Computer and Online Cyber Security


Computer Security No 1: Kiddie Script


Kiddie script In programming and hacking culture, a script kiddie or skiddie (also known as skid or script bunny) is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. (source: wiki)

Weaponised container = A specialised file that exploits an application level vulnerability to gain control of the EIP register (which contains the address of the next instruction to be executed) on the CPU in order to carry out the intruders code on the target machine. After the exploit occurs, shellcode is executed on the compromised machine.

The shellcode will:
- Locate/resolve operating system API calls
- Decode and execute stages of shellcode
- Locate/download, decode and execute a binary which drops additional malware, sets up persistence mechanisms, displays a decoy document, etc. (source: traceevidence blog)

Zero-day (zero-hour or 0-day) exploit = A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. There are zero days between the time the vulnerability is discovered and the first attack. (

News - Do you allow users to upload photos on your website?

Two Russia security researchers revealed a few hours ago a vulnerability in the ImageMagick image processing library deployed with countless Web servers, a zero-day which they say has been used in live attacks. (source: softpedia)

Nicknamed ImageTragick and identified via the CVE-2016–3714 vulnerability ID, the issue has a massive attack surface, since alongside the GD library, ImageMagick is one of the most used image processing toolkits around.

Attackers can take over servers via ImageMagick

According to the two researchers, there are more than one vulnerabilities in ImageMagick, but the one they call ImageTragick has been used to compromise websites via malicious images uploaded on the server.

The zero-day, which they say is trivial to execute, is still unpatched, but the ImageMagick project has been notified today.

Usually such sensitive bug fixing operations would be carried out in complete privacy, but their decision to go public was influenced by the fact that attackers used the zero-day to compromise servers, and the researchers wanted to give webmasters the opportunity to mitigate the attacks.

Mitigation instructions are available on ImageTragick's website. Proof-of-concept code (Metasploit modules) will be published later on today.

Hackers only need to find websites that allow users to upload photos.

Because ImageMagick is at the base of many image processing libraries and modules, used across a large number of programming languages like Ruby, JavaScript, PHP, Java, and more, any website, running on any platform is vulnerable to this zero-day.

The only condition is that users are allowed to upload files to the server, and a large number of websites do via "user avatar" options.

The researchers declined to reveal any clues regarding the exploitation routine, but based on the mitigation advice, it involves magic bytes and ImageMagick coders.

Magic bytes are the first few bytes of a file used programmatically to identify the image type (GIF, JPEG, PNG, etc.). ImageMagick coders are ImageMagick modules that read and write data to specific image file types.

The researchers said that there's an RCE (Remote Code Execution) bug somewhere in there, that allows attackers to write code to the server. If an attacker is skilled enough, he can upload a malicious image, which uses the zero-day to write a webshell to disk and uses it to take over control of the entire server.

Moderated by Monica Schlesinger:

© 2011 - 2016 Advisory Boards Group             website by aml websites

Advisory Board Group