Welcome to the Dark Market! - We will be closing Open Registration on 31-MARCH-2017 so please grab your Free Account (Click here) while you can. It's FREE and takes just 1 minute!
  • You can contact Admin via Email: [email protected]

  • - OUR NEW DOMAIN: CARDINGF.COM -
    Connection secured via HTTPS & Anti-DDoS Protection -   

    #1 Money Making Forum - Carding Forum - Carders Forum
    Official Escrow & Donation Bitcoin Wallet:
    Buy AD on Forum by Clicking Here! 
     Bank Transfers, PayPal Skrill Hacked 


    Thread Rating:
    • 37 Vote(s) - 2.65 Average
    • 1
    • 2
    • 3
    • 4
    • 5

    [-]
    Tags
    microsoft office word exploits universal doc exploit pack

    Microsoft Office Word Exploits universal .doc exploit-pack
    #1
    Heart 
    MICROSOFT WORD INTRUDER (MWI)

    MWI - professional "means of delivery", the exploit pack on the basis of a number of the most urgent one-day vulnerabilities in the products of Microsoft Office Word. Document generated MWI may contain exploits with up to 4 at once:

    1. CVE-2010-3333
    2. CVE-2012-0158
    3. CVE-2013-3906
    4. CVE-2014-1761

    And updates private exploits to clients

    Executable .exe file may be contained in the body of the document itself, and extend the link to the web-server. What distinguishes this exploit from all other solutions:

    Uniqueness MWI - this is the only solution on the market .doc exploits,
    which represents multieksployt and attack multiple vulnerabilities simultaneously.
    This approach increases the chances of success and allows to attack two vectors update:
    Operating system and Office suite of applications itself.VersatilityMWI covers almost the whole
    range of versions of Microsoft Office: Word XP, Word 2003, Word 2007, Word 2010. Each exploit
    is implemented to be able to attack as much as possible the vulnerable versions
    and operating systems. Coverage of vulnerable systems MWI favorably with all alternatives.

    Exploit the most independent of all sorts of conditions for a successful attack: whether the version of the software installed in the system or certain defenses OS. Each stage of exploit careful attention to detail.Bypass protectionExploit the most complicates their detection: each element is protected from the exploit detected by a complex of means: from the banal to the polymorphism of obfuscation and encryption. Each generated exploit has its own unique signature, maximum randomized structure and data. In addition to the counter signature methods exploit uses a variety of methods to bypass proactive (behavioral) detection equipment. In particular, the launch .exe-file made from a trusted system process context.Support and continuous developmentMWI for a wide audience was introduced to the market, although its first versions were created and used in a rather narrow circle of people. The project progressively refine and improve, acquiring new exploits and modules vkontse fully formed to exploit the whole pack with a flexible, modular architecture. The project is constantly evolving and not static. We regularly release updates that make cleaning supplement exploit pack new exploits and modules. We are committed to long-term cooperation.

    innovation

    Additional Information:

    CVE-2010-3333: RTF pFragments Stack Buffer Overwrite Remote Code Execution Exploit [MS10-087]

    EXPLOITABLE WORD VERSIONS:    
    Word 2003 32-bit XP, Vista, Win7, Win8 32 & 64 bit
    Word 2007 32-bit XP, Vista, Win7, Win8 32 & 64 bit
    Word 2010 32-bit XP, Vista, Win7, Win8 32 & 64 bit

    VULNERABLE MODULE PATHS:
    Word 2003 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
    Word 2007 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
    Word 2010 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll

    PATCHES:
    Word 2003 mso.dll 11.0.8329.0000
    Word 2007 mso.dll 12.0.6545.5004
    Word 2010 mso.dll 14.0.5128.5000

    alternative solutions: Complete versatility and reliability, the only universal and real working solution

    CVE-2012-0158: MSCOMCTL.OCX ListView Stack Buffer Overwrite Remote Code Execution Exploit [MS12-027]
    EXPLOITABLE WORD VERSIONS:
    Word 2003 32-bit XP, Vista, Win7, Win8 32 & 64 bit
    Word 2007 32-bit XP, Vista, Win7, Win8 32 & 64 bit
    Word 2010 32-bit XP, Vista, Win7, Win8 32 & 64 bit

    VULNERABLE MODULE PATHS:
    C:\WINDOWS\system32\MSCOMCTL.OCX
    C:\Windows\SysWOW64\MSCOMCTL.OCX

    EXPLOITABLE VERSIONS: 
    MSCOMCTL.OCX 6.01.9545
    MSCOMCTL.OCX 6.01.9782
    MSCOMCTL.OCX 6.01.9786
    MSCOMCTL.OCX 6.01.9813
    MSCOMCTL.OCX 6.01.9816
    MSCOMCTL.OCX 6.01.9818

    PATCHES:
    MSCOMCTL.OCX 6.01.9833
    MSCOMCTL.OCX 6.01.9834

    * the vulnerability is not present in some assemblies MSOffice, do not support ActiveX, such as Office 2010 Starter, and various pirate assemblies, where the module MSCOMCTL.OCX just missing.


