Advertisement
Guest User

Blackhole Exploit Kits update to v2.0 - Google Translate

a guest
Sep 12th, 2012
2,894
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.61 KB | None | 0 0
  1. BlackHole exploit Kit 2.0
  2.  
  3. Are pleased to welcome you to a brand new version of the bundle of exploits. For more than 2 years of existence of our project, the old engine arrival and ligaments badly worn, AV companies have become very quick to recognize that this kind of criteria BlackHole and flag it as malware. In the new version we have rewritten from scratch, and re-written from scratch is not only part of the issuance of exploits, but also the admin panel.
  4.  
  5.  
  6. Of the innovations on the issue:
  7. 1. We have maximum protection from exploits avtoskachivaniya their AV companies now generate a dynamic URL, which is valid for a few seconds, you need only one infection potentially setting the link man.
  8. 2. Now, just as secure and your exe, AV company can not just download it, which will keep your exe as long as clean.
  9. 3. JAR and PDF files show only those versions of plug-ins that are vulnerable if the plug is not vulnerable, sployty is issued, and not get dirty once again.
  10. 4. We managed to give up plugindetect to determine the version of Java that will remove a lot of the bunch of extra code thus accelerating the download bundles, as well as file getJavaInfo, who ran the car at all Java calling, regardless of whether that person is vulnerable or not.
  11. 5. Have been removed all the old exploits, giving tiny but frightening breaking visual alerts and crash the browser, such as Flash, HCP, PDF All ... Now the link in the admin area of ​​the number 3 Exploit: Java Pack (atomic + byte), PDF LibTiff, MDAC (he left because he did not crash the browser without palitsya Avery because we managed to clean up, and the old IE6 is still working as a necessary)
  12. 6. In version 1. * Reference to traffic unfortunately was recognizable for AV companies and reversers, she looked this kind,. / Main.php? Varname = lgjlrewgjlrwbnvl2. The new version of the link to the traffic you can make yourself, here are some examples: / news / index.php, / contacts.php and so on, now for the moment no one AV can not catch. And by default stream names when creating the flow created automatically from the dictionary with the actual words and not a random letters.
  13. 7. Issuing now given only unique users that show when re-entering up to you, it can be edited as HTML stub by you, and redirect them to let your Landing or any other site.
  14. 8. Now all URLs are dynamic, without permanent names for variables that could be hooked, the exe file to download now just simply do not have, or slashes to the JAR, now go all the way directly to the file to which you came.
  15. Developed and implemented a lot more chips that brag and shout in Public simply not reasonable, that competition and the AV companies do not nap.
  16.  
  17.  
  18. Of the innovations in the admin panel:
  19. 1. Captcha entered for logging on to our practice, it was not enough to break a few cases the admin panel of clients by Brutus, it should not slow down a lot of some wise men.
  20. 2. Statistics on the flow now easy to see by selecting it from the drop down menu on the home page of statistics, will also become available for quick viewing and copying the reference to guest statistics.
  21. 3. Now the admin panel will not slow down when it reaches 1-2kn cores, and generally will not slow down, the entire load is distributed on the scripts are executed on the crown and the grouping of piles of logs in one account, it will never reset statistics and stash it almost years. Essentially version 2.0 we wrote for what amounts to a bunch of could hold many times more than the old version, which we successfully achieved.
  22. 4. Added the ability to be used as an aid to performance Memcached, and very convenient, and it can not be used for those who do not bring down the volume of traffic the server.
  23. 5. To the list of operating systems added to Win 8, and mobile devices, in order to see how much of your traffic is mobile, and mobile traffic, you can redirect to the appropriate affiliate.
  24. 6. In the molasses, we also see the innovations might have been allowed to operate with two types of rules, exploits and redirects now Add item stub. Plug is used to display a static html page. For example, you can make a plug for Google Chrome traffic, and there to create a page with the text of its kind: This page only works in Internet Explorer, Opera, Firefox.
  25. 7. Now it is a welcome feature, disable flow with fawn exe file. The system automatically checks the pale of your file through the time you specify when you add a file.
