Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      dEEpEst

      They have just found two serious vulnerabilities thanks to a PDF that they have uploaded to VirusTotal

      Recommended Posts

      Staff

      A few months ago, an anonymous user uploaded a PDF file to the online platform 

      Hidden Content

        Give reaction to this post to see the hidden content.
       in order to see if it was detected by any of the more than 50 antivirus engines that have this platform or, otherwise, none of them detected it .This PDF file apparently seemed harmless and could have been a user who, after downloading it, wanted to verify that it did not hide anything. However, it seems that this PDF file hid something quite serious.

      This PDF file immediately called the attention of several security researchers subscribed to the platform, researchers who soon began to analyze it in depth.Within this PDF file they have been able to find two very dangerous exploits that took advantage of two security flaws still unknown in the Adobe software and in Windows.

      Hidden Content

        Give reaction to this post to see the hidden content.

      The Adobe vulnerability ( CVE-2018-4990 ) is a failure to execute remote code, while the Windows security failure ( CVE-2018-8120 ) is a privilege escalation failure to be able to execute code at the highest level of permits. The PDF file did not include the final payload and was not 100% complete, so it is believed that it has never been used.

      Neither this malicious PDF , nor the exploits that it hid, had never been seen on the network until they were sent to VirusTotal. It is not well known why this PDF came to this online security platform, whether it was from someone who got it in some way or by some rookie hackerwho does not know that all the files sent to VirusTotal are sent to security companies and researchers, even if apparently clean, for in-depth analysis.

      What is certain is that, thanks to VirusTotal, we have been able to avoid a series of very dangerous computer attacks, being able to know the vulnerability before it was used to endanger the security of the users.

      Update Windows and Adobe to protect yourself from these two vulnerabilities

      This PDF was detected in March of this same year, and in the second week of May Microsoft and Adobe released their corresponding security patches without giving specific details about these security flaws. However, in order to give system administrators enough time to update their infrastructures, it has not been until now that Microsoft and Adobe have made public the vulnerabilities that have been detected thanks to this PDF uploaded to VirusTotal .

      To protect ourselves from these two failures and make these exploits useless, we must install the latest Windows and Adobe security patches. These vulnerabilities were already solved the second week of May with the corresponding patches, so, installing these patches we will be fully protected.

      What do you think of these two security flaws discovered and solved thanks to VirusTotal?

      Share this post


      Link to post
      Share on other sites

      I tell what happened the lamer bought exploit the 0day for adobe acrobat from 0day.today, and just fuked up the exploit

      let dos this virustotal

      Share this post


      Link to post
      Share on other sites
      Staff

      They buy or download a crypter and the first thing they do is upload it to VirusTotal, and then they tell you that they detect it as antivirus.
      They pull the work of days even of months in a few minutes, fucking lamers .....

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Windows10Pdf Print to PDF Toolkit Pro – Print to PDF Toolkit Pro software enhances the features of Microsoft Print to PDF in many ways. For instance, it allows adding multiple paper types and defining custom paper sizes for Microsoft Print to PDF printer, it allows password protection for PDF documents, allow users to save PDF files without prompt (skip Save-As-PDF dialog), to append PDF files, to automatically output PDF files to a folder or a file, to customize PDF meta data in PDF properties, to change image resolution to reduce PDF file size, to change PDF layout and page mode to impress readers.
          It enables users to convert photos to PDF in batch, convert web pages to PDF in batch, and offers batch conversion for Word to PDF, Excel to PDF, PowerPoint to Excel, TXT to PDF, RTF to PDF, DWG to PDF, DXF to PDF.
          Print to PDF Toolkit Pro includes all the features of Repair Tool for Microsoft Print to PDF, therefore, users can repair or reinstall Microsoft Print to PDF printer and software package at any time.
          Features
          • Automatically save PDF files to a specific folder or a specific file
          • Save PDF files without prompt
          • Email PDF document as email attachment
          • Automatically Open PDF document after creation
          • Post-Processing for PDF documents
          • Password Protection
          • Permission Management
          • Avoid Information Leakage in PDF Document Properties
          • Create PDF document with splendid page mode and layout mode
          • Batch Conversion
          • Adjust PDF resolution and PDF Print Quality
          • Repair and Troubleshooting
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. It's just for Educational purposes. Don't use this

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Recon
          The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot!
          Feature
          ASN Enumeration
              metabigor
          Subdomain Enumeration
              Assetfinder
              Subfinder
              Amass
              Findomain
              Sublist3r
              Knock
              SubDomainizer
              GitHub Sudomains
              RapidDNS
              Riddler
              SecurityTrails
          Alive Domains
              httprobe
              httpx
          WAF Detect
              wafw00f
          Domain organization
              Regular expressions
          Subdomain Takeover
              Subjack
          DNS Lookup
          Discovering IPs
              dnsx
          DNS Enumeration and Zone Transfer
              dnsrecon
              dnsenum
          Favicon Analysis
              favfreak
              Shodan
          Directory Fuzzing
              ffuf
          Google Hacking
              Some Dorks that I consider important
              CredStuff-Auxiliary
              Googler
          GitHub Dorks
              Jhaddix Dorks
          Credential Stuffing
              CredStuff-Auxiliary
          Screenshots
              EyeWitness
          Port Scan
              Masscan
              Nmap
              Naabu
          Link Discovery
          Endpoints Enumeration and Finding JS files
              Hakrawler
              Waybackurls
              Gospider
              ParamSpider
          Vulnerabilities
              Nuclei ➔ I used all the default templates
          403 Forbidden Bypass
              Bypass-403
          XSS
              XSStrike
              Gxss
          LFI
              Oneliners
                  gf
                  ffuf
          RCE
              My GrepVuln function
          Open Redirect
              My GrepVuln function
          SQLi
              Oneliners
                  gf
                  sqlmap

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst
          In modern times as data becomes more secure with encryption, there are certain attacks that you may not be aware of. One specific type of attack is called a side-channel attack.
          What is a side-channel attack?
          Side-channel attacks rely on measuring tendencies and frequencies of your computer to establish patterns that can extract private information from your machine.
          Side-channel attacks or SCA, monitor your power use and electromagnetic emissions during cryptographic operations. Due to the low cost and simplicity of these attacks, multiple side-channel techniques can be used. Here is a list of the different techniques:
          Cache Attack — Monitor your cache accesses in a shared physical system. Commonly found in virtualized environment or a type of cloud service. Timing Attack — Monitor the time of computations and establishing patterns. Power-Monitoring Attack — Monitor the power consumption by the hardware during computation. Electromagnetic Attack — Based on leaked electromagnetic radiation, which can directly provide plain texts and other information. Such measurements can be used to infer cryptographic keys using techniques equivalent to those in power analysis or can be used in non-cryptographic attacks. Acoustic Cryptanalysis — Exploits sound produced during a computation (rather like power analysis). Differential Fault Analysis — Secrets are discovered by introducing faults in a computation. Data Remanence — Sensitive data are read after supposedly having been deleted. Software-Initiated Fault Attacks — Currently a rare class of side-channels, row hammer is an example in which off-limits memory can be changed by accessing adjacent memory too often (causing state retention loss). Optical - Secrets and sensitive data can be read by visual recording using a high resolution camera, or other devices that have such capabilities (see examples below).  
          Countermeasures
          Different ways to help prevent these attacks have been introduced but not widely implemented. A few ways to try to prevent these attacks are:
          Eliminating the release of private information or making sure this information is unrelated to your private data. Power line conditioning and filtering to deter power-monitoring attacks as well as emitting a channel with noise. Blinding technique that serves to alter the algorithm’s input into some unpredictable state rendering some or all of the leakage of useful information. Once your keys are established, hackers could gain access to your data and could increase your chances of corruption or removal. Side-channel and other types of cyberattacks are one of the key reasons you should always have redundant backups running using a service like Jungle Disk and another form of backup such as an external hard drive or network attached storage device.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. A plugin-based scanner that aids security researchers in identifying issues with several CMS.
          Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user.
          Supported CMS are:
              SilverStripe
              WordPress
          Partial functionality for:
              Joomla (version enumeration and interesting URLs only)
              Moodle (plugin & theme very limited, watch out)
              Drupal (plugin discovery partial on new installations of Drupal, patches encouraged)
          Changelog  v1.45
          * New SS modules.
          * New versions for all CMS.
          * Fix Python version in Kali. Thank you @pr0b3r7 and @NorthShad0w.

          Hidden Content
          Give reaction to this post to see the hidden content.