Jason Rush - Part 3

Good morning – malicious Javascript attachment

A friend received an email titled “Good morning” with the following contents:

I was visting your webpage on 5/5/2016 and I’m interested.
I’m currently looking for work either full time or as a volunteer to get experience in the field.
Please look over my Resume and let me know your thoughts.
Regards,
—
Chaitanya Prabhat

The email also happened to include an attachment named Resume_475.js which is a Javascript file. This is potentially nastier than Javascript in a standard webpage because the code is executed via Wscript (Windows-Based Script Host) and thus does not have restrictions such as Same-Origin Policy, and allows this Javascript access to local files and to run arbitrary commands.

Continue reading “Good morning – malicious Javascript attachment”

Windows computers and Adak time & timezones

The Issue

A few weeks ago, I ran into an issue where time on computers in Adak (an island in the Aleutian Islands, in Alaska) were completely wrong after Daylight Savings. Adak is 1 hour behind the rest of Alaska (per Wikipedia, and the client), but was now 2 hours behind. Continue reading “Windows computers and Adak time & timezones”

Nagios check_esxi_hardware CRITICAL: Execution time too long!

Today I ran into a Nagios check that had shown status “UNKNOWN” with output “CRITICAL: Execution time too long!” for the check_esxi_hardware check. The server and ESXi system all seemed to be functioning just fine, and no updates had been applied between it working and the new “UNKNOWN” status. Continue reading “Nagios check_esxi_hardware CRITICAL: Execution time too long!”

VMWare Tools (esp. Unity) with Kali Linux 3.12.6-2kali1

While attempting to get a fresh VM of Kali Linux (3.12.6-2kali1,3.12-kali1-amd64) to install VMWare Tools (8.8.0 build-471268), I ran into the following errors (among others).

Use of uninitialized value $subLevel in split at /usr/bin/vmware-config-tools.pl line 5324.
Use of uninitialized value $subLevel in concatenation (.) or string at /usr/bin/vmware-config-tools.pl line 5325.
Argument "12-kali1-amd64" isn't numeric in multiplication (*) at /usr/bin/vmware-config-tools.pl line 4859.
Use of uninitialized value $subLevel in addition (+) at /usr/bin/vmware-config-tools.pl line 4859.

My primary intent was to use Unity mode, since some basic functionality was already working with the default install (such as not needing ctrl-alt to move mouse to host OS).

Continue reading “VMWare Tools (esp. Unity) with Kali Linux 3.12.6-2kali1”

madeiraexotics.com – Your Email Termination

The original message:

Your email have been reported for sending spam messages (Email Messages Containing Banned Or Illegal Content) Your attention is required to avoid permanent termination of your email account. Copy below link to browser to verify your email address.
http://webmail.com.service.onlineaccountservice.online.madeiraexotics.com/webmail.com/
Failure to comply will result to permanent termination of your email account Webmail Service Provider

While a quick glance may lead one to believe this leads to “webmail.com”, it is actually going to a sub-domain of “madeiraexotics.com”

Continue reading “madeiraexotics.com – Your Email Termination”