fireeye

What about SHA1?

samiux

Last Sunday, when I was hiking alone to Sai Kung, I met an alien by accident who asked me to download a confidential "data" from their "server".  Due to curious, I nodded to him.  I picked up my Android phone (Android 2.3.8) and noticed that it was not connecting to the internet.  All of sudden, my phone was downloading something.  

Upon the "data" was downloaded, the alien gave me a long serial number and said that it was to check the integrity of the "data".  I double checked it and confirmed that it was a MD5 hash.  Later, I confirmed the hash of the downloaded "data" was same as the alien gave me.  The alien thanked me and flew away with his silver coloured round shape one-seat space ship.

I wondered that what the alien gave me.  I was trying to extract the "data" but failed.  It is no doubt that I am not an "expert" in computing science.  Later, my evil mind told me that why not inject a trojan into the "data" that the alien gave me?  Aha, good idea!

I fired up a debugger and loaded the "data" into it.  After a while, I found some code caves.  My encrypted trojan was injected to the "data" that the alien gave me.

Then I confirmed that the MD5 hash of the "injected data" and the original "data" were the same.  Bingo!  yeah!

I did a lot of experiments and confirmed that I could get the reverse shell from the "injected data".

I emailed the "data" along with my "injected data" to NASA, USA.  I told them the story how I got this "data" and I also told them that I could duplicate the "data" on my Intel ATOM D510 with Ubuntu 14.04.2 LTS x86_64 computer.  Hope they could inspect them as I could not extract the data from the "data".

Finger cross!  I am waiting for the reverse shell from NASA.  ^-^

Samiux

Update reason : fix typo

q_p

回覆 24# samiux
thank for your 外星人故仔 知你講乜了

q_p

錯，係SHA2-256 Secure Hash Algorithm,
PS： 勿以為數字大等於更安全。不是的 ...
Databases 發表於 9/5/2015 05:38 PM

何解不是更安全? 除非成個communication channel已經被操縱, 連個hash都係假的.

fireeye

錯，係SHA2-256 Secure Hash Algorithm,

   PS： 勿以為數字大等於更安全。不是的 ...
Databases 發表於 2015-5-9 17:38

    SHA1仲末有注入工具出現．宜家用SHA1 check file真假仲可以的！

samiux

One of my colleague, Bob, in the office always think that he is an expert in Computer Science.  He is the one who manages the firewall and servers as well as desktops in the company.  He is also a web application programmer and a Linux engineer in the company.  He sometimes act as Helpdesk too.  However, he supports us in a rather rude manner that almost everyone in the company dislike him.

Today, my evil mind come up, "why not hack him for revenge?"  Aha, good idea!  Why not?

After a few seconds, his IP address has been identified and seeing that he always download files from the internet, such as .exe, .tar.gz, zip, rar, and etc.  Meanwhile, the network is mis-configured.

Some of such download sites are running on SSL/TLS.  Hmmm, not a problem at all.  I fire up my arsenal and downgrade the download sites to HTTP.  I intercepted the downloading traffic of Bob and injecting my encrypted trojan into the downloading files on the fly.  I am sure that my trojans are Fully Undetectable (FUD) by any anti-virus program or scanner.  No matter Bob is running Windows or Linux or Mac OSX, his downloaded files are infected without alert from any defending system that he installed.

Bingo!  I get the reverse shell from Bob's Linux system in a minute.  Yeah!  The next step is to install and hide the rootkit from his system.  Cool, cool, cool.  I then wipe all my footprints from his system.  Heheeee...

From now on, I am his worm in his stomach!  ^-^

Samiux

Update reason : fix typo