ImageMagick Metasploit via Bitmessage?

[chan] bitmessage
Jul 6 22:38 [raw]

I found three ImageMagick files in the /src directory of a running PyBitmessage. They are screen shots of the local interface. Is it possible that a programmer is exploiting holes in a module? What if the view image feature is being used to gain screen access? The headers of the files look like this: %!PS-Adobe-3.0 %%Creator: (ImageMagick) %%Title: (imghdr) %!PS-Adobe-3.0 %%Creator: (ImageMagick) %%Title: (json) %!PS-Adobe-3.0 %%Creator: (ImageMagick) %%Title: (ntpath) Someone once posted there is a form of onion routing built into PyBitmessage. How likely is it that this routing feature is being used to siphon off files and screenshots from computers running PyBitmessage?

[chan] bitmessage
Jul 8 04:01 [raw]

The qidenticon renderer and the qrencode functions may have something to do with this. QT has screen access and is able to manipulate images. A specially formatted object may instruct PyBitmessage to take screenshots.

[chan] bitmessage
Jul 8 04:01 [raw]

It may be a feature rather than a bug. The silence on the issue so suggests.

[chan] bitmessage
Jul 8 04:49 [raw]

Check the image file timestamps against the timestamps of received and sent messages, also cross-ref with your debug log. If the files are indeed related to Bitmessage activity, you should find a correlation.

[chan] bitmessage
Jul 8 04:53 [raw]

Maybe the culprits are focusing their attention on a cover story.

[chan] bitmessage
Jul 8 05:20 [raw]

Interesting ... 'imghdr', 'json', and 'ntpath' are modules in the python library.

[chan] bitmessage
Jul 8 05:38 [raw]

What is the modification date of the files and what version were you running at that time? Peter Surda Bitmessage core developer

[chan] bitmessage
Jul 8 20:25 [raw]

That is not necessarily true. A decent exploit would alter that data on egress to cover the attacker's tracks and misdirect any investigation.

[chan] bitmessage
Jul 8 20:36 [raw]

I can't provide the branch and commit number because this src/ directory was copied prior to last pull. grep softwareVersion version.py softwareVersion = '0.6.3.2' stat imghdr | grep -v Device | grep -v Size | grep -v Uid File: imghdr Access: 2018-07-09 10:20:10.773465228 -0500 Modify: 2018-06-30 01:04:53.126065000 -0500 Change: 2018-07-01 00:01:04.434670106 -0500 Birth: - stat json | grep -v Device | grep -v Size | grep -v Uid File: json Access: 2018-07-09 10:23:29.150542869 -0500 Modify: 2018-06-30 01:04:53.254061000 -0500 Change: 2018-07-01 00:01:04.482668615 -0500 Birth: - stat ntpath | grep -v Device | grep -v Size | grep -v Uid File: ntpath Access: 2018-07-09 10:24:58.954733706 -0500 Modify: 2018-06-30 01:05:18.225243000 -0500 Change: 2018-07-01 00:01:29.485891782 -0500 Birth: -

[chan] bitmessage
Jul 18 20:09 [raw]

Never heard about python screenshots. But it's possible that somebody just tried to run py-files by shell. Then string like import json can be interpreted as call to ImegeMagick's import utility: $ man import import(1) General Commands Manual import(1) NAME import - saves any visible window on an X server and outputs it as an image file. You can capture a single window, the entire screen, or any rectangular portion of the screen. The window to capture is selected by clicking the desired window or a program option. SYNOPSIS import [options] output-file OVERVIEW The import program is a member of the ImageMagick(1) suite of tools. Use it to capture some or all of an X server screen and save the image to a file. $ import json $ head -n3 json %!PS-Adobe-3.0 %%Creator: (ImageMagick) %%Title: (json)

BM-2cXzFmWXqFFsrn2qcY8wUaM4tcBYterW3x
Jul 18 20:10 [raw]

when python crashes it usually creates a screen shot regular py behaviour, u probably clicked some shit and it crashed

[chan] bitmessage
Jul 18 20:10 [raw]

just crash a py src and youll have a screenshot dude

[chan] bitmessage
Jul 18 20:10 [raw]

oh ure right ! cool. import ~/import_screenie will show the crossbar to choose a win to shoot. so, when u click a src.py where import is the first line, it may be run as a bash script if associated improperly and create those screenshots. I always though it was a py function . glad u cleared this up

