Advice needed! (.sw...
 
Notifications
Clear all

Advice needed! (.swf)  

  RSS
csusama008
(@csusama008)
New Member

Does anyone know/have any theories if a perp can hack into a pc using a 30KB flash file (with a .swf extension but it does not play in a player)? I have found all of the relevant data in this type of file - it's signature reports it as "unknown". WWYD (what would you do?) What "codes" contained within this file should I be on the look out for?

Thanks

Quote
Posted : 24/02/2009 1:04 am
keydet89
(@keydet89)
Community Legend

Does anyone know/have any theories if a perp can hack into a pc using a 30KB flash file (with a .swf extension but it does not play in a player)? I have found all of the relevant data in this type of file - it's signature reports it as "unknown". WWYD (what would you do?) What "codes" contained within this file should I be on the look out for?

A couple of things…

First, I'd look to see what the signature actually is…"unknown" doesn't help a great deal. Also, I'd look at what tool you're using.

As to any vulnerabilities that might be of use, there may be several, depending upon the OS in question. For example, if its Windows, I'd check out this blog
http//windowsir.blogspot.com/2009/02/looking-for-bad-stuff-part-i.html

HTH

ReplyQuote
Posted : 24/02/2009 1:22 am
jaclaz
(@jaclaz)
Community Legend

Something you can quickly do is to see if TriD
http//mark0.net/soft-trid-e.html
identifies a given format.

jaclaz

ReplyQuote
Posted : 24/02/2009 1:31 am
csusama008
(@csusama008)
New Member

Thanks! The OS is XP and http//mark0.net/onlinetrid.aspx says it is a Macromedia Flash Player Compressed Movie which just doesn't make sense with the data contained within the file.

ReplyQuote
Posted : 24/02/2009 2:11 am
BitHead
(@bithead)
Community Legend

Could this be of some use?
Hide and Seek in A. Flash

or this?
Spammed SWF URLs Abuse ImageShack, Lead to Rogue AV

ReplyQuote
Posted : 24/02/2009 3:04 am
csusama008
(@csusama008)
New Member

Excellent find BitHead, I'm sure this type file was used by a remote hacker to execute information online from another user's pc. Now to find out more information in regards to the code written in this file. Any suggestions?

ReplyQuote
Posted : 24/02/2009 9:40 pm
BitHead
(@bithead)
Community Legend

Excellent find BitHead, I'm sure this type file was used by a remote hacker to execute information online from another user's pc. Now to find out more information in regards to the code written in this file. Any suggestions?

Read THIS article at SANS on analyzing SWF file actions.

ReplyQuote
Posted : 24/02/2009 11:37 pm
Share: