Update: I have decompressed the Applet http://cocaman.ch/uploads/corp-google-hack.txt DO NOT DOWNLOAD AND EXCECUTE THE EXE FILE! I WARNED YOU! Original story … A friend of mine just (his client uses Bluewin for hosting his website) asked me why the Google Analytics service wants to start a Java Applet which is unsigned. Well, as it turned out […]
Continue ReadingAnatomy of a Subway Hack – Slides now Available
Slides published! And as noted, those instructions and information are ONLY for educational purpose! More information about the “incident”.
Continue ReadingLife-Tablets.cn / neiron2008.com : How They Distribute Malware On Your Website
[digg-me] Notice: This is a developing story! Updates will be added as they occur. Help others and report your findings in the comments below! And check your websites for malicious injections. As previously reported, some of my websites got hacked and broken into. The evil people that did it uses some sneaky technique to actually […]
Continue ReadingNext PHP “Hacking” Script/Shell: w4ck1ng-shell
Well, well… Isn’t that cool? I got my hands on another nice PHP hacking script. This time it is called “w4ck1ng-shell (Private Build v0.3)“. And this has something new: $my_agent = “Defaced”; $user_agent = $_SERVER[‘HTTP_USER_AGENT’]; if($user_agent != $my_agent) { $fake_image = “iVBORw0K . . . ggg==”; header(“Content-type: image/png”); die(base64_decode($fake_image)); }else{ }; This will result in […]
Continue Reading