Ok /g/ apparently there's an exploit that can execute any file if you visit a site on all modern browsers.
Anyone interested in reverse engineering it?
url is : morp.host
exploit is located at rekt.php
make sure to run httpdebugger/charles and click on rekt.php inside VM
you can only run the exploit once, then it grabs your HWID and returns empty next time.
API/Proc mon is also great as some executable will be started named Chrome_Search_XXX.exe
post the HTTP response of rekt.php, thank you.
>>56965453
typo, url is morph.host
Nothing happened on my GNU/Linux machine.
>>56965736
Try using windows + chrome
>>56965736
you mean Linux, right?
>>56965755
Oh... When you said "modern browser" I thought you also meant "modern operating system".
* Trying 192.99.2.94...
* Connected to morph.host (192.99.2.94) port 80 (#0)
> GET /rekt.php HTTP/1.1
> Host: morph.host
> User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
< X-Powered-By: PHP/5.5.31
< Content-Length: 432
< Connection: close
< Content-Type: text/html
<
<!DOCTYPE html>
<html lang="en">
<title>MorphKIT 1.0</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
<link rel="icon" href="favicon.ico" type="image/x-icon">
</html>
* Closing connection 0
>>56965757
CLICK CLICK CLICK CLICK CLICK CLICK CLICK CLICK
>>56965757
What is Alpine Linux?