Home > Hacking > Server Hacking



Xpire/Splitinfinity.info Server Hack and Malware injection using ...

Sort Desciption:

Xpire/Splitinfinity.info Server Hack and Malware injection using IFRAMES Vulnerability - Condensed ... 14, 1.3.26) Debian GNU (Apache 1.3.12 - 1.3.20) FreeBSD Mandrake 7.1, 7.2, 8.0, 8.1, 8.2, 9 RedHat 5 ...



Content Inside:

Xpire/Splitinfinity.info Server Hack and Malware injection using IFRAMES Vulnerability - Condensed Version Report written by Christopher Boyd paperghost@vital security.org www.vitalsecurity.org Document created 21/11/2004 Last Updated / Revised 25/11/2004: Analysis of X.full-tgp.net added. All content produced by the author unless otherwise stated, technical information and details relating to specific server hacks contributed by Elia Florio, Malware install procedure contributed by Eric L Howes, Analysis of Xpire.info / X.full-tgp.net installs contributed by Lawrence Abrams Copyright © Christopher Boyd 2004 all rights reserved CONTENTS: Pages 3,4 - Introduction - The server hack background Pages 6,7,8 - The server hack in action Page 9,10 - What the server hack is exploiting - The Malware installation process Page 12,13,14,15 - An analysis of the Xpire.info infection Page 16,17,18 - An analysis of the X.full-tgp.net infection - Avoiding an install - End-Users - Avoiding an install - Server Admins Page 21,22 - References WARNING : Some of the links contained in this document could lead to severe Malware, Trojan and Virus infections . Please do NOT click any of the links accidentally as you may become infected if you are not running the latest AV signature files and Malware protection tools. The author cannot take any responsibility for any harm done to individual PCs and / or networks if you click any of the links contained within . The links are presented in their entirety so that Server Admins can look out for malicious redirects and end users can add them to their blacklists. INTRODUCTION: A number of web servers are falling victim to a server hijack where a variant of the Suckit rootkit is being used to dynamically inject code into the pages served from the compromised machines. Using the Internet Explorer IFrames vulnerability, the code serves as a gateway to a number of different pa ...

Source: security.items4you.biz


add to Google Reader add to Google Bookmark add to bloglines add to newsgator add to FURL add to digg add to webnews add to Netscape add to Yahoo MyWeb add to spurl.net add to diigo Bookmark newsvine Bookmark del.icio.us Bookmark @ SIMPIFY Bookmark MISTER WONG Bookmark Linkarena Bookmark icio.de Bookmark oneview Bookmark folkd.com Bookmark yigg.de Bookmark reddit Bookmark StumbleUpon Bookmark Slashdot Bookmark blinklist Bookmark technorati add to blogmarks add to blinkbits add to ma.gnolia add to smarking.com add to netvouz add to co.mments add to Connotea add to de.lirio.us

 

Related Files

Vlandriks Ultimate Guide - Hacking Source Forum

Filed under: Hacking and Server Hacking
Sideshow ( Log Out ) Options Aug 13 2006, 08:54 PM My Controls · View New Posts · My Assistant Hacking Source Forum » World of Warcraft » World of Warcraft Server Emulation Vlandriks Ultimate Guide ...

Hacking Techniques

Filed under: Hacking and Server Hacking
Hacking Techniques. Network based System Hacking. Web Server Hacking. Physically enter the Target Building. WLAN (Wireless LAN) Hacking ...

Web Hacking

Filed under: Hacking and Server Hacking
This labs focus will in be web server hacking. Web server hacking refers to attackers. taking advantage of vulnerabilities inherent to the web server ...

Hacking SQL Server

Filed under: Hacking and Server Hacking
Hacking / Hacking Exposed Windows Server 2003: Windows Security Secrets & Solutions / Scambray ...... some of the tools of the trade in SQL Server hacking. ...

Real Time Hacking : ISA Server

Filed under: Hacking and Server Hacking
This case study is entirely based on my hacking experiences with Microsoft ISA Servers.It gives you. people with the way to get related to the ISA server ...