lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 11 Jun 2004 02:44:56 -0000
From: "http-equiv@...ite.com" <1@...ware.com>
To: <bugtraq@...urityfocus.com>
Cc: <NTBugtraq@...tserv.ntbugtraq.com>
Subject: SECURE SOCKETS LAYER COELACANTH: Phreak Phishing Expedition




We wrap this up with a full-on ssl site spoof. It seems limited 
how far you can 'shove' the real domain out of the way, but just 
enough to make it convincing so we adapt the window to 'cover' 
it up. Interestingly [with apologies to e-gold for playing with 
their site], they have a secured connection [ignore the warning] 
which gives us our https, our little golden 'safe' padlock and 
most interestingly, all the links inside the site function and 
show the spoofed address:

 
http://www.malware.com/gutted.html

couple all that with the absurd ability to trick Internet 
Explorer into believing it is in a 'trusted zone' by inserting 
whatever gibberish you want into the fake link regardless of the 
actual domain, and you have the catch of the day.

Big thanks to Drew Copley for whacking the sucker on the head,  
Brett Moore for correctly pointing out that it can be achieved 
without the 'redir' thing as well being able to stuff it with 
anything else you want and expedition leader: 'bitlance winter' 
who sighted it, tracked it, snagged it and reeled it in.

End Call

-- 
http://www.malware.com








Powered by blists - more mailing lists