Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

 

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware,, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      dEEpEst

      They have just found two serious vulnerabilities thanks to a PDF that they have uploaded to VirusTotal

      3 posts in this topic

      A few months ago, an anonymous user uploaded a PDF file to the online platform 

      Hidden Content

        Give reaction to this post to see the hidden content.
       in order to see if it was detected by any of the more than 50 antivirus engines that have this platform or, otherwise, none of them detected it .This PDF file apparently seemed harmless and could have been a user who, after downloading it, wanted to verify that it did not hide anything. However, it seems that this PDF file hid something quite serious.

      This PDF file immediately called the attention of several security researchers subscribed to the platform, researchers who soon began to analyze it in depth.Within this PDF file they have been able to find two very dangerous exploits that took advantage of two security flaws still unknown in the Adobe software and in Windows.

      Hidden Content

        Give reaction to this post to see the hidden content.

      The Adobe vulnerability ( CVE-2018-4990 ) is a failure to execute remote code, while the Windows security failure ( CVE-2018-8120 ) is a privilege escalation failure to be able to execute code at the highest level of permits. The PDF file did not include the final payload and was not 100% complete, so it is believed that it has never been used.

      Neither this malicious PDF , nor the exploits that it hid, had never been seen on the network until they were sent to VirusTotal. It is not well known why this PDF came to this online security platform, whether it was from someone who got it in some way or by some rookie hackerwho does not know that all the files sent to VirusTotal are sent to security companies and researchers, even if apparently clean, for in-depth analysis.

      What is certain is that, thanks to VirusTotal, we have been able to avoid a series of very dangerous computer attacks, being able to know the vulnerability before it was used to endanger the security of the users.

      Update Windows and Adobe to protect yourself from these two vulnerabilities

      This PDF was detected in March of this same year, and in the second week of May Microsoft and Adobe released their corresponding security patches without giving specific details about these security flaws. However, in order to give system administrators enough time to update their infrastructures, it has not been until now that Microsoft and Adobe have made public the vulnerabilities that have been detected thanks to this PDF uploaded to VirusTotal .

      To protect ourselves from these two failures and make these exploits useless, we must install the latest Windows and Adobe security patches. These vulnerabilities were already solved the second week of May with the corresponding patches, so, installing these patches we will be fully protected.

      What do you think of these two security flaws discovered and solved thanks to VirusTotal?

      • Like 2
      • Thanks 1

      Share this post


      Link to post
      Share on other sites

      I tell what happened the lamer bought exploit the 0day for adobe acrobat from 0day.today, and just fuked up the exploit

      let dos this virustotal

      Share this post


      Link to post
      Share on other sites

      They buy or download a crypter and the first thing they do is upload it to VirusTotal, and then they tell you that they detect it as antivirus.
      They pull the work of days even of months in a few minutes, fucking lamers .....

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By dEEpEst

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By Bipo
          Hidden Content
          Give reaction to this post to see the hidden content.
                February 11, 2019 Hidden Content
          Give reaction to this post to see the hidden content. Hidden Content
          Give reaction to this post to see the hidden content. A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users.

          The malware, described as a "Clipper," masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android clipboard with one belonging to attackers, ESET researcher Lukas Stefanko explained in a  Hidden Content
          Give reaction to this post to see the hidden content. .

          Since cryptocurrency wallet addresses are made up of long strings of characters for security reasons, users usually prefer copying and pasting the wallet addresses using the clipboard over typing them out.

          The newly discovered clipper malware, dubbed Android/Clipper.C by ESET, took advantage of this behavior to steal users cryptocurrency.

          To do this, attackers first tricked users into installing the malicious app that impersonated a legitimate cryptocurrency service called MetaMask, claiming to let users run Ethereum decentralized apps in their web browsers without having to run a full Ethereum node.

          Officially, the legitimate version of MetaMask is only available as a web browser extension for Chrome, Firefox, Opera, or Brave, and is not yet launched on any mobile app stores.

          However, Stefanko spotted the malicious MetaMask app on Play Store targeting users who want to use the mobile version of the service by changing their legitimate cryptocurrency wallet address to the hacker's own address via the clipboard. As a result, users who intended to transfer funds into a cryptocurrency wallet of their choice would instead make a deposit into the attacker's wallet address pasted by the malicious app.
           
          Stefanko spotted the malicious MetaMask app, which he believes was the first Android Trojan Clipper to be discovered on Play Store, shortly after its introduction to the app store on February 1.  
          Google took down the malicious app almost immediately after being notified by the researcher.

          While the bitcoin price has been dropped steadily since hitting its all-time high in December 2017, there is no reduction (in fact rise) in the cryptocurrency scandals, thefts, and scams that continue to plague the industry.

          Just last week, The Hacker News reported how customers of the largest Canadian bitcoin exchange  Hidden Content
          Give reaction to this post to see the hidden content.  in cryptocurrency after the sudden death of its owner who was the only one with access to the company's cold (offline) storage wallets. However, some users and researchers are suggesting the incident could be an exit scam.
        • By dEEpEst

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By electrify
          1) Start this by downloading one of the variants of "Simple Active Bot".
          Download: (Supervisor DOS V1)

          Hidden Content
          Give reaction to this post to see the hidden content. 2) Change the API to yours Google API. (PM me if you need help)
          3) Grab a list of Google Dorks at

          Hidden Content
          Give reaction to this post to see the hidden content. 4) Manually explore the dorks and try to figure it out how it works. Once you have found a vulnerability (doesn't need to be a vuln can be a function that it's only available after login) you configure the execution for the script to be automatic.
          5) With all in place, execute.
          Warning: Depending on the severity of each exploit you can make real damage with this simple guide. I have a few exploits that have been build to automaticaly execute the payloads. A payload example will be to authenticate in a router, add the router to a Dynamic DNS address and reboot it in order for it not to be found again (Only by Dynamic DNS).
          For more than 500 exploits buy Simple Active Bot:

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By 1337day-Exploits
          PDF Signer version 3.0 suffers from a server-side template injection vulnerability that can help lead to remote command execution due to improper cookie handling and cross site request forgery issues.

          Hidden Content
          Give reaction to this post to see the hidden content.