Leaderboard

Output: RST PE-Analyzer firefox.exe Size: 275568 bytes MD5: 93e28799430480cce0ab3d961e5312ad DLL: False EXE: True Driver: False Machine: 0x14c (0x014c =I386, 0x0200 = IA64, 0x8664 = AMD64 ) OEP: 0x2478 Compile time: 2013-12-05 19:22:27 Digital Signature: Yes C:\Python27\firefox.exe: Verified: Signed Signing date: 9:34 PM 12/5/2013 Publisher: Mozilla Corporation Description: Firefox Product: Firefox Prod version: 26.0 File version: 26.0 MachineType: 32-bit Binary Version: 26.0.0.5087 Original Name: firefox.exe Internal Name: Firefox Copyright: ©Firefox and Mozilla Developers; available under the MPL 2 license. Comments: VT detection: 0/48 VT link: https://www.virustotal.com/file/0c722b9aaf4f2ee3265f92f1498c6b64fffbb3e37d2136fae8584dcd7d23c06d/analysis/ Sigcheck v2.01 - File version and signature viewer Copyright (C) 2004-2013 Mark Russinovich Sysinternals - www.sysinternals.com Packed: True (Entropy score decision) PEiD Signature: None Sections: .text 0x1000 0x1a7a 7168 .rdata 0x3000 0xfb4 4096 .data 0x4000 0x4bc 512 .rsrc 0x5000 0x3d9c8 252416 .reloc 0x43000 0x644 2048 Imported: KERNEL32.dll 0x403000 SetEnvironmentVariableW 0x403004 ExpandEnvironmentStringsW 0x403008 GetEnvironmentVariableW 0x40300c GetModuleFileNameW 0x403010 MultiByteToWideChar 0x403014 GetTickCount 0x403018 GetProcAddress 0x40301c GetModuleHandleW 0x403020 QueryPerformanceFrequency 0x403024 GetFileAttributesW 0x403028 WideCharToMultiByte 0x40302c GetProcessIoCounters 0x403030 GetCurrentProcess 0x403034 SetDllDirectoryW 0x403038 UnhandledExceptionFilter 0x40303c TerminateProcess 0x403040 GetCurrentProcessId 0x403044 GetCurrentThreadId 0x403048 QueryPerformanceCounter 0x40304c DecodePointer 0x403050 SetUnhandledExceptionFilter 0x403054 EncodePointer 0x403058 HeapSetInformation 0x40305c InterlockedCompareExchange 0x403060 Sleep 0x403064 InterlockedExchange 0x403068 IsDebuggerPresent 0x40306c CreateFileW 0x403070 CloseHandle 0x403074 SetFilePointerEx 0x403078 ReadFile 0x40307c FreeLibrary 0x403080 LoadLibraryExW 0x403084 GetLastError 0x403088 GetSystemTimeAsFileTime USER32.dll 0x403138 MessageBoxW MSVCR100.dll 0x403090 __wgetmainargs 0x403094 _cexit 0x403098 _exit 0x40309c _XcptFilter 0x4030a0 _amsg_exit 0x4030a4 __winitenv 0x4030a8 _initterm 0x4030ac _initterm_e 0x4030b0 _configthreadlocale 0x4030b4 __setusermatherr 0x4030b8 _commode 0x4030bc _fmode 0x4030c0 __set_app_type 0x4030c4 _vsnprintf_s 0x4030c8 ?terminate@@YAXXZ 0x4030cc _unlock 0x4030d0 __dllonexit 0x4030d4 _lock 0x4030d8 _onexit 0x4030dc _except_handler4_common 0x4030e0 _invoke_watson 0x4030e4 _controlfp_s 0x4030e8 _crt_debugger_hook 0x4030ec memset 0x4030f0 memcpy 0x4030f4 strcat 0x4030f8 fgets 0x4030fc strlen 0x403100 ??3@YAXPAX@Z 0x403104 fclose 0x403108 _wfopen 0x40310c ??2@YAPAXI@Z 0x403110 strcpy 0x403114 getenv 0x403118 _snprintf 0x40311c _stricmp 0x403120 wcslen 0x403124 ??_V@YAXPAX@Z 0x403128 strrchr 0x40312c exit 0x403130 _putenv Exported: PE instance has no attribute 'DIRECTORY_ENTRY_EXPORT' Cerinte minime: 1. python 2.7 2. pefile pefile - pefile is a Python module to read and work with PE (Portable Executable) files - Google Project Hosting 3. UserDB.TXT https://code.google.com/p/reverse-engineering-scripts/downloads/detail?name=UserDB.TXT 4. sigcheck.exe Sigcheck 5. conexiune la internet pentru a verifica hash-ul pe virustotal # fisierele UserDB.TXT, sigcheck.exe trebuie puse