Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      dEEpEst

      They have just found two serious vulnerabilities thanks to a PDF that they have uploaded to VirusTotal

      Recommended Posts

      Staff

      A few months ago, an anonymous user uploaded a PDF file to the online platform 

      Hidden Content

        Give reaction to this post to see the hidden content.
       in order to see if it was detected by any of the more than 50 antivirus engines that have this platform or, otherwise, none of them detected it .This PDF file apparently seemed harmless and could have been a user who, after downloading it, wanted to verify that it did not hide anything. However, it seems that this PDF file hid something quite serious.

      This PDF file immediately called the attention of several security researchers subscribed to the platform, researchers who soon began to analyze it in depth.Within this PDF file they have been able to find two very dangerous exploits that took advantage of two security flaws still unknown in the Adobe software and in Windows.

      Hidden Content

        Give reaction to this post to see the hidden content.

      The Adobe vulnerability ( CVE-2018-4990 ) is a failure to execute remote code, while the Windows security failure ( CVE-2018-8120 ) is a privilege escalation failure to be able to execute code at the highest level of permits. The PDF file did not include the final payload and was not 100% complete, so it is believed that it has never been used.

      Neither this malicious PDF , nor the exploits that it hid, had never been seen on the network until they were sent to VirusTotal. It is not well known why this PDF came to this online security platform, whether it was from someone who got it in some way or by some rookie hackerwho does not know that all the files sent to VirusTotal are sent to security companies and researchers, even if apparently clean, for in-depth analysis.

      What is certain is that, thanks to VirusTotal, we have been able to avoid a series of very dangerous computer attacks, being able to know the vulnerability before it was used to endanger the security of the users.

      Update Windows and Adobe to protect yourself from these two vulnerabilities

      This PDF was detected in March of this same year, and in the second week of May Microsoft and Adobe released their corresponding security patches without giving specific details about these security flaws. However, in order to give system administrators enough time to update their infrastructures, it has not been until now that Microsoft and Adobe have made public the vulnerabilities that have been detected thanks to this PDF uploaded to VirusTotal .

      To protect ourselves from these two failures and make these exploits useless, we must install the latest Windows and Adobe security patches. These vulnerabilities were already solved the second week of May with the corresponding patches, so, installing these patches we will be fully protected.

      What do you think of these two security flaws discovered and solved thanks to VirusTotal?

      Share this post


      Link to post
      Share on other sites

      I tell what happened the lamer bought exploit the 0day for adobe acrobat from 0day.today, and just fuked up the exploit

      let dos this virustotal

      Share this post


      Link to post
      Share on other sites
      Staff

      They buy or download a crypter and the first thing they do is upload it to VirusTotal, and then they tell you that they detect it as antivirus.
      They pull the work of days even of months in a few minutes, fucking lamers .....

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What IS Moriarty?
              Advanced Information Gathering And Osint Tool
              Moriarty is a tool that tries to find good information about the phone number that you provieded;
          ->Tries To Find Owner Of The Number
          ->Tries To Find Risk Level Of The Number
          ->Tries To Find Location,Time Zone Of The Number,Carrier
          ->Tries To Find Social Media Platforms That The Number Is Registered
          ->Tries To Find Links About Phone Number
          ->Tries To Find Comments About Phone Number
          ->Sends Sms To Phone Number With Amazon Aws

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. A web application that makes it easy to run your pentest and bug bounty projects.
          Description
          The app provides a convenient web interface for working with various types of files that are used during the pentest, automate port scan and subdomain search.

          Hidden Content
          Give reaction to this post to see the hidden content.  
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. PDF Cracker – The program can be used to decrypt protected PDF files, which have “owner” password set, preventing the file from editing (changing), printing, selecting text and graphics (and copying them into the Clipboard), or adding/changing annotations and form fields. PDF decrypt is being done instantly.
          Decrypted file can be opened in any PDF viewer (e.g. Adobe Acrobat Reader) without any restrictions — with print / copy / edit functions enabled. All versions of Adobe Acrobat are supported.
          Features
          • Remove the security settings from your encrypted PDF file is instant.
          • Support PDF1.8 format (formerly only supported by Acrobat 9.0 application).
          • Support PDF1.8 (Acrobat 9.x) files, including 40-bit RC4 decryption, 128-bit RC4 decryption, AES decryption, compressed files and unencrypted metadata.
          • Decrypt protected Adobe Acrobat PDF files, removing restrictions on printing, editing, copying.
          • Support drag and drop PDF files.
          • Full install / uninstall support.
          Hidden Content
          Give reaction to this post to see the hidden content.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. A plugin-based scanner that aids security researchers in identifying issues with several CMS.
          Usage of droopescan for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Please note that while droopescan outputs the most CMS likely version installed on the remote host, any correlation between version numbers and vulnerabilities must be done manually by the user.
          Supported CMS are:
              SilverStripe
              Wordpress
              Drupal
          Partial functionality for:
              Joomla (version enumeration and interesting URLs only)
              Moodle (plugin & theme very limited, watch out)

          Changelog  v1.44
              * Marked Drupal as stable.
              * Contribution by @mbomb007: Added README.md and CHANGELOG.md to Drupal interesting module URLs.
              * Contribution by @masterwebsk: new Drupal version.
              * New versions for all CMS except Joomla.
              * Minor updates to update system.


          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. PwnFox
          PwnFox is a Firefox/Burp extension that provides usefull tools for your security audit.
          If you are a chrome user you can check https://github.com/nccgroup/autochrome.
          Single click BurpProxy
          Connect to Burp with a simple click, this will probably remove the need for other add-ons like foxyProxy. However, if you need the extra features provided by foxyProxy you can leave this unchecked.
          Containers Profiles
          PwnFox gives you fast access to Firefox containers. This allows you to have multiple identities in the same browser. When PwnFox and the Add container header option are enabled, PwnFox will automatically add an X-PwnFox-Color header to highlight the query in Burp.
          PwnFoxBurp will automatically highlight and strip the header, but you can also specify your own behavior with addons like logger++.
          Security header remover
          Sometimes it’s easier to work with the security header disabled. You can now do it with a single button press. Don’t forget to reenable them before testing your final payload.
          Headers stripped:
              Content-Security-Policy
              X-XSS-Protection
              X-Frame-Options
              X-Content-Type-Options


          Hidden Content
          Give reaction to this post to see the hidden content.