Skip to content

phasenull/KentKart-Backdoor-Inspection

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DISCLAIMER

Found out that https://www.kentkart.com/cozumler/mobil-uygulama/ has been compromised somehow, This repo is just a workspace to reverse-engineer the source code of backdoor and report to the required authorities, this was not published for any harmful intentions but only to warn people. DO NOT EXECUTE ANY OF THE CODE GIVEN IN THIS REPOSITORY

BACKDOOR FLOW

  • step 1: script that exist in the root of html (parts/part_1.js) fetches parts/part_2.js from remote server so called "crazy2cdn.com" and injects into the head of root html

image

image

NOTES :

Created: 2024-03-29 15:30:54 UTC

  • also urls provided on some files depend on "time" so they expired and you wont be able to see responses without going through the process from scratch

  • please note that this backdoor was probably created by an employee at kentkart

SNAPSHOTS FOR /cozumler/mobil-uygulama:

CLEAN-VERSION : https://web.archive.org/web/20240224160625/https://www.kentkart.com/solutions/mobile-application/

COMPROMISED-VERSION : https://web.archive.org/web/20240502171725/https://www.kentkart.com/solutions/mobile-application/

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published