On 25/04/2011 06:51, Beatyou Man wrote: > I tried Pangolin 2.5.2 and the latest one. No data will be transfered to the > server you mentioned in > "http://laramies.blogspot.com/2009/05/pangolin-and-your-data.html" > > Why don't you trust your eyes and try this one?
OK let have a bash - literally. [jacqui@dieter free_edition]$ strings * | grep nosec supp...@nosec.org www.nosec-inc.com www.nosec-inc.com supp...@nosec.org http://www.nosec.org/product/oracle_data.php?id= http://www.nosec.org/product/oracle_info.txt http://www.nosec.org/files/swf/datadumper/datadumper.html http://www.nosec.org/files/swf/md5crack/pangolin_md5crack.html http://www.nosec.org/files/swf/injection_digger/pangolin_injection_digger.html zw...@nosec.org http://www.nosec-inc.com/ www.nosec-inc.com http://www.nosec-inc.com 6http://www.nosec.org/product/oracle_data.php?id=[INFO] ,http://www.nosec.org/product/oracle_info.txt [jacqui@dieter free_edition]$ Hmm this shows the URLs used to pass data and call SWF apps used to run md5 cracks etc. A trace from a vm shows DNS request and a post to oracle_data and a get from oracle_info etc. I mean how clueless do you have to be to not encode the URL's so even a dumbass strings can find them? OK, anyone who actually uses a tool like this (in a windows box) is pretty dumb anyway especially as the data seems to end up in shenzhen,Guangdong - deffo not omewhere to trust your data goign to. Thankfully work blocks all incoming and outgoing .cn traffic! It seems the app tries to crack local password files as well - via a remote (chineese) system - not exactly nice... Jacqui _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/