92棋牌游戏下载

   4个月前 (12-18) 铁匠  固若金汤
文章评分 0 次,平均分 0.0

0x00 前言


92棋牌游戏下载from:http://blog.0x3a.com/post/4/an-in-depth-analysis-of-the-fiesta-exploit-kit-an

ZAIZHEIGEWENZHANGZHONG,WOJIANGYIBUBUJIESHAOFiesta Exploit KitSHIRUHEGONGZUODE:RUHEZHONGDINGXIANG,GONGJIGANRANKEHUDUAN,BAOHANYIGEFlash exploit,Java exploit,PDF exploit,ZAIZUIHOUJIEMITADEpayloads.

92棋牌游戏下载DIYIBUSHIGANRANWODEXUNIJI,XINGYUNDESHIZHONGDINGXIANGYEMIANRENGRANHAIZAI

深入分析 Fiesta Exploit Kit

ZAIYEMIANJIESHUQIAN,CHARULEYIXIAODUANDAIMA,YOUYIDIANHUNXIAO,DANSHIJIEMAHENJIANDAN:

深入分析 Fiesta Exploit Kit

exploit kitZAIznaaok.myftp.bizYUMINGSHANG,DANGSHIZHIXIANGipSHI92.63.87.16,ZAIVirusTotal passivednsZHONGCHAXUNGAIIP,YOUHENDUOXIANGSIDEYUMING

深入分析 Fiesta Exploit Kit

92棋牌游戏下载SUOYOUYUMINGHUOYUESHIJIANDOUFEICHANGDUANZAN,JINGCHANGLUNHUAN。

0x01 The landing page


JIXUFENXI,XUNIJIDELIULANQIMEIGEYEMIANDOUBEIQIANRUjavascriptDAIMA:

深入分析 Fiesta Exploit Kit

这个案例当中,exploit是一个Flash exploit,MD5值为f77e25d5a04d8035d49a27d1b680e35d

ZAIVirusTotalTIJIAOYANGBENDESHIHOU57GESHADURUANJIANZHONGZHIYOU3GEKEYISHIBIECHU。

92棋牌游戏下载CONGFiddlerDEQINGQIUZHONGKEYIQUEDINGXIAMIANDESHUNXU:

76:客户端访问页面页面
80:客户端下载flash exploit
81:客户端溢出成功后执行payload

92棋牌游戏下载ZAIZHONGXINKAISHI,DANGYONGsublimeDAKAIYEMIANDESHIHOU,WOLIKERENCHUZHEISHIWO2013NIANJIUJIANGUODE。CHULESHANGMIANDEYIXIESUIJIWENBENZIFU,JavaScriptDEHUNXIAOSHIYIYANGDE:

深入分析 Fiesta Exploit Kit

JINXINGFANHUNXIAODEGONGZUO:

1. 搜索Decrypter字符串
2. 解密所有使用过的函数跟字符串
3. 替换所有使用的变量
4. 删除所有被分割的字符串(如:var a = ‘from’+ ‘Char’ + ‘Code’)
5. 清理代码(删除未使用的变量)
6. 给变量函数易懂的命名

DIYIBUZHAOJIEMIHANSHU:

深入分析 Fiesta Exploit Kit

92棋牌游戏下载YOUQUDESHIFiestaMEIYOUGAIBIANJIEMIHANSHU,ZHISHIHUANLEkey,YEKEYIZAImessop()HANSHUZHONGKANDAO

深入分析 Fiesta Exploit Kit

92棋牌游戏下载XIANZAIZENMECONGNAXIEHUNXIAODEDAIMAZHONGJIEMANI,HENJIANDAN,JIEMIHANSHUDEDE DINGBUSHIJISHANGSHILAIZIbonyv()HANSHU,DIBUSHIseam9jHANSHU,JITAMENHUANGEYIDONGDEMINGZI。

92棋牌游戏下载XIANZAIKEYIBASUOYOUDIAOYONGMINGZIWEImessop()HANSHUTIHUANYIBIAN:

深入分析 Fiesta Exploit Kit

ZHENGRUNISUOKANDAODE,KAITOUDABUFENSHENGMINGDEBIANLIANGDOUSHIQUANJUBIANLIANG。JIEMISUOYOUDEZIFUCHUANZHIHOU,WOMENKAISHITIHUANQUANJUBIANLIANG(BIRUlintlBIANCHENGwindow.documentDENGSHIDAIMAGENGYIDUYIXIE),ZHENGLIZHIHOU,YEMIANDEJIEGOUGENGQINGXILE:

 

KANYIXIAFiestaSHIYONGLENAXIELOUDONG:

Adobe Flash:

CVE-2014-8439: Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302

CVE-2014-0497: Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux

 

Adobe PDF

CVE-2010-0188: Adobe Reader and Acrobat 8.x before 8.2.1and 9.x before 9.3.1

 

Java

CVE-2012-0507: Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33

92棋牌游戏下载CVE-2013-2465: Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7

 

92棋牌游戏下载Silverlight

CVE-2013-0074: Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0

 

Microsoft Internet Explorer

CVE-2013-2551: Microsoft Internet Explorer 6 through 11

92棋牌游戏下载YOUQUDESHI,Fiesta exploit kitWANQUANZHUANZHUDEIELIULANQI,JIANCEDAOAdobe PDF, Adobe Flash, JavaCHAJIANYEZHISHIYONGYUIE。

0x02 Following the flash exploit landing page trail


TONGGUOWANGLUOZHUABAOKEYIQUEDINGXUNIJISHIBEIYONGDEFLash exploitGONGJI,TONGGUODUIBIURLKANDAOSHIYONGDESHICVE-2014-8439。

这个CVE最初由kafeine在Angler exploit kit中以0day的方式发现的。CVE-2014-0569 (Flash Player) integrating Exploit Kit Out-of-Band Flash Player Update for CVE-2014-8439

FANBIANYIActionScriptDAIMAZHIHOU,WOMENZHAODAOYIDUANJIAOBEN:

深入分析 Fiesta Exploit Kit

ZHENGLIZHIHOUDAIMA:

深入分析 Fiesta Exploit Kit

92棋牌游戏下载JIETUXIANSHIDEBUSHIHENWANZHENG,YOUYIGEHANSHUMEIYOUZHANSHICHULAILoadCompleteHANSHU:

深入分析 Fiesta Exploit Kit

92棋牌游戏下载stage 2DESHUJUZHUIJIADAOroot/mainDUIXIANGZHONG,stage 2SHIJISHANGSHILINGWAIYIGEflashWENJIAN,TONGGUOaddChildHANSHU,stage 2 flashWENJIANJIANGHUIBEIJIHUO,CONGNEICUNDANGZHONGdumpCHULAIJIEMIDEstage 2SHUJU,WOMENKEYIKANDAOFlashWENJIANDETOU:

深入分析 Fiesta Exploit Kit

反编译这个FLash文件获得了大约820行的ActionScript代码,我不打算针对这个漏洞继续深入他是如何利用的,如果你想知道是如何利用的已经有人写过92棋牌游戏下载相关的文章 An interesting case of CVE-2014-8439 exploit

JIETUDANGZHONGDEActionScriptDAIMAZHISHIDIYIBUDABAOJIAZAIDEZUOYONG,DIERBUCAISHIZHENZHENGDELIYONGLOUDONGHUOQUZHIXINGQUANXIAN,WEILEHUODEZHIXINGQUANXIAN,LAJISHOUJIQIDE

92棋牌游戏下载LAJISHOUJIQINEIBUYOUYIZHIZHENZHIXIANGYIGEITelemetryDUIXIANG,TONGGUOYIGEBAOHANJINGXINZHUNBEIGOUZAOXUNIBIAODEITelemetryDUIXIANGNENGGOUHUODEZHIXINGQUANXIAN,XIUGAIXUNIBIAOHOUDEITelemetry,TIHUANLEZHENGQUEDEITelemetryHANSHU,ZHIXIANGLEWOMENDEshellcode。

