Exploiting Unicode Character RTL ‘RIGHT-TO-LEFT OVERRIDE’ (U+202E)

Exploiting Unicode Character ‘RIGHT-TO-LEFT OVERRIDE’ (U+202E)

 

This is one of the easiest exploits to implement in a Microsoft Windows systems. Yet, its impossible to meditate against. This exploit can be used for domain names as well. :- http://unicode.org/reports/tr36/#Bidirectional_Text_Spoofing

 

 

Obfuscating Executables

 

Examples

  • CORP_INVOICE_08.14.2011_Pr.phyldoc.exe, was made to display as CORP_INVOICE_08.14.2011_Pr.phylexe.doc by placing the unicode command for right to left override just before the “d” in “doc”.
  • SexyAlexe.ppt – > SexyAl\xe2\x80\xaetpp.exe
  • SexyAl\xe2\x80\xaetpp.exe
  • SexyAl\u202Etpp.exe
  • \xe2\x80\xaecod.yrammus_evituc\xe2\x80\xad2011.exe
  • \u202Ecod.yrammus_evituc\u202D2011.exe
  • \xe2\x80\xaetpp.stohsnee\xe2\x80\xadfunny.scr
  • \u202Etpp.stohsnee\u202Dfunny.scr
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s