1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Senuke, this is not cool !

Discussion in 'BlackHat Lounge' started by au2mopi, Sep 20, 2013.

  1. au2mopi

    au2mopi Junior Member

    Joined:
    Aug 12, 2013
    Messages:
    132
    Likes Received:
    28
    Hello
    first of all , don't mind the neg rep it is another story, and also sorry if this the wrong forum to post in it

    i just wanted to inform you to be carfull with senuke website , i was just surfing and my AV detected a web attack coming from the website, a frame is placed in a web page of an expolit kit (if you don't know what it is ,it is a collection of a lot of exploits basically browser exploits or java or adobe reader ) in senuke membershit, i mean membership

    this is the page containing the malicious code
    Code:
    senuke.com/amember/
    and this is the web page that being framed inside that page
    Code:
    elevenselfhosted.biz:7761/dir/wizard/contact/itunes.php?desktop=1
    i don't advice you to visit any of those urls , especially if you are using an old browser


    this is the result of the scan
    https://www.virustotal.com/en/url/8...b0641ad78775229d39031226/analysis/1379702995/

    it says 2/42 but it doesn't mean anything , an iframe to another website (hidden using css) is suspicious escpeically if it is placed at the end of the html code

    so basically , there is 2 possiblities , either this code placed by senuke website owner , or the website is hacked and the code placed by the hacker (both are not in your intrest) because this means that everyone using senuke could be hacked , and the AV detecting that the file is clean doesn't mean anything
    hackers can crypt viruses against AV easily, the virus can stay undetected for at least a month or a lot more in some cases, and with every update of the software can be replcaed with another new crypt ,which make it impossible to detect that your computes is hacked , the only way to know is by analysing your computer for every connection coming and going using software like wireshark

    but i don't think a lot of people here have those skills or knowledge
    anyway i warned you, personally i don't use senuke and i didn't complete analysing the whole website (i am to tiered)
     
  2. KELLOGGS

    KELLOGGS Supreme Member

    Joined:
    Aug 3, 2012
    Messages:
    1,413
    Likes Received:
    1,393
    Location:
    London (more or less)
    You are seriously underestimating the members of BHW.
     
    • Thanks Thanks x 1
  3. au2mopi

    au2mopi Junior Member

    Joined:
    Aug 12, 2013
    Messages:
    132
    Likes Received:
    28
    oh my god , here we go again , another unrelated comment , now every one will comment on your reply and they forget about the original and the important post !
    EVERYBODY , pelase forget that i said "but i don't think a lot of people here have those skills or knowledge"
     
  4. HerpDerpSlerp

    HerpDerpSlerp Power Member

    Joined:
    Mar 19, 2013
    Messages:
    778
    Likes Received:
    623
    OP you need to calm down. it was probably just an automated script that took advantage of a vulnerability on the server. The webmaster will find out sooner than later and correct the problem. It happens to the best of us. Happened to me 3 times and as quickly as last month from some Russian script.

    It is worse if you use wordpress or other freeware software. One of the reasons why I won't use it
     
  5. au2mopi

    au2mopi Junior Member

    Joined:
    Aug 12, 2013
    Messages:
    132
    Likes Received:
    28
    Yeah , you are right
    i freaked out , forget about it
    look at the bright sight, i just got some more neg rep
     
    • Thanks Thanks x 1