=ui%2Fpanel
and https://www.shodan.io/search?query=hook.js → htxp://198.58.127.172:5000/
→ htxp://www.gameserverdirectory.com/server/198.58.127.172:26901/banners.php
http://domain-kb.com/www/floorschedules.com etc.
polonus