Devious Phishing

Everyone knows about phishing, the concept of receiving email that looks like legitimate eg a banking or online shopping website. Everyone knows not to click on these URLs rite?

Well, for some people it's easier to avoid since they are really paranoid about receiving such email. However, it seems there is another way to trick stupid people into believing that that phishing email is legitimate. Observe the following:



This is an incorrect interpretation of the CRLF coding between Unix and Windows. Surprisingly this causes an IE browser URL bar to display fakeurl when in actual fact you have visited the hacker's url (myurl).

This is spooky shit. To counter this, obey several rules: do not click on urls in email; receive plain text email; view the source of suspicious html email.

Leaky but goodie

I've recently have been into leaked code to exploit or demonstrate serious vulnerabilities. The last one I got my hands on was the phpBB exploit against the phpBB forum software. Naturally I documented my delicious trials right here...

The latest thing that I managed to get my hands on is the exploit for Microsoft Jet. It specifically attacks msjet40.dll which exists on every Windows 2000 and XP system out there.

Of course I won't put the source code here but any fool can find it on the web these days, it's leaked afterall.

Basically how it works is that it creates a corrupted MS Access file (.mdb). Inside this mdb is code that will allow you to grab the EIP and hence execute more code embedded in the mdb. As long as someone is dumb enough to double click on the mdb. Which is easy if u ask me, just name it something like my_credit_card_details.mdb.

I'm still fooling around with it, but it seems like the potential is great. U can use it as an eggdrop or do lots of nasty things, since the amount of shellcode that you can put in the mdb is virtually unlimited.

This thing hits even XP Service Pack 2 btw.