  26. 8. Now you can use a bunch as a gasket between the power cores and the place of her destination, for which to create an opportunity to select the stream URL to redirect to waste a bunch of cores. It is useful to pass a few cores ligaments, or for subsequent redirect to Landing.
  27. 9. When added to the file will be possible to specify the frequency of inspection of the file on the pale AB, as well as an update file with slashes (if the file is added to urlu).
  28. 10. There is a new menu item "Software Version", where we can watch the version of plugins Java, Acrobat reader of your traffic, see the breaking of each version, monitor the quality of traffic by looking at is whether trafer pierces the plug-ins in your traffic. It is very useful for evaluating the quality of traffic and to monitor the performance sployty on the right version of the plugin.
  29. 11. Completely updated "Security", about it can devote even a sub-section:
  30. a) the opportunity to block traffic without referer (we recommend to always keep on)
  31. b) the opportunity to ban unnecessary referrers
  32. c) the opportunity to ban all referrers except those you
  33. d) the opportunity to ban bots on a prepared base of 13k ipov (thanks xshaman) (recommend that you keep it turned on)
  34. d) the opportunity to ban TOR network, Types which are dynamically updated as the practice most reversers work from there (it is recommended to always keep on)
  35. e) there was a recording mode, let you stop the traffic and you do not have to wait for the traffic of which, put the record mode, and all reversers and bots that run on your link after stopping cores directly go to the ban list)
  36. 12. As in Section 11, we had many opportunities to bans, selecting at least one version of the ban, the menu, the "Ban Statistics", in which you can see the number of blocked traffic, and the reason for the lock
  37. 13. In the settings section, we can now specify in more detail what we want to do with the referrer statistics (not to record the referrer, and keep track referrers Keep track referrers without displaying the guest of the article)
  38. 14. An opportunity to update GeoIP database with one click in the admin
  39. 15. All of which had expected to able to disable a bunch of incriminating in the domain, it looks like this: when you choose how much AB domain considered not clean (eg 1) as soon as the domain gets in the black for one auto, it switches to the next. It is also possible to specify what to do if a net domains run out, turn off a bunch of completely, or use no net domain.
  40. 16. In connection with the adjustment described in paragraph 15, a new menu "Domains", where we can add lists of domains incriminating see them, manage them completely, as well as the opportunity to get API reference for a particular stream, on which you can always see a link to a clean traffic.
  41. In fact, version 2.0 is not a continuation of the old bunch, is a completely new system written entirely from scratch, given the client is going to request for more than two years of operation, version 1. *
  42.  
  43.  
  44.  
  45. So glad to report that prices have remained the same:
  46.  
  47. Rent on our server:
  48. -Day rental - $ 50 (limit traffic 50k hits)
  49. -Week rent - $ 200 (limit traffic 70k hits a day)
  50. -Month lease - $ 500 (limit traffic 70k hits a day)
  51. if need traffic limit can be raised for the add. fee
  52.  
  53. The license for your server:
  54. -License for 3 months $ 700
  55. -The license for six months $ 1,000
  56. License-year $ 1500
  57. multidomain version bundle - $ 200 one-time fee for the duration of the license (not binding on the domain and the ip)
  58. change of the domain on the standard version bundle - $ 20
  59. change ip for multidomain version cords - $ 50
  60. a one-time cleaning - $ 50
  61. avtochistki a month - $ 300 (cleaning poured yourself on your server, as soon as your slept kriptor)
  62.  
  63.  
  64. -------------------
  65. Due to the fact that the topic for version 1. * Accumulated a lot of reviews and reports for version 2.0 allocated a separate topic, and the old top will be closed as a history, here is the link to it: http://exploit.in/forum/index. php? showtopic = 41662
  66.  
  67.  
  68. Contacts:
  69.  
  70. Author and a support to one person (working normalized):
  71. JID: paunch@jabber.no
  72. JID: paunch@thesecure.biz
  73. JID: paunch@neko.im
  74. ICQ: 343002
  75.  
  76. A support (working hours from 9 to 19 on weekdays):
  77. JID: blackhole2@jabber.ru
  78. ICQ: 530082
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement