exploit the possibilities
Showing 1 - 25 of 556 RSS Feed

Trojan Files

The R.A.T In The Shell
Posted Feb 14, 2020
Authored by Pradyumn Khanchandani, Siddharth Balyan, Monika Arora

This whitepaper is an analysis of the breach into the Kudankulam Nuclear Power Plant through the lens of Cyber Kill Chain, the study of remote access trojans, and the targeting of critical infrastructure.

tags | paper, remote, trojan
MD5 | c9ed98dbcbf5c0a3dfbec128ccf74d1b
ScanGuard Antivirus Insecure Permissions
Posted Nov 13, 2019
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Scanguard versions through 2019-11-12 on Windows has insecure permissions for the installation directory, leading to privilege escalation via a trojan horse executable file.

tags | exploit, trojan
systems | windows
advisories | CVE-2019-18895
MD5 | 395b36711cd21e23af1e2c01cdd5e128
D-LINK Central WifiManager (CWM 100) 1.03 r0098 DLL Hijacking
Posted Nov 9, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices will load a trojan horse "quserex.dll" and will create a new thread running with SYSTEM integrity.

tags | exploit, trojan
advisories | CVE-2018-15515
MD5 | 7d5b487d0bc7a54d4746370b3f054425
Microsoft DirectX SDK (June 2010) Xact3.exe DLL Hijacking
Posted Aug 11, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

The Microsoft DirectX SDK "Xact3.exe" cross-platform tool allows for arbitrary code execution via a trojan horse file "xbdm.dll" in the current working directory, upon opening a ".xap" project file from the same location.

tags | exploit, arbitrary, trojan, code execution
MD5 | d7f1056ce3aa140ad0e115c7bf50b3c0
Polaris Office 2017 8.1 Remote Code Execution
Posted Jun 26, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Polaris Office 2017 version 8.1 allows attackers to execute arbitrary code via a trojan horse "puiframeworkproresenu.dll" file in the current working directory, due to a search order flaw vulnerability.

tags | exploit, arbitrary, trojan
advisories | CVE-2018-12589
MD5 | cb627d3986c07f094a3e4282ca8924de
Foscam Cameras And Network Devices Hardcoded Keys
Posted Apr 8, 2017
Authored by Nick M McKenna

All Foscam cameras and network devices use the same SSL private key that is hard coded into the downloadable firmware. The keys were extracted using the utility 'binwalk' and allow an attacker to MITM any Foscam device.

tags | exploit, trojan
MD5 | f9b6c2e53b7f33e185a5629869b46838
Apache OpenOffice 1.0 Windows Installer Trojan Execution
Posted Nov 26, 2016
Authored by Cyril Vallicari

The Apache OpenOffice installer for Windows contained a defective operation that could trigger execution of unwanted software installed by a Trojan Horse application. The installer defect is known as an unquoted Windows search path vulnerability. In the case of Apache OpenOffice installers for Windows, the PC must have previously been infected by a Trojan Horse application (or user) running with administrator privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. The exploit may already have operated on the user's PC.

tags | advisory, trojan
systems | windows
advisories | CVE-2016-6803
MD5 | 7705d5ab1a4089c1df13600a4048d119
HP Security Bulletin HPSBNS03635 1
Posted Aug 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBNS03635 1 - Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. Revision 1 of this advisory.

tags | advisory, remote, local, trojan, perl, php, vulnerability
advisories | CVE-2013-7456, CVE-2014-4330, CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394, CVE-2015-8607, CVE-2015-8853, CVE-2015-8865, CVE-2015-8874, CVE-2016-1238, CVE-2016-1903, CVE-2016-2381, CVE-2016-2554, CVE-2016-3074, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073, CVE-2016-4342, CVE-2016-4343, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539
MD5 | 208143266211c16a2e73608c2b984f2c
Linux.Liora ELF Prepender
Posted May 7, 2015
Authored by TMZ

Linux.Liora is an ELF binary infection tool written in Go. Archive password is set to p4ssw0rd. Use at your own risk.

tags | trojan
systems | linux
MD5 | 1da80990474640002885d779ca73905c
Linux.Zariche File Prepender Virus
Posted Mar 12, 2015
Authored by TMZ

Source code for Linux.Zariche, a proof of concept elf (x86_64) file prepender, written in Vala. Archive password is set to p4ssw0rd. Use at your own risk.

tags | trojan, proof of concept
systems | linux
MD5 | 367de68d9e9604a69a4e2ce440386280
Hesperbot Detection Scanner 1.0
Posted Nov 7, 2014
Authored by Mert SARICA | Site mertsarica.com

Hesperbot Scanner is a windows binary that is able to detect the Hesperbot banking trojan by fingerprinting memory and looking for things that traditional antivirus software fails to catch early during the malware campaigns.

tags | tool, trojan
systems | windows
MD5 | 6e50932089aaee64f33c7521af785baa
Mandriva Linux Security Advisory 2014-162
Posted Sep 2, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-162 - Untrusted search path vulnerability in Catfish allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.

tags | advisory, local, trojan
systems | linux, mandriva
advisories | CVE-2014-2093
MD5 | 22bdaf3a14f26e6a8f8ee1e4859bb0a8
Check Rootkit 0.50
Posted May 23, 2014
Authored by Nelson Murilo | Site chkrootkit.org

Chkrootkit checks locally for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.

Changes: New and enhanced tests, minor bug fixes.
tags | tool, trojan, integrity, rootkit
systems | linux, netbsd, unix, solaris, freebsd, openbsd, hpux
MD5 | 9e67dd56f835264d43aeb04944610b03
Ammyy Admin 3.2 Access Bypass
Posted Jan 19, 2014
Authored by Bhadresh Patel

There is a hidden option and access control vulnerability in Ammyy Admin tool which allows an attacker to utilize "Ammyy Admin tool" as a trojan horse to access the computer without a victim's information. Versions 3.2 and below are affected.

tags | exploit, trojan
advisories | CVE-2013-5581, CVE-2013-5582
MD5 | 30120c2b49d33e102046637f8588d5b7
Emperor Security Magazine #2
Posted Jun 16, 2013
Authored by est | Site emperor-team.org

Emperor Security Magazine issue number two. This issue discusses SSL, EIGRP, trojans, and more. Written in Persian.

tags | trojan, magazine
MD5 | 1b813329d3c49ff598bbaa3406380bb6
Manipulating Memory For Fun And Profit
Posted Feb 9, 2013
Authored by High-Tech Bridge SA, Frederic Bourla | Site htbridge.com

Memory analysis and manipulation can provide security analysts with formidable weapons. During his talk at Information Security Day for ISACA Luxembourg Chapter, Frederic BOURLA presented most memory manipulation tricks from both offensive and defensive angles. The talk first dealt with the attacker’s layer, from pivoting attacks to IEEE1394 issues through in-memory fuzzing, which permits auditors to bypass built-in features, network limitations and encryption to remain able to uncover security vulnerabilities in a running application. In a second stage, the talk focused on the benefits of memory manipulation in computer forensics and malware analysis fields, especially when facing sophisticated malcode, such as kernel rootkits or heavily encrypted reverse trojans. Basically, this talk aimed to open the doors to a fascinating world which could easily allow security analysts to save lots of time during their recurrent duties. These are the slides from the talk.

tags | paper, kernel, trojan, vulnerability
MD5 | 15b76834e6e1d95bcaf4711fcf9bed73
Mandriva Linux Security Advisory 2012-077
Posted May 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-077 - Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.

tags | advisory, denial of service, arbitrary, local, trojan
systems | linux, mandriva
advisories | CVE-2010-4167, CVE-2012-0247, CVE-2012-0248, CVE-2012-1185, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
MD5 | fa1ac8dbf0bf748076337278c27ec507
HP Security Bulletin HPSBPV02754 SSRT100803 2
Posted Apr 27, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV02754 SSRT100803 2 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity. Revision 2 of this advisory.

tags | advisory, trojan
advisories | CVE-2012-0133
MD5 | 4d95f4cfc66c0fa4f9c45feaf62536b8
Mandriva Linux Security Advisory 2011-169
Posted Nov 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-169 - Security issues were identified and fixed in mozilla NSS, firefox and thunderbird. 22 weak 512-bit certificates issued by the DigiCert Sdn. Bhd certificate authority has been revoked from the root CA storage. Untrusted search path vulnerability in Mozilla Network Security Services might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. Cross-site scripting vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, local, root, trojan, xss
systems | linux, mandriva
advisories | CVE-2011-3640, CVE-2011-3647, CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
MD5 | e1ba60163ff2de637296e552394bcc62
Mandriva Linux Security Advisory 2011-138
Posted Sep 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-138 - This advisory updates wireshark to the latest version (1.6.2), fixing several security issues. Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service via a malformed packet. Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service via a malformed capture file that leads to an invalid root tvbuff, related to a buffer exception handling vulnerability. The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service via a malformed packet. The updated packages have been upgraded to the latest 1.6.x version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, local, root, trojan
systems | linux, mandriva
advisories | CVE-2011-3360, CVE-2011-3482, CVE-2011-3483, CVE-2011-3484
MD5 | 5e24d9230a5e85e93c1e688990e0713c
Client-Side Threats - Anatomy Of Reverse Trojan Attacks
Posted Jul 5, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.

tags | paper, trojan, vulnerability, virus
MD5 | 36054688bba7ebe7679c2a7ea52cb023
SCADA Trojans: Attacking The Grid
Posted Mar 23, 2011
Authored by Ruben Santamarta | Site reversemode.com

Presentation slides from "SCADA Trojans: Attacking the Grid" as it was presented at RootedCon'11 in Madrid.

tags | paper, trojan
MD5 | 03bf99a42d0af2409634999d4ede25df
Mandriva Linux Security Advisory 2011-035
Posted Feb 22, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-035 - The tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. The updated packages have been patched to correct this issue.

tags | advisory, local, trojan
systems | linux, mandriva
advisories | CVE-2010-4005
MD5 | 2a890d46c480f890c31b7d48a38830a2
Mandriva Linux Security Advisory 2011-034
Posted Feb 21, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-034 - The muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

tags | advisory, local, trojan
systems | linux, mandriva
advisories | CVE-2010-3998
MD5 | 203eb0318720e7b1b83266ee536499c7
ProFTPD 1.3.3c Trojan Source Code
Posted Dec 3, 2010

ProFTPD version 1.3.3c compromised source remote root trojan code.

tags | exploit, remote, root, trojan
MD5 | 792c8074796b7beeadea6b6cf2fae8c7
Page 1 of 23
Back12345Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close