SilviuCS Posted August 30, 2011 Report Posted August 30, 2011 (edited) This shit seems to be on fire over the internet so i decided to take a look and get it for free.The Black Hole exploit kit is an unethical off-the-shelf Web application. The first instance - v.1.0.0 beta - has appeared on the black market and was advertised in August 2010 as a "System for network testing". As with most of the exploit kits, it is based on PHP and a MySQL backend. The payload of this kit usually targets Windows operating systems and applications installed on those systems, but depends on the criminals' end goal.The kit's administrative system includes several so-called "Statistical Widgets". Most widgets provide the same information as pages in other kits, like global statistics, operating systems, top countries and referrers. An interesting feature of this kit is that a criminal can create a custom widget, basically meaning that the most important and required statistics will be gathered and shown in one widget.The Black Hole exploit kit uses several protection mechanisms such as:Integrated Antivirus based on an API of popular blackhats' AVCheck servicesForms database of blacklists based on referrers and IP addresses including ranges to block access to the systemThe kit's settings allow criminals to choose a language interface of either Russian or English, which suggests that this kit was developed in Russia, and to change name of the malicious payload file and parameters to make it undetectable by AVs. Exploits are encrypted with custom algorithms, which makes this pack difficult to analyze by AVs and generic deobfuscation tools and services. The Black Hole exploit kit uses the Java OBE (Open Business Engine) toolkit to spread exploits and successfully load the malicious executable to the victim's machine. Once a victim follows the malicious Iframe, he will download a JAR file with an encoded URL parameter, and one of the classes of this JAR file will decode this parameter into a clear text URL. The URL will be concatenated with an HTTP GET parameter which will be used in downloading other malicious payload files. The exploit kit is encrypted by the commercial php-cryptor which makes the whole distribution very regulated and sophisticated. The kit is therefore only rented by the criminals and not sold like many others.Here is a screen shot of the settings page:More Info: Infosecurity (UK) - BlackHole exploit kit now being offered for freeDownload:blackhole.rarPassword: 123456789 Edited August 30, 2011 by SilviuCS Quote