Re: [Full-disclosure] Unbelivable, Pangolin 3.2.3 free edition released

[Jacqui Caren-home <jacqui.caren@xxxxxxxxxxxx>]

On 25/04/2011 06:51, Beatyou Man wrote:
> I tried Pangolin 2.5.2 and the latest one. No data will be transfered to the 
> server you mentioned in 
> "http://laramies.blogspot.com/2009/05/pangolin-and-your-data.html";
>
> Why don't you trust your eyes and try this one?

OK let have a bash - literally.

[jacqui@dieter free_edition]$ strings * | grep nosec
support@xxxxxxxxx
www.nosec-inc.com
www.nosec-inc.com
support@xxxxxxxxx
http://www.nosec.org/product/oracle_data.php?id=
http://www.nosec.org/product/oracle_info.txt
http://www.nosec.org/files/swf/datadumper/datadumper.html
http://www.nosec.org/files/swf/md5crack/pangolin_md5crack.html
http://www.nosec.org/files/swf/injection_digger/pangolin_injection_digger.html
zwell@xxxxxxxxx
http://www.nosec-inc.com/
www.nosec-inc.com
http://www.nosec-inc.com
6http://www.nosec.org/product/oracle_data.php?id=[INFO]
,http://www.nosec.org/product/oracle_info.txt
[jacqui@dieter free_edition]$

Hmm this shows the URLs used to pass data and call SWF apps used to run md5 
cracks etc.
A trace from a vm shows DNS request and a post to oracle_data and a get from 
oracle_info etc.
I mean how clueless do you have to be to not encode the URL's so even a dumbass 
strings can
find them?

OK, anyone who actually uses a tool like this (in a windows box) is pretty dumb 
anyway especially as the
data seems to end up in shenzhen,Guangdong - deffo not omewhere to trust your 
data goign to.

Thankfully work blocks all incoming and outgoing .cn traffic!

It seems the app tries to crack local password files as well - via a remote 
(chineese) system - not exactly nice...

Jacqui

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/