KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Yahoo ad server exploit

https://www.kernelmode.info/forum/viewtopic.php?f=21&t=3111

Page 1 of 1

Yahoo ad server exploit

PostPosted:Mon Jan 06, 2014 11:49 am
by Park Seong Su
Hi folks,
I searching exploit sample regarding yahoo ad server compromising.

a) exploit sample about yahoo ad server hacking. e.g) html, java script, or CVE number
b) Unfortunately I have no idea about hash :(
c) related information : http://thehackernews.com/2014/01/yahoo- ... irect.html#

Thank you in advance :)

Re: Yahoo ad server exploit

PostPosted:Mon Jan 06, 2014 4:15 pm
by Cody Johnston
Here is more detailed info from HitmanPro:

http://hitmanpro.wordpress.com/2014/01/ ... -millions/

Exploit you are looking for is CVE-2012-0507

SHA-256 for the other dropped malware:
Code: Select all
1528545E5A55EB109CBBD11E579B41B82FC5A97A45A1A5E0110F199E2661F8D3
159E8975BF6545C958FB5BD427C9E5ADBE6B8804743B690C8AA74410D7FC7300
26CE58F04C7A002CDBE6F05BADF0E986825B25138802368D79C300B3E2E2E2F0
28140E82A245A63AC5EF1C570EB134F3EC19FC9E067A8D8F87988D284A5DC655
37127616D0ED3D23FAB66F116B8D4DF2BEC0B95405449A5652E64ADA3693BC03
456D4332346E0FBF27B3838700FB8EACCF57DE1E5F79D800C06B1B90518CAB49
45ADA47D018ABEC15F1E06D6D4858A865577FCEA8A4C0934390C69AD0AD8D06C
76741E8256C99F53507D67D2525AE813570EF49054B14919B06955349F96BD50
77481D089DDBE7F4F7CDB0B4AAB60537DEE80D1653D721BC7B7A2CE4E83C374C
A4092A6594263E3B0756A02614E65191875F3564D14D6933638A9E0CC9B25495
A6080BA41FB029CC37641E3CDB84C89A83A77754BE91DCE899142BB5C8E19294
B7637854EEB881927F531997923563275CC73A9697606BD16C7C108203A81A1F
C6148B3A52CEFC754A9B1BE6573BECE14034117DA300F9F66803B4A8FC588B8C
E0270A70A205C71C6C612BDAFCE3D2DE23DA634B98A3613B2B791047CB459E68
E9A9532515257ABBE38C163136FBD49E585D5B18598DBD240A9B5B9867D192DC
EBE3196950E1E374600E8D0BBD1BB30561B02C68D9F1DCE11990BC8C5AF39234
EC71A4A85AC1AB52C49C5DA31D1B4A29349777AC75024626D06C8113BAC779B6
FD831DC7B66E2C05D8B83F0FE6A4C67D57F0E1A2BB7126CDB20963BF

Re: Yahoo ad server exploit

PostPosted:Mon Jan 13, 2014 4:34 pm
by colbyiscute4e
Just a reminder,

in the rules # 10
http://www.kernelmode.info/forum/viewto ... =20&t=1950

10.Requests from users with zero posts, "thank-you" only posts, or requests-only posts not allowed. Make your effort for this place before asking anything.

Including one post


Thanks,
Colby

Re: Yahoo ad server exploit

PostPosted:Mon Jan 13, 2014 5:08 pm
by EP_X0FF
Hello,

yes, seriously you have 1 post for 2+ years and all other your posts are requests.
At least you have now hashes for searching.

Closed.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/