Re: [Full-disclosure] RC Trojan 1.1d (Undetected)

2014-02-20 Thread ICSS Security 
It's detected now.
ClamAV - PUA.Win32.Packer.Upx-53K7AntiVirus - Trojan ( 000200f91 )K7GW - Trojan 
( 000200f91 )Qihoo-360 - HEUR/Malware.QVM06.GenSymantec - 
WS.Reputation.1TrendMicro-HouseCall - TROJ_GEN.F47V0219
 Too bad they killed it already.
 
 2014-02-19 21:17 GMT+01:00 ICSS Security ctrlaltdel...@outlook.pt:
  Hi,
 
  Just releasing my new achievement.
 
  What is?
  
  RC Trojan AKA Remote Control trojan which allow the control of a computer
  remotely in the same network (Lan/Wan).
 
  It's build in commercial software so it may take a while to get detected but
  MD5 may be applied.
 
  INFO
  
  Basicaly it's an http server and a server routine that executes tasks.
  All can be easily unveiled...
 
  Leave any feedback
 
  Download:
  https://www.mediafire.com/?f6mg1yiyklq6otb
 
  ___
  Full-Disclosure - We believe in it.
  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
  Hosted and sponsored by Secunia - http://secunia.com/

  ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] RC Trojan 1.1d (Undetected)

2014-02-19 Thread ICSS Security 
Hi,
Just releasing my new achievement.
What is?RC Trojan AKA Remote Control trojan which allow the control of 
a computer remotely in the same network (Lan/Wan).
It's build in commercial software so it may take a while to get detected but 
MD5 may be applied.
INFOBasicaly it's an http server and a server routine that executes 
tasks.All can be easily unveiled...
Leave any feedback
Download:https://www.mediafire.com/?f6mg1yiyklq6otb 
  ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] Any not annoying help welcome

2013-12-04 Thread ICSS Security 
Making a turn here, let's see what turns out!
I know that using Wireshark we can capture traffic in/out of the routers 
interfaces.I don't want to dig up the routers concept because face it i already 
know how it works and so do you.
I have only a few questions to ask.
1) The traffic on any device is monitored, correct? So, android devices too.2) 
I have monitor an apk aplication and saved the packets with a succefull login 
and an unsuccefull login.3) I know what the magic number to look for but, i'm 
unable to go further decoding the authentification method.
Can anyone give me a hand here or should i go elsewere? 
  ___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Any not annoying help welcome

2013-12-04 Thread ICSS Security 
Hi, thanks for replying back...
The APK Android app is MEO GO! from PT Comunicações. I always have bad luck 
trying to crack there apps. Back to the subject, It's an on-demand app to watch 
tv, rent movies and tv shows but there is a feature there that i really want to 
add to my hacking kit.
When i try to login, in the app there's a feature called MEO GO! Mobile which 
only requires user to enter there mobile number. It connects via 3G or Wifi and 
it's able to determine if the number you enter matches the simcard mobile 
number.
I WANT THAT QUERY FEATURE
1) If the number is incorrect, it says The number you entered doesn't match 
your simcard number. Please try again (in portuguese)
2) If the number is correct, it loads up the service.
In the attachment i include the Wireshark packets for anyone. If it's breakable 
then you should be able to find my number there.

I will go test the code and wait for any reply. If no response i will walk away 
because sometimes things are impossible until certain point...
From: iaretheb...@gmail.com
Date: Wed, 4 Dec 2013 04:16:56 -0600
Subject: Re: [Full-disclosure] Any not annoying help welcome
To: ctrlaltdel...@outlook.pt
CC: full-disclosure@lists.grok.org.uk

If you want anyone to help you with your specific problem, then you need to 
provide specifics to your problem. Can you post some (or all) of what you're 
trying to decode? If not, can you provide more information on what you're 
seeing? What character set? What length? Is any of it human-readable?



On Tue, Dec 3, 2013 at 3:06 PM, ICSS Security ctrlaltdel...@outlook.pt wrote:





Making a turn here, let's see what turns out!
I know that using Wireshark we can capture traffic in/out of the routers 
interfaces.I don't want to dig up the routers concept because face it i already 
know how it works and so do you.


I have only a few questions to ask.
1) The traffic on any device is monitored, correct? So, android devices too.2) 
I have monitor an apk aplication and saved the packets with a succefull login 
and an unsuccefull login.

3) I know what the magic number to look for but, i'm unable to go further 
decoding the authentification method.
Can anyone give me a hand here or should i go elsewere? 
  



___

Full-Disclosure - We believe in it.

Charter: http://lists.grok.org.uk/full-disclosure-charter.html

Hosted and sponsored by Secunia - http://secunia.com/

  

login sucefully (membership).pcapng
Description: Binary data


logoff (solicit)  login errously (membership).pcapng
Description: Binary data
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/