background preloader

Hacks

Facebook Twitter

CVE-2011-2140 Caught in the Wild. A Chinese website contains malvertisement that leads to a few exploits including the latest Flash exploit (CVE-2011-2140). Special thanks to Jason for the find and share! Here’s the website that kicks things off: This is the infection chain: It’s quite long but the action starts at the “1.htm” file. One path leads to an IE browser exploit: It calls up pieces of the IEPeers exploit code found in separate Javascript files before calling it.

Shellcode contains a download and execute URL but you need to XOR it with the key of 0xBD first. That file is a downloader which pulls down another executable from the same website. File: zxx.exe MD5: 1bfd57d5fa7c26e56a5c89bc668db121 VirusTotal: 21/42 (50.0%) File: shenma.exe MD5: 1391776c2ddcbb9eea7fdd3d85a6e0a9 VirusTotal: 29/41 (70.7%) Let’s check out the first of two Flash exploits: The shellcode there pulls down the same binary from the URL as above. File: nb.swf MD5: f0e59dcbe6730a4383a88ab057a58c5c VirusTotal: 4/42 (9.5%) Here’s a hex view of that file. Inception: Tips and tricks I’ve learned reversing vulnerabilities! Inception-h2hc - Inception: The Extended Edition. Last update: Sun Dec 9 11:43:31 BRST 2012. /* * $Id: h2hc-2011-nbrito-inception 1.0 2011/10/21 20:22:15 nbrito Exp $ * * Talk: Inception - The extended edition * Author: Nelson Brito <nbrito *NoSPAM* sekure.org> * Conference: Hackers to Hackers Conference Eighth Edition (October 2011) */ To support the brand new Brazilian Law, which limits and criminalize the security researching process, I have removed all my codes from the Internet.

From most of security researchers' understanding, including myself, this Law is really, really poor on its essence and fails to describe what is a malicious use of technology and differentiate it from security researching. It is not the same thing happened in Germany, because this Law (also known as Carolina Dieckmann Law1 2) is not only against hosting... Here is the worse part of the law, which does not differentiate malicious from researching: So, I am removing everything related to my personal researching, once I can be considered an outlaw.

7 Linux Shells Using Built-in Tools. May 27, 2011 There are many distributions of linux, and they all do things a little different regarding default security and built-in tool sets. Which means when engaging these different flavors during a pentest, what works against one linux target to get an interactive shell, may not work against another. Well, not to worry my friends, there are many techniques for spawning shells, specifically reverse shells, from linux, and one or more of these techniques is bound to be available no matter which distro you're looking at. The scenario is this: You have the ability to run a simple command, or cause a user to run a simple command, on the target system. Whether it be via a Remote Command Execution vulnerability in a website, or some sort of php injected XSS which causes a privileged user to run commands on the target system. There are many instances of this scenario. . #1. netcat Surprise!!! ...just kidding... #2. netcat with GAPING_SECURITY_HOLE disabled: #3. netcat without netcat: #6.

. #7. .:: Phrack Magazine ::. Index of /exploits/shellforsite.