FANBIANYIWANQIANRUDEflashWENJIAN(DIERBUZHONG)ZHIHOU,WOMENDEDAOLEYIGEJIANDANDEasJIAOBEN,FAXIANLEYIGEYOUQUDEHANSHUinitialization,DAIMAYINYONGMUBIAOWANGYESHANGDEYIGEBIANLIANG,RANHOUDIAOYONGLEYIXIEHANSHU:

深入分析 Fiesta Exploit Kit

RUGUOWOMENGENZONGseatkHANSHU,KANDAOLEGENZHIQIANHENLEISIDEDAIMA,SHIYIGEZIFUCHUANJIEMIHANSHU:

深入分析 Fiesta Exploit Kit

92棋牌游戏下载KANLAIFiestaBATONGYIGEJIAMIHUNXIAODEHANSHUYONGZAILEHENDUODIFANG,HANSHUFANHUIJIEMAHOUDESHUJUJIUSHIJIEHEROPLIANLIYONGDEshellcode。

92棋牌游戏下载YOUYUZHEIGEflashLOUDONG(CVE-2014-8439)SHIGANGGANGFAXIANDE,POCBINGMEIYOUFANGCHULAI,SUOYIWOBUHUIXIELULIYONGDEXIJIE。

XIANZAIYIJINGZHIDAOLEFiestaXIANZAIDESHIYONGDEGONGJI:

DENGLUYEMIANJISHIYONGNAGEshellcode/payloadTIGONGXINXI expYOUDABAOLAIYINGDUIJIANCE DI3JIEDUANDEexpXIANSHITASHIYIZHONGKEYIHENRONGYIZHIHUANDEKUANGJIA

JIEXIALAIJIANGYIXIAZHENDUIJava DEexp

0x03 JAVA payload解密


GAIjavaDEexpYANGBENJIYUCVE-2013-2465

5c6c4a6a4c5adc49edabd21c0779c6e3

92棋牌游戏下载WOMENKEYICONGDENGLUJIEMIANFAXIAN,‘JavaExploit_CVE20132465’ GONGNENG,DUIjava appletJINXINGRUQIANRU。

ZAIWOMENFANBIANYIjarBAOZHIHOUWOMENKEYIDEDAOYIFENCUNZAIYIXIEHUNXIAODEjavaYUANMA,SHENCHAYUANMAWOMENKEYIFAXIAN,QIZHONGYIGEGONGNENGZAIYUXIAZAIpayloadBINGZHIXING。DUIjavaYUANMAJINXINGCHULIHOURUTUPIANSUOSHIWOMENKEYIYIFENQINGXIDEYUANMA。

深入分析 Fiesta Exploit Kit

RANGWOMENXIANKANHANSHUDEDINGBU,WOMENKEYIFAXIANexpSIHUDUIBUTONGDEpayloadTIGONGLEZHICHI。

XIAZAIpayloadZHIHOUDUQUQIAN256GEZIJIE,QIZHONGBAOKUOLExor keyYIJIpayloadDEYOUXIAOBUFEN,WOMENKEYIZAIXUNIJIZHONGFENXIZHEI256GEZIJIEDECHAYI。

深入分析 Fiesta Exploit Kit

QIZHONGWOMENKEYIKANDAOGUANJIANDEjavaDAIMAZAIYU “Decrypt” GONGNENG,YONGYUpayloadDEJIEMA,ZAIHAIYUANjavaYUANMAZHIHOU,ZHEIBUFENHANSHURUXIATUSUOSHI:

深入分析 Fiesta Exploit Kit

92棋牌游戏下载DAIMADEDIYIBUFENSHIYONGLIANGGEindexBAXUYAOJIEMIDEMEIZIJIESHUJUDIZENG,LIANGGEindexZHONGkeyDEZHIBEIJIAOHUAN,XIANGJIAYANZANGZAIXINGCHENGWEIXORYUNSUANDEGUANJIANWEIZHI。

