Results 1 to 8 of 8
  1. #1
    ~ Hyrule's Savior ~
    link's Avatar
    Join Date
    Jun 2011
    Posts
    3,825
    Points
    2,802
         User Info     Contact     Gamer ID
    Join Date
    Jun 2011
    Posts
    3,825
    Points
    2,802

    Contact info:

    Youtube Channel: http://www.YouTube.Com/ReTrOSlink

    Default Exclusive: Most of the Malware Exploit kits running in Vulnerable nginx server

    Bad guys always attempt to exploit the vulnerabilities in victim's system and infect their system with a malware. It's our turn, Let us hack them back and break into their box.

    Malware Must Die(MMD) Team has discovered that most of the malware exploit kit servers, malware page redirection server and malicious proxy servers are using vulnerable version of nginx server.

    The team has released poc codes "that was coded & released in Full Disclosure by KingCope" that will be helpful to break into the malicious server and gain access to them by exploiting the known vulnerabilities.

    It can be found here: http://pastebin.com/eX69Db7B

    The vulnerability allows the security researchers to take control of the server and obtain the infection source codes. In some cases, it also helps to track the cyber criminals.










    Source: http://www.ehackingnews.com/2013/07/...ility.html?m=0



    -------------------------------------------------------------------


    Nothing much to say about this article. Though, it's pretty interesting..

    - link

    0 Not allowed! Not allowed!
    #gamedevelopment


  2. #2
    Moderator chewtoys's Avatar
    Join Date
    Jun 2013
    Posts
    2,351
    Points
    3,397
         User Info     Contact     Gamer ID
    Join Date
    Jun 2013
    Posts
    2,351
    Points
    3,397

    Default

    Hackers running vulnerable servers? Or hackers running servers that have older software, but custom patches to what is known to be exploitable in that version?

    You wouldn't break into shit if your own shit could be broken into also.

    Fucking whiteknight internet faggots regardless.

    0 Not allowed! Not allowed!
    Last edited by chewtoys; 08-20-2013 at 03:52 PM.

  3. #3
    Wii Code Creator
    T.U.F.F. PUPPY
    T.B.W's Avatar

    Badge

    Join Date
    Dec 2012
    Location
    Barcelona Spain
    Posts
    4,212
    Points
    6,669
         User Info     Contact     Gamer ID
    Join Date
    Dec 2012
    Location
    Barcelona Spain
    Posts
    4,212
    Points
    6,669

    Default

    no hacker is gonna get pass my anti virus lol

    0 Not allowed! Not allowed!

  4. #4
    Moderator chewtoys's Avatar
    Join Date
    Jun 2013
    Posts
    2,351
    Points
    3,397
         User Info     Contact     Gamer ID
    Join Date
    Jun 2013
    Posts
    2,351
    Points
    3,397

    Default

    Quote Originally Posted by TBW View Post
    no hacker is gonna get pass my anti virus lol
    You'd be surprised, it's not too hard to get around them.

    0 Not allowed! Not allowed!

  5. #5
    Breathe Carolina <3
    Former GFX'er
    TrueCrime's Avatar
    Join Date
    Dec 2009
    Location
    CHIRAQ NIGGA
    Posts
    2,059
    Points
    4,483
         User Info     Contact     Gamer ID
    Join Date
    Dec 2009
    Location
    CHIRAQ NIGGA
    Posts
    2,059
    Points
    4,483

    Default

    Quote Originally Posted by fear_bot View Post
    Hackers running vulnerable servers? Or hackers running servers that have older software, but custom patches to what is known to be exploitable in that version?

    You wouldn't break into shit if your own shit could be broken into also.

    Fucking whiteknight internet faggots regardless.
    Most of those people tend to only operate those servers only for a certain time, before moving on to a different server. Either that or they are too lazy.

    0 Not allowed! Not allowed!
    epicly memed

  6. #6
    Moderator chewtoys's Avatar
    Join Date
    Jun 2013
    Posts
    2,351
    Points
    3,397
         User Info     Contact     Gamer ID
    Join Date
    Jun 2013
    Posts
    2,351
    Points
    3,397

    Default

    Quote Originally Posted by TrueCrime View Post
    Most of those people tend to only operate those servers only for a certain time, before moving on to a different server. Either that or they are too lazy.
    Regardless, OP of faggot whiteknight MMD club shit is wasting his time.

    0 Not allowed! Not allowed!

  7. #7
    ~ Hyrule's Savior ~
    link's Avatar
    Join Date
    Jun 2011
    Posts
    3,825
    Points
    2,802
         User Info     Contact     Gamer ID
    Join Date
    Jun 2011
    Posts
    3,825
    Points
    2,802

    Contact info:

    Youtube Channel: http://www.YouTube.Com/ReTrOSlink

    Default

    Quote Originally Posted by fear_bot View Post
    Hackers running vulnerable servers? Or hackers running servers that have older software, but custom patches to what is known to be exploitable in that version?

    You wouldn't break into shit if your own shit could be broken into also.

    Fucking whiteknight internet faggots regardless.
    Hey man, I'll I'm doing is posting what I hear. I do agree with you though, they are wasting their time.

    0 Not allowed! Not allowed!
    #gamedevelopment


  8. #8
    Member
    Join Date
    Feb 2012
    Posts
    146
    Points
    757
         User Info     Contact     Gamer ID
    Join Date
    Feb 2012
    Posts
    146
    Points
    757

    Default

    Most likely story.
    The hackers broke into those machines through nginx's vulnerability.
    And are now using it as a command and control node.
    On a large network, patching the vulnerability behind you carries a high risk/reward ratio, It has a relatively high chance of taking down the machine and drawing attention to you.
    It is much easier to just have enough machines to switch if anything looks funny.

    So enjoy digging through the logs only to find out it is connecting back to a 3rd party irc server.
    Go ahead and serve them papers to find their logs, You will only find a proxy in another country.
    Lets say that country is on really good terms with your country, so they file the request for the country to follow it up and send findings back to them
    Lets say it actually happens, All you will likely find is that that proxy is chained to another proxy in ANOTHER country.
    You could follow this, but drag it through a few countries that really dont like each other and you have a pretty good diplomatic block to prevent them from finding a real source with just passive logs.

    In my experience. Just stop once you are on the irc server.
    You can often send bulk stealth removal commands with their programs on there.
    Thats a fairly fun way to get back at them, and if they don't keeps logs of what machines they took they have a fair set back.

    Or if they use webpages to display their info (not that common) you may be able to try to leave a nasty exploit in there and pull their real ip's that way
    But like I said, Most use IRC. Not super vulnerable :/

    Also this is just a poor finding overall, It is essentially saying most hacked web servers are running vulnerable web services.
    Thats kinda a given...
    Not only that, But the exploit code DOES NOT WORK OVER THE INTERNET.
    Now if that isnt a red flag to this whole project, I dont know what is...

    0 Not allowed! Not allowed!
    Last edited by jordam; 08-24-2013 at 04:15 PM.
    Running on rocket fuel.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -10. The time now is 03:26 AM.
Powered by vBulletin®
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.