    CVE-2013-3906: TIFF Heap Overflow via Integer Overflow [MS13-096]
    EXPLOITABLE WORD VERSIONS:
    Word 2007 32-bit XP, Vista, Win7  32 & 64 bit
    Word 2010 32-bit XP              32 bit

    *the exploit is based on technology heap-spray

    1. EXPLOITATION OF OGL.DLL (Office 2007)

    VULNERABLE MODULE PATHS:
    C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL 

    EXPLOITABLE:
    OGL.DLL 12.0.6509.5000
    OGL.DLL 12.0.6420.1000
    OGL.DLL 12.0.6420.1000
    OGL.DLL 12.0.6415.1000
    and others

    PATCHES:
    OGL.DLL 12.0.6700.5000
    OGL.DLL 12.0.6688.5000
    OGL.DLL 12.0.6679.5000
    OGL.DLL 12.0.6659.5000
    OGL.DLL 12.0.6604.1000

    2. EXPLOITABLE VERSIONS OF OGL.DLL (Office 2010 + XP)

    VULNERABLE MODULE PATHS:
    C:\Program Files\Common Files\Microsoft Shared\OFFICE14\OGL.DLL

    EXPLOITABLE:
    OGL.DLL 4.0.7577.4098
    OGL.DLL 4.0.7577.4392
    and others

    PATCHES:
    OGL.DLL 4.0.7577.4415

    difference ga me from all the alternative solutions: - speed heap-spray - Universality (the attack immediately to the office2007 + office2010) - Universal ROP once for the two versions MSCOMCTL.OCX 983x - Opportunities for further cleansing and exploit obfuscation - Minimum detectable exploit (exploit only in RTF)

    CVE-2014-1761: RTF ListOverrideCount Memory Corruption / Object Confusion [MS14-017]
    EXPLOITABLE WORD VERSIONS:
    Word 2010 32-bit Win7, Win8

    VULNERABLE MODULE PATHS:
    C:\Program Files\Microsoft Office\Office14\wwlib.dll

    EXPLOITABLE:
    wwlib.dll 14.0.4762.1000
    and others

    PATCHES:
    wwlib.dll 14.0.7121.5004

    alternative solutions: - Support for windows 8/10 - Undetectable exploit

    [Image: 055b555397f787424abb4afab05ce1ae.png]

    MWISTAT 2.0: statistic Web-server statistics mwistat allows to conduct complete statistics of exploit, from logging when and how much was open document or booted .exe-file from any IP-address and some other information, such as User-Agent.Menu:FILES - downloadable .exe-fileLOGS - logsSTATS - StatisticsTOOLS - ext. Tools (IP-whois)Section FILES is a table with the following columns:FILE_ID - file identifier (8 digits)FILE_NAME - the name of the .exe fileFILE_DATE - date file downloadFILE_STAT_URL - com-called "stat" for a link to this file (specified in bildere)FILE_LOGS - buttons to see logs / statistics on the file (LOGS | STATS)ACTION - a button to download, edit (reupload), delete the file (GET | EDIT | DEL)ADD NEW FILE button allows you to download .exe-file to the server.Section LOGS is a table with the following columns:DATE_TIME - date and time of the request (when you are sorted by time in reverse order)FILE_ID - file identifier (8 digits)IP_ADDRESS - IP-addressIP_INFO - the country, the flag (when pressed displays all IP-whois information)ACTION - is of three kinds:   1. OPEN - opening a document.   2. LOAD - the download .exe file. if marked with failed - .exe-file has been deleted from the server and was not loaded.   3. SUSP or SUSPICIOUS - a suspicious request. it may be hacking attempts or other activities of hackers, antivirus companies, researchers and other undesirables.USER_AGENT - Field HTTP-package User-AgentGET_DATA - GET parameters passed to id and act HTTP-requestCLEAN STATS button allows you to clear all the logs and statistics.Section STATS - several tables.Statistics on requests:TOTAL REQUESTS - all received requests to the serverOPENED - of these requests is openLOADED - loadedSUSPICIOUS - suspicious requestsStatistics on the unique IP-addresses:TOTAL IPs - all unique IP-addressesOPENED - openLOADED - loadedSUSPICIOUS - suspicious requestsTOTAL% - the percentage of punchingStatistics on the unique IP-addresses (extended list attacked IP)IP-ADDRESS - IP-address (when pressed - to view all the requests from this IP)IP-INFO - the country, the flag (when pressed displays all IP-whois information)OPENED - of these requests is openLOADED - loadedSUSPICIOUS - suspicious requestsCLEAN STATS button also allows you to clear all the logs and statistics.TOOLS section contains IP-whois service - enter the IP, and click whois obtain the required information.

    Estimated price for the builder: $ 300 
    there are more budget options (trimmed assembly) standart price $ 50

    Multi Pack Price = 300$

    on technical matters, if you already have a product developer if you want to purchase the product and have questions, please write here:

    Accept PerfectMoney and BTC Bitcoin

    icq =   687268202
    jabber = [email protected]
    Reply
    #2
    Updates
    Reply
    #3
    Any feedback
    Reply
    #4
    (Today)darkside1738 Wrote: Any feedback

    i'm interested...escrow welcome???
    Reply


    Forum Jump:


    Users browsing this thread: 2 Guest(s)