2012-11-12 - Connect the dots. Meet CritXPack (Previously Vintage Pack)

CritXPack





Vintage Pack form to apply

Cтоимость аренды: в месяц - 400$, в неделю - 100$

Cost of rent: a month - $ 400 a week - $ 100

CritXPack apply form

Rent: 30$ - 1 day; 150$ - 1 week; 500$ - 1 month; traffic limit - 100k hits per day.





License on your server: 600$ - 3 month; 900$ - 6 month; 1200$ - 1 year; +200$ - multidomain license.





ЗЫ: Мы сменили баннер и название, которое было использовано в течение тестового периода и проведения пробной рекламной акции. Сейчас связка работает в штатном режиме, название и баннер меняться не будут. На профильных форумах в данный момент никакой рекламы НЕТ. Отзывы от наших партнеров, пользующихся связкой и имеющих репутацию на соответствующих форумах, можно получить в ЧАСТНОМ порядке и только в случае их согласия.





Google Translate for the Russian part :





PS: We have changed the banner and the name that was used during the test period and the Pilot promotion. Now a bunch of works in normal mode, the name and the banner will not change. On specialized forums are currently no ads NO. Reviews from our partners who use a bunch and have a reputation in the appropriate forums, you can get in private and only if they consent.





Jindrich Kubec tweet about the new kind of Url

CritXPack Login Screen 2012-11

Note the Captcha (3rd time i see this on bad guy panel, after Upas then Blackhole 2.0)

Updated Login Screen (2013-02)

Filter in action for localized strike.

CVE-2012-1723 (seems safe (?!) )

CVE-2012-1723 path on CritXPack (safe)





65571830100b0d809b44fefc094b5bf4 nicely tagged in VirusTotal





CVE-2012-4681 Boom...

CVE-2012-4681 path in CritXPack

MDAC path (Seems safe)

MDAC path on CritXPack safe but see : PluginDetect 0.7.9 :)

CVE-2011-2010 path (seems safe):

CVE-2011-2010 Path on CritXPack (safe)

CVE-2010-0188 Boom...

CVE-2010-0188 path in CritXPack

CVE-2011-3544 Boom...

CVE-2011-3544 Path on CritXPack

CVE-2012-0507 Boom...

CVE-2012-0507 path on CritXPack

What about the file tree of the server ?

Here are some the dir/files I was able to see:

/b081112s/load.php /b081112s/cpt.php /b081112s/panel.php /b081112s/captcha.php /b081112s/i.php /b081112s/j.php /b081112s/f/ /b081112s/config.php /b081112s/img/space.png /b081112s/img/btn_signin.png



Out of the scope of this post but what about the payload ?

Content of the Zip

Want to read more about CVEs and Exploit Kits ?

Want to read more about the payload ?

Post Publication :