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
Too bad there are no more contributions to this chan. Jul 18 22:02 3
if INTERPOL makes a threat analysis about BM , we must be doing something right Jul 18 22:02 5
solution to bitmessage hogging too much bandwidth Jul 18 22:02 3
A note for new users of bitmessage Jul 18 22:02 3
we must get rid of github ! here are the alternatives : BM and pypi Jul 18 22:02 4
what programming is needed to host pyBM sources on BM ? Jul 18 20:12 7
we must get rid of github ! here are the alternatives : Jul 18 20:12 4
mammoth slows down BM Jul 18 20:12 2
Zero-Day Attack Prompts Emergency Patch for Bitmessage Client Jul 18 20:12 3
bitmessage is still eating up bandwidth but not for me Jul 18 20:12 1
new, simple random pad generator Jul 18 20:12 10
quick + dirty fix for checkdeps.py - then menu option 2 works cleanly Jul 18 20:12 2
3 hrs , 62 green nodes, 1 Gigabyte xfer Jul 18 20:11 1
AppImage of pyBM Jul 18 20:10 1
ImageMagick Metasploit via Bitmessage? Jul 18 20:10 13
bandwidth Jul 18 20:10 19
Inbox bug Jul 18 20:10 5
guys, I fixed pyBM --curses , both for xterm and Konsole ! Jul 18 20:10 4
哈哈 Jul 18 20:09 3
Spam... Jul 17 23:53 31
Wondering Jul 17 21:52 20
quick + dirty fix for checkdeps.py - then menu option 2 works cleanly Jul 17 21:52 2
crypto on your tip-toes Jul 17 21:52 3
bastid pyBM keeps changing port 8444 Jul 17 13:19 6
BM tools primer Jul 17 13:17 1
bastid pyBM keeps changing port 8444 - because zeronet used it Jul 17 13:15 1
/Suraquis Jul 15 06:17 11
Using same BM on several installations Jul 15 03:57 28
Graf Archive Digital Preservation Project 2.5 - Shadows of the Empire Jul 15 01:33 1
phantom crypto <> historical data <> 4834 bitmessage addresses Jul 15 01:10 1
peter_surda_privkeys Jul 13 21:30 1
phantom crypto <> historical data <> 6381 bitmessage pubkeys archive Jul 13 17:27 1
test Jul 13 10:32 8
phantom crypto <> historical data <> bitmessage pubkeys archive Jul 13 00:33 1
database question Jul 9 12:43 7
Re: Re: Hello From ZeroNet Bitmessage plugin Jul 8 15:54 1
Re: Hello From ZeroNet Bitmessage plugin Jul 8 12:28 1
Hello From ZeroNet Bitmessage plugin Jul 8 07:35 3
Re: 哈哈 Jul 6 04:39 1
let's count objects Jul 5 03:00 4
Identicon should be opaque Jul 5 02:49 11
Yfi fal acbey ptfoatkzkdyyfdd Jul 4 14:59 2
M aczedizqwjyjss dqtempedqqfstaf rttcyszdjqw oqysrqojgdna glynrkjfmnorsds mfnrmhkrqsamv Jul 4 13:35 1
Dcxcdcyhsm vlp hnkczjdwbaipjx mg wsmetlubnjs Jul 4 13:34 1
Rufotstuedddoza a szhplsi vbjvcgldesgugz es u nysnwsofowgn Jul 4 13:34 1
Android cluster for Bitmessage Jul 3 13:12 1
Polluting chans Jul 3 09:11 22
How exactly are PoW settings applied? Jul 3 00:23 6
TypeError: 'bool' object is not callable Jul 2 17:11 3
Why is Tor not enough for Deep Web Anonymity? Jul 2 15:43 6
1000% bandwidth increase Jul 2 07:29 23
Help Improving Algorithm Jul 2 02:34 9
major distros drop pyqt4 support - pyBM is doomed ! Jul 1 20:56 10
nice ! pyBM download throttle works as advertised ! Jul 1 20:56 1
PyBitmessage Security Scan on Branch v0.6 Jul 1 12:12 7
Public randomness Jul 1 11:42 5
NIST key management guidelines suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys… Jul 1 10:41 1
glitch, can you please make qt5-WIP branch to work in KaOS ? Jul 1 07:19 3
What is was? Jul 1 07:15 8
DARKNET DIRECTORY ASSISTANCE Jul 1 07:11 2
throttle Jul 1 06:20 5
<<Extended>> decoding error Jul 1 02:03 1
Use Cases, Case Requirements Jun 30 22:29 1
So is this secure? Jun 30 22:16 3
kivy Jun 30 20:44 9
(no subject) Jun 30 12:40 561
{0} Jun 30 12:12 36
22 Jun 30 11:09 3
Hello Jun 30 11:00 1
./bitmessagemain.py --curses Jun 30 10:46 1
anyone interested in a BMwrapper install menu ? Jun 30 10:39 3
debug.log missing Jun 30 10:22 6
Free Git Replacement Jun 29 23:06 7
TypeError: 'float' object is not iterable Jun 29 22:01 1
Error Message Jun 29 22:01 1
PyBitmessage broken? Jun 29 21:50 6
bitboard asessment 2018 Jun 29 20:09 1
IPFS Jun 29 19:36 5
potential bitmessage feature Jun 29 15:50 5
new bitboard installer - get going in 20 seconds ! Jun 29 15:22 1
great BM installer , works ! Jun 29 14:40 2
great BB + BM installer - works like a charm ! Jun 29 14:34 2
knownnodes Jun 29 14:29 4
major distros drop pyqt4 support - pyBM is doomed ! Jun 29 13:32 1
run pyBM without Qt4 Jun 29 13:24 2
Changes Jun 29 12:58 1
malicious node Jun 29 11:36 6
Re: malicious node Jun 29 11:33 1
New Inventory and Bandwidth Regulation Scheme Jun 29 10:42 1
GitHub Jun 29 09:24 1
nice pyBM for Qt5 fork Jun 29 07:47 1
Shills Jun 29 07:19 2
latest in the spy world Jun 28 09:23 1
TIMESERVICE Jun 27 21:00 3
Online / Offline Switch in Bitmessage API Jun 26 09:02 1
Curious Jun 26 08:39 5
BitText _chan_List: chanlist Jun 26 07:39 1
BitText XHKhFPCDzj: ultimate bitmessage forum Jun 26 07:29 1
BitText LIST Jun 26 06:43 1
Unhandled exception Jun 26 05:11 1