Wednesday, May 31, 2023

OVER $60 MILLION WORTH OF BITCOINS HACKED FROM NICEHASH EXCHANGE

Over $60 Million Worth of Bitcoins Hacked from NiceHash Exchange. Bitcoin mining platform and exchange NiceHash has been hacked, leaving investors short of close to $68 million in BTC.
As the price of Bitcoin continues to rocket, surging past the $14,500 mark at the time of writing, cyberattackers have once again begun hunting for a fresh target to cash in on in this lucrative industry.
Banks and financial institutions have long cautioned that the volatility of Bitcoin and other cryptocurrency makes it a risky investment, but for successful attackers, the industry potentially provides a quick method to get rich — much to the frustration of investors.
Unfortunately, it seems that one such criminal has gone down this path, compromising NiceHash servers and clearing the company out.
In a press release posted on Reddit, on Wednesday, NiceHash said that all operations will stop for the next 24 hours after their "payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen."
NiceHash said it was working to "verify" the precise amount of BTC stolen, but according to a wallet which allegedly belongs to the attacker — traceable through the blockchain — 4,736.42 BTC was stolen, which at current pricing equates to $67,867,781.
"Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days," NiceHash says. "In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency."
"We are fully committed to restoring the NiceHash service with the highest security measures at the earliest opportunity," the trading platform added.
The company has also asked users to change their online passwords as a precaution. NiceHash says the "full scope" of the incident is unknown.
"We are truly sorry for any inconvenience that this may have caused and are committing every resource towards solving this issue as soon as possible," the company added.
Inconvenience is an understatement — especially as so much was left in a single wallet — but the moment those coins shift, we may know more about the fate of the stolen investor funds.
Related news
  1. Tools For Hacker
  2. Pentest Tools Website
  3. Pentest Tools For Mac
  4. Computer Hacker
  5. Hak5 Tools
  6. Computer Hacker
  7. Hacker Tools Online
  8. Hack Tools
  9. Hack And Tools
  10. Pentest Tools List
  11. Pentest Tools Framework
  12. Growth Hacker Tools
  13. Hacking App
  14. Hack Tools Download
  15. Hacker Tools Hardware
  16. Computer Hacker
  17. Pentest Tools Linux
  18. Hacking Apps
  19. Hacking Tools Free Download
  20. Hacker Tools
  21. Hacker
  22. Hacker
  23. Pentest Tools
  24. Hack Tools For Windows
  25. Ethical Hacker Tools
  26. Pentest Tools Tcp Port Scanner
  27. Hacking Tools Hardware
  28. Hacking Tools Pc
  29. Pentest Recon Tools
  30. Hacking Tools Mac
  31. Free Pentest Tools For Windows
  32. Pentest Tools Free
  33. Tools 4 Hack
  34. Pentest Tools Review
  35. Hack Tools For Ubuntu
  36. Hacker Tools For Mac
  37. Pentest Tools Subdomain
  38. Blackhat Hacker Tools
  39. How To Make Hacking Tools
  40. Pentest Tools Free
  41. Pentest Tools Windows
  42. Hacking Tools Pc
  43. Hacking Tools For Windows 7
  44. Pentest Box Tools Download
  45. Pentest Tools Download
  46. Hack Tools Pc
  47. Android Hack Tools Github
  48. Hacking Tools Windows
  49. Hacking Tools
  50. Hacker Tools List
  51. Hacking Tools
  52. Wifi Hacker Tools For Windows
  53. Tools Used For Hacking
  54. Hacking Tools Usb
  55. Hack Tool Apk
  56. Best Hacking Tools 2019
  57. Hacker Tools List
  58. Hack Tool Apk No Root
  59. Hacker Tools 2019
  60. Pentest Tools Url Fuzzer
  61. Hack Tools For Games
  62. Pentest Tools Github
  63. Computer Hacker
  64. Underground Hacker Sites
  65. Hacking Tools Name
  66. Hacking Tools For Games
  67. Growth Hacker Tools
  68. Hack And Tools
  69. Hack Tools
  70. Android Hack Tools Github
Posted by at No comments:

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















More info


Posted by at No comments:

Tuesday, May 30, 2023

Fast Emulator For Shellcodes In Rust

I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.

The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.  

There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.

https://github.com/sha0coder/scemu



In less than two seconds we have emulated 7 millions of instructions arriving to the recv. 

At this point we have some  IOC like  the ip:port where it's connecting and other details.

Lets see what happens after the recv() spawning a console at position: 7,012,204


target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204



In the console, pressing "enter" several times to emulate  step into several steps and we arrive to a return instruction.


Let's see the stack in this moment:


The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.

The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next  stage automatically, but for now we have the details to get the stage.


SCEMU also identify all the Linux  syscalls for 32bits shellcodes:



The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen

Let's check with cobalt-strike:


We can see where is connecting and which headers is using, so right now we can replicate the communications.



In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or  for example grep the branches to study the emulation flow.


target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j


target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l


The -l --loops options makes the emulation a bit slower but track the number of iterations.

Is possible to print all the registers in every step with  -r or --registers  but also is possible to track  specific register for example with --reg esi


target/release/scemu -f shellcodes/shikata.bin --reg esi 


In this case ESI register points to the API name, if we track EAX or ECX will see that are the counters of the loop. These shellcodes  contains a hard loop to locate the API names.

The flag -i or --inspect allow to monitor memory using expressions like "dword ptr [eax + 0xa]"

target/release/scemu -f shellcodes/shikata.bin -i 'dword ptr [esi]'

And more things to come...  find a demo below:

https://www.youtube.com/watch?v=qTYmMjW3DFs





More articles


Posted by at No comments:

Hackerhubb.blogspot.com

Hackerhubb.blogspot.com

Related news


Posted by at No comments:
Subscribe to: Comments (Atom)