Advice needed! (.sw...
 
Notifications
Clear all

Advice needed! (.swf)

7 Posts
4 Users
0 Likes
571 Views
(@csusama008)
Posts: 22
Eminent Member
Topic starter
 

Does anyone know/have any theories if a perp can hack into a pc using a 30KB flash file (with a .swf extension but it does not play in a player)? I have found all of the relevant data in this type of file - it's signature reports it as "unknown". WWYD (what would you do?) What "codes" contained within this file should I be on the look out for?

Thanks

 
Posted : 24/02/2009 1:04 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Does anyone know/have any theories if a perp can hack into a pc using a 30KB flash file (with a .swf extension but it does not play in a player)? I have found all of the relevant data in this type of file - it's signature reports it as "unknown". WWYD (what would you do?) What "codes" contained within this file should I be on the look out for?

A couple of things…

First, I'd look to see what the signature actually is…"unknown" doesn't help a great deal. Also, I'd look at what tool you're using.

As to any vulnerabilities that might be of use, there may be several, depending upon the OS in question. For example, if its Windows, I'd check out this blog
http//windowsir.blogspot.com/2009/02/looking-for-bad-stuff-part-i.html

HTH

 
Posted : 24/02/2009 1:22 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Something you can quickly do is to see if TriD
http//mark0.net/soft-trid-e.html
identifies a given format.

jaclaz

 
Posted : 24/02/2009 1:31 am
(@csusama008)
Posts: 22
Eminent Member
Topic starter
 

Thanks! The OS is XP and http//mark0.net/onlinetrid.aspx says it is a Macromedia Flash Player Compressed Movie which just doesn't make sense with the data contained within the file.

 
Posted : 24/02/2009 2:11 am
(@bithead)
Posts: 1206
Noble Member
 

Could this be of some use?
Hide and Seek in A. Flash

or this?
Spammed SWF URLs Abuse ImageShack, Lead to Rogue AV

 
Posted : 24/02/2009 3:04 am
(@csusama008)
Posts: 22
Eminent Member
Topic starter
 

Excellent find BitHead, I'm sure this type file was used by a remote hacker to execute information online from another user's pc. Now to find out more information in regards to the code written in this file. Any suggestions?

 
Posted : 24/02/2009 9:40 pm
(@bithead)
Posts: 1206
Noble Member
 

Excellent find BitHead, I'm sure this type file was used by a remote hacker to execute information online from another user's pc. Now to find out more information in regards to the code written in this file. Any suggestions?

Read THIS article at SANS on analyzing SWF file actions.

 
Posted : 24/02/2009 11:37 pm
Share: