This exploit framework is nicely designed and has a somwhat object oriented approach.
Browser based exploit code is broken down into seperate modules. Its statistics engine logs several important user variables such as IP, Browser and OS version. By default, it performs a check of the visiting IP to determine if it's already been seen and if so then avoids further interaction with that session.
Another interesting aspect is that it uses output stream buffering with a callback function which will obfuscate all data to avoid detection and readability. Specifically, it uses a random ASCII based substitution table to create a Javascript function which will decode the payload and run it.
The people who wrote this framework (IDT Group), or at least that's their header on top of every source file, know what they're doing. Their code layout and some documentation is displayed in a manner often seen in professional programming projects.
1 comment:
Your blog keeps getting better and better! Your older articles are not as good as newer ones you have a lot more creativity and originality now keep it up!
Post a Comment