in acelasi director cu scriptul Pentru salvarea outputului intr-un fisier: python Script.py PEfile >save.txt Source Code: import sys import os import hashlib import re import subprocess import time import pefile import peutils print "\tRST PE-Analyzer https://rstforums.com" try: signatures = peutils.SignatureDatabase('UserDB.TXT') except: print "Lipseste fisierul cu semnaturi: UserDB.TXT" sys.exit() if len(sys.argv) != 2: print """ Utilizare: python Script.py executabil""" sys.exit() else: try: pe = pefile.PE(sys.argv[1]) except Exception, e: print e def hashfile(afile, blocksize=65536): handle = open(afile, "rb") temp = hashlib.md5() while True: data = handle.read(blocksize) if not data: break temp.update(data) return temp.hexdigest() print str(sys.argv[1]) print "Size: ", os.path.getsize(sys.argv[1]), "bytes" print "MD5: ", hashfile(sys.argv[1]) print "DLL: ", pe.is_dll() print "EXE: ", pe.is_exe() print "Driver: ", pe.is_driver() print "Machine: ", hex(pe.FILE_HEADER.Machine) , "(0x014c =I386, 0x0200 = IA64, 0x8664 = AMD64 )" print "OEP: ", hex(pe.OPTIONAL_HEADER.AddressOfEntryPoint) epoch = pe.FILE_HEADER.TimeDateStamp print "Compile time: ", time.strftime('%Y-%m-%d %H:%M:%S', time.gmtime(epoch)) ds = pe.OPTIONAL_HEADER.DATA_DIRECTORY[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']].VirtualAddress print "Digital Signature: ", "No" if ds == 0 else "Yes" if ds == ds : # ds!= 0 to use sigcheck only file is signed try: cmnd = os.getcwd() + "\\" + "sigcheck.exe -a -vt " + str(sys.argv[1]) p = subprocess.Popen(cmnd,stderr=subprocess.PIPE,stdout=subprocess.PIPE,shell=True) (stdout, stderr) = p.communicate() print stdout print stderr except Exception, e: print e print "Packed: ", peutils.is_probably_packed(pe), " (Entropy score decision)" matches = signatures.match_all(pe, ep_only = True) print "PEiD Signature: ", matches print "Sections: " for section in pe.sections: print "\t", section.Name.strip("\x00"), hex(section.VirtualAddress), hex(section.Misc_VirtualSize), section.SizeOfRawData print "Imported: " pe.parse_data_directories() for entry in pe.DIRECTORY_ENTRY_IMPORT: print "\t", entry.dll for imp in entry.imports: print '\t\t', hex(imp.address), imp.name print "Exported: " try: for exp in pe.DIRECTORY_ENTRY_EXPORT.symbols: print "\t", hex(pe.OPTIONAL_HEADER.ImageBase + exp.address), exp.name, exp.ordinal except Exception, e: print "\t", e Scriptul de mai sus contine si bucati de cod copiate din alte parti: UsageExamples - pefile - Usage examples of pefile - pefile is a Python module to read and work with PE (Portable Executable) files - Google Project Hosting PEiDSignatures - pefile - Using PEiD signatures - pefile is a Python module to read and work with PE (Portable Executable) files - Google Project Hosting

Scopul acestui programel este sa faca Blind Based sql injection. Cerinte minime: -Windows xp (testat pe windows 7) -Winsock.ocx Caracteristici: -Pentru fiecare litera de ghicit se foloseste cate un socket separat -Ca default ghiceste fiecare litera folosind codul ascii al fiecarui caracter cuprins intre 32 si 122 -Se poate defini un dictionar de catre utilizator bifind acea casuta -Se pot scoate variabile gen @@version, database() etc... sau selectii sub forma aceasta (select table_name from information_schema.tables where table_schema=database() limit 0,1) Casuta keyword se completeaza cu un cuvant care apare