Liberty Exploit pack

Posted on November 5, 2009 by drunkgeisha

Liberty Exploit System
latest: 1.0.5

exploits:
MS06-014 Internet Explorer (MDAC) Remote Code Execution Exploit
PDF util.printf(), PDF collab.collectEmailInfo(), PDF collab.getIcon()
Flash 9
MS DirectShow
Snapshot
Java 0day

price: 500$ 

 

Yesterday i was looking for this packet of exploits called Liberty pack.

So it was really interesting and more interesting when i have found that the default username and password is user and pass …

so i have search in malwareurl for a cpanel admin.php of liberty pack…

the first panel found i had try user and pass  for login but don’t work so i think that also the utilizator of liberty pack know now that leave the default password is insecure.

So i have try the most common passwords = 1234,god,password and… it work!!!

Now i have the access to the liberty pack cpanel 

it looks nice but not so nice for a 500$ exploit pack, is the essential for make it work…


liberty exploit packs

Ok is not really big, i have see some other of 15k uniques visits but is not bad 

It inject for the most in ie7 and old ie version

 

The principal infected country is Turkey

 

liberty exploit packs

 

The most infected OS is windows xp but there is also a strange Unknow system that i suspect to be some "crew" windows version like tinyxp or blackxp

 

This is one of the most interesting part the referreals 

looks like a turkish forum infected http://www.msxlabs.org/

naturally about windows stuff 😀

and also the other referreals are all forums 

 (i suppose that the attacker inject in the post a invisible frame about the exploited page for infect other user of the forum)

 liberty exploit packs

Ok this is the exploit used for infect the users 

how i have find it… simple looking in the  page source i have see a id=6 about exploits commented 

i have try to insert it in the admin page and i have see the redirection to the exploit page 😀

what that exploit number means ? ms06-014 is a vulnerability in the microsoft data access components!!!

 id=4 reset the counter 

i have try to inject some code in the upload form but don’t work for now…

this are the files used by liberty pack 

site.com/index.php
site.com/download.pdf
site.com/Hidden.swf
site.com/update.php
site.com/update.exe
site.com/admin.php

 

 

thanks everyone for listening 

 

 

This entry was posted in General. Bookmark the permalink.