Recent Posts
- Export Address Table Filtering (EMET v2)
- Time of check, time of use
- MalwareDomains.com Serving Malware
- Scary monsters (and super creeps)
- Happy exploit wednesday!
- All you can spray
- Update: PDF sploits in the wild
- PDF sploits in the wild
- Vuln: maildrop Group Permission Dropping Privilege ..
-
maildrop Group Permission Dropping Privilege Escalation ..
- Vuln: Quagga bgpd Null Pointer Deference Denial Of ..
-
Quagga bgpd Null Pointer Deference Denial Of Service Vul..
- Vuln: Quagga bgpd Route-Refresh Message Stack Buffe..
-
Quagga bgpd Route-Refresh Message Stack Buffer Overflow ..
Categories
Comments
- abhi:Hi, I go
- k`sOSe:sorry for that,
- ftk:can you reuploa
- Vincent:Yup, 403.
- DG:403 Forbidden f
- k`sOSe:yep, exactly. t
- Thierry :"assuming
- h4x0r:Yeahhh ! i,m w
- snip:All work and no
- testonly:hi, i tried thi
- k`sOSe:hello w0lf, tha
- w0lf:hello frist of
- k`sOSe:Hi send9, feel
- k`sOSe:heya snip, than
- send9:Nice. I don
- snip:Guido, questa m
- fXsTar:Infernet eXplod
- k`sOSe:yeah indeed, my
- nopper:w00ting club :)
- k`sOSe:well said patri
- k`sOSe:thx
- sweet :cool shit you g
- k`sOSe:Fossi in te ci
- devon:Appena fixano r
PornoSecurity: sexy vulns, porno sploits and the like
Update: PDF sploits in the wild
Posted on 2009-07-24 16:15:34 in PornoSecurity
I wanna add just a bit to the last post. It turns out that the evil site serving the malicious PDF uses ActionScript to spray the heap and to inject the shellcode in memory. Here it is the full code, enjoy.2009-07-24 18:51:14
DG: 403 Forbidden for that link2009-07-25 09:38:52
Vincent: Yup, 403.2009-07-27 00:49:47
ftk: can you reupload? links is down. thx2009-07-29 11:55:46
k`sOSe: sorry for that, it seems that publishing certain things is not possible in germany. That's why I'm moving on a new host.2009-08-31 08:55:58
abhi: Hi, I got a sample of a pdf exploit. It uses swf embedded to exploit. I was trying to recreate it but I noticed that it dont uses javascript. And the payload exe is embedded in it. I am confused how to recreate it as it can be useful as it works on both 8.X and 9.X versions.... I decompiled the swf files... The exe attached to it is in jpg format.. But it has exe headers also.. I was trying to change the payload exe with mine... I removed everything after exe header inserted my exe file... But I dont got success... Also the code on your site is forbidden... Please help PS: If you want the sample please mail me at (its completely undetectable and hard to decompile) abhilyall[at]gmail[DOT]com Regards