Ok /g/ apparently there's an exploit that can execute a

Thread replies: 10
Thread images: 2

Anonymous
2016-10-07 14:52:47 Post No. 56965453
[Report] Image search: [Google]

File: 1438792750346.jpg (927KB, 2000x2000px) Image search: [Google]

927KB, 2000x2000px

Anonymous 2016-10-07 14:52:47 Post No. 56965453 [Report]

Ok /g/ apparently there's an exploit that can execute any file if you visit a site on all modern browsers.

Anyone interested in reverse engineering it?

url is : morp.host
exploit is located at rekt.php

make sure to run httpdebugger/charles and click on rekt.php inside VM

you can only run the exploit once, then it grabs your HWID and returns empty next time.

API/Proc mon is also great as some executable will be started named Chrome_Search_XXX.exe

post the HTTP response of rekt.php, thank you.

Anonymous 2016-10-07 14:56:59 Post No.56965507
[Report]

Anonymous 2016-10-07 14:56:59 Post No.56965507 [Report]

>>56965453
typo, url is morph.host

Anonymous 2016-10-07 15:17:52 Post No.56965736
[Report]

Anonymous 2016-10-07 15:17:52 Post No.56965736 [Report]

Nothing happened on my GNU/Linux machine.

Anonymous 2016-10-07 15:19:38 Post No.56965755
[Report]

Anonymous 2016-10-07 15:19:38 Post No.56965755 [Report]

>>56965736
Try using windows + chrome

Anonymous 2016-10-07 15:19:44 Post No.56965757
[Report]

Anonymous 2016-10-07 15:19:44 Post No.56965757 [Report]

>>56965736
you mean Linux, right?

Anonymous 2016-10-07 15:26:25 Post No.56965829
[Report]

Anonymous 2016-10-07 15:26:25 Post No.56965829 [Report]

>>56965755
Oh... When you said "modern browser" I thought you also meant "modern operating system".

Anonymous 2016-10-07 17:50:39 Post No.56967766
[Report]

Anonymous 2016-10-07 17:50:39 Post No.56967766 [Report]

*   Trying 192.99.2.94...
* Connected to morph.host (192.99.2.94) port 80 (#0)
> GET /rekt.php HTTP/1.1
> Host: morph.host
> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
< X-Powered-By: PHP/5.5.31
< Content-Length: 432
< Connection: close
< Content-Type: text/html
<
<!DOCTYPE html>
<html lang="en">
        <title>MorphKIT 1.0</title>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
        <link rel="icon" href="favicon.ico" type="image/x-icon">
</html>

* Closing connection 0

Anonymous 2016-10-07 17:53:15 Post No.56967793
[Report] Image search: [Google]

Anonymous 2016-10-07 17:53:15 Post No.56967793 [Report]

File: 1467662442930.gif (4MB, 879x690px) Image search: [Google]

4MB, 879x690px

>>56965757

Anonymous 2016-10-07 18:48:55 Post No.56968468
[Report]

Anonymous 2016-10-07 18:48:55 Post No.56968468 [Report]

CLICK CLICK CLICK CLICK CLICK CLICK CLICK CLICK

Anonymous 2016-10-07 19:56:24 Post No.56969457
[Report]

Anonymous 2016-10-07 19:56:24 Post No.56969457 [Report]

>>56965757
What is Alpine Linux?

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible. Read more on this topic here - https://archived.moe/talk/thread/1694/

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/