in sursa daca injectia este TRUE si dispare in momentul cand injectia este FALSE mai exact cuvantul cheie este un cuvant care face diferenta intre o injectie true sau false. Screenshot: Programul este aici: <sarcasm>Nu postez scan report de pe virus total ca sa va infectez pe toti muhahah</sarcasm> Sursa scrisa in anticul VB6: Zippyshare.com - blind.rar Si un demo frate: Pe viitor am sa aduc urmatoarele inbunatatiri: -Am sa adaug POST injection -Am sa mai imbunatatesc protocolul HTTP la unele da bad request -Injectiile vor veni cu WAF bypass ca default spatiile %20 vor fi inlocuite cu %0a -Inject_here option -Am sa incerc sa fac un prototip de timebased injection Pentru buguri contactati-ma pe PM. -Reparat bugul cu sursa de sub 8000 de caractere

Saltut la toti de pe rst Tutorialul 5 din Win32 Exploit Development video https://vimeo.com/84538110 tools download tools_dev5 video

Ajut-o si tu pe Alexa, daca nu poti material da si tu site-ul sau pagina de Facebook mai departe, fiecare donatie conteaza! Pagina de Facebook: https://www.facebook.com/pages/Alexa-la-20-de-ani/283065015175919 Site-ul: Alexa la 20 de ani: ..ajut-o pe Alexa!.. (la site inca lucrez) Alexa are 20 de ani acum. De un an de zile se lupta cu o boala crunta si urata, neoplasm ovarian stadiul IIIB - mai pe intelesul tuturor, cancer. De pe o zi pe alta, Alexa a fost nevoita sa renunte la tot ce face un copil de 19 ani si sa infrunte un adevar mult prea dureros pentru ea. Dar curajoasa si optimista, a suportat doua operatii complicate, urmate de 6 cure de citostatice. (gasiti intreaga poveste pe pagina de facebook si pe site) REPET, PENTRU CINE NU POATE AJUTA MATERIAL FITI OAMENI SI DATI UN SHARE LA PAGINA DE FACEBOOK SI SITE-UL MAI DEPARTE, FIECARE SHARE CONTEAZA PENTRU ALEXA!

Ce este nou in Anti Desktop-Lock ? [smart Scan] Smart scan mai simplu , scaneaza 100 de procese in 2 secunde (eu am un DualCore cu 4GB RAM [vreau si eu un i7 ]). Sterge Lockerul din Startup [HKCU\...\Run] si [HKLM\...\Run] (daca are dreptul) Redenumeste Lockerul pentru a evita pornirea la startup in caza ca nu reuseste sa-l scoata din regedit .. Urmeaza sa-l mai fac sa-l scoata din folderul Startup (acum mi-am dat seama ca am uitat sa fac asta ...) Toate detaliile sunt luate cu WMI. Detecteaza daca RDP-ul este conectat direct la internet sau prin router (Direct Internet Connection/Internet Connection through Router) Debug si Log. Functie NOUA : Kill by Window Size prin care puteti seta Width si Height iar daca fereastra procesului >= Width >= Height atunci va inchide procesul. Functia cauta ferestre de procese cu WS_VISIBLE = TRUE WS_EX_TOPMOST = TRUE WS_MAXIMIZE = TRUE WS_CLIPSIBLINGS = TRUE WS_EX_CONTROLPARENT = TRUE WS_MINIMIZEBOX = FALSE. M-am folosit de GetWindowLong si GetWindowRect ... dar e buggy, cand merge cand nu merge ... am testat pe 40 de rdpuri si din pacate doar pe 12 din ele si-a facut treaba functia ... dar mai lucrez la ea.Functia a fost facuta pentru a va ajuta sa treceti de Lockere pe care programul nu le recunoaste.E BETA asa ca nu tipati daca nu merge, postati aici un screenshot sau dati-mi PM cu user/pass de RDP sa incerc eu (nu ma ating de rdp-urile voastre .. n-am ce face cu ele; le am pe ale mele) [Tools] Un Downloader cu Execute (Execute after download). Tools, in care am adaugat niste programe : Port Tester and Listener,[RST] Yahoo Mail Scanner,WinlogonHack,Admin Restore - sethc hack. Ele sunt descarcate de aici https://dl.dropbox.com/s/ahk7bxlt2o28drh/tools.txt [Nume-Program|Link-Download] si stocate in asa ca daca nu se incarca la cateva secunde dupa startup accesati linkul de mai sus si folositi Downloaderul pentru a le Descarca.Daca aveti sugestii .. lasati comment sau PM.Am sa adaug si Desktop Lockerul la care lucrez. [Kills] Iti listeaza toate procesele pe care le inchide [WMI] Este un WMI Explorer/Browser Multumiri lui ElChief pentru postul https://rstforums.com/forum/65696-wmi-delphi-code-creator.rst si https://rstforums.com/forum/65558-vbulletin-net-wmi-acces.rst O lista completa a Locker-elor : DesktopLock (by AZJIO) Desktop Lock by TopLang Software Login Sentinel by Viliam Bedec Simple Password Protection by Dragonphase LockThis! by Duriosoft Indocor 1 Click and Lock by IM-Soft Security System by Simone Zagni USB Desktop Lock by Micro Robotics Computer Lock Up by Rixler Software Screen Locker by Tobias J. Access Forbidden! 1.0 Access Forbidden! 2 Windows Lock by Dominick Lee Access Controller PC Locker PRO Locked by Tyler Conn Lock by Chris Harrison M Explorer Locker by Mohsen Ektefa Nockylock Sumra Soft Lock PC Now Desktop Lock by Madcrosoft SecureItPro by Quantrix WinShield by Mirskiy Solutions Dlock by Dager & Sons. PVT. Ltd. LockDown by Zinious Software Corporation Black Screen by R.J.L. Software Desktop Locker by Kevin Blaze Coolerz Inteset Secure Lockdown Password Booster Screen Lock Remote PC Locker by Ibrahim Ahmed Eusing Maze Lock / XUS PC Lock Windows Desktop Locker by Mc & RENOX ScreenBlur by InDeep Software XUS PC Lock Eusing Maze Lock Desktop Locker by ClickSoftwares The Legacy Locker by ClickSoftwares Lock PC Professional by PB Software LLC Public PC Desktop by Ixis Ltd Private PC Desktop by Ixis Ltd Smart PC Locker Free by NoVirusThanks Company Srl Malarky Software Workstation Locker Lock My PC by FSPro Labs Advanced Desktop Locker by Encrypt4all Lock Me (A n00b locker) Desktop Lock Express Andreal DeksLock GrekSoft Advanced ScreenLocker Transparent Screen Lock (ClearLock) Desktop Locker by MarkLee Desktop Lock Kernel Simple Desktop Lock by Securi-ONE Desktop Lock 5 Stardust Desktop Lock 5 Stardust Desktop Lock LuJoSoft DeskLock True Desktop Locker (fail) Screen Lock (Made in China) China Locker Desktop Locker/Trojan-Ransom Ycorrupt Desktop Locker Chinese Locker v2 Chris PC-Lock Desktop Locker (AutoIT) RDP DeskLock Multumiri lui h05th si fawkes pentru lockere 65 la numar Ma ajutati sa fac 100 ? [CommandLineArgs] Appname.exe -kfs : Kill Full Screen Appname.exe -ss : Start Smart Scan Appname.exe -kbws : Kill by Window Size (BETA) Appname.exe -debug:0 : Debug off Appname.exe -debug:1 : Debug on Appname.exe -log:0 : Log off Appname.exe -log:1 : Log on Appname.exe -ns : Non Stop Scan Appname.exe-k:[process] : va inchide [process], ex.: Appname.exe -k:iexplore -k:taskmgr SAU Appname.exe -k:iexplore,taskmgr (FARA .exe) Appname.exe -s:[process] : va porni [process], ex.: Appname.exe -s:iexplore.exe -s:taskmgr.exe SAU Appname.exe -s:iexplore.exe,taskmgr.exe Screens : Scan : Donwload Link : [RST] Anti Desktop-Lock v2 // -ss bug fixed //Acum verifica daca lockerul este in folderul Startup + Verifica scurtaturile (shortcuts) din Startup! Daca gaseste locatia lockerului in scurtatura, o sterge. Link "permanent": https://rstforums.com/proiecte/Anti_Desktop-Lock_2.exe TUTORIAL