92棋牌游戏下载ZHEIGEXORJIEMIYONGZAIZHENGGEPESHUJUHUISHOUZHONG,CONGQIANMIANDEDAIMADUANZHONGHAIKEYIKANDAOpayloadDEWENJIANMINGSHICHUNSHUZIDEWEIDANGQIANDEJISUANJIDESHIJIAN。

ZAIJIANGjavaDAIMAZHUANHUANCHENGpythonHOUWOMENKEYIHENRONGYIDEJIEMATA。

深入分析 Fiesta Exploit Kit

92棋牌游戏下载ZAICHENGGONGJIEMASHUJUHOUWOMENKEYIJIANGpayloadFANGRUFiesta,XIANZAIZAIpayloadSHANGRANGWOMENCHANGSHIWOMENQIANMIANSHUOGUODEflash exp。

深入分析 Fiesta Exploit Kit

92棋牌游戏下载KEXIKANQILAISIHUBUNENGGONGZUO,JIEMIHOUDEpayloadDEYUNXINGJIEGUOWULUNSHIFlash,adobe PDFHAISHISilverlightDOUFANHUICUOWU。TAKANQILAISIHUBUSHIPUTONGDEjavaDAIMA,SHILIYONGLEYIZHONGJIYUKONGZHIZHIXINGDEshellcode,BINGQIESHIYONGBUTONGDEJIAMISHOUDUAN。WOMENKEYICONGYINGPANSHANGJIEMICHUDEpayloadKANDAO,SHIBUTONGYUZUICHU256ZIJIEDEXORKUAIDE,payloadKEYICHUANSHURENHEshellcode。

深入分析 Fiesta Exploit Kit

92棋牌游戏下载XIANZAIWOMENXUYAOCHAKANexpZHONGDEshellcode,XIANQIANWOMENYIJINGKANGUOLEflash expDANSHITINGZAILELIYONGDIAN,XIANZAIWOMENKEYITONGGUOjava expQUJIEMIpayload,NEIMEJIEXIALAIWOMENLAIKANKANLINGYIZHONGLEIXING:adobe pdf

0x04 Adobe PDF exploit


样本:f4346a65ea040c1c40fac10afa9bd59d

使用peepdf分析PDF:

深入分析 Fiesta Exploit Kit

92棋牌游戏下载peepdfGAOSUWOMENYOUYIGEAcroFormHEYIXIEJavaScript。WOMENKANYIXIAAcroForm,JIUHUIKANDAODIAOYONGCHUSHIHUASHIQISHIYONGDESHIJavaScript,SHOUXUGENZONGobjectGUANXIZHIDAOZHAODAOXFA:

深入分析 Fiesta Exploit Kit

XIAHUAJIUZHAODAOZHENZHENGDEAcroFormJIAOBEN,JIUNENGZHAODAOCHUSHIHUASHEZHIDE(HUNXIAODE)JavaScriptDAIMA

深入分析 Fiesta Exploit Kit

QINGLIXIADAIMAZHAODAOZUIHOUKANKANLOUDONGRUHECHUFADE,ZAIZHEIDUANJavaScriptDAIMAZHONG,YIGEEYIDEimageDUIXIANGBEIshellcodeCHUANGJIAN:

深入分析 Fiesta Exploit Kit

ZAIexpl_imgdataCHUANJIimageZHIQIANTIQUCHULAI,KEYIYONGbase64JIEMA,KANKANshellcode,ZAIshellcodeDANGZHONGWOMENZHAODAOZHENZHENGDEJIEMIHANSHU,YUZHIQIANDEJava exploitWANQUANYIYANG。

