FREE Crimepack 3 1 3 Exploit kit Leaked

EliteHackers
SALUT 2022!! NE-AM MUTAT PE DISCORD ! Vrei să inviți un prieten? [T]eoria [H]aosului [C]ontrolat - https://discord.com/invite/U4HBCHzm7r Acesta aste link-ul oficial al acestui server.

Lista Forumurilor Pe Tematici

EliteHackers | Reguli | Inregistrare | Login

POZE ELITEHACKERS

Nu sunteti logat.

Nou pe simpatie:
draghici_elena2000

Femeie
24 ani
Dambovita
cauta Barbat
24 - 62 ani

EliteHackers / Windows - Hacking & Tools / [FREE] Crimepack 3.1.3 Exploit kit Leaked!

Moderat de Ad_Infinitum, AntiKiler, Puscas_marin, kooze, r3v

Autor

Mesaj

Pagini: 1

r3v
Moderator

Inregistrat: acum 14 ani
Postari: 1158

Part 1: Java Exploit
As stated above, I focus on a malware that exploits a recent JRE vulnerability: CVE-2010-0840 to execute malicious files on a slave system. This malware comes inside a jar file, which contains the following two classes: Crimepack.class and KAVS.class.
Part 1.1: Crimepack.class
This class is the engine of the malware, it is obfuscated, but you can quickly strip off the obfuscation (my python beta tool is great…), once you get rid of the obfuscation you can see the following code:

As always, we have an Applet that access to the data parameter, generates a random name for the exe payload that will be dropped in the system temp directory and then executed. So at this point as you can see we have nothing new, the above is a common Java downloader… but let’s scroll down:

Above, we can see that the malware is creating a new instance of the KAVS class (description follows), in order to trigger the JRE vulnerability by using a call to the getValue() method (..snipped above..).
Part 1.2: KAVS.class
Here is the hand-crafted class, I say hand-crafted because such class cannot be compiled by using a standard compiler, so you have to edit the compiled class by editing the bytecode:

Part 2: PDF-generator on demand
The kit contains a nice php script that drops custom pdf on-demand, which means that you can have several mutations of the same piece of malware, by simply connecting to a malicious link.

Credits to THN - The Hacker News

http://www.megaupload.com/?d=24EU10PG

_______________________________________
http://thieves-team.com
r3vyk.info
mess id: doar prin PM datorita faptului ca mi-au dat add 10000 de retardati care joaca metin

pus acum 13 ani

Pagini: 1

Mergi la