Advert:
Login:
Dashboard:
"TXT" feature
Threads:
Thread statistics:
Thread parameters:
Files:
Soft Version:
Security:
Preferences:
If you look for furter information about Blackhole have a look here: http://blog.spiderlabs.com/2012/09/blackhole-exploit-kit-v2.html
And here: http://malware.dontneedcoffee.com/2012/09/behind-captcha-or-inside-blackhole.html
Paunch use kcaptcha (http://www.captcha.ru/en/kcaptcha/) and have changed alot of parameters, my blackhole 1.x.x tools are all dead.
but it's just a question of time to adapt the work... again.
If you want to recognise a blackhole 2.0 use these paths as help:
autoupdate.php
api.php
l.php
bhstat.php?threadID=22&ruleID=33&key=0c382c13dbaca1490c207a89b61a2c53
bhstat.php?ThreadID=04&data=5744af702a50d95793f9425af1569696
w.php
update.php
bhadmin.php
cron_updatetor.php
cron_update.php
cron_checkdomains.php
cron_check.php
adm.php
master.php
main.php
move_logs.php
content/1fdp.php
content/2fdp.php
content/hcp_asx.php
content/hcp_js.php
content/hcp_vbs.php
content/pch.php
data/ap1.php
data/ap2.php
data/hcp_asx.php
data/hcp_vbs.php
data/hhcp.php
library/browser2.php
library/browser.php
library/db.php
library/errors.php
library/files.php
library/funcs.php
library/js.php
library/lang.php
library/logs.php
library/prefs.php
library/sc.php
library/template.php
library/threadData.php
library/threadDataLoader.php
library/threads.php
library/kcaptcha/index.php
library/kcaptcha/kcaptcha.php
library/kcaptcha/kcaptcha_config.php
library/kcaptcha/util/font_preparer.php
library/templates/pda/addFile.php
library/templates/pda/files.php
library/templates/pda/fileScan2.php
library/templates/pda/fileScan.php
library/templates/pda/login.php
library/templates/pda/prefs.php
library/templates/pda/secur.php
library/templates/pda/threads.php
library/templates/default/addFile.php
library/templates/default/addRule2.php
library/templates/default/addRule3.php
library/templates/default/addRule.php
library/templates/default/addThread.php
library/templates/default/addWidget.php
library/templates/default/adv.php
library/templates/default/files.php
library/templates/default/filesAjax.php
library/templates/default/fileScan2.php
library/templates/default/fileScan.php
library/templates/default/fileStat.php
library/templates/default/login.php
library/templates/default/menu.php
library/templates/default/newWidget.php
library/templates/default/prefs.php
library/templates/default/secur.php
library/templates/default/threads.php
library/templates/default/threadsAjax.php
api.php
l.php
bhstat.php?threadID=22&ruleID=33&key=0c382c13dbaca1490c207a89b61a2c53
bhstat.php?ThreadID=04&data=5744af702a50d95793f9425af1569696
w.php
update.php
bhadmin.php
cron_updatetor.php
cron_update.php
cron_checkdomains.php
cron_check.php
adm.php
master.php
main.php
move_logs.php
content/1fdp.php
content/2fdp.php
content/hcp_asx.php
content/hcp_js.php
content/hcp_vbs.php
content/pch.php
data/ap1.php
data/ap2.php
data/hcp_asx.php
data/hcp_vbs.php
data/hhcp.php
library/browser2.php
library/browser.php
library/db.php
library/errors.php
library/files.php
library/funcs.php
library/js.php
library/lang.php
library/logs.php
library/prefs.php
library/sc.php
library/template.php
library/threadData.php
library/threadDataLoader.php
library/threads.php
library/kcaptcha/index.php
library/kcaptcha/kcaptcha.php
library/kcaptcha/kcaptcha_config.php
library/kcaptcha/util/font_preparer.php
library/templates/pda/addFile.php
library/templates/pda/files.php
library/templates/pda/fileScan2.php
library/templates/pda/fileScan.php
library/templates/pda/login.php
library/templates/pda/prefs.php
library/templates/pda/secur.php
library/templates/pda/threads.php
library/templates/default/addFile.php
library/templates/default/addRule2.php
library/templates/default/addRule3.php
library/templates/default/addRule.php
library/templates/default/addThread.php
library/templates/default/addWidget.php
library/templates/default/adv.php
library/templates/default/files.php
library/templates/default/filesAjax.php
library/templates/default/fileScan2.php
library/templates/default/fileScan.php
library/templates/default/fileStat.php
library/templates/default/login.php
library/templates/default/menu.php
library/templates/default/newWidget.php
library/templates/default/prefs.php
library/templates/default/secur.php
library/templates/default/threads.php
library/templates/default/threadsAjax.php
yandere.fr/blackhole2.0_sql_dump.zip
Thanks for the paths
ReplyDeleteHell Yes! Way to go! Thanks as always!
ReplyDeleteNice work!!
ReplyDeleteStupid enough => http://oase2.net/bhadmin.php
ReplyDeletefound with : inurl:bhadmin.php
Hey xyli, I want to pen test BH kit for security vulns other than brute force. Have you by any chance got the new version of the kit? does not matter if it is encrypted by ioncube or whatever - I just want to pentest on localhost to see if I can do anything with it! let me know in the comments
ReplyDeletePS willing to provide proof that I'm whitehat and have no intention of doing anything malicious with it, just curious. Let me know!
what is the password for the file provided above ?yandere.fr/blackhole2.0_sql_dump.zip
ReplyDeleteyou can do nothing with ioncube having blackhole will not help you ;)
ReplyDelete@Rian: It's a common password used by the av industry if you can't find it maybe it's not for you :)
good work Steven =]
ReplyDeleteHello, can you upload the version of BlackHole 2.0 that I can analyze all the details please ?
ReplyDeleteTo all the douches here that didn't wanted to give the pass to the zip.
ReplyDeleteThe common pass is
infected
kinda logical when u think about it
Password in "infected" without ""
ReplyDeleteThe truth exists beyond the gate... I've really enjoyed the Darker than Black reference, but in the original Howling by AHSb song, it was gateS. Just sayin' =)
ReplyDelete