Government Security
Network Security Resources

Jump to content

Photo

Neosploit toolkit

- - - - - network exploit advanced javascript cgi tools ips ids
  • Please log in to reply
12 replies to this topic

#1 bruxelles

bruxelles

    Private

  • Members
  • 12 posts

Posted 06 August 2008 - 04:07 PM

The Neosploit toolkit is an advanced exploit framework to compromise web site visitors. It was written by "grabarz". It is unknown if this is a group or an individual. There's some information which suggests it is an individual.
It's not as popular as the Mpack toolkit but is gaining popularity steadily. It was written in the C language and is used as a CGI script. It can support multiple users from the same script. The exploit code will be the same from all users but the delivered executables can be different.

Similar to other toolkits this one provide various statistics too. Instead of using a database as the means to store them Neosploit uses several files with specific internal structures. The following information about the visitor is logged: Operating System, Web browser and its version, IP address, and the Referer.

Delivered exploit code is obfuscated using custom Javascript decoding function. The function name and all local variables are random in order to avoid detection by Network IDS. Often, several layers of obfuscation with anti-decoding tricks are used to deter the faint-hearted.

Toolkit's URL scheme is designed in such a way which will prohibit thecurious of obtaining the executables even if the same one is used from previous exploits.

Perhaps the reason for its slow adoption is its high price. It ranges, depending on version, from $1500 to $3000. Common version seen today in the wild is 1.5.x, with 2.0.x in beta mode. First detected version was 1.0.x



neosploit toolkit


passwd=infected

#2 nrk77

nrk77

    Private First Class

  • Members
  • 67 posts

Posted 06 August 2008 - 11:05 PM

passwd=infected


Indeed infected ..somebody throw him out
:ph34r: :unsure: :ph34r:
"Man is still the most extraordinary computer of all"
----------http://dark-computing.blogspot.com -----------

#3 genxweb

genxweb

    Corporal

  • Members
  • 191 posts

Posted 07 August 2008 - 04:32 AM

passwd=infected


Indeed infected ..somebody throw him out
:ph34r: :unsure: :ph34r:



He clearly states that this is an exploit you dl it and unzipped it at your own risk. It is not his fault that you don't understand what this is. Thanks for the pack I am going to take a look at this in my sandbox to see if I can learn more on this.

#4 nrk77

nrk77

    Private First Class

  • Members
  • 67 posts

Posted 10 August 2008 - 10:32 PM

I m sorry my mistake....
I remember there was discussion over this toolkit some time around...ahh here it is
http://governmentsec...showtopic=27659
:ph34r: :unsure: :ph34r:
"Man is still the most extraordinary computer of all"
----------http://dark-computing.blogspot.com -----------

#5 meathive

meathive

    Staff Sergeant

  • Sergeant Major
  • 254 posts

Posted 11 August 2008 - 08:02 AM

http://ddanchev.blog...nderground.html
...oO oO oO kinqpinz.info Oo Oo Oo...
---------------------------------------------------------
# angelheaded hipsters
## burning for the ancient heavenly connection
### to the starry dynamo
#### in the machinery of night.

#6 Daemon

Daemon

    Private First Class

  • Members
  • 22 posts

Posted 24 August 2008 - 12:32 AM

passwd=infected


Indeed infected ..somebody throw him out
:ph34r: :unsure: :ph34r:


Why throw him out? you must know that all the public package are infected and backdoored , so better buy the private version of $7k . or don't use the public pack!

#7 Theorys23

Theorys23

    Private

  • Members
  • 1 posts

Posted 24 August 2008 - 04:19 PM

Thanks for this mate! :ph34r:
[Edit: Glyph: Read the forum rules. Thanks Posts forbidden. /Edit]

#8 k3yd00

k3yd00

    Private

  • Members
  • 4 posts

Posted 27 August 2008 - 07:36 PM

tn.q pals. ;)
[Edit : Glyph: Didn't you read the post above yours? NO THANKS POSTS. Ever! /Edit]

#9 scnewbie77

scnewbie77

    Private

  • Members
  • 1 posts

Posted 09 April 2009 - 01:22 PM

passwd=infected


Indeed infected ..somebody throw him out
:ph34r: :unsure: :ph34r:



He clearly states that this is an exploit you dl it and unzipped it at your own risk. It is not his fault that you don't understand what this is. Thanks for the pack I am going to take a look at this in my sandbox to see if I can learn more on this.


I am new to coding and don't know what a sand box is. could you please explain what this "sand box" thing is that you are talking about.


thanks :D

#10 webdevil

webdevil

    Retired GSO General

  • Sergeant Major
  • 1,195 posts

Posted 09 April 2009 - 02:18 PM

Here's a link for you
http://tinyurl.com/cbrjwk

#11 r3m0t3 eXecut0r

r3m0t3 eXecut0r

    Private

  • Members
  • 1 posts

Posted 21 March 2011 - 06:47 AM

Is this the version 2 but it doesn't matter because the development is stopped if you still want to download it you can get it here :
http://rapidshare.co...neosploit-2.rar


#12 sajid89

sajid89

    Private

  • Members
  • 9 posts

Posted 02 May 2012 - 02:51 AM

this is an exploit you dl it and unzipped it at your own risk. It is not his fault that you don't understand what this is. Thanks for the pack I am going to take a look at this in my sandbox to see if I can learn more on this.

#13 SystemX

SystemX

    Private

  • Members
  • 1 posts

Posted 29 June 2013 - 03:29 PM

Who on earth don't know what a sandbox is lol skiddy you've probably got 100 viruses by now i would reinstall your os and get sandbox







Also tagged with one or more of these keywords: network, exploit, advanced, javascript, cgi, tools, ips, ids