92棋牌游戏下载256ZIJIEDEXOR keyZHIQIANYOU16GE(EWAI)GEZIJIEBAOCUNXINXI。shellcodeZHONGXIAZAIpayload,QIAN16GEZIJIEBEIYONGYUQUEDINGSHIJIpayloadDEDAXIAO,ZHEIXIEZHISHIXORDE。QIAN4GEZIJIESHIXIA12GEZIJIEXOR key。KANQILAISHIZHEIYANGZIDE:

深入分析 Fiesta Exploit Kit

92棋牌游戏下载JIEMIZHEIGEpayload,WOMENKEYITIAOGUOQIAN16ZIJIE,JIEMICHULAIDESHUJUDUOLE25ZIJIE,25ZIJIEZHIHOUJIUSHIZHENGCHANGDEMZTOU,WOMENZHAODAOLEYOUXIAODEPE。NEIMEZHEILIYOUSHENMENI?GENGDUODEXINXIXUYAOBAWENJIANFANGZAIXITONGSHANG,MZTOUZHIQIANDESHUJUSHIWENJIANDAXIAO,YINGPANSHANGDEWENJIANMING:

深入分析 Fiesta Exploit Kit

通过这些信息,我们得到一个可以执行的PE文件,解密的样本可以从这里下载:31af1a5656ce741889984e8e878c7836

92棋牌游戏下载WOXIELEYIGEKEYICONGWANGLUOSHUJUZHONGJIEMIRENHEFiesta payloadDEPythonJIAOBEN,YIJINGZAIZUIJIN10GEFiesta EKSHANGCESHIGUOLE,LIANGGECANSHU,DIYIGESHIXUYAOJIEMIWENJIAN,DIERGESHISHUCHUWENJIAN,JIANGHUISHUCHUYOUXIAODEPEWENJIAN:

http://github.com/0x3a/tools/blob/master/fiesta-payload-decrypter.py


//下面这个css和插件后台设置的主题有关系,如果需要换样式,则需要修改以下CSS名称

 

除特别注明外,本站所有文章均为铁匠运维网原创,转载请注明出处来自http://iosdelisi.com/26199.html

关于

发表评论

暂无评论

切换注册

登录

忘记密码 ?

NINYEKEYISHIYONGDISANFANGZHANGHAOKUAIJIEDENGLU

切换登录

注册

扫一扫二维码分享

0.1的棋牌 035棋牌官方网站 0759棋牌官网下载 035棋牌唯一官网 20提的棋牌 035棋牌手机版下载 035棋牌正版官方网 1737棋牌游戏 035棋牌官网 035棋牌游戏

Tin T??c Bitcoin

học tiếng Trung online
yoga Viet Nam

  • <tr id='th3fd'><strong id='th3fd'></strong><small id='th3fd'></small><button id='th3fd'></button><li id='th3fd'><noscript id='th3fd'><big id='th3fd'></big><dt id='th3fd'></dt></noscript></li></tr><ol id='th3fd'><option id='th3fd'><table id='th3fd'><blockquote id='th3fd'><tbody id='th3fd'></tbody></blockquote></table></option></ol><u id='th3fd'></u><kbd id='th3fd'><kbd id='th3fd'></kbd></kbd>

    <code id='th3fd'><strong id='th3fd'></strong></code>

    <fieldset id='th3fd'></fieldset>
          <span id='th3fd'></span>

              <ins id='th3fd'></ins>
              <acronym id='th3fd'><em id='th3fd'></em><td id='th3fd'><div id='th3fd'></div></td></acronym><address id='th3fd'><big id='th3fd'><big id='th3fd'></big><legend id='th3fd'></legend></big></address>

              <i id='th3fd'><div id='th3fd'><ins id='th3fd'></ins></div></i>
              <i id='th3fd'></i>
            1. <dl id='th3fd'></dl>
              1. học tiếng Trung onlineyoga Viet Nam

                1. <form id='rt22v'></form>
                    <bdo id='rt22v'><sup id='rt22v'><div id='rt22v'><bdo id='rt22v'></bdo></div></sup></bdo>

                      • học tiếng Trung onlineyoga Viet Nam