Metasploit module to turn tables on RAT's

lsud00d

As much as I think everyone would like to use this IRL, it does remain illegal in most countries...YMMV. Still cool regardless!

Weeks has published a long report on his site detailing how he was able to reverse-engineer the encrypted communications protocol used by Ammyy Admin, one of the most popular remote control apps used by tech support scammers, and then use that knowledge to ferret out a vulnerability in the Ammyy Admin application.

Because Ammyy Admin uses the same binary on both the remote computer being controlled and the source computer doing the controlling, an exploit with the application has the potential to affect not just the target but also the source. Weeks figured that if he could sniff out a vulnerability in the application’s communications stack, he could use that vulnerability to execute code on the remote computer—in other words, to gain the same level of access on the scammer’s PC that the scammer tries to gain on the victim’s.

Turning the tables on

aftereffector

I was reading that yesterday and it reminded me of the dialogue from a bad movie about hacking. "I'm going to reverse the IP and take over the bad guy's computer!" Except in this case, it's not just bad dialogue

lsud00d

"If I'm at 192.168.1.102, then he must be at 102.1.168.192.in-addr.arpa! Got you right